Credit.com Chairman and Co-Founder, Adam Levin, was astonished when he learned of Blippy.com, the social networking Web site that allows people to share every purchase they make in real time.

Privacy experts saw the site as yet another disaster in the making in an age of too-much-information. But early adopters embraced it, praising it as a way to share great deals, new products and open up the floor for discussions on spending habits. After all, only users purchase items, price and merchant name would be shared, not sensitive financial data, like credit card numbers.

Then last month, Blippy announced that a technical glitch had exposed "raw data" (which included credit card numbers and purchase details), and Google indexed it, making users' sensitive information available through a search.

This event didn't surprise Levin, who is also the Chairman and Co-Founder of Identity Theft 911, an identity theft resolution and management company. This week, he discusses with Credit.com the perils of oversharing and why the Internet isn't the safe haven that many users mistake it for.

In related news, Identity Theft 911 recently conducted a poll that found that social network users of all ages posted information that can leave them vulnerable to identity theft: 59.6% posted their date of birth; 21% posted their address; 18% posted their travel time; 10.9% posted their mother's maiden name.

Here’s a sobering statistic: 285,000 Facebook users in the United States are going to die this year. But that’s not because Facebook is deadly (at least not in most instances). Rather, it’s an indication of just how many of Facebook users there are -- over 100 million in the US alone.

What happens when a Facebook user dies? Well, if a relative mails in the proper documentation to Facebook, the page can be changed to “Memorial Status.” Other popular Web sites have different policies. When a PayPal, Gmail, Flicker, or online bank account user dies, their accounts usually end up in limbo, until a legally-recognized representative can convince the online companies (who often have little in the way of customer service) to reveal the password of the deceased person’s account. It can be a difficult, time-consuming ordeal for a relative to gain access to a deceased person’s accounts.

I started thinking about my own digital assets after I experienced a water-damage mishap with a bunch of important paper documents I’d been storing in a plastic bin (see my story here). I have a lot of online accounts that are important to my family -- banking, investment, credit cards, photos, mortgage, etc. -- but I am the only person who knows the account numbers and passwords. If something happens to me, my wife will have a real financial mess to deal with.

I ended up taking the time to write down the usernames and passwords for every online account I have and putting this piece of paper in a safe deposit box. I feel pretty good about this solution. A week or two after I did this, I learned about an online service called Entrustet that improves on my solution. The basic service is free and allows users to list all their blog, photo, e-mail, PayPal, Web domain, banking, and other accounts, and assign them to different heirs. An Entrustet user designates one executor who is responsible for mailing the user’s death certificate to Entrustet, after which the usernames and passwords will get forwarded to the rightful heirs.

Entrustet, which is still in the public beta phase, was started in November 2008 by two University of Wisconsin undergrads named Jesse Davis (age 23) and Nathan Lustig (24). Davis told me he got the idea for Entrustet while reading The World is Flat, by Thomas Friedman. In the book, Friedman writes about a US Marine named Justin Ellsworth who died in Iraq. His parents asked Yahoo! for access to their son’s e-mail account so they could keep his correspondence as a way to remember him, but Yahoo! said it was against policy to give out passwords of users -- even deceased ones -- to anyone other than the account holder.

Ellsworth’s parents hired a lawyer and eventually got a court order to force Yahoo! to turn over the password. Davis said he stopped reading the book at that point and has pretty much devoted his life to creating Entrustet with his friend and business partner, Nathan Lustig, ever since.

Since Davis and Lustig are neither programmers nor lawyers, they partnered with a software firm to develop the site and a law firm to make sure everything follows estate laws.

I asked the founders about security because I’m concerned about sharing my banking passwords with a third party. Davis and Lustig said they brought in an independent security company to ensure that the records would be safe. They claim that the level of encryption Entrustet uses is more secure than the kind used by online banks. A deceased user’s encryption key is released only after the user’s executor sends in the death certificate and Entrustet follows up by contacting the records office to verify the validity of the certificate.

I asked Davis and Lustig what would happen if Entrustet went out of business. They said that it costs very little to run the business, and that they have set aside cash for the express purpose of running the servers for two to three years so that users have time to migrate to another service.

Entrustet’s basic offering “Account Guardian” is free and covers everything described above. For an additional fee, Entrustet has premium features that will be available in the coming months, such as an “Account Incinerator” that will, on confirmation of the subscriber’s death, wipe out accounts the user wouldn’t want anyone to know about. Another premium service, “Digital Heirlooms,” is the “online equivalent of an old trunk” that you can fill with photos, videos, and other digital files to share with designated heirs.

Unless my situation changes, I'm not sure Entrustet is something I really need. My wife is the sole executor and heir of all my possessions (both physical and digital), and I don’t care if she finds out my passwords while I’m still alive, so I don’t really need everything Entrustet has to offer. But for anyone whose situation involves multiple heirs, or who wishes to keep their usernames and passwords a secret until after death, Entrustet could be a great solution.

Mark Frauenfelder – Editor-in-chief of MAKE magazine and the founder of the popular Boing Boing weblog, Mark was an editor at Wired from 1993-1998 and is the founding editor of Wired Online.

"Scare tactics," "over-promised benefits," "deceptive advertising," "didn't deliver," "vulnerable to attacks," "false claims..." These are the terms used by the Federal Trade Commission to describe LifeLock's marketing campaigns and its service. And in an article published by IDG News Service, Lisa Madigan, Illinois' Attorney General, cautions consumers, "Don't be scared into spending your hard-earned money... This is the typical tactic of a scam artist." As a result, LifeLock will be paying $12 million to settle a lawsuit brought by the FTC and the attorneys general of 35 states.

?Settlements such as this generally are agreed to when the defendant (a) doesn’t believe it can win in court and/or (b) wants to control its downside financial risk and avoid spending potentially millions more defending a major lawsuit while being distracted from normal business operations. Still, according to Jean Noonan, a partner with Hudson Cook, LLP and former FTC senior executive, "$12 million is a lot to settle a deceptive advertising case."  This means that LifeLock and its co-defendants, company founder Robert J. Maynard, Jr., and CEO Todd Davis, could have spent more if they chose to defend the lawsuit, go to trial, and possibly lose at trial.

??Some of the issues the FTC had with LifeLock were the scare tactics used in its marketing to attract new customers and the use of a guarantee provided by the company in its advertising. The FTC seems especially sensitive (thankfully) to guarantees, as this is the second significant enforcement action that was caused, in part, to over-guaranteeing service results. In 2008, the FTC shut down over 30 credit repair agencies for overstating the potential results for using their services.  

??Additionally Todd Davis, famous for parading his Social Security Number on the side of a truck through the streets, has himself been a victim of identity theft, after the disclosure of his Social Security Number. The fact that you have an identity means you are a target and, while you can mitigate your risk of becoming a victim, there's nothing you can do to guarantee that you will not become a victim. Protecting your personal information, destroying sensitive documents, and being diligent with your credit reports and credit card and bank statements is generally considered a better way to minimize your risk. The judgment therefore severely restricts the kinds of representations LifeLock can make in the marketing and sale of its products and services. It also requires LifeLock to implement a comprehensive information security program to properly safeguard information about its customers both in its own possession and in the possession of its service providers.

??This isn't LifeLock's first high-profile settlement. Experian, one of the credit reporting agencies, sued LifeLock in 2008 for violating the Fair Credit Reporting Act (FCRA) and California law by impermissibly placing fraud alerts on credit files on behalf of consumers. That case was settled in late 2009. Many consumer advocates believe that LifeLock, by placing tens of thousands of fraud alerts on credit files where there was no fraudulent activity, would water down the value of fraud alerts placed by consumers who were actually victims of fraud.??

According to Adam Levin, Chairman of Arizona-based Identify Theft 911, an identity management and identity theft remediation and resolution service provider, "This settlement sends a message that is loud, clear, and completely appropriate. Further, with a crime as dangerous and life-changing as identity theft, there is no room for spin." In this case the "spin" was awfully expensive.

John Ulzheimer – Credit scoring and credit reporting expert and author, John is the President of Consumer Education for Credit.com. Formerly with Equifax and Fair Isaac, John shares his unique insight of the inner workings of credit scoring models and the credit reporting industry on CreditBloggers.com.

Our sister company, Identity Theft 911, puts out a terrific newsletter covering current events in areas of  identity theft, privacy, and data security. In this month's issue, there are some great tips for protecting yourself while shopping online. One important card-related tip:

Use credit cards for online purchases, not debit

cards. That’s because debit cards automatically

deduct money from your bank account. Try to use

cards with low credit limits to minimize the damage

in case someone steals your information to take over

the account. Or, use a “one-time” credit card number

from payment processors such as PayPal.

Read the rest in "The Holiday Give-and-Take", Identity Theft 911's Nov/Dec newsletter (.pdf file).