Wednesday, September 2, 2009

JohnnyJet.com - Are You Kidding Me?!


Have you ever seen advice that seems to come from a reliable source... that just slaps you in the face with stupidity? A colleague of mine (whom would know a little something about travel) Ed Bellis (http://twitter.com/ebellis) posted this to Twitter - and I just had to slap myself to believe it.

JohnnyJet.com is actually advocating that you scan your passport and driver's license and email it to yourself. Worse yet, you should email it to a friend!

I can't tell you the number of things wrong with this recommendation... but I can tell you that it's just stupid... here's why:

  1. Email isn't "secure"... and your passport and government-issued ID is your entire identity! How many times recently have we seen email hacked... not just hacked but passwords guessed and maybe worse? Let's think for a second, you should absolutely never, ever, ever email yourself (especially using any of the public free webmail options) anything critical like your passport or photo ID.
  2. Why would you EVER give your friend (unless you trust them with your life, literally) all of your personal information. Do you know for a fact that they're going to treat it as a super-sensitive piece of information to be guarded at all cost? I seriously doubt it.
With this terrible advice, allow me to give you some real useful travel advice...
  1. If you're traveling to a foreign country - always register yourself with the local US Embassy first thing upon arrival. That way, even if you DO lose all your identification, you can at least get your way home.
  2. Never, ever, ever send sensitive information like your passport (especially your passport) or government-issued photo ID over non-encrypted, strongly authenticated email. Ever. Was that clear? If you are going to do something like this... (and I don't advise is) I recommend using a service like HushMail.com -which at least encrypts and forces stronger authentication.
  3. DO make a copy of your personal identification such as your photo ID and passport, but store it on an encrypted memory stick... in your fire-proof combination safe in your HOME.
  4. IF you're going to store things online there are many "online secure storage" options... Google them. I will do a write-up at a later date on these, stay tuned.
Thanks for reading, and for the love of all things good and pure - ignore these idiotic suggestions which may lead directly to the 2nd worst thing that can happen to your identity... theft.

Stay safe.

4 comments:

Security Retentive said...

What is the risk? Identity theft, or something else? There are times that the values on these documents are I suppose secret, but not often. Just so I'm clear - what is the risk except to privacy?

Anonymous said...

I think the reaction is slightly FUDish. It is, in some cases, a good idea to have a copy tucked safely at home in a vault or lockbox at the bank. If you end up completely without it it could end up putting you in a jeopardizing position. I don't think the electronic copy being readily available is the right answer, but having no copy is just as bad in certain situations. My question to you is if in fact you live by your own words I'm curious how you rent a car even stateside? They require they have a copy of your DL on file. So, someone you don't even trust that may leave your ID out in the open already has this information. And it's probably scanned in and distributed to many backend systems that you, also, have no control over. So much for weighing the risk/benefit factors here.

Raf said...

@SecurityRetentive - the "risk" is that someone now has the exact image of your passport and has that information (and they can claim to be you just as easily as you can, in a foreign land). The risk is to your identity, and to your "self"...

@Anonymous - I stand by what I wrote, and don't think it's FUD'ish at all. There are ways to keep that information handy (and online) without storing it as an image on the wide-open internet.
As far as the issue of the car rental company - I don't have such a problem. I undertand that if I did not have a corporate account it would require a pic of my photo ID... but that doesn't make it right, or less risky. It's a risk-reward equation and as far as this suggestion from JohnnyJet goes, there is more risk than reward.

Anonymous said...

Raf, I consider you my friend. Check your inbox for my Passport and drivers license. Also sent a copy of my Amex, just incase I misplace that too.

Ray

Google+