It seems that encrypted messaging systems are all the rage these days. I’m not complaining – this is a very good thing. Even WhatsApp recently announced it would implement strong end-to-end encryption using Signal’s excellent protocol. I think this is great – a billion users will be using end-to-end encryption by default. There is still room, however, for dedicated secure messaging apps. Threema Secure Messenger is one of those apps. While many of the features mirror apps like Signal and Wickr, there is still room on my phone for Threema. Continue reading “Review: Threema Secure Messenger”
Signal Private Messenger is a free application, and my new favorite encrypted communication solution. Signal supports both voice and instant messaging (texting) in a single app. It is incredibly easy to use, and convince others to use. There is no complicated setup and no username or password to create and remember. This app is incredibly intuitive and resembles native phone and texting applications.
Signal uses your phone’s Wi-Fi or data connection. Signal has replaced the legacy RedPhone and TextSecure apps for Android and merged them into a single platform. To use Signal Private Messenger simply install the application. You will be prompted to enter your telephone number for verification. I have successfully used a Google Voice number for this, even though Signal specifically warns that GV numbers will not work. Full disclosure: I have also seen GV numbers fail. This is the ONLY reason for which I use a Google Voice number. I have no problem with this because the number is only used as an identifier and no data is sent though Google after the initial verification message. The app will verify the number by sending you a code that you must enter into the application. No other personal information is required or requested.
If you allow Signal Private Messenger to access your contacts it will identify the ones who have Signal installed. There is one slight downside to the way Signal identifies its users: in order for others to contact you via Signal they must have the telephone number you used to register the app in their contacts. This requires that you give out this number to others with whom you wish to use Signal. For this reason I recommend setting up a Google Voice number that is used only for Signal, and giving that number out to friend, family, and business contacts that are likely to use Signal (or be persuaded to), rather than giving out your real phone number. I will post in the future about why giving out your real phone number may be a bad idea.
Signal’s interface is almost disconcertingly simple. Tapping the “+” icon in the upper right of the interface a list of your contacts who have Signal installed. Tapping one of these contacts will open a new message to that contact. From there you can send a text message, photo, or video, or type the handset icon to initiate a voice call. In the search bar on this screen you may input a telephone number, which Signal will then search to see if the number has the app installed. Once a call is initiated a more typical phone interface is displayed with some standard phone options to mute the call or use the phone’s speaker.
The call interface will also display two random words. The words displayed will change with each voice call but should match on both handsets involved in the call. These words are used to ensure the call is not being tampered with by a man-in-the-middle. If an attacker were to successfully get in the middle of a call each phone would display different authentication words. This is becasue each handset would establish a key with the attacker rather than the intended recipeint’s handset . I recommend ALWAYS validating these words at the beginning of each conversation made over Signal. This is especially important before engaging in sensitive communications. The messaging portion of the application is likewise incredibly simple. Messages are composed and set like they are in any other messaging application. Attaching a file is as simple as tapping the paperclip icon beside the compose pane. Signal also supports group messaging.
Signal is one of the best privacy-enhancing applications available (especially considering its cost) and I strongly encourage its use. It’s encryption utilizes the “axolotl ratchet”, a system of perfect forward secrecy. Perfect forward secrecy means that each message is encrypted with a unique, ephemeral key. If one message is decrypted it has no impact on the others since each has a unique key.
As pointed out by the grugq, however, Signal does leak a great deal of metadata about you. This includes your contact list, who you talk to, and the frequency with which you talk to them. This metadata is certainly no worse than that generated by your normal telephone conversations. It is also not any worse than that created by other encrypted messaging applications. For this reason it may not be suitable for defeating certain threat models. For encrypting your day-to-day comms that would otherwise be made through insecure means, Signal is a major upgrade. Signal is funded by donations and grants, and much of the work in developing and maintaining the app is done by volunteers.
My favorite encrypted email service, ProtonMail has moved into a new phase in its beta rollout. Last week ProtonMail rolled out beta version 2.0. The full details can be found on the ProtonMail blog, but there are several significant upgrades that I would like to point out here.
Encrypted Attachments to Outside Users: ProtonMail now allows you to encrypt attachments and to outside users, not just to other ProtonMail users. This is one of the features I wrote that I would like to see in my last post about ProtonMail (not that I think I had anything to do with the decision to add this feature).
Public Key Download: ProtonMail now offers you the ability to download your public key. This allows you to share it with PGP users, and allows them to send encrypted messages to your ProtonMail account. I also wrote about this last time, but I would still like to see this feature upgraded to allow the import of others’ public keys.
Event Logging: Under ProtonMail’s “Security” tab (in Settings) is an option to log authentication events (logins, logouts, and unsuccessful login attempts). The Advanced Logging feature displays the event, a time and date stamp, and the IP address from which the event occurred, while the Basic Logging only displays the event and a time/date stamp. Event logging can also be disabled completely, allowing you to (theoretically) prevent ProtonMail from recording your login times and IP addresses. According to ProtonMail the event logs are only available in the user’s mailbox, which means they are encrypted.
The most exciting feature won’t be around until a little later this week though: on August 20th ProtonMail will release beta apps for both iOS and Android.
I am very happy to see ProtonMail adding features like these. I would still very much like to have a two-factor authentication option, and I am told that we should expect one late this year. Updates to follow.
I am thrilled to announce the upcoming August 20th release of Your Ultimate Security Guide: iOS! The second book in the series, Your Ultimate Security Guide: iOS is intended to help the layman with both basic digital security and in the development of a comprehensive digital security perimeter. Written in plain English, Your Ultimate Security Guide: iOS takes a step-by-step approach to enhancing mobile device security, and will help you reclaim some privacy in both the physical and digital realms.
- Harden the iOS operating system by manipulating nearly every setting that impacts security and/or privacy
- Use password managers to create and use strong usernames, passwords, and to employ two-factor authentication
- Use apps that provide end-to-end encryption for your text, voice, email, and chat communications, and take steps to mitigate location tracking and other metadata collection
- Use “disposable” phone numbers to protect your real number from data marketers, telemarketers, and lower your online profile
- Lock down your Wi-Fi network and protect your internet traffic using virtual private networks
- Replace a variety of insecure native apps with security- and privacy-focused alternatives
- Protect your sensitive online accounts through a comprehensive, systematic approach
- Employ best practices to lower online exposure and minimize your attack surface
Look for Your Ultimate Security Guide: iOS on Amazon on August 20th.
I love encrypted email, and I love writing about it. In researching the next book in the Your Ultimate Security Guide series, Your Ultimate Security Guide: iOS, I decided to give Tutanota a try and I’m glad I did.
The name “Tutanota” comes from the Latin words “tuta” (secure) and “nota” (message). Tutanota offers free, end-to-end encrypted email accounts. No personal information at all is required to create an account, and account creation is allowed through the Tor network. Tutanota encrypts your message including the subject line, and any attachments and stores all of your emails in an encrypted state. When you log in with your username and password, an encrypted version of your password is stored on Tutanota’s servers for the duration of your session. If you lose your password it cannot be reset. Tutanota also allows you to send encrypted emails to non-Tutanota users
Tutanota is incredibly streamlined and user-friendly and Tutanota apps are available for both iOS and Android, and Tutanota also offers a premium level of service for €1 per month. Premium accounts offers some expanded functionality including the ability to create and use up to five aliases (alternate email addresses), unlimited outgoing emails (free accounts are capped at 100 per day), and the option to use your own domain. Both free and paid accounts offer only 1Gb of storage but more (up to 1Tb) will be available for purchase soon.
Unfortunately Tutanota lacks several features that most of us have come to expect in an email service. First, it does not allow you to save drafts (and as a result does not have a “Drafts” folder). It also lacks a search function and the ability to assign labels (an important feature for email power-users). Because of this I see it being used only for exchanging encrypted emails and not a day-to-day, Gmail-replacement system.
Though I am a fan of Protonmail and have been using it much longer, I do like the look and feel of Tutanota and will work it into my daily email routine.
As I mentioned in Your Ultimate Security Guide: Windows 7 Edition, ProtonMail is one of my favorite new email providers. As time has passed I have only grown to love this service more. ProtonMail has been featured in Forbes, Huffington Post, at TED, and in many other prominent outlets. While I mentioned ProtonMail in YUSG: Win7, those pages only allowed limited space to cover this email service so I discussed only a few of the most important features. There are several more options that deserve some attention.
Privacy and anonymity: Protonmail does not require you to submit your name, date of birth, telephone number or other personal information when requesting an account. Because ProtonMail is still in beta an email address is required to request an account at this time (it will be used to notify you the account is ready), but this can be anonymous, too. I have successfully used Gmail addresses with modifiers (as discussed in Chapter 2 of YUSG: Win7), notsharingmy.info, and 33mail addresses to request Protonmail accounts.
Message expiration: Messages can be set to expire after as little as one hour (or as many as 672 hours/28 days). Message deletion works with ProtonMail and non-ProtonMail recipients alike and allows you to have some control over how long your messages are retained. Be aware that this expiry is from the time it is received in the recipient’s inbox, not from the time it is opened meaning it may be deleted before the recipient has a chance to read it. Also be aware that if the recipient replies to your message a copy of that message will be saved in the reply and stored in his or her “Sent” folder.
Secure messages to and FROM non-Protonmail users: When I was working on YUSG: Win7 ProtonMail offered the ability to send an encrypted email to a non-ProtonMail user. Since that time ProtonMail has added the ability for non-ProtonMail users to respond securely to these messages. The problem with this is still exchanging a password securely (this is perhaps best done face-to-face) but if a password can be securely established this would be a fairly elegant solution for communicating with users who can’t or won’t set up a ProtonMail account.
Encrypted Attachments: As of May 5, 2015 ProtonMail now offers encrypted attachments between ProtonMail users (it does not encrypt attachments to non-ProtonMail accounts). Currently very few options exist for encrypting attachments (Mailvelope doesn’t do it) and this ability alone is a huge benefit.
Email Notification: If you have a ProtonMail account but don’t use it daily, fear not! ProtonMail offers the option of notifying you at another email address when you have email in your ProtonMail inbox. Though I may gradually transition a large percentage of my email to ProtonMail for now I only use it occasionally and really appreciate this feature.
Things I would still like to see: Though ProtonMail is really endearing itself to me and I find myself using it more and more there are still a few things I would like to see it offer:
- Two-Factor Authentication. I have a very hard time trusting my security to a password only. I would much rather have the added security of a second authentication factor (maybe a system similar to the LastPass Grid could be a useful option?). On the upside ProtonMail places no limit on the number or type of characters that may be used in either the login or mailbox passwords. Both my login and mailbox passwords are in excess of 200 characters and changed frequently which gives me some peace of mind.
- PGP Integration. I would love the ability to import my PGP keys into ProtonMail. This would allow me the ability to communicate securely with PGP users who have not migrated to ProtonMail, and to use my own keypair(s) if so inclined.
- Encrypted for Attachments for Outside Users: Being able to encrypt an attachment to outside users would be a huge benefit. On the other hand accounts are free; if the person with whom you need to share attachments won’t set up an account you could set one up for them.
- App(s) for Android and iPhone: It would be great to access ProtonMail on mobile devices. That said, it is hard to input long, complex passwords on mobile devices making two-factor authentication even more important (as well as the need for users to utilize a password manager). According to the ProtonMail blog (scroll down to the comments) apps are forthcoming for both Android and iOS.
So how do we make this happen? Setting all of this up costs money, and interest in ProtonMail has seen an incredibly spike in account requests over the last months. The best way to make this happen is to donate to ProtonMail (via PayPayl or BitCoin). I have no financial interest in ProtonMail but I strongly believe universal, easily implemented, user-friendly, encrypted email to be a worthy cause.