Encrypted business collaboration platform Crypho

Crypho is a cloud based application to securely chat and share notes and files in real time, encryption is end to end, not even the staff managing the collaboration platform can access the information.

There is no need to install anything to run Crypho in your computer, encryption and key management runs in the background. Before uploading data to Crypho everything is already encrypted with AES256-bit enforced applying the Stanford Javascript Crypto Library, a cross browser open source library for cryptography in Javascript.

To open an account in Crypho you will need to enter a valid email address that has to be confirmed clicking on a link, enter a passphrase that will be used to gather entropy when generating your encryption keys and set up a double factor authentication using your mobile phone.

Encrypted Collaboration Platform Crypho

Encrypted Collaboration Platform Crypho

Crypho requires you to confirm a mobile phone number where you will be sent a verification code to log into the system, this guarantees that even if someone learns of your password account, people would still be unable to login without owning your smartphone.

It is the same security system that Google and Yahoo accounts operate to login but in Crypho the two factor authentication is compulsory in other places it is usually only optional.

This is a simple and quick to deploy solution for any business worried about data leaks, employees and customers will not have to learn how Crypho works or manage any kind of encryption keys. A platform that will be useful for companies with a remote workforce or to finalize confidential business conferences with your customers.

Unlike similar collaboration platforms, in Crypho you don’t have to trust the company to take care of your data security because they never have the capability of accessing it, you only need to trust Crypho to be able to keep the servers online.

A supplementary extra, if you are worried about NSA backdoors, Crypho headquarters and servers are all located in Norway. The company does not have to comply with USA or UK secret spying orders. Crypho has also signed the manifesto about Ubiquitous Encryption on the XMPP Network committing to set up perfect forward secrecy, a technology that uses ephemeral encryption keys rendering them useless after the first usage.

I don’t think you can go wrong with Crypho if your company has a need for privacy and it uses the Internet to share files and messages in between staff or customers, no more explaining to people what they have to download for secure communications and no more having to make sure that the software you use is compatible with theirs, Crypho solves all of those problems at once, saving you time with a very secure zero knowledge platform.

Visit Crypho homepage

Walnut Secure Email with P2P end to end encryption

Walnut Secure Email is a cross platform desktop and mobile device software to secure your existing email accounts, Walnut Secure Email works with any free email service like Yahoo, Outlook, Gmail or corporate email servers. The program will encrypt all messages end to end using the uncrackable AES256-bit cipher. After downloading Walnet Secure Email you will be asked to create a Loment ID account, the name of Walnut Secure Email developers, the same ID can be used for other Loment products like Peanut Secure SMS.

You will find preconfigured email settings for Gmail and Yahoo or choose “Other” to enter your own email service SMTP/IMAP server and port. After that you will be presented with a simple screen that has self describing “Write“, “Sent”,”Contacts” and “Inbox” icons. When composing a message you will be given the option to set an expire date for the message, after which nobody will be able to read it, forwarding and copying can also be restricted and you can ask for an electronic receipt when somebody reads the email.

Walnut Secure Email settings

Walnut Secure Email settings

Message expiration can be as little as 5 minutes, other nifty options are scheduling email delivery, where you write an email, save it and schedule automatica delivery the next day or week. Companies will welcome email template creation and Walnut Secure Email HIPPA legislation compliance, a USA law that forces health care providers to use encryption to store data. The desktop Walnut Secure Email program has been coded in Java, a system independent programming language, if you have Java installed the software will work with Windows, Mac or Linux. Android and iPhone/iPad apps are available in the respective stores.

The good points of Walnut Secure Email are that you don’t need any new email account for it to work, encryption is end to end and it can be used in any computer or mobile device. The bad points are that, besides not being free, the other end will have to be using Walnut Secure Email software to be able to read and send encrypted messages, and the program is not open source.

The lineaments point towards a tool targeted at corporations and not end users. If it was me in charge of the IT department, I would ratherget a Hushmail business account for all of the company users so that no multiple settings are needed and there is no need to take care of email servers, initially it works out more expensive than Walnut Secure Email but when counting support staff costs, it might not.

Visit Walnut Secure Email homepage

Encrypted voice calls and secure chat with Silentel

Silentel is a scalable suite for secure communications, it can be used in mobile devices and desktop computers. The program provides a software based solution to protect your voice calls, secure chat, file transfer and text messages from wire tapping

Data is secured with end to end encryption, there is a central server redirecting traffic to the intended receiver but everything is encrypted on the client site, it is not possible for a third party to access plain text on the server, there isn’t any text to find, only metadata would be visible to a rogue observer, like timestamps and who is communicating with who. Metadata information that is hidden from your mobile network operator, Silentel protects you from well known spy agencies backdoors on mobile networks.

Encrypted mobile VoIP Silentel

Encrypted mobile VoIP Silentel

Data transmission is secured with public key encryption managed by Silentel in the hosted plan (enterprises can have their own infrastructure), voice calls are authenticated with the RSA algorithm and encrypted with AES256-bit one time keys. Phone calls employ a unique key that is never reused and destroyed as soon as somebody hangs up, this guarantees that if one of the keys falls in the wrong hands it won’t be of use to decrypt more than a single call. SMS text messages will also be encrypted and they can be set with an expiration date after which the message is wiped.

This is a very simple to use secure voice calling software, once you have it installed you should add contacts of other people who are also Silentel users, when you want to place an encrypted call or establish a secure chat select the person from your contact list and choose “Make a call” from the menu, Silentel will automatically create the ephemeral encryption keys, and once the call has finished it will delete those keys. Text messages, files and contacts are not kept in your smartphone, if you lose the phone you will not have to worry about anybody finding them

This product can be used by individuals, corporations and governments, Silentel is included in NATO Information Assurance Products Catalogue and it has a NATO confidential certification as well as a National Security Authority and Ministry of Defence certificates of the Slovak Republic.

Silentel encrypted call

Silentel encrypted call

This product is not cheap but the kind of customer they are targeting, government employees and CEOs will risk much more by placing insecure calls and sending plain text messages containing trade secrets or compromising details. Furthermore, if you are on Wifi, Silentel calls will be free and you won’t have to pay any charges for placing them.

Silentel security model is satisfying and the security certificates they hold are reassuring, not being a USA company is of great advantage to avoid invasive NSA spying orders, that is perhaps one of the main reasons to choose them over similar services like Silent Circle. I did not like that there is no Linux or Mac version of their software but on the mobile front they cover iPhone, Windows and Android devices.

Just remember that the receiver will have to be using the same software to be able to communicate securely, that is perhaps the hardest part, to convince colleagues of the need to secure against spying but once you achieve that, the learning curve for Silentel is very very low, if you know how to use a smartphone, you will know how to use Silentel out of the box.

Visit Silentel homepage

Bypass ISP censorship with ReQrypt

ReQrypt is a free open source anticensorship tool to bypass blocking of websites by ISPs, this tool should work to access Facebook in China or Saudi Arabia and to access adult websites blocked by British Internet Service Providers.

Unlike  a proxy server or VPN this program will not hide your computer IP or make you anonymous on the Internet. Its function is to forward your request for a blocked page with one of ReQrypt servers, ReQrypt will tunnel the upstream GET request and return the data without any kind of encryption. It takes advantage of Internet Service Providers only doing deep packet inspection on upstream requests and not checking the data flowing down to the computer.

Upstream URL GET request are very small packets, it would be infeasible for an ISP to start inspecting all downstream packets, a single webpage URL served in a second can have as much as 1MB (1024 Kb) of data flowing down, an ISP could inspect a single customer downstream data but not all of their customers as it would collapse data handling capacity.

ReQrypt user interface

ReQrypt user interface

After installation and clicking on the ReQrypt desktop shortcut your Internet browser will launch opening localhost:40404, there you can see an easy to manage tabbed interface where to tweak configuration options and see data packets moving in real time inside the “Log” window.

ReQrypt’s method to bypass Internet filters increases speed and reduces latency in comparison with proxies, it was hard to notice any kind of delay while I was using it. The only problem I had was when I tried to combine ReQrypt with my VPN and it would not work, giving me time out requests. This tool will have to be used standalone, this is fine if you don’t need to hide your computer IP. Another issue you need to be aware of, is that you will have to trust the person managing ReQrypt servers not to spy or log your Internet activities.

One future complication I can foresee is that since ReQrypt servers IP are visible in the control panel an ISP should be able to blacklist them just like the Iranians and Chinese have blocked Tor relays in the past. This prompted Tor operators to set up secret Tor bridges available on request, something that should also be possible for ReQrypt when their anticensorship software becomes wide spread, they already have an Add/Delete button in the “Tunnels” window.

If you are on a slow Internet connection and you don’t need anonymity ReQrypt can be a much better tool than Psiphon or a Tor bridge to bypass ISP censorship, the only thing that annoyed me is that my Windows 7 control panel did not have a way to uninstall ReQrypt and I had to resort to special software to do this.

Visit ReQrypt homepage

AES256bit email encryption with VirTru

VirTru is a free browser addon and mobile app to securely encrypt your email messages using the Advanced Encryption Standard 256-bit algorithm, a worldwide standard encryption cipher that is believed to be uncrackable. Encryption takes place in your computer, VirTru’s servers never have access to the unencrypted data but they hold the decryption key, they manage it to facilitate email reading to the authorised party.

Email encryption keys have perfect forward secrecy, a scheme with unique decryption keys for each message, if one of them were to be compromised, it could only be used to read an specific message and not everything in the inbox.

VirTru browser addon integrates amiably with Yahoo, Gmail and Outlook, it also works with other services but in Gmail a blue bar on top of the compose window lets you know that you are writing a secure email with VirTru and it has the option to stop message forwarding and set an expire date from within the window. VirTru stops messages from being readable after the date you set by blocking access to the decryption keys stored in their server.

Encrypted email service VirTru

Encrypted email service VirTru

If the person receiving the message does not have Virtru installed he will be asked to sign up for an account to be able to read it. Another option the receiver has is to use VirTru’s secure virtual reader, a Javascript viewer embedded in your Internet browser to read encrypted messages, this will not require them to install anything and it contains a link to VirTru addon in case they wish to install it to reply securely to the email. You can use OpenID or OAuth protocols to verify your identity with existing email providers, this saves time but I doubt too many people in corporate environments know what it is or have an OpenID.

One of the company’s founder is a former NSA employee and, although rejecting mass surveillance, they are open about providing your encryption keys to the US government if they are served with a court order, although since VirTru does not hold the data and only has the decryption keys, the government would need both. Not very difficult to do since Yahoo, Gmail and Outlook are all wiretapped by the NSA. This is clearly a tool with faith that the US government will not to abuse their espionage powers and that breaks the deal for me, it is understandable that a company will abide by court orders and that is why some security providers no longer hold customers decryption keys

I personally would stay away from any company holding the encryption keys for me, it makes life easier but if your information is so important that you need bullet proof encryption, the risk of the decryption keys being compromised it is too high when they are in somebody else hands. As an individual Countermail would be a better choice and for businesses, Silent Circle has high protection against government spying.

If you want a free email encryption solution there is always rolling your own OpenPGP keys which is not that hard to do with extensions like Mailvelope.

Visit Virtru homepage

Transfer large files securely with WireOver

WireOver is a private P2P program with encryption to exchange files of any size in Windows, Mac and Linux computers. The only available solutions to exchange extremely large files are cloud services like WeTransfer or email services like ZipSend but they both have a transfer limit. WireOver works P2P without any central storage, the only limit is your computer hard drive. You can send Terabytes of data with WireOver and if the transmission breaks it will autoresume the transfer where it was left off.

There is no central central server monitoring what you are exchanging and everything is encrypted in your computer before leaving it. However the person you are sending the file to will be able to see your computer IP,WireOver will protect your data from hackers or government agencies wiretapping the Internet but it will not make you anonymous and your ISP will still be competent to see who you are communicating with and log how much data is being exchanged.

After installation you will need to register an account by entering your email address and confirming it clicking on a link, you don’t need to set up any password, the email address is all your friends or colleagues need when sending a file. To start a file transfer you have to right click on it, choose WireOver in Windows shell menu, and enter the recipient’s email. If the receiver is online he will get a WireOver notification that somebody wants to send him a file and he will have to click on the accept or decline button. Transfer speed depends on your ISP and how far you are from each other, just like any other P2P application.

WireOver big file transfer encrypted

WireOver big file transfer encrypted

Another way to start a file transfer is by dragging and dropping it on the program, it is possible to have multiple downloads at once from different sources. The settings tab allows you to select the downloads folder and a tray icon shows WireOver activity.This utility can be of tremendous help for video professionals, web developers, engineers and other professionals who often need to transfer big files.

One of my concerns is that if you have to send something to a customer unless he is a WireOver subscriptor he would not be able to securely receive the file, the free version does not encrypt data and you can’t ask a client to pay for a program so that he can’t receive the draft of a project he is already paying for. Another thing I did not like is that when you send a file the only details shown on the window is the file size. You can’t see the file extension, file name, folder path, or any other specifics of the transmission, this can make mistakes easier to happen.

Security wise, nothing is better than end to end encryption like WireOver does. You don’t have to trust anybody with your keys, WireOver can’t be compelled to decrypt your data or have the decryption keys stolen. A unique ephemeral encryption key is used for each transfer, what is known in the industry as Forward Secrecy, this is the best security you can have.

WireOver server checks your public encryption keys integrity to stop man in the middle attacks but your private keys, the necessary ones to read data, never leave your computer. Encryption is implemented with well known standard algorithms, AES256bit and RSA2048 with MD5 for hashing. Their security scheme is sound except for the fact that it is not open source.

Alternatives you could use to WireOver to transfer files any size are instant messengers likke Skype or Jitsi. Skype belongs to Microsoft and it is highly suspected to have an NSA backdoor, I would stick with open source Jitsi if you go that route. Another alternative could be installing your own Virtual Private Network with Comodo Unite or Neorouter, this is not very difficult for those with a little of IT background and running your own SFTP server is also possible but many people will not know how an SFTP program works.

Tip: Although the free WireOver version does not encrypt, there is nothing stopping you from encrypting a file with a different application before sending it.

Visit WireOver homepage

iPhone and iPad email encryption with iPGMail

iPGMail is an iOS low cost encryption app based on OpenPGP, an open source implementation of the data encryption program Pretty Good Privacy (PGP). It has no backdoor and it is used by corporations protecting trade secrets and people whose opponent is an entity or country with large resources. Even for a spy agency, there is no way to break OpenPGP encryption other than guessing or stealing the password and encryption keys.

You can use iPGMail to encrypt and digitally sign email and files. Encryption keys can be imported if you already have them, or you can create them in the app, designating a few configuration options like key size and expiration date.

Like all public key encryption schemes, you will need the encryption key of the recipient you are sending mail to. iPGMail is able to search various public keyservers where to download other people public encryption keys from and upload your own to the server for others to find. Another option is to get iPGMail to automatically attach your public encryption key to messages you send.

iPhone and iPad encryption app iPGMail

iPhone and iPad encryption app iPGMail

The iOS mail application will automatically pass PGP attachments to iPGMail for processing but when selecting to send encrypted messages as text pasted in the main body, rather than as attachment, then you will have to copy and paste the received encrypted text into iPGMail to decrypt it.

You can choose for email messages to be only encrypted, only digitally signed or encrypted and digitally signed at the same time. When an email message is decrypted after entering the correct password, two bars on top of the application will turn green to let you know that encryption and digital signature verification were both accurately executed.

iPGMail can also be used to encrypt files, like documents, photos and videos. Those files can be send attached via email or distributed uploading them to Dropbox or iCloud. iPGMail can link up your Dropbox account inside the application and give you access to your Dropbox folders without leaving the program.

Encrypted files will have the extension .pgp, and can only be deciphered by those whose public key encryption has been used to secure them. To protect against someone accessing your encrypted messages, if you lose your iPhone or iPad iPGMail times out the cached password when you are not using it, and optionally, it can also password protect the app with a PIN number.

iPhone email encryption iPGMail

iPhone email encryption iPGMail

One of the beautiful things of OpenPGP based programs is that encrypted data can be deciphered in any other operating system. A free program tool to do that on a Mac desktop computer is GPGTools, on a Windows OS it can be done with GPG4Win, Unix computers can use GnuPG and Android users APG. To be able to exchange encrypted messages with your friends they will not need to have the same app or operating system installed, any of the free applications mentioned above will suffice to securely correspond with you.

I you only want to encrypt files you can find better applications, but to exchange encrypted email in iOS, iPGMail is most likely the best solution. A similar iOS app you might want to look at is oPenGP.

Visit iPGMail homepage