USER FAQ
What is this site?
Why should I use this site?
Tell me more about this "WalletID?"
Why does the WalletID/WallyID have to be so long?
How can I have greater control over who can use my WallyID?
I have to create yet ANOTHER online profile?
Can I trust you with my data?
Is it 100% Secure?
How do you make your money?
Did you have to use "cloud" in your domain name?
What is this site?
I've moved 8 times, covering 1000's of miles, in the last 6 years. As I resettled each time I realized it was getting harder to keep the many organizations I had to interact with up to date with where I was. A big part of that reason was as my life became more intertwined with the internet, the number of "vendors" started stretching behind me like the Cherokee Trail of Tears.
So this site is meant to allow you as a "User", to fill out up to 5 online registration forms per account, containing some or all of your current contact information. The Registration forms, are linked to a key called a MyCloudWallet Identifier (WalletID or WallyID). The WalletID is a text phrase you create and give out to mycloudwallet.com approved online Retailers, mailers, sites, forums, etc who are vendors or partners of this site. They will then be able to use that wallyid to check against this site in real time for your current information you stored here "in the cloud" versus you having to maintain that information separately on those vendor's sites individually. In short, when your email/address/name/phone number/social networking info/ etc. changes you will have only one place to change it.
NOTE: Although the site is currently intended for those within any of the 50 states of the U.S.A., I would like to expand to other countries if there is a demand for it. Post in the Forums and let your voice be heard.
Back to Top
Why should I use this site?
1. Convenience. It will allow you as a consumer or user to change your information only one time for those vendors who you have given your WalletID to.
2. Security. It will help protect you against internet bad guys as they try to take what belongs to you, by allowing Vendors to check against my site as a neutral third party to warn you a change is being attempted.
3. Ease. Make it easier to interact with new Vendors so you can leverage more sources to get what you need.
Back to Top
Tell me more about this "WalletID"
As mentioned above when creating your profile you will pick a WalletID, by typing an unused phrase into the "WalletID" text box within the particular registration form. You will then give it out to participating vendors who you want to know some combination of your name/address/email/phone number, such as Amazon, buy.com, eBay, etc. (he said with hope). They will then be able to check if the address changes without you having to login and update it in a million places, one by one. The WallyID is a 20 to 120 character phrase you will create, some examples would include a song lyric, poem, famous quote, personal saying, etc
- I love to vacation at the beach!
- Our family is special 4_ever
- I went to Millersville University in 1995
- My Email only wallyid
- To be or not to be that is the question
- Fortune favors the bold
- Somewhere over the rainbow way up high
For web application security reasons, it can ONLY contain one or more of the following character classes: upper/lower case letters [A-Za-z], numbers [0-9], spaces [ ], underscores [_], and exclamation points [!]. The registration form will validate your input on submittal and let you know if it contains invalid characters. You'll have to trust me, these restrictions are REALLY important for protecting your data. There are character restrictions for the other fields as well, please read the form field descriptions and any error messages once the form is submitted.
Back to Top
Why does the WalletID/WallyID have to be so long?
Short answer, you should forget everything you've probably ever heard about passwords. You know the "at least 8 characters, mixture of upper, lower, numbers, etc" That's so early 90's, which is a lifetime for the internet. There are two main ways to compose a password that makes it harder to bypass; length and complexity. And despite what you may have heard before length is the best way to secure your valuables. Length also makes it EASIER to remember for the human, as long as you think of it as a passphrase not a password. Don't be afraid to put spaces and punctuation in your passwords and the longer the better. If any site doesn't allow you use a phrase instead of a password, by setting an unreasonable maximum length to the password (anything under 50 characters in my opinion), they are doing you a disservice. Write them and tell them they need to recode their app so you can provide yourself with the security you need when you give them whatever information they are asking for.
Back to Top
How can I have greater control over who can use my WallyID?
It's common practice to have a SPAM or fake email address that you use for unwanted forced online registration and one you give out to only those you fully trust. Since you can create up to 5 WalletID's per account I'd highly recommend at least having a SPAM WallyID and a legit WallyID, the same you'd do with email addresses. As well as, wallyids that contain only your social network contact info, your email addresses, or one that contains all your info combined. You can also mark your account as "private" which will cause anyone requesting it to receive "Marked as Private" with only the last date modified. Another option is to save the form as a draft, as drafts will not be displayed to vendors. Just remember to change it when you move or sign up to a new online profile.
Future plans of mine would include allowing users to see who's been successfully and unsuccessfully requesting their WalletID. As well as an area to check off who has the right to see your data even if they know one of your WallyID's and you are marked as public. This type of promised future functionality is also known as vaporware : But again, that's if this site gets past anyone besides me and my wife knowing about it. I've created a post in the forums where I'm keeping a record of all my future functionality plans. Forum Welcome Message
Back to Top
I have to create yet ANOTHER online profile?
Yes unfortunately, I apologize for that and I know it's frustrating but at this time it's the best and easiest way I have at controlling access to your data. As I write this you also have to register for the forums as I have not gotten phpBB to authenticate against the Drupal user DB. In the future I plan to allow an option to authenticate to MyCloudWallet.com by using your wallyid and a SMS text message sent to your cell phone, (aka. more vaporware) at this point that would be too "time expensive" to create when I don't know if anyone will even use this site, as I write this in early 2011. )
Back to Top
Can I trust you with my data?
Well that's up to you, however, I will NEVER EVER sell or give any of this information to ANYONE beyond the participating vendors who know your WallyIDs. Obviously neither you or I have any control over what the vendor does with the data once it is successfully requested. They would most likely cache it in case there are troubles reaching my site, which is understandable. Concerns around how the vendor stores the data should be directed at them, however I can say my security considerations are number one priority, above any functionality beyond what is absolutely necessary. I lay out my principals below.
Back to Top
Is it 100% Secure?
In a word No, nothing is 100% secure and useful at the same time. The creator (me) has 10+ years working in the info sec field, however, I will be the first to admit I'm not an expert everyone of the following categories, managing web application security, coding, DB security, and Web server OS/application security. But, who is all that? In enterprises there are whole teams dedicated to each of those areas. My background is more enterprise infrastructure and network security defense, however with that being said I will promise to you the user information security concerns have been considered from the very beginnings of this site/application, because building in security from the beginning is the only way to have a chance at effectively securing a process, gluing it on afterwards usually doesn't work that well for the customers. No site can maintain 100% secure posture all of the time no matter how good/experienced the Adminstrators are running it. I'm using this site as a learning experience but also am taking it very seriously. I can promise to run this site by these principals...
1. Hold security above functionality in all decisions as a starting point. If users or vendors need functionality that I am restricting I will certainly consider it but the ultimate decision has to be a balance between security and functionality that a reasonably paranoid person, like me, can accept.
2. Provide this site and its functionality using as few software/hardware pieces as possible because the smaller your footprint the less the attack surface area. When in doubt, turn it off.
3. Keep up to date on the many layers of software updates and security fixes as quickly as possible. I have a full time job (see next FAQ section) but will make every effort to learn about vulnerabilities, misconfigurations, and apply updates and workarounds as soon as I can.
4. I will keep user's privacy and confidentiality at the forefront. I assure you I will trash the whole site rather then become a data mine for the unscrupulous.
While your address and contact information isn't exactly considered top secret sensitive information (anyone remember the phone book?) in conjunction with other personal information such as your birth date, Credit Card information or Social Security number, your contact info is part of the ammunition internet bad guys use to do what they do best; take your money! Ultimately it is up to you to steward your own data, and decide if you want to trust me and this site.
Back to Top
How do you make your money?
I don't, at least not with this site. I have a normal full-time IT security job that pays the bills. The good news is for you as a user is, it's free to create as many accounts as you want! If I manage to actually make it useful maybe I'll start advertising and allow donations, or something. This is all a big experiment with no other goal than to learn more about the LAMP web server architecture while creating and administering a real web application, so we'll see how it goes. I will put a page up detailing my income/expenses Expenses Link just so there's no doubt about my motivations and/or outcomes. Unfortunately server hosting is not cheap when you run a web app like this, and have even a modest amount of users.
Back to Top
Did you have to use "cloud" in your domain name?
I hear you, I deserve several minus internets for that one. Many in the IT community dislike what they see as hype around a new buzz word, and love to passionately post in comment sections how not new and bad the cloud can be. I take a milder approach, and think of it as remote storage. Hotmail back when it debuted in July 1996 was and is essentially "in the cloud" so I can relate to the backlash from some. But more to the point I chose cloud to be part of my domain name mainly because it communicates what this service is, succinctly as possible. This service is targeted at a large audience who will not be very internet savvy and everyone and their brother are preaching what the cloud is, including Apple, Google, Microsoft, etc. So I figure I shouldn't fight that rising tide...