Facebook Security & Privacy Checkup in 2018

Tom C’s Facebook Privacy Tune-up 2018

In this article, I will walk you through a Facebook privacy and security tune-up.  Setting your privacy settings correctly will go a long way towards preventing you and your friends from being attacked by people with malicious intent, being embarrassed personally and professionally, or shattering your image by a “friend” that associates you with something that casts you in a negative light to your friends and family.

This tune-up will focus on your privacy settings and control how much personal information you expose.

Privacy Settings & Tools

In a web browser, while logged into Facebook this link will get you to your Privacy settings: https://www.facebook.com/settings?tab=privacy&view

The recommended settings are shown below, and I will provide an explanation of each:

Who can see your future posts

Controls the audience that will see your future posts, e.g. when you type a new status. By setting to friends will result in only those that are currently in your “friends” list can see the post. Please note that if in the future you become no longer friends of someone, they would then lose the ability to see posts that are set to visibility to friends. Also, posts that are set as friends visibility cannot be shared outside of the people that are in your friends list. Thus, if you intend a post to be shareable, you need to set that post to public. You do not need to go into your settings to do this, as you can set the privacy of an individual post on that post. However, if you do this when posting a status, Facebook will make future posts also public.

Review all your posts and things you are tagged in

This is not a setting but gives you a way to quickly see things are tagged in. People have valid concerns about being tagged in things. You may have had it happen in the past where you were tagged in a post that goes against your beliefs or desires, or that you wouldn’t want to be associated from the eyes of your entire friends list and family. I will tell you how to avoid this completely in a little while when we look at security settings.

Limit The Audience for Old Posts on Your Timeline

This provides a quick way to immediately change all your past “public” posts to another privacy setting. It is helpful because you may have inadvertently made public posts over the years, and you just quickly want to remedy that. However, you may want some posts to remain “public”. You will have to either go through your public posts and cherry pick the ones you want to change, or use this feature and then go over all posts to revert the ones you want to remain public to “public“.

Who can send you friend requests?

This controls who can send you friend requests. Setting to everyone will allow anyone to send you friend requests. In 2018 that is no longer a good idea because of the spam friend requests. Changing this setting to friends of friends then people would only be able to request friendship if they are already friends with another friend. If you get a lot of nuisance friend requests, you might want to change this; but my recommendation is to leave it to everyone and don’t blindly accept all friend requests.

Who can see your friends list?

Very important because there is no valid need for letting everyone see your friends list in 2018. Why? Because this is how chain posts and fake friend requests happen — by one of your friends allowing their friend list to be publicly visible. That becomes a phone book for accounts to target.

Change this to Friends Only . If that is not possible, at least make a smaller group of your friends — call it whatever you like and add your most trusted friends — and let those friends see your friend list. But if you are in the practice of accepting friends that you have never met in person, or many acquaintances, then please tighten this up.

Who can look you up using the email you provided?

Don’t expose this to the world. You know all those marketing and scam emails you get? You don’t want those people to also be able to get your name and other information by plugging your email into Facebook!

Who can look you up using the phone number you provided?

Same as last entry, but for your phone number. Don’t expose this to the world. You know all those marketing and scam calls that you get? You don’t want those people to also be able to get your name and other information by plugging your phone number into Facebook!

Do you want search engines outside of Facebook to link to your profile?

This is important because this is where most phishing attacks begin. What is a phishing attack? Well, put simply phishing is an attempt by a person with malicious intent to gain access to your personal data so that they can then launch attacks against you. Attackers first need to find an account, then they visit your page to find what bits you have unknowingly exposed to the world. For example, you might have your kids names and photos on your page and exposed to public. Now they know enough to target your kids — or target you via your kids.

I will talk more about securing your personal data, but for now please set this to No. You do not want search engines to find your profile.  Yes, this makes it harder for people to find you — but if they don’t already have a way of contacting you to initiate a friendship, then why are you friending them? You have to stop the insanity at some point, so why not start now?

Now we are going to switch pages and look at “Timeline and Tagging Settings”

Timeline and Tagging Settings

In a web browser, while logged into Facebook this link will get you to your Timeline settings:https://www.facebook.com/settings?tab=timeline

I recommend the settings as shown below, and will explain:

Who can post on your timeline?

Setting this to friends allows friends to post to your timeline… any friend. And when any friend happens to become irate because something you posted or commented doesn’t align with their beliefs, they may come to your timeline and post something that is against yours. Or, someone you met in a bar once posts a photo of you dancing on the bar to your timeline. And these people make those posts public in view scope, so now your employer who probably already has your facebook profile address and monitors posts to ensure you are not casting the company in a negative light can see those posts.

“Uh, Bob, can you come into my office and bring everything in your desk with you? Some photos have surfaced….”

Oh my, why would you want to let anybody post to your timeline? Well, when it is your birthday, friends that can’t post to your timeline because you have that set to higher security than friends will find out real quick how much you don’t trust them.

But, there is a better way to protect yourself. Keep this set to friends but activate the review timeline posts setting, described in a short while.

Who can see what others post on your timeline?

This controls who can see what others post on your timeline. Assuming you have timeline review turned on, this really shouldn’t be necessary to change. But if you don’t want to turn timeline review on, and you want all your friends to be able to post to your timeline, this setting might be beneficial. I prefer to control what goes on the timeline to begin with, so I don’t have to worry about this setting.

Allow post sharing to stories?

Stories is a new concept and quite frankly one I have yet to embrace. This setting will control whether or not to allow others to take one of your public posts and share to their story — with your name attached. Note, it has to be a public post….. no one can expand the scope of viewability of any of your posts. I don’t see a problem with this, so long as you are mindful to post public posts when necessary and intended, and with the expectation that the post could become viral and become well known at your workplace.

Hide comments containing certain words from your timeline

This is not particularly useful. You can enter keywords that will hide comments containing those keywords to posts you make, but those comments won’t be blocked completely and your mutual friends would still see the comment.

A  better practice is to actively moderate comments made to your posts. Yes, you have a responsibility to do that — especially if your post os of a nature that is likely to draw controversy and opposing views. You can remove comments to your posts, and you really should do that if the comments are personally attacking others. At a minimum, you should call out attacking comments and warn. Taking the position of “I can’t control who comments to my posts and who that might offend”. Because you can control that.

Who can see posts you’re tagged in on your timeline?

This will allow you to control who can see things you are tagged in. This setting used to be important because it used to really be a problem of people tagging their friends to offensive or nonsense. The better way is to prevent that, and that is done with tagging review, which is coming up real soon.

When you’re tagged in a post, who do you want to add to the audience of the post if they can’t already see it?

This comes into play if you are tagged in a post (or photo) by a friend, but your other friends can’t see it. I see no issue with this, assuming you have the review feature enabled.

And now we finally get to talk about the review features!

Review posts you’re tagged in before the post appears on your timeline?

This is a great feature and highly recommended. If you turn this on, any posts to your timeline will not be visible to anyone until you review them. When someone posts to your timeline, you get notified and can review and on a per-post basis decide whether to allow it or not. If you allow it, then it becomes visible to the people who can see your posts (controlled through another setting discussed previously).

This setting solves the problem of someone posting to your timeline something offensive or something you do not wish to be associated with.

Review tags people add to your posts before the tags appear on Facebook?

This is similar to the previously discussed setting but applies to the situation of photos. To be honest, I am not seeing how this is much different than the previous one.

Personal Data Points On Your Profile About Page

Why Protecting Your Personal Data Is Important

You probably wouldn’t want anyone on the Internet to know what High School you went to, where you work, your date of birth, your home address, your cell phone number, your email address, your kids’ names, their dates of birth, your mothers maiden name, etc. because a malicious person armed with all these data points can hijack your identity really quickly.

So why do you expose those data points to the world via Facebook? Ok, maybe you don’t expose them all, but how many do you expose? Keep in mind, that even if all these things are exposed only to “friends” unless you are extremely selective in who you friend, you are putting yourself at great risk.

How To Review Security Of Your Profile

From Facebook, click your profile picture in the top bar to view your profile, then click the tab “About”.

You should see something like below. It shows the “overview” by default:

Go through each item from the list in the left: Work and Education, Places You’ve Lived, Contact and Basic Info, Family and Relationships, Details About You, and LIfe Events.

For every piece of personal data exposed, hover over that data point and you will see an icon pop up that shows the visibility scope. An icon that looks like a world means you are exposing that to the world, an icon that looks like a few heads means you are exposing it to your friends, and an icon that looks like a lock indicates you are exposing it to no one but you. The setting for that is literally Only Me.

You should not have anything exposed to the world. I expose my website because that is not harming. I don’t even list my true workplace so it can’t be breached or disclosed by accident.

Beware of Life Events = Over Sharing To The World

The default setting is for your “Life Events” to be shown to the world.  Think about this carefully, because if you create a life event to commemorate the day your child was born, and expose that proudly to the world, that life event then shows anyone the birth date, and most likely the child’s name, and what hospital, and the parents’ names, and the grandparents. Pretty much all the information a malicious person would need to impersonate your child, obtain a duplicate birth certificate, etc.

Always Presume Someone On Your Friends List Is A Bad Guy

Go through every data point and make sure the visibility is set properly, and in 2018 that doesn’t just mean not exposed to the world. It also means not exposed to your friends — unless by chance you practice extremely good practices when considering/vetting friend requests, and all of your friends have a valid need to know and can be trusted that they also don’t put You and your family at risk. 

Which leads to an important point which will be discussed next.

How Can My Facebook Friends Put Me At Risk?

If your Facebook friends do not practice what you do, and especially if they expose their friend list to the world, and they are publicly searchable. Now bad guys that find them also find you.

What happens next is that bad guy creates a fake profile and sends your friend a friend request, and also to you. You are smart enough to vet that request and ignore it. But your friend cares more about the number of friends they collect than their own privacy and yours, so they accept the friend request. This is why you never set any privacy or post settings to “friends of friends”, because if you then this bad guy can see your personal data.

App Permissions

The last component of our checkup is to review application permissions. You may recall over the years you have used Facebook to log into other sites or integrate with other services, like games and such.

To see what application s have access to your Facebook account, you can click this link: https://www.facebook.com/settings?tab=applications

Here you will see all the applications that are allowed to access your Facebook data. There are three tabs: “Active”, “Expired”, and “Removed”.

The apps in the active tab are apps that have access right now, and you should recognize and understand the validity of that app having access to your Facebook data. If not, remove the app. You do that by marking the app with a check, then press the “Remove” button.

I have checked “Ali Express” and “Yelp” apps because I do not want those apps to have access to my Facebook.

Facebook does automatically track and will expire apps that aren’t used in 90 days. But that does not remove the app but just terminates its access for future requests.  You should remove apps that you cannot justify having access to your data. If for some reason you don’t want to remove an app, you can click the app to see the specific permissions, and perhaps cut back the things it can see and do.

Now,  I have to talk about the risks you create when you visit one of those “What Celebrity Do I Look Like” sites.

Why Shouldn’t I Allow Apps I see My Friends Posting Results, Fortune Telling, etc?

Because those apps/sites first ask for access to your Facebook personal data and profile picture! Notice how the purpose of the site is one that requires your photo. Sites like “what will I look like in 50 years”, “what hair color is best for my face”, “do I look like Brittany Spears or Christina Aguilera” (Answer, no — neither).

While it is certainly possible that these sites are truly for entertainment purposes and your profile pic and data go nowhere,  that isn’t very likely.  It is more likely that the site really exists as a way for bad guys to get your photo and personal data.

What can a bad guy do with your photo and personal data? Well, pretty much anything. They can create a fake ID and make a copy of it, and mail it to Facebook, Gmail, Hotmail, etc. to “recover” your account. Of course, your account doesn’t need recovering, but they will do it to gain access and lock you out of the account in one swoop.

And you happen to use your Gmail account for the two-factor authentication and password recovery for your online banking? Guess what happens next. Oh, and you use Chrome for all your password storage and management? Guess what happens next?

Please, just don’t. And if you already did, go revoke that app/site so it cannot access your Facebook profile.

My Friends Use Those Stupid Apps, Can That Hurt Me? What Can I Do?

Yes. Your risk gets raised by having friends that use these apps. Anything that you expose to “friends” gets exposed to these sites/apps. If you have friends that do this, your best course of action is to put those friends in a group called “Acquaintances”, and then go into all your settings and set everything that was set to “friends” and change it to “Friends except Acquaintances”.

Authentication & Login Security

You should review your login & authentication options. You can use this link: https://www.facebook.com/settings?tab=security

I am not posting a screen cap for obvious reasons and instead will summarize the things you should have enabled and should not.

Choose friends to contact if you get locked out

I do not recommend to use this feature. Several years back this was a common way of gaining access to someone’s Facebook, because if you could get the person to accept as friends 3 bogus accounts which you control, then the attacker could “recover” your account by choosing those 3 friends.

I am sure this feature is much better, as it allows you to pick the 3 to 5 people, but still this just doesn’t seem smart or even necessary.

Where You’re Logged In

You should review this periodically — especially if you sense things are being sent to people from you but weren’t done by you. You can log out any sessions you don’t recognize. When in doubt, log the session out. If you have retired devices over the years, those are probably still allowed to login. You should remove them.

Change Password

Do this every few months. It isn’t as painful as you might think.

Log in with your profile picture

I do not recommend enabling this. If it is enabled, and you access Facebook from a compromised device, or a device you don’t control completely, your login could become compromised. As the saying goes, security and convenience are always competing…. you should err on the side of security.

Two-Factor Authentication

Highly recommend enabling this, and on any other service that provides two-factor auth. Two-factor authentication is simply an authentication that requires two things — something you know and something you have. Password only authentication is only one thing — something you know. If I can guess that one thing, I get in. But if you have two-factor auth turned on, I still can’t get in because I don’t have the 2nd thing — the thing you have.

Enabling two-factor authentication causes you to have to login with the username and password, and then Facebook sends you a code through SMS or Google Authenticator app, which you need to put in to complete the login process. This is when you access the service from a new PC or device, not every single time you use the service.

Two-factor auth should be used on all social media accounts becuase of the potential for damage to your image, name, reputation if your account gets compromised and control is lost. It will hurt you personally and professionally. You should also use two-factor authentication on any site or service that has access to your payment card information. Paypal, Amazon, etc. all offer two-factor authentication, as does your online banking.

Keep in mind that your mobile device becomes very important when it is the device that holds that second factor for login. This is why modern devices require biometrics. Possession of the device is not enough, because if it were device theft would be a much bigger problem.

With two-factor authentication, the bad guys can’t just steal your device to get into your online accounts — they have to also cut off your finger or pluck out an eye.

Get alerts about unrecognized logins

You should turn this on. It will send a notification to your mobile device, and to any web sessions, when a new device accesses your account. Since you have two-factor authentication enabled, that would mean someone was able to login completely. If it was you, you simply click the option “it was me”. If it wasn’t you, the first action you do is urgently logout all other sessions than the one you are on (through Facebook security settings as discussed above) and change the password. Do this quickly because if you can do that before they log you out and change the password, you will prevent the attack.

Other settings

The other settings on the Facebook Login and Security page are not terribly important and are self-explanatory.

What About Facebook Messenger? Should I Use It?

No. But if you do use it, please forward a link to this article to everyone in your contacts list.

What Should I Do Now?

Go do the same at all other social media sites, sites that contain your payment card information, the email you use as the “recovery” account for all other accounts, etc.

Get in the hait of reviewing all your security & privacy settings at least every 6 months.

Far Cry 5 Review by Tom C

Great game
UbiSoft has a lot of loyal customers but has made missteps in the past that upset millions. Specifically, the botched and severely bugged release and subsequent abandonment of Assassin’s Creed Unity left a lot of people feeling ripped off.
This release does not suffer the technical issues that tend to accompany AAA releases. I attribute that to the fact that the underlying gaming engine, Dunia 2, is now mature and battle-tested. In addition, the game does not raise the bar for hardware as much as you would expect with an AAA title. You won’t need to buy a new $400 video card to play this game with acceptable frame rates.
Now onto the content. I am loving it. We all knew that the game would be centered around a religious cult in a fictitious county in Montana and that the game would include in its plot some of the current controversial issues.
The world created does capture midwest in terms of wildlife, terrain, and culture. You can fish and hunt when you don’t feel like shooting it up against the evil cult. The only negative thing I can say is that I wish it was bigger. But you do feel like you have been transported to Montana. The visual artwork is spot on.
The music is simply a masterpiece and plays a big part in establishing the immersion that the game creates. It is Americana style music with a very folksy tone. But what really stands out are the hymns that are played in all the areas under the control of the cult. Very bone-chilling and they stick in your head and haunt you when you aren’t even playing.

Far Cry 5 provides access to helicopters and small aircraft. While that is a good thing, that is what makes the world seem too small and it is problematic to the plot. The smart thing to do, as soon as you get your hands on an aircraft, would be to fly out and go get back up and the full force of the federal law enforcement. I was curious to know how they made doing that impossible and wove it into the plot, but they didn’t.  When you fly near the bounds of the world, you can see the edge and if you fly over it, the game just respawns you. This aspect of the game needed better handling.

In terms of gameplay and mechanics, it is a Far Cry title so you do exactly what you would expect. You have to take down cult outposts, one-by-one, destroy their resources, and complete missions.

Multiplayer, although I haven’t yet tested it, is very good. In multiplayer mode, you can play with a friend and do the campaign and missions cooperatively.  There is not a smaller set of missions that are for multiplayer, like in so many titles. Really nice.

Multiplayer also has a player-versus-player (PvP) mode where teams of six battle it out in Far Cry 5 Arcade. You find the arcade machines through the Far Cry 5 world, and when you interact with them it takes you to “Arcade” mode where PvP exists and create custom maps. But Far Cry 5 Arcade mode takes you out of the world of the campaign.

Many reviewers are not impressed with the handling of the controversial points., and specifically say that Far Cry 5 fails to “say anything” about the things going on in our country right now. I don’t agree. I think it says a lot that the game was even set in the US and that it is imaginable that this could actually happen. But UbiSoft has stated their position was to have no political message. If you are looking for one, you might be disappointed. I’m not sure we should be looking to video games to make political messages.

I was surprised that the fictitious cult is not created in a denominational agnostic way, in order to avoid alienating specific followers of a specific religion, but they did make the cult label themselves as Baptists. But let us not forget that the real-life Westboro Baptist Church also considers themselves Christians and believes they are carrying out God’s work.

For whatever reason, UbiSoft decided to include microtransactions. You can use real money in their store to buy silver bars in the game which can be used to get access to weapons and such without having to earn through the game missions. Completely optional and harmless, but still I wonder why. It just makes the game look greedy and nickel and dimey.

As I said before the immersion is deep and the tone and themes are haunting. There are some disturbing visuals throughout the game that really drives this home.

Bottom line: Highly Recommended

Windows Hello – Biometric Login

With the latest Windows 10 update you can now login to your PC with biometrics, using either fingerprint or facial recognition. In Why would you want to do this and what should you be concerned about?

First, to address any concerns about putting your fingerprint on a device, fingerprint scanners and login systems do not store an image of your fingerprint. What happens is a sensor reads the tiny bumps and valleys and computes a mathematical formula based on those bumps. The mathematical formula is called a “hash”, and a hash is simply computing a big number for some object, such that no two objects will result in the same hash, and the hash function is one way. What this means is that even if someone were to get ahold of the hash of your fingerprint, they cannot work backwards from that has and construct your fingerprint.   Lastly, the fingerprint hash is unique to the system you are logging into, so someone can’t grab your fingerprint hash from your PC and use it to log into your phone.

Why would you want to use biometrics? Because it offers convenience, because you don’t have to type a password to login, and because no one can guess your password or brute force hack like they can with password.

Which is better — fingerprint or facial recognition? The answer really depends on the facial recognition scanner. Some facial recognition systems have been fooled by using a picture of the person’s face.  This is not good when you consider your picture is likely available to anyone via facebook — which incidentally is one reason you should not make your profile picture a close-up of your face showing great detail and especially your eyes. This is also why you shouldn’t visit those sites that analyze your face and tell you which celebrity you most resemble — because it is bullshit and also because those sites are gathering facial scans. Face it, you don’t look like Brad Pitt and the site you let scan your face to tell you that is going to sell your face scan.

Fingerprint login has been fooled in some rare cases, but in general you can be assured someone isn’t going to be able to login to your PC using a beer mug you touched, or a picture of your finger. However, as we see in plenty of video games and movies, if the information you are securing with your fingerprint is wanted that badly, all they have to do is cut your finger off to get access. Incidentally, this is another reason to not prefer facial recognition — you can live without a finger but not without a head.

You don’t have to buy a new PC to get biometric login with Windows 10. For under $20 you can buy a usb dongle that plugs in and you are up and running. Just make sure the fingerprint scanner you buy is designed for and compatible with windows hello.

If you want to go the facial recognition route, unfortunately your existing webcam has very little chance of being a windows hello compatible device. If you were going to buy a new one anyways, then I suppose this might be a good way to go.

Beyond simply logging in, you can look forward to windows hello being able to integrate with applications and sites in the near future. This is where the real benefits will kick in, when you can set gmail to require fingerprint login., or your online banking.

For extremely sensitive information or system access, you wouldn’t want to change from password to biometrics. Better would be to require both. This is called two-factor authentication, and is the best way of controlling access because in order to get in the individual needs something they have (the finger) as well as something they know (the password or pin code).

Two-factor authentication is available on a lot of sites today, but it is not convenient because you have to put in a  password, then check your phone for a text message with the code, and then enter that.  With biometrics, two-factor authentication becomes a lot simpler and convenient, and therefore people will adopt it.

Chat Transcript With a Game “Key” Reseller That Sold Me A Tainted Key

Below is the chat log of my discussion with a third-party PC game “key” re-seller, after a key sold from them was invalidated by the game publisher and the ability to play was terminated. This is how I chose to handle a key reseller that obviously sold a key they were not legally entitled to sell and ended up getting banned, knowing full well they would try to blame the game publisher and point me to them for recourse.

You’d be suprised how many people get suckered into such a scam, and then allow the retailer to give them the run around, refuse to refund, etc.


I have redacted the representative’s name and replaced with “Customer Service Rep”, and the company name is replaced with “<Company Name>”.

Customer Service Rep:
Customer support
Chat started
Thomas Carlisle
The game key I procured through your site has been banned by the manufacturer (Ubisoft), and I am sure this has to do with that the key was not properly procured from the manufacturer. Who can help me by issuing an immediate refund? Thank you, Tom Carlisle

Customer Service Rep joined the chat

Customer Service Rep:

” I am sure this has to do with that the key was not properly procured from the manufacturer” ?

have you heard this from them regarding your particular key?

All our keys are purchased from suppliers who have been operating in the gaming industry for many years

Thomas Carlisle:
What I mean by that, is your company has most likey sold me a key which was not rightfully GDK’s code to resell. Yes, I heard from them, in that my game has been removed from by account and when I try to re-autorize the code I am told it is banned.

Respectfully, GDK needs to refund me and work out your issue with Ubisoft.
Customer Service Rep:
Thats true, we will indeed be following up on this issue with Ubisoft. We have all your order details so we do not require any further information from you

We will be in touch as soon as we are able to

I am creating a new ticket from this chat transcript under your name

Thomas Carlisle:
No, I want the refund so I can procure through Ubisoft now.

Customer Service Rep:
Im afraid that is not possible

Thomas Carlisle:
I am not looking for delays. Unlless this issue can be resolved within the next few hgours.

Customer Service Rep:
surely you understand that we cant just process instant refunds without investigating claims

Thomas Carlisle
IF there is nothing you can do, expect that my extremely popular blog site will have articles detailing this issue to warn other consumers, and I will find where your legal entity is and file a claim in small claims. Is $30 really worth it?

Customer Service Rep:
no it isnt worth it at all

And I dont really see why that would be necessary

I’m trying to explain to you that this issue will be handles with the utmost urgency

Thomas Carlisle:
I’ve offered to give you a few hours to get to the bottom of it. That is more than enough time for someone at <Company Name>  to contact Ubisoft and fix it. BUt I am not really comfortable that this will be resolved.

Customer Service Rep:
but as with most businesses refunds cannot be processed without due investigation on our part as

time in usa
Thomas Carlisle:
If <Company Name> rightfully owned the code to resell, it should take a phone call to Ubisoft. I am sure Ubisoft has procedures in place not to cut off paying customers through authorized resellers.

Customer Service Rep:
Its a little unfair to ourselves to be threatening us with all sorts of public blog threats and such

but as you say it isnt worth it

Thomas Carlisle:
You can investigate and get back to me, but we both know that isn’t likely going to happen. I am not going to spend the next several days waiting for this to get sorted out.

Customer Service Rep:
we are a small company who trust our large suppliers with their end of sourcing stock and such responsibilities

We will follow the whole issue up with them

Thomas Carlisle:
Being in your type of business, you must understand that when an issue like this happens to your customers, it doesn’t look good. If <Company Name> is doing legit business, you should have procedures in place to handle this type of situation.

Customer Service Rep:
We would have appreciated a chance to actually investigate this as we’ve not had this complaint from anyone but nevermind. I’ll send your request to the person incharge of refunds immediately

It should all be sorted within half an hour at the most

If you paid by Paypal you’ll get email confirmation when it is sorted

Thomas Carlisle:
Payment was through moneybookers, as that is where the site took me to pay.

Customer Service Rep:
We are no longer with Skrill and are processing all payments solely Paypal at the moment. Do you have a Paypal account we can refund to instead?

We’re in the process of moving card processor to Nochex

Thomas Carlisle:
Was moneybookers being used on 12/29? The reason I ask is perhaps I ended up at a site masquerading as <Company Name>? DO you show and order number #### to me?

Meant to type “do you see an order #####”

Customer Service Rep:
Yes that definitely looks like an order number from our store. We’ve only switched from Skrill/Moneybookers this month

Thomas Carlisle:
OK, then at least it is the right place. I am sorry if <Company Name> is in legit business, but you must realize many discount game key sellers are not legit. So this type of issue really raises brow. If you can get Ubisoft to activate the key promptly, that woudl be a good resolution. If not, then yes I’d like to refund.

Customer Service Rep:
Not to worry, I can understand your concern

As I said we’re more than happy to send you the refund if you can let us know how best to do so

Thomas Carlisle:
I do have a paypal account. What do you need, the account number?

Customer Service Rep:
We are a UK based business so seeing as it is after 11pm here, such issues as contacting Ubisoft would be handled by the morning staff

Just your paypal email

Thomas Carlisle:
The paypal is linked to ##############

Customer Service Rep:
thanks, i’ll be right back


All done

Please check your Paypal and confirm

Thomas Carlisle:
Yes, thank you for making this right. Your company should follow-up with Ubisoft and find out why your key got banned. If <Company Name> is not considered authorized by Ubisoft you will see a lot of these

Customer Service Rep:
Yes we will most certainly be doing so first thing in the morning
Thomas Carlisle
Have a good week end