Privacy Service Comparison

Thu 31 March 2022

A week or two back one of the people I follow on Twitter retweeted a furry talking about how they maintain their privacy while commissioning artists around the globe. As someone who's never been completely comfortable over giving my card info to every site I buy from online or putting my phone number on my resume so headhunters can spam me with bullshit jobs, I decided to take a look into the service and see if I could find any competitors to compare. I spent a couple days digging through the quirks and features of the services I found and, since I'm trying to force myself to actually use my blog again, decided to blog about my findings.

A note before I get started - these services have additional features I didn't look into since I didn't plan to use them; I focused mainly on shielding my phone number and card info.

MySudo - General

Since MySudo is the reason I did all this research, I might as well start with it. MySudo claims to be an "All-in-one privacy app"; you pay for the service to create between one and nine alternate identities called "Sudos" that each have their own masked email address, phone number and credit card.

MySudo is run by a company called Anonyome Labs, which was originally founded in Australia but appears to run MySudo from a Delaware subsidiary and whose privacy policy claims to store data in the US. Anonyome has a blog where they talk (unsurprisingly) about privacy, but surprisingly a lot about how Web 3.0 (ugh) will be a huge boon for privacy, even going so far as to maintain hardware for multiple ledgers. Remember this interest in blockchain tech, it'll come up again.

I asked Tay their feelings about this point to no response, but the fact that MySudo is effectively Australian is personally a big red flag. I'm not going to repeat the whole spiel I wrote when I compared email providers, so I'll keep it short - Australia has spent the last half-decade making it impossible for anyone overseas to have any confidence in its tech sector, for what I believe they think is safety. In 2018 they enacted what is known as TOLA into law, which grants law enforcement the power to force tech companies to install devices on their networks and create encryption backdoors without a warrant; in 2021 Australia enacted what is known as the Identify and Disrupt Act into law, which can allow for warrantless search and modification of data on devices as well as the power to force service providers to allow impersonation of their users by law enforcement. In short, the roo boppers have gone mental about computers and I don't know how comfortable I'd feel about anything remotely sensitive to a company with even the most tenuous link to Australia; the generic line in their privacy policy about how they'll snitch on you "to meet national security or law enforcement requirements" feels a bit more pointed than normal [1].

One last thing before I start reviewing the features of the service proper - I found it notable that despite sex work being legalized in Queensland where Anonyome is located, their blanket terms of service prohibits using any Anonyome-provided service "for the purpose of engaging in an activity in connection with any adult entertainment industry purpose, regardless of whether such activity is lawfully permitted". Maybe that's because of card network/payment processor prudishness, maybe that's because the founders don't like sex workers, but I was a little bit surprised a small company like this would shut out a customer base that wants a service exactly like this, has money and (they admit) would use it as part of their legitimate occupation.

MySudo - Virtual Phone

The virtual phone feature allows you to place and receive calls through the MySudo app - the downside is that you need to have their app installed in order to use this feature, but the upside is that you don't have to have existing phone service elsewhere to take advantage of the feature; you could use this app to turn an iPod Touch into an iPhone.

Additionally, this feature allows you to send and receive messages with your virtual phone - but since it's powered by VoIP it has the main VoIP drawback of not being able to receive messages from some shortcodes to verify your phone number. I couldn't find a list of services where MySudo numbers are known to work or not, so you may not be able to use these numbers for your Google/PayPal/Venmo accounts unless you can choose to receive a call instead.

Forwarding calls to your real phone number is currently unsupported, as is adding additional minutes or messages to your virtual phone if you exhaust your monthly allowance early.

MySudo - Virtual Cards

I would primarily use MySudo for the virtual phone, but I was interested to know if the virtual card feature could replace my current solution. Reading through the virtual card section of the ToS, one of the first things you read is that you "must not use virtual cards with businesses or services in these categories: [...] cryptocurrency, pornography, dating and escort services". Putting the service finding sex work so scary they have to ban it twice aside, you can't even use a virtual card for cryptocurrency! I definitely had a sensible chuckle about how Anonyome maintains hardware for multiple ledgers themselves but says you can't spend money through them for any coin on those ledgers.

Despite being a privacy company, MySudo wants to know everything about you if you want to use their virtual cards - the ToS says gaining access to this feature requires you "provide your first name, last name, street address, postal code and date of birth" with a driver's license scan as a potential follow-up if they think you're particularly scammy. Virtual cards cannot be backed by bank accounts or prepaid cards, and only one funding source can be used across all your virtual cards at once.

While researching what I would need to provide to use this feature made me a bit uneasy, the actual mechanics of using it put me off entirely. For starters, their cards have a $250 transaction limit and $350 daily limit, preventing the purchase of even medium-ticket items like a new gaming console. If what you want to buy is cheap enough to slide under the limits, each transaction comes with a fee of 2.99% + $0.31 - spending up to your daily limit with a $250 purchase and a $100 purchase would cost over $11 in fees, which would increase as transaction sizes decrease. I didn't register for the service so I don't know who will or won't accept their cards, nor do I know if they would be accepted by merchants who need cards that work with recurring transactions like Patreon.

Blur - General

While I was looking around for MySudo competitors I might be able to compare, I found this one in my own backyard. Run by Abine, who makes the automated data broker opt-out service DeleteMe I've been using for a few years, Blur is a similar privacy-preserving service allowing customers to mask their email address, phone number and payment info.

Abine is based in the US so as a Blur customer I would only have to consider garbage, privacy-hostile American laws as opposed to garbage, privacy-hostile Australian ones. I couldn't find anything notable Abine like what I found about Anonyome Labs, so I'll jump into the available features.

Blur - Virtual Phone

Like MySudo, Blur uses VoIP for its virtual phone feature; unlike MySudo, Blur has the ability to forward calls and messages to your real phone number. Placing calls from your virtual number is possible through the companion app, but while you can respond to messages using your virtual number it doesn't seem possible to initiate conversations.

Unfortunately like MySudo, using a VoIP service means receiving verification messages from shortcodes are hit-and-miss, with the service's FAQ stating "some of the texts used for user authentication by websites like Google and Facebook may not be compatible with Masked Phone numbers". One quirk of this feature is the virtual numbers are considered landline numbers instead of mobile numbers, which could also cause issues for particularly neurotic services.

Instead of providing a set number of minutes and messages per month, Blur customers get a monthly $3 phone allowance to use as they wish with messages costing $.01 to receive (and likely send, but the FAQ doesn't say) and calls costing $.01 per minute after a $.01 charge to connect. Also unlike MySudo, customers can add additional money to their phone balance if they don't want to wait for their allowance to renew.

Blur - Virtual Cards

The ToS for Blur virtual cards is much less interesting than the one for MySudo virtual cards, the only notable clause being that Abine also has you "agree that you will not [... e]ngage in transactions involving escort services", but at least pornography is still on the table. Blur also only lets you use one card at a time to create virtual cards, but since Blur allows using debit cards as a funding source, it may also be possible to use a prepaid card to create a virtual card. You may be asking "if you already have a prepaid card, why not use that instead of creating a second one in Blur?" The answer is recurring transactions - none of the prepaid cards I've found work with sites like Patreon, whereas a Blur virtual card should (if the customer support rep I talked to wasn't lying to me).

Instead of charging per-transaction to use a virtual card, Blur charges a fee to create the card. For a $2 fee, plus 1.5% of the card's value above $100, you can create a virtual card worth between $10 and $500 as per the ToS. If you spring for Blur Premium Unlimited and connect your bank account in addition to your card you can create cards with no fee. However, there is one catch - if you let a card sit (by creating and not using it or not zeroing it out after its last use) it gets hit with a $5.95 inactivity fee every 30 days [2]. One quirk of these virtual cards is you have to use Abine's headquarters as the billing address.

Blur also appears to have a verification process of some sort, while it isn't fully explained in the FAQ it doesn't sound as intensive as that of MySudo.

Wrapping Up

So, which service am I going to give a shot? To be honest I like them both for different reasons - MySudo for not requiring active phone service to use their virtual phone numbers and virtual cards that don't require I know the exact transaction amount beforehand; Blur for (potentially) allowing me to load virtual cards with prepaid cards and not gouging me with fees whenever I want to use a virtual card [3]. Each service is cheap enough that I could pick them both up and test them for a year, but I think for my purposes the combination of a company I already work with and laws I already kinda know is making me lean towards Blur - plus both services' virtual card options are terrible, Privacy is a much better service in every way and I'll stick with it for the time being.

[1]I know it's ridiculous to expect a vigorous defense of customer privacy from a service you can pay as little as $10 per year for, I believe the point still stands
[2]I emailed Blur customer support to get some additional clarity on this point, the clock resets on a card's use and the window for the fee has some additional leeway to account for some merchants not charging the card every 30 days exactly
[3]I will grant you that most of those fees are likely from the payment processor, but I don't think all of them are