How to decrypt WhatsApp end-to-end media files - Security Boulevard

How to decrypt WhatsApp end-to-end media files - Security Boulevard

How to decrypt WhatsApp end-to-end media files - Security Boulevard

Posted: 28 Jan 2020 03:59 PM PST

At the center of the "Saudis hacked Bezos" story is a mysterious video file investigators couldn't decrypt, sent by Saudi Crown Prince MBS to Bezos via WhatsApp. In this blog post, I show how to decrypt it. Once decrypted, we'll either have a smoking gun proving the Saudi's guilt, or exoneration showing that nothing in the report implicated the Saudis. I show how everyone can replicate this on their own iPhones.

The steps are simple:

  • backup the phone to your computer (macOS or Windows), using one of many freely available tools, such as Apple's own iTunes app
  • extract the database containing WhatsApp messages from that backup, using one of many freely available tools, or just hunt for the specific file yourself
  • grab the .enc file and decryption key from that database, using one of many freely available SQL tools
  • decrypt the video, using a tool I just created on GitHub
End-to-end encrypted downloader
The FTI report says that within hours of receiving a suspicious video that Bezos's iPhone began behaving strangely. The report says:

…analysis revealed that the suspect video had been delivered via an encrypted downloader host on WhatsApp's media server. Due to WhatsApp's end-to-end encryption, the contents of the downloader cannot be practically determined. 

The phrase "encrypted downloader" is not a technical term but something the investigators invented. It sounds like a term we use in malware/viruses, where a first stage downloads later stages using encryption. But that's not what happened here.
Instead, the file in question is simply the video itself, encrypted, with a few extra bytes due to encryption overhead (10 bytes of checksum at the start, up to 15 bytes of padding at the end).
Now let's talk about "end-to-end encryption". This only means that those in middle can't decrypt the file, not even WhatsApp's servers. But those on the ends can — and that's what we have here, one of the ends. Bezos can upgrade his old iPhone X to a new iPhone XS by backing up the old phone and restoring onto the new phone and still decrypt the video. That means the decryption key is somewhere in the backup.

Specifically, the decryption key is in the file named 7c7fba66680ef796b916b067077cc246adacf01d in the backup, in the table named ZWAMDIAITEM, as the first protobuf field in the field named ZMEDIAKEY. These details are explained below.

WhatsApp end-to-end encryption of video
Let's discuss how videos are transmitted using text messages.
We'll start with SMS, the old messaging system built into the phone system that predates modern apps. It can only send short text messages of a few hundred bytes at a time. These messages are too small to hold a complete video many megabytes in size. They are sent through the phone system itself, not via the Internet.
When you send a video via SMS what happens is that the video is uploaded to the phone company's servers via HTTP. Then, a text message is sent with a URL link to the video. When the recipient gets the message, their phone downloads the video from the URL. The text messages going through the phone system just contain the URL, an Internet connection is used to transfer the video.
This happens transparently to the user. The user just sees the video and not the URL. They'll only notice a difference when using ancient 2G mobile phones that can get the SMS messages but which can't actually connect to the Internet.
A similar thing happens with WhatsApp, only with encryption added.

The sender first encrypts the video, with a randomly generated key, before uploading via HTTP to WhatsApp's servers. This means that WhatsApp can't decrypt the files on their servers.

The sender then sends a message containing the URL and the decryption key to the recipient. This message is encrypted end-to-end, so again, WhatsApp itself cannot decrypt the contents of the message.

The recipient downloads the video from WhatsApp's server, then decrypts it with the encryption key.

Here's an example. A friend sent me a video via WhatsApp:

All the messages are sent using end-to-end encryption for this session. As described above, the video itself is not sent as a message, only the URL and a key. These are:
mediakey = TKgNZsaEAvtTzNEgfDqd5UAdmnBNUcJtN7mxMKunAPw=
These are the real values from the above exchange. You can click on the URL and download the encrypted file to your own computer. The file is 22,161,850 bytes (22-megabytes) in size. You can then decrypt it using the above key, using the code shown below. I can't stress this enough: you can replicate everything I'm doing in this blogpost, to do the things the original forensics investigators hired by Bezos could not.
iPhone backups and file extraction
The forensics report in the Bezos story mentions lots of fancy, expensive tools available only to law enforcement, like Celebrite. However, none these appear necessary to produce their results. It appears you can get the same same results at home using freely available tools.
There are two ways of grabbing all the files from an iPhone. One way is just to do a standard backup of the phone, to iCloud or to a desktop/laptop computer. A better way is to jailbreak the phone and get a complete image of the internal drive. You can do this on an iPhone X (like Bezos's phone) using the 'checkm8' jailbreak. It's a little complicated, but well within the abilities of techies. A backup gets only the essential files needed to restoring the phone, but a jailbreak gets everything.
In this case, it appears the investigators only got a backup of the phone. For the purposes of decrypting WhatsApp files, it's enough. As mentioned above, the backup needs these keys in order to properly restore a phone.

You can do this using Apple's own iTunes program on Windows or macOS. This copies everything off the iPhone onto your computer. The intended purpose is so that if you break your phone, lose it, or upgrade to the latest model, you can easily restore from this backup. However, we are going to use this backup for forensics instead (we have no intention of restoring a phone from this backup).

So now that you've copied all the files to your computer, where are they, what are they, and what can you do with them?
Here's the location of the files. There's two different locations for Windows, depending upon whether you installed iTunes from Apple or Microsoft.
  • macOS: /Users/username/Library/Application Support/MobileSync/Backup
  • Windows: /Users/username/AppData/Roaming/Apple Computer/MobileSync/Backup
  • Windows: /Users/username/Apple/MobileSync/Backup
The backup for a phone is stored using the unique ID of the phone, the UDID:
Inside the backup directory, Apple doesn't use the original filenames on the phone. Instead, it stores them using the SHA1 hash of the original filename. The backup directory has 256 subdirectories named 00, 01, 02, …. ff corresponding to the first byte of the hash, each directory containing the corresponding files.
On macOS, the Backup directory is protected. You have to go into the Security and Privacy settings to give the Terminal app "Full Disk Access" permissions. Then, copy this file to some other directory (like ~) where other apps can get at it.
Note that in the screenshot above, I also gave "iPhone Backup Extractor" permissions. This program provides a GUI that gives files their original names (like "ChatStorage.sqlite") instead of hashes 7c7fba666… It also has a bunch of built-in logic for extracting things like photos and text messages.
The point of this section is to show that getting these files is simply a matter of copying off your phone and knowing which file to look for.
Working with WhatsApp chat log
In the previous section, I describe how to backup the iPhone, and then retrieve the file ChatStorage.sqlite from that backup. This file contains all your chat messages sent and received on your iPhone. In this section, I describe how to read that file.
This file is an SQL database in standard "sqlite" format. This is a popular open-source projects for embedding SQL databases within apps and it's used everywhere. This means that you can use hundreds of GUIs, command-line tools, and programming languages to read this file.
I use "sqlitebrowser", which runs as a GUI on Windows, macOS, and Linux. Below is a screenshot. As you can see, the filename is the file we copied in the step above, the hash of the original name. I then click on "Browse Data" and select the table ZWAMEDIAITEM. I see a list of those URLs in the column ZMEDIAURL, and the corresponding decryption keys in the column ZMEDIAKEY.
The media keys are "blobs" — "binary large objects". If I click on one of those blobs I see the following as the mediakey:
This binary data is in a format called protobuf. The byte 0x0a means the first field is a variable length string. The next byte 0x20 means the string is 32-bytes long. The next 32-bytes is our encryption key, which I've highlighted. The next field (0x12 0x20) is a hash of the file. There are two more fields at the end, but I don't understand what they are.
So in hex, our encryption key is:
4ca80d66c68402fb53ccd1207c3a9de5401d9a704d51c26d37b9b130aba700fc
Or if encoded in BASE64;
TKgNZsaEAvtTzNEgfDqd5UAdmnBNUcJtN7mxMKunAPw=
We now have the mediaurl and mediakey mentioned above. All we need to do is download the file and decrypt it.
How to decrypt a WhatsApp media file
Now we come to the meat of this blogpost: given a URL and a key, how do we decrypt it? The answer is "unsurprising crypto". It's one of most important principles of cryptography that whatever you do should be something boring as normal, as is the case here. If the crypto is surprising and interesting, it's probably wrong.
Thus, the only question is which of the many standard ways did WhatsApp choose?
Firstly, they chose AES-256, which is the most popular choice for such things these days. It's key is 256-bits, or 32-bytes. AES is a "block cipher", which means it encrypts a block at a time. The block size is 16-bytes. When the final block of data is less than 16-bytes, it needs to be padded out to the full length.
But that's not complete. In modern times we've come to realize that simple encryption like this is not enough. A good demonstration of this is the famous "ECB penguin" [1] [2] [3]. If two 16-byte blocks in the input have the same cleartext data, they'll have the same encrypted data. This is bad, as it allows much to be deduced/reverse-engineered from the encrypted contents even if those contents can't be decrypted.
Therefore, WhatsApp needs not only an encryption algorithm but also a mode to solve this problem. They chose CBC or "cipher block chaining", which as the name implies, chains all the blocks together. This is also a common solution.
CBC mode solves the ECB penguin problem of two blocks encrypting the same way, but it still has the problem of two files encrypting the same way, when the first part of the files are the same. Everything up to the first difference will encrypt the same, after which they will be completely different.
This is fixed by adding what's called an initialization vector or nonce to the start of the file, some random data that's different for each file. This guarantees that even if you encrypt the same file twice with the same key, the encrypted data will still be completely different, unrelated. The IV/nonce is stripped out when the file is decrypted.
Finally, there is the problem with the encrypted file may be corrupted in transit — accidentally or maliciously. You need to check this with a hash or message authentication code (aka MAC). In the case of WhatsApp, this will be in the first 10 bytes of the encrypted data, which we'll have to strip out at the end. This MAC is generated by using a different key than the AES key. In other words, we need two keys: one to encrypt the file, and a second to verify that the contents haven't been changed.
This explains why there was a 14 byte difference between the encrypted video and unencrypted video. The encrypted data needed 10 bytes for a MAC at the start, and 4 bytes for padding at the end.
Here is the code that implements all the above stuff:
At the top of the file I've hard-coded the values for the mediaurl and mediakey to the ones I found above in my iPhone backup.
The mediakey is only 32-bytes, but we need more. We need 32-bytes for the AES-256 key, another 16-bytes for the initialization vector, and 32-bytes for the message authentication key.
This is common problem is solved by using a special pseudo-randomization function to expand a small amount of data into a larger amount of data, in this case from 32-bytes to 112-bytes. The standard WhatsApp chose is "HMAC Key Derivation Function". This is expressed in my code as the following, where I expand the key into the IV, cipherkey, and mackey.:
mediaKeyExpanded=HKDF(base64.b64decode(mediaK),112,salt)
iv=mediaKeyExpanded[:16]
cipherKey= mediaKeyExpanded[16:48]
macKey=mediaKeyExpanded[48:80]
Then, I download the file from the URL. I have to strip the first 10 bytes from the file, which is the message authentication code.
mediaData= urllib2.urlopen(mediaurl).read()
file= mediaData[:-10]
mac= mediaData[-10:]
Then using the cipherkey from the first step, I decrypt the file. I have to strip the padding at the end of the file.
decryptor = AES.new(cipherKey, AES.MODE_CBC, iv)
imgdata=AESUnpad(decryptor.decrypt(file))
To download and decrypt the video, simply run the program as such:
I'm not going to link to the video myself. If you want to know what it contains, you are going to have to run the program yourself.

Remember that this example is a video a friend sent to me, and not the original video sent by MBS to Bezos. But the same principle applies. Simply look in that file in the backup, extract the URL and mediakey, insert into this program, and you'll get that file decrypted.

Conclusion
The report from FTI doesn't find evidence. Instead, it finds the unknown. It can't decrypt the .enc file from WhatsApp. It therefore concludes that it must contains some sort of evil malware hidden on that that encryption — encryption which they can't break.

But this is nonsense. They can easily decrypt the file, and prove conclusively whether it contains malware or exploits.

They are reluctant to do this because then their entire report would fall apart. Their conclusion is based upon Bezos's phone acting strange after receiving that video. If that video is decrypted and shown not to contain a hack of some sort, then the rest of the reasoning is invalid. Even if they find other evidence that Bezos's phone was hacked, there would no longer anything linking to the Saudis.

*** This is a Security Bloggers Network syndicated blog from Errata Security authored by Robert Graham. Read the original post at: https://blog.erratasec.com/2020/01/how-to-decrypt-whatsapp-end-to-end.html

Apple Won't Help the FBI Unlock a Terrorist's iPhone. Here's Why It Shouldn't - Inc.

Posted: 14 Jan 2020 12:00 AM PST

In the most prominent example, the company actually defied a court order to unlock the device belonging to the San Bernardino mass-shooter. The FBI eventually accessed that device without Apple's help, working with a third-party security firm.

It's not hard to argue that Apple should do everything it can to help fight crime and terrorism, and to that end, the company has already turned over all of the data it had in its possession. That information was stored on Apple's iCloud servers. The iPhone, it says, is different because the company is unable to decrypt a device without either the user's passcode, FaceID, or fingerprint (depending on the specific device).

In fact, Apple's transparency report says it has responded to over 125,000 such government requests for information and has turned over what information it has when asked by law enforcement.  

Both sides have a lot at stake in this battle. Law enforcement obviously has a vested interest in fighting crime and stopping terrorist attacks. No one questions that. The question is whether or not tech companies should be required to build encrypted devices with a backdoor. By the way, there is no such thing: If a device has a backdoor, it's not encrypted.

In fact, at CES just last week, Apple's Senior Director of Global Privacy, Jane Horvath, said that "end-to-end encryption is critically important to the services we rely on." And with regard to fighting terrorism, she continued that "building a backdoor to encryption is not the way we're going to solve those issues."

In addition, an Apple spokesperson told me: 

We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users' data.

In fact, The New York Times is reporting that sources familiar with the company's position say it will refuse to comply with any efforts to force it to break its encryption. 

Barr has also called for legislation requiring tech companies to build in backdoors for law enforcement. While that might seem good for public safety, what happens when someone is able to get access to your personal information like health or financial data? What happens when someone can access photos of your family, or your messaging history?

Apple can't comply with the FBI, no matter how noble the cause, no matter how much the Attorney General protests. Because, while it's true that encryption means that some information won't be accessible to law enforcement, the alternative is that all of our information will be at risk. If there's a backdoor for the good guys, you better believe that the bad guys will figure out how to exploit it.

Which is the point.

And the Attorney General knows that to be the case. According to that same Times report, the FBI's top attorney had already sent a written request to Apple, to which the company responded with the information it could access on its servers. The current appeal is meant to put pressure on the company by bringing attention to a highly publicized case and put Apple on the wrong side of terrorism. 

No one wants to be on the side of terrorism, but being for encryption isn't the same as enabling crime. In fact, it actually prevents crime every day. And while events like what happened in Pensacola or San Bernardino are horrific tragedies, it would be another tragedy to lose the ability to protect our personal information. Apple knows this, and so does the Department of Justice. 

Neither side is likely to back down, but clearly Apple has more at stake. Actually, we all do, since there is no winner if all of our information is at risk.

Published on: Jan 14, 2020

The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.

12 Essential Apps for Protecting Your Privacy Online - PCMag India

Posted: 29 Jan 2020 10:32 AM PST

It's easy to feel that personal privacy is a dead issue. Once you go online, your every action is exposed, either through data lost in a breach or misuse by advertisers and online merchants. But don't give up hope. You don't have to go totally off-grid to retain or regain control of your privacy. Smart people around the world have come up with a variety of programs to attack the problem from different directions—embracing apps that range from VPNs to email providers that don't spy on you or share your data. You may have to lay out a little cash, but the alternative is using free services that pay themselves by monetizing your private data.

The Email Nightmare, Part 1

Like the internet itself, email was invented by optimists and academics who never dreamed that anyone would misuse it. Read someone else's mail? How rude! Fill up inboxes with unwanted junk mail? They had no idea what was coming.

One type of privacy app aims to protect the content of your email conversations from snooping and tampering. Private-Mail, ProtonMail, and StartMail let you lock down your communications using a technique called public-key cryptography. They use a protocol called PGP (Pretty Good Privacy) to generate a pair of keys, one public, one private. To send me a secure message, you encrypt it with my public key, and I decrypt it with my private key. Simple!

This same technology also lets me send you a message that's digitally signed, guaranteeing it came from me, with no tampering. I simply encrypt the message with my private key. The fact that you can decrypt it using my public key means it's totally legit. ProtonMail and StartMail automate the key exchange process with other users of the same service, while Private-Mail requires that you perform the exchange yourself. With any of these, you can exchange secure messages with anybody who provides a public key.

Of course, not everyone has embraced public key cryptography for their email. With StartMail and ProtonMail, you can send encrypted messages to non-users, though you don't get the same level of open-source security. The service encrypts the message using a simple password, and you transmit the password via some avenue other than email, perhaps a secure messaging app.

The Email Nightmare, Part 2

With the contents of your email conversations encrypted, no hacker can sniff out just what you're saying. However, your email address itself is exposed any time you send a message, buy a product online, or sign up for any kind of internet-based service. That might not sound problematic, but your email address is typically your user ID for many sites. A hacker who finds your email and guesses your weak password now owns the account. And, of course, having your email address floating promiscuously around the web just invites spam.

But how can you communicate without giving a merchant or service your email? The solution lies in a simple technology called a Disposable Email Address, or DEA. The DEA service provides and manages these addresses, ensuring that mail sent to them lands in your inbox, and that your replies seem to come from the DEA. If you're done dealing with a particular merchant, or if one of your DEAs starts receiving spam, you just destroy it.

Burner Mail, Abine Blur, and ManyMe are among the services offering DEA management. ManyMe is unusual in a couple of ways. First, it's free, which is uncommon. Second, unlike most such services it doesn't make you register a new FlyBy email (as it calls them) before using it. Say someone at a cocktail party asks for your email. You can make up a FlyBy address on the spot, without giving your actual email away.

Abine Blur takes the concept of masking your actual identity online to the next level. Besides masking your email address, it offers masked credit card numbers, different for each transaction. You load the masked card with exactly the amount of the transaction, so a sleazy merchant can't overcharge you or use the card again. It even lets you chat on the phone without giving your actual number.

It's worth noting that Private-Mail and StartMail also offer a modicum of DEA management. StartMail lets you manage up to 10 permanent DEAs, and an unlimited number of DEAs set to expire within two weeks or less. Private-Mail offers five alternate email identities, without full DEA management.

Throw the Trackers Off the Scent

As they say, if you're not paying, then you are the product. You can surf the internet endlessly without paying a fee to visit specific sites, but those sites still work hard to monetize your visits. Advertising trackers plant cookies on your system, taking note when a tracker from an ad on a different website encounters that same cookie. Through this and other tracking methods, they form a profile of your online activity, a profile that others are willing to pay for.

Some years ago, the Internet's Powers That Be, recognizing that many users prefer not to be tracked, ginned up a simple Do Not Track message to be sent by the browser. This DNT system never became a standard, but all the top browsers adopted it anyway. It had no effect, because websites were and are free to ignore the header.

In place of the ineffectual DNT header, many security companies started devising active systems to identify and block ad trackers and other trackers. You'll find this feature as a bonus in many security suite, and in some privacy-specific products. Abine Blur, Ghostery Midnight, and ShieldApps Cyber Privacy Suite offer active DNT. Unlike most such implementations, Midnight deters tracker requests in any internet-aware application.

The trackers, in turn, invented a different technique for identifying individuals across different websites, relying on the ridiculous amount of information supplied to each site by your browser. This ranges from your IP address and browser version down to minutiae like the fonts installed on your system. There's so much information that trackers can create a fingerprint that's almost sure to identify you, and only you.

So, what can you do? Make a liar out of your browser, that's what. TrackOff mixes up the data sent from your browser so it's different for each website. Cyber Privacy Suite also scrambled your fingerprint. Important info still reaches the site, but not in a consistent way that could be fingerprinted. Steganos Privacy Suite once included a component to foil fingerprinting, but the latest edition has dropped that feature, along with its active Do Not Track component.

Using a Virtual Private Network, or VPN, disguises your IP address but leaves plenty of data unchanged for the fingerprinters. Even so, keeping your internet traffic encrypted and having your IP address hidden are valuable ways to protect your privacy. In addition to their other privacy components, Ghostery Midnight and Cyber Privacy Suite include VPN protection.

Passwords Protect Privacy

Passwords are terrible, but we don't yet have a universal replacement. For security, you must use a different non-guessable strong password for every secure site. The only way anybody can accomplish that feat is by relying on a password manager. Unless you use a different strong password for every website, a data breach on one site could expose dozens of your other accounts.

In a perfect world, you already have an effective password manager in place, and you've taken the opportunity to fix any weak or duplicate passwords. On the chance you aren't already equipped, some privacy products have taken to including password management as a bonus feature. Abine Blur, for one, offers a complete, if basic, password manager. It even rates your passwords, giving extra credit for those logins that also use a masked email address.

You can get Steganos Password Manager as a separate program or as part of Steganos Privacy Suite. Either way, it's not a standout. You're probably better off with a top-notch free password manager. Cyber Privacy Suite seeks passwords stored insecurely in your browsers and moves them to encrypted storage, but doesn't do any password management beyond that protective step.

Icloak Stik is a tiny, bootable USB device that provides you with an entire private operating system; more about that below. Within that private OS, it offers the One Ring password manager built into the Tor Browser. That's important, because your existing password manager won't work in the Icloak environment.

Many Other Modes

Just as your private data can be exposed in many ways, software companies find a variety of ways to protect it. One unusual service comes from Abine DeleteMe. Rather than create disposable email addresses, this service attempts to clean up your existing email and other personal data. It searches dozens of websites that legally aggregate public information. Wherever it finds you, it sends an opt-out request to remove your data. This process can't be fully automated, so DeleteMe is relatively expensive.

Icloak Stik takes privacy to an extreme. You plug this tiny USB device into any PC, Mac, or Linux box and reboot. The Linux-based operating system that comes up resides entirely on the USB device. If you don't need to copy any files to the device, you can pocket it after booting up. And you can hide your IP address by going online with the Tor Browser. Once you shut down the host device, all traces of your session vanish.

If a malefactor steals your laptop or otherwise gains access to your PC, your private data could still be safe, provided you've encrypted it. We've covered numerous products solely devoted to encrypting files, folders, or whole drives. Some privacy products broaden their protection by including encryption. Steganos Privacy Suite, for example, includes the Steganos Safe encryption tool, also available as a standalone product.

Private-Mail goes beyond the usual features of encrypted email by giving you an online area to store encrypted files. You can encrypt files using PGP or using a simple password, and you can even share your encrypted files with others.

Protect the Protectors

When you set up an encrypted email system or a disposable email address manager, your account password is a potential weakness. If you use an easily-guessed password, or if a stranger shoulder-surfs your login, you could lose control of your own privacy protection. That's where two-factor authentication comes in.

The concept is simple. With two-factor authentication, logging requires at least two of the following: something you know (such as a password); something you have (such as an authentication app); or something you are (such as a fingerprint). Quite a few of the privacy tools examined here offer a two-factor option, specifically Abine Blur, Burner Mail, Private-Mail, StartMail, and Steganos Privacy Suite.

All these products rely on Google Authenticator or another Time-based One-Time Password generator. To get started, you use your authenticator mobile app to snap a QR code provided by the privacy program. Enter the code generated by the app and you're done. Now, your password alone doesn't grant access to the privacy program. A password thief won't be able to enter the code from your authenticator app, and hence won't get in.

These aren't the only programs for protecting your privacy, and this isn't an exhaustive list of privacy-cloaking techniques. However, all these programs do their best to keep you safe from advertisers, spies, and creeps online.

Abine Blur Premium

Abine Blur Logo

$39.99 per month

Your subscription to Abine Blur Premium brings a veritable smorgasbord of privacy-enhancing features and services. Its masked emails feature automates the process of using a different disposable email address for every transaction. If one of those masked emails starts getting spam, you can just delete it, and you know which merchant sold you out.

What's the use in masking your email when you're giving the merchant something even more sensitive—your credit card number? Blur masks card numbers, too, and each masked card only has enough value to pay the particular transaction. No shady merchant can charge you extra, or fake another transaction on your card.

You can have all the masked emails you want, but masked cards require a small payment, because Abine expends resources processing the payment. Masked phone numbers are still more limited; you get just one. But when you use that masked phone number, you can be sure your contact won't benefit by selling it to robocallers or text spammers.

It's a small step from tracking your disposable email addresses to tracking your logins for all those websites. Blur includes a complete, if basic, password manager. Most password managers praise you for using a different password at each website; Blur gives you extra credit if you also use a masked email address for each.

Blur securely syncs your password and payment data across all your PCs, Macs, and mobile devices. Its browser extensions offer full access to program features and include an active Do Not Track component that foils advertisers and other trackers. On top of all that, Blur spells out how it handles your data in clear, simple detail. It's a cornucopia of privacy protection.

ProtonMail

ProtonMail Logo

Free or $48 per year

You use ProtonMail the same way you'd use any web-based email service. The difference is that email conversations with other ProtonMail users are automatically protected using public key encryption. The same is true for any correspondent whose public key you've imported. You can also send encrypted mail to outsiders using a simpler form of encryption.

If you don't need more than 150 messages per day and 500MB of storage for email, you can use ProtonMail for free. Even a paid subscription isn't expensive, at $5 per month or $48 per year. The paid edition gets you 1,000 messages per day, along with the ability to create up to four protected email addresses, full tech support, and 5GB of email storage. This is a simple, solid email encryption solution.

TrackOFF Basic

TrackOff Logo

$34.95 per year

Advertisers really care what you do online. The better they can profile you, the more they can target ads. A nice juicy personal profile is also a commodity they can sell. With the proliferation of active Do Not Track systems, some trackers have switched to a technique called browser fingerprinting. And TrackOFF Basic stands square in their way, ensuring that your browser does its job without painting a target on your back.

Every time you visit a website, your browser sends a ton of information. It has to send your IP address, to receive the requested pages. But it also sends the browser version, OS details, even the fonts installed on your PC. Nominally, this information helps the website fine-tune your browsing experience. But there's so much data spewing from the browser that trackers can easily create a unique fingerprint, and thereby recognize you when you visit a different site.

TrackOFF doesn't suppress the info coming from your browser, as that could cause problems with some sites. It just mixes things up a little, presenting a slightly different fingerprint to each website. It does cost $34.95 per year, but that's fine for some tracking-sensitive souls.

Abine DeleteMe

Abine DeleteMe Logo

$129 per year

Some DEA services require you to create a new, pristine email account to receive the mail from your disposable addresses, while others feed directly into your existing inbox. The latter approach is more convenient, but it comes with a problem. Your email address, along with other personal information, is already scattered across the interwebs. Completely wiping that information from the web is impossible, but Abine DeleteMe does everything that is possible to minimize your exposure.

DeleteMe scans websites for dozens of information aggregating websites. These sites legally collect public information and make it easy to find. They also legally must remove your info if you so request. DeleteMe automates the opt-out process as much as possible. However, automation isn't possible in some cases, so Abine retains a staff of human operators to handle those. Every six months, you get a report of what DeleteMe found, and what was removed.

Unlike automated opt-out algorithms, those human operators must be paid. That's why DeleteMe costs more than most privacy services, $129 per year. You can often find discounts, or deals to add a family member.

Burner Mail

Burner Mail Logo

$29.99 per year

In the movies, spies use burner phones to communicate, destroying the phones after an operation. Burner Mail applies the same concept to email. Its browser extension (for Chrome or Firefox) detects pages that prompt for an email address and offers to swap in a burner address instead. Messages still reach your regular email inbox, and your replies seem to come from the burner address. If one of those addresses starts getting spam…burn it!

Burner Mail gives you more flexibility than some competitors. As noted, it doesn't require you to create a new email address to receive your messages. You can even change the recipient for a particular burner, or assign more than one recipient.

Burner Mail sticks to the task of providing and managing burner addresses and for $29.99 per year, it does that one job well.

Icloak Stik

Icloak Logo

$99

Most privacy products aim to protect your privacy from internet threats or other external forces as you reach out from your secure home devices. The point of Icloak Stik is to allow you privacy even when you must use an unknown, unfamiliar, or even downright dangerous computer. Insert this minuscule, bootable USB device into any Windows, macOS, or Linux device, reboot, and you're running your own private OS, completely separate from the installed operating system.

If you need to save files, you save them on the Icloak Stik itself. Don't need any files? Then you can pop it back in your pocket as soon as the foreign computer has fully booted.

You do have to deal with the Stik's own OS, which is a modified version of Linux that could use some more pruning of unnecessary features and settings. And you'll have to get used to the built-in password manager, word processor, and other apps, as the host system's programs aren't available. But all that may be well worth the trouble, given that you can boot the device, get online, do whatever you want, and then depart, leaving no trace.

Icloak Stik goes for a one-time cost of $99, with unlimited security upgrades.

ManyMe

ManyMe Logo

Free

In one sense, you get most free webmail services by paying with your privacy. It only makes sense that if you want to preserve your privacy, you'll have to shell out cash. Not with ManyMe. At present, the DEA service is entirely free, with plans to make money on a feature-enhanced paid edition.

As noted, ManyMe differs from many competitors in that it doesn't require you to register DEAs (which it calls FlyBy addresses) before using them. Start with your account name, append a period and any phrase, and you've got a FlyBy, something like accountname.phrase@manyme.com.

The service does have a few limitations. In testing, we found that its security precautions prevented communication with certain email systems, including PCMag's own. Your main account email address can never be changed after the initial signup. And it doesn't offer two-factor authentication. Still, you can't beat the price!

Private-Mail

Private-Mail Logo

$69.99 per year

You don't have to pay to encrypt your email using Private-Mail, but if you really get into it you're likely to run into the limit of 100MB storage for messages. No problem; when that happens, it's clearly time to spring for the paid edition, which gives you 10GB of message space.

Private-Mail relies on public-key cryptography, specifically using OpenPGP to generate public / private key pairs. Where most competing products automate the process of key exchange with other users of their service, Private-Mail makes key exchange a hands-on operation. In addition, where others can send encrypted messages with rich formatting, Private-Mail strips all formatting when it encrypts.

This service does have the unique ability to store and sync encrypted files for you, up to another 10GB of file storage. In addition, you can share encrypted files, using public key cryptography for those with whom you've shared keys, and simple password-based encryption for others.

At $69.99 per year, Private-Mail costs a bit more than StartMail and more than twice as much as ProtonMail. But if you need both encrypted email and encrypted file sharing, it can be a good bet.

StartMail

StartMail Logo

$59.95 per year

We've talked about protecting the content of your emails using encryption, and keeping your email address private using Disposable Email Addresses. StartMail handles both tasks, though there are limits on its DEAs.

You can exchange PGP-encrypted mail with other StartMail users, or with anyone whose public key you've recorded. A secondary password-based encryption system lets you converse securely with those who haven't signed up for public key cryptography. And your messages can include formatting, images, even attachments.

As for disposable email addresses, which it calls email aliases, you can create and use an unlimited number of temporary ones. Temporary aliases expire after a fixed time, no more than two weeks. Permanent aliases are also available, but only 10 at a time.

You pay $59.95 per year for the whole StartMail package. At present, the service is in transition to a new, improved user interface, with some features still available only through the old interface. That confusion should settle going forward.

Ghostery Midnight

Ghostery Midnight Logo

$59.95

Ghostery has long offered ad and tracker blocking in the form of browser extensions. The new Ghostery Midnight works below the browser level. In fact, it can block ads and online trackers for any internet-aware application.

Midnight also incudes a basic VPN, with no configuration settings and a very limited set of server locations. It costs significantly more than any of our Editors' Choice VPNs. In our speed testing, it had a massive effect on latency but didn't slow downloads much. And it has the unusual advantage of no cap on the number of simultaneous connections.

ShieldApps Cyber Privacy Suite

ShieldApps Logo

$77.99

ShieldApps Cyber Privacy Suite includes many features aimed at protecting your privacy. Among other things, it moves exposed passwords from your browsers into encrypted storage, finds and deletes personal information stored in your browsers, and cleans up browsing history and cookies. If it finds documents containing sensitive personal data, it lets you move those to storage.

Real-time protection includes active Do Not Track for browsing, as well as a component to scramble browser fingerprints. A component devoted to steering you away from malware-hosting websites works for any browser, but proved ineffective in testing. While a tech-savvy user could perform some of this suite's tasks by hand, it's a convenient collection for the user with more interest in privacy than tech ability.

This suite also incudes a basic VPN, with no configuration settings and a somewhat limited set of server In our speed testing, it had a larger than usual effect on latency but didn't slow downloads much. Note that you just get three simultaneous connections, where most standalone VPNs give you five, and many give you even more.

Steganos Privacy Suite

Steganos Logo

$59.95

When a privacy product must continuously offer its services, whether to encrypt email messages, manage disposable addresses, or store passwords online, it makes sense that users pay a yearly subscription. Steganos Privacy Suite does include a password manager, but its encryption solution resides and works entirely on your local PC. It's no big surprise, then, that you pay a one-time fee for this suite, rather than an ongoing subscription.

The most impressive component of this suite is Steganos Safe, a multi-faceted file encryption system. It used to include an active Do Not Track browser extension, and the ability to tweak the information sent by your browser to prevent tracking via browser fingerprinting. However, those two features are absent in the current edition, and we weren't terribly impressed with the password manager.

Other privacy elements that have been dropped include: a shredder utility to securely delete files beyond the possibility of recovery; a tool to hide encrypted files within image or video files; a simple webcam privacy system that just disables the webcam; and an all-or-nothing ad blocker.

Apple Decided Against Encrypting Your Information on iCloud When Confronted by the FBI - Inc.

Posted: 21 Jan 2020 10:52 AM PST

Reuters is reporting that Apple reversed plans two years ago to fully encrypt iCloud data when it was met with fierce opposition from the FBI and law enforcement officials. The company had planned to allow users to fully encrypt their iPhone backups but changed course based on that opposition. 

Apple has long maintained a stance that "privacy is a fundamental human right," and to that end, it has stood firmly on the side of strong encryption. It has even engaged in public battles with law enforcement over requests for assistance in decrypting iPhones belonging to criminals or terrorists. Just this month, Apple has said that it is unable to unlock two older iPhones belonging to the deceased shooter at a Pensacola, Florida Naval Base, despite a public call by the Attorney General, William Barr.  

At the same time, Apple has made a point that it cooperates with law enforcement requests for information, and even providing information on its servers in the Pensacola case. We now know the reason that was possible--Apple doesn't provide end-to-end encryption for your iPhone backup.

That's likely to surprise many people who associate Apple with being a defender of privacy. The fact that the information you send to Apple's servers isn't fully encrypted is a big deal. That doesn't mean your information is just sitting there waiting to be hacked. To be clear, Apple still uses encryption on that information, however, it holds the encryption key--meaning it is able to decrypt it. So when the FBI requests it, Apple can be forced to turn it over, whether you like it or not.

On the other hand, information like passwords or Apple Pay, along with other highly sensitive data is processed on your device and is protected by what Apple calls "Secure Enclave." That includes Face ID or Touch ID, as well as your device passcode. What that means is that if your iPhone backup is somehow hacked, no one is going to start charging things on your Apple Card

At the same time, this news is also a reality check that Apple can only push the line so far before it invites unwanted scrutiny. While the report from Reuters says that it isn't clear exactly when or why Apple changed course, it also includes a statement from a former Apple employee who says that "the company did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption."

That's certainly a valid concern. Apple has already been on the receiving end of public pressure by the Department of Justice in the last two administrations, most recently with Barr's public statements calling for legislation to require backdoor access to encrypted devices. Apple understandably would want to avoid poking the bear too much, since bad things happen when the bear decides to bite.

Still, it's not a good look for a company that preaches privacy to make your information less private at the behest of law enforcement. At a minimum, if Apple has decided it can't offer the protection people would reasonably expect from a company that has made privacy a core marketing principle, it owes it to its users to be upfront about the reality and the reasons behind it. 

Published on: Jan 21, 2020

The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.
-

Comments

Post a Comment

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Image
Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Posted: 19 Feb 2021 04:00 AM PST Brent Lewin/Bloomberg/Getty Images If your choice of encrypted messaging app is a toss-up between Signal , Telegram and WhatsApp , do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy . If that's what you're after, nothing beats Signal. By now you probably already know what happened. On Jan. 7, in a tweet heard 'round the world, tech mogul Elon Musk continued his feud with Facebook by advocating people drop its WhatsApp messenger and use Signal instead. Twitter CEO Jack Dorsey retweeted his call. Around the same time, right-wing social network Parler went dark following the Capito
Read more

VPN browser extensions: Why you shouldn't use then - Tech Advisor

VPN browser extensions: Why you shouldn't use then - Tech Advisor VPN browser extensions: Why you shouldn't use then - Tech Advisor Google Fi calls between Android subscribers will soon be end-to-end encrypted - 9to5Google How to encrypt your computer (and why you should) - Mashable How to encrypt and decrypt a folder on Android with SSE Universal Encryption - TechRepublic 4 ways to send encrypted messages on Android - TechRepublic WhatsApp “end-to-end encrypted” messages aren’t that private after all - Ars Technica ciphertext feedback (CFB) - TechTarget What Is the Windows Encrypting File System (EFS) and How Do You Enable or Disable It? - MUO - MakeUseOf Encrypting your online life is important - Telangana Today Keeper Password Manager Review – Forbes Advisor - Forbes [Update: Screenshot] Google Messages preparing end-to-end encryption for RCS messages - 9to5Google The iOS 15 priva
Read more

Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com

Image
Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Posted: 11 Mar 2021 12:00 AM PST Cybercrime , Encryption & Key Management , Endpoint Security Investigators Report Recently 'Unlocking' 170,000 Users' 3 Million Daily Messages Mathew J. Schwartz ( euroinfosec ) • March 11, 2021     Source: Sky ECC website Police say they have disrupted Sky ECC, a global encrypted communications network allegedly used by numerous criminals to plan their operations. See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce Law enforcement authorities say Sky's cryptophone service, which includes both infrastructure and apps, is run from the United States and Canada, using infrastructure and private servers based in Europe as well as the service's own SIM cards. Sky ECC devices are available via vari
Read more