JabberJuls

I’m not convinced in the Thawte – Email Certs. I’ve never been convinced of Verisign either. The concept is good, if you can back it with confidentiality and a solid basis of proof.

Unfortunately, after reading Thawte’s Terms of Use for the Personal Email Certs alone, I have no confidence in the Certification or Digital Signature Guarantee that they’re trying to represent. For one, they are regulated by themselves, not the government or any authority in anyway, accredited or regulated by any higher authority. Don’t get me wrong…that isn’t always a bad thing, but it helps to build confidence.

Here’s what they say, ” thawte’s Personal Certification and Web of Trust Services are governed by thawte’s Certification Practice Statement (“CPS”)” In their rules there is a binding statement that allows them to change their rules at any time. So they’re really not held to rules at all, just making it seem like they are. Most people don’t read the fine print and I guess Thawte may feel if there is enough mumbo jumbo no one will read the Terms of Use.

A big turnoff immediately is reading “(of course, nothing on the Internet is entirely secure)” It’s like someone saying, “Trust Me– I know what I’m talking about” and when that is said, you can’t Trust that person.

So they get all Your Personal information starting off with your Nationality and age/birthdate…things go off in my head…racial profiling, identity theft, con men, possible predators. They allow 13 year olds to participate, why? Why would a 13 year old need an email cert, other than to allow perverts know who to prey on.

On the positive side, they’re building a database for marketing profiling related reasons.

Using the No-Pressure sales technique they repetitively reassure you that they respect your decision if you don’t feel comfortable with signing up. “Hmmm…I’m now feeling uncomfortable even more”

Here’s what they say,”We realize that some people will not want to divulge this sort of personal information for fear of identity theft or other reasons. We respect your decision and do not encourage you to participate if you are not comfortable with our practices and procedures.
“If you decide to participate, your relationship with thawte, your Certification Authority, is one of trust. ”

Why should I trust them? So far they’re con men selling a false sense of security, when in reality you’ve given them all your private info: name, address, driver’s lic., soc. security #, bank accounts, nationality, birthdate, etc. depending how deep you get into this. They can’t guarantee that the third party people accessing your information will not do anything criminal with it, they inform you that all your info is open to the public for public use and verification. Nothing convinces me of confidentiality or protection of any form.

They say your information is stored, “in a publicly accessible location enables third parties (that is, the public at large) to access, review, and rely upon them. You should have no expectation of privacy regarding the content of your certificate(s). Further, you should be aware that the personal information you supply may be accessed by others for the limited purpose of validating your identity.”

What limit…they’ve previously claimed its public access at all times.???

You must be authorized by a WOT notary, that isn’t associated with Thawte at all and they’re not responsible for anything they do with your personal/confidential information.

They say, “you must have your identity validated by a thawte Web of Trust Notary (“WOT Notary”)”

You hear Notary and think its a good thing, but keep reading….it’s Bogus.

They say, “(You should be aware that a WOT Notary is not necessarily a licensed public notary, but rather a “regular” individual who is not affiliated with thawte except for his or her participation in this program, akin to your participation should you decide to join. WOT Notaries perform validation functions as a VOLUNTEER at his or her own free will and s/he is not an agent of thawte and is therefore not authorized to act on behalf of thawte. thawte therefore disclaims any liability which may arise from the actions of WOT Notaries.) “

What concerns me is all the ( ) parenthesis items, it’s almost like that is the reality out of all he mumbo jumblo legalistic mirrored wording. These are Volunteers that retrieve your info…just some stranger off the street that no one knows to have credibility. Thawte claims otherwise on their website, but that’s not what you agree to with the Terms of Use.
You can cancel/revoke your certification, but IT NEVER CANCELS, it unactivates it? So your information will always be accessible as long as they’re in business.

Why would you want to give the whole world access to your identity/confidential info/financial info without anyone being responsible for some kind of protection to you?

Worst part for me, is its not completely the company itself, but you get points for knowing someone and TRUSTING them. So Joe Shmoe Pervert will most likely give points to Sam Perve and all their friends the same. So you see a high ranking of points and assume they are TRUSTWORTHY…right?! Unfortunately, to me the points don’t really represent anything.

Now if we lived in a Perfect, Trustworthy World…this concept might work, and you wouldn’t need the terms of use verbiage either. We don’t though.

Do you see where I’m headed?

If a company is so concerned about identities, the company needs to do a background check on people and build their own proven network. Not a bogus digital TRUST electronic signature.

The only electronic signature I’ve ever trusted was the one provided me by the IRS.
I barely trust them either. Decide for yourself.