TrustedForm Data Security
We're serious about data security at ActiveProspect.
We regularly review our practices and decisions to ensure we strike the proper balance of securing the data entrusted to us while providing the functionality that you rely on as a customer. ActiveProspect developed a system that hides each TrustedForm Certificate from the public. This includes automated systems such as search engines, while making it readily available to the appropriate parties (those with access to the associated lead data).
How We Do This
During the standard claim period (72 hours, beginning at the time the certificate is issued), we provide a unique URL for every generated certificate, where it can be reviewed by anyone who knows the link. During this time, TrustedForm credentials are not required to review a TrustedForm Certificate. To ensure that certificates can't be found by an unauthorized person or malicious party, we use SHA1, a cryptographic hash function, to generate a unique URL for each and every certificate. Each URL contains a unique 40+ character hexadecimal string. This makes the chances of guessing a TrustedForm Certificate URL effectively impossible. The level of effort required to try to break into our system far outweighs what little data they could possibly gather. Since there is a unique certificate for each individual lead record, discovering a certificate only potentially reveals data from a single lead.
To illustrate this point, let's say that a party bent on stealing data decides to implement a brute force attack to guess a certificate URL in order to harvest the data captured on a form for a single lead. The combination of the massive number of possible permutations of certificate URLs with the short window of time they are accessible (72 hours), effectively makes this an impossible task. The probability of guessing a valid certificate address during the 72 hours that the URL is available is 0.0000000000000000000000000001530044%*. Furthermore, this probability is unrealistically high because it assumes they would be able to run a massive number of checks against our system undetected, even though that would act like a DDoS attack on our servers.
Then, they would have to start all over to find a second one.
*If you’re interested, here is the math behind those odds:
- The certificate URL includes a unique string comprised of 40+ hexadecimal characters, so in that three day window, they’d have to check 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 combinations (16^40: there are 16 valid hex characters and a total of 40 characters in that string).
- We're also assuming that they run an astronomical number of checks against our system (1M a second), and for the sake of argument, that they don't trip any of our monitoring alarms, causing us to block them, they would make 259.2M checks over three days. (86,400 seconds in a day * 3 days * 1M)
- We generate over 8.6 million certs in three days, so if all of this came together, the probability that they would accurately guess just one certificate URL while it is available is 0.000000000000000000000000000001530044.
- They would then need to start over. And it entirely possible that we create a URL with a unique ID that they've previously checked and found to be invalid, so they could never reduce their test set by discarding IDs that were previously invalid.