Here we go again. As we’ve been writing here and elsewhere for years, PayPal also assumes that you’re an 3vi1 h4X0r if you protect yourself from ID theft and other data crimes using COTS encryption. Every time I’ve used my PayPal account over the past two years, using my ID protection, this is the email that comes in — like clockwork — within a few hours:
Hello Michael Silverton,
As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue regarding your account.
We have reason to believe that your account was accessed by a third party. We have limited access to sensitive PayPal account features in case your account has been accessed by an unauthorized third party. We understand that having limited access can be an inconvenience, but protecting your account is our primary concern.
Case ID Number: PP-aaa-bbb-nnn
For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause.
To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Center. If, after reviewing your account information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Center and clicking “Contact Us”.
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
Thanks,
PayPal Account Review Department
Please do not reply to this email. This mailbox is not monitored and you
will not receive a response. For assistance, log in to your PayPal account
and click the Help link in the top right corner of any PayPal page.
PayPal Email ID PPxxx
Right. “We noticed an issue.” Who writes this dreck? I’ve tried a hundred times to ask PayPal to specify the “issue” and they never do. I’ve volunteered PGP keys; asked to added to a whitelist of anonymizer users; I’m willing to go along with Strong Authentication; but PayPal, Google, and others simply are not willing to support User Managed Encryption in any meaningful way.
If I turn off my ID protection before I go to the PayPal site, then this doesn’t happen. I’ve repeated and confirmed this a dozen times, at least.
So add PayPal to the list of enemies of encryption, and specifically, to the list of enemies of Anonymizer’s commercial ID protection.
Finally, if you’re reading this, please don’t waste your time trying to “explain” to me why this happens. I know exactly why it happens: BIG COMPANIES ARE LAZY CHEAPSKATES. Bloated companies don’t want to support public key encryption, because it’s easier and cheaper to just call all protected traffic “suspect” and ignore legitimate users. Clueful users are such a small proportion of the population that they can safely ignore us; so they do just that.
