Review Dust, the self-destructing messaging app

Dust is a free Android, Windows Phone and iPhone app to communicate privately via ephemeral messages, the app tries to appeal to the simple texting market and it is being funded by entrepreneur Mark Cuban, a selfmade billionaire who become aware of his digital trail when the US Securities and Exchange Commission falsely accused him of insider trading using some of the messages he had sent as evidence.

The app download is over 30MB and I had to grant it access to my location, camera, contacts, photos and Wi-fi connection. You are also asked the date of birth to make sure that you are over 13 years of age, this can be easily made up like I did. Password recovery can be set up with an email address but it is not compulsory, I managed to open my Cyberdust account entering no email address and no phone number, the only information I provided was a nickname and a password.

You can use Dust to send text, photos and videos, everything is sent encrypted but there is no specific information about how encryption in Dust works. Messages are erased 30 seconds after somebody opens them and there is a warning system that tells you if the receiver has taken a screenshot of your message. Data is always dealt with adopting volatile memory, the messages you open never touch your Android solid state disk and Dust servers don’t store messages in the hard drive either, any message you send will be kept for a maximum of 12 hours in the server and then purged regardless of if it has been read or not.

Selfdestructing messages app CyberDust
Selfdestructing messages app CyberDust

The app has a wide range of emojis that can be added to make texting more fun, I found the choice of emojis bizarre, they consist of different monkey faces, it is open for debate how amusing they are but I personally do not identify myself with a monkey and this is meant to be an app for adults, not children.

I liked that Dust has a complete interactive tutorial for new users. There is also a social element that allows you to interact with other Dust users adding them to groups and creating ephemeral group chats that send “blasts”.

One of the major differences in between Dust and other self-erasing messaging apps like Snapchat, is that the Dust list addresses of celebrities and famous entities in their network you might want to follow, from day one, you already have somebody to dust with. Since the main problem with new messaging apps is to find friends that are also using it, having a premade list of people you already know from the media sorts that out, however the practical implementation of that idea did not work as expected.

I joined as a follower of a famous tech journalist and all I received was her RSS feed for me to visit her website, another celebrity I followed sent me a pasted message with a pitch for an investment in her company and BusinessInsider Dust account was nothing else than messages with links to their site, basically, all these famous people with a public Dust address, all they do is to send you a headline with a link, don’t expect any kind of interaction or exclusive information that can not be found in Twitter.

CyberDust encrypted mobile phone messages
Dust encrypted mobile phone messages

Despite the celebrities failure, I didn’t think that Dust was a bad app for the problem it is meant to fix, I loved how little information is required to open an account with them and that the app does not store data on the hard drive as well as the automatic erasing, however, at times, you might want to actually store those messages and you can’t do that in Dust. In another app I have installed,  called Telegram, you can have it both ways, messaging somebody keeping the conversation or choose an optional private chat that is ephemeral like Dust.

I found Dust conversations very hard to follow and I am sure that some people will want to record their messages to remember what it was about, I can’t see myself advising family members to install this app, on top of that it remains a huge problem convincing anybody to install yet another app that few people use in their phone.

I ended up using the delete account feature in Dust, I can confirm it worked flawlessly, I got rid of the app and I will be sticking with Telegram to send ephemeral messages given that millions of people are already have it and mostly because I will not have all messages set to ephemeral by default.

Visit Dust homepage

Note: Post has been updated with the new name, from Cyberdust to Dust

Clean junk files and optimize Android with ToolWiz Cleaner

ToolWiz Cleaner is a free Android optimisation app that helps you keep your Android device free from clutter, regaining space and speed. The app has a clean layout with a huge button in the middle that tells you how much RAM memory you are using, optimising it with just a tap. I don’t know how accurate the numbers ToolWiz Cleaner gives you are, but if they are correct, the app was able to give me back half of my RAM memory by killing not needed background processes. Having said that, I have never had a problem where I ran out of RAM, the main advantage is that by reducing the processes in your phone, you save battery life.

There are two top icons in ToolWiz Cleaner displaying your Android phone temperature and storage space, tapping on them brings up a new screen with complete statistics, you can see your Android phone CPU and battery temperature in eye candy graphics that display CPU usage and frequency,the storage icon brings up the system and internal SD card storage usage.

Android junk cleaner CleanWiz
Android junk cleaner ToolWiz Cleaner

Another four icons at the bottom of ToolWiz Cleanerare labelled “Junk Cleaner“, “App Manager“, “Privacy&Security” and “Memory Boost“. Tapping on “Privacy&Security” automatically cleans your Chrome browser search and URL history, it also displays shortcuts to Android Call log, SMS and photo optimizer for you to clean those traces using internal tools that Android supplies. In the same section you can see an Autorun tab showing all apps running in the background, I tried to disable the idle running flashlight app in the background and a window popped up informing me that I needed root authority to do that, this greatly reduces the benefits of that section since I am not willing to risk harm to my Android phone by rooting it.

What I highly recommend you to look at is the “Permissions” tab in the privacy section, you will be able to see the specific information that the apps installed in your phone can access. For example, I was surprised to see that my DU battery saver and Clean Master apps can access something as personal as the device IMEI number (International Mobile Station Equipment Identity), I can’t understand why those apps need my phone serial number and I find it meddlesome that a company would want to know a number hard coded into the device only meant to be used to disable the phone if it gets stolen, the number should be out of boundaries for a battery saving and cleaning app, so, thank you CleanWiz for letting me know about this. In the same tab you can also see what apps are able to access your call log and phone contacts, in my case it was limited to Google Play, it is worthwhile for a user to check this out, call logs and contacts are another piece of personal data that should be kept out of apps access if you value your privacy.

I ran the “Clean Master” cleaning app right after ToolWiz Cleaner and it only found 8MB of extra junk in my gallery and system cache that ToolWiz Clenaerhad missed. I believe both apps are good but I am now going to uninstall “Clean Master” and go with ToolWiz Cleaner instead. The main reason for that are the privacy features that ToolWiz Clenaer gives you. I was particularly unhappy that “Clean Master” was able to access my phone’s IMEI number and if it wasn’t for ToolWiz Cleaner I would have never know about it, from now ToolWiz Cleaner will be my main Android cleaning app.

Visit ToolWiz Clenaner homepage

Review F-Secure Freedome mobile phone VPN

Freedome is a paid for VPN service for Android and iOS managed by F-Secure, a Finnish online security company that has been around for many years. You can use the VPN to view geographical locked content in Netflix, protect yourself from hackers in open Wifi points, stop advertisers from gathering data about your surfing habits and block pages containing malware.

The VPN connection is encrypted and it also stops your Internet Service Provider from seeing what sites you visit. The only thing this VPN might not be able to help you with is bypassing Internet filtering if a network administrator has DNS censorship in place. Normally companies use hardware firewalls to block access to undesirable websites, like social media, it can be very tricky finding a hole in a school Internet filtering set up, it is a matter of having networking knowledge and getting lucky, Freedome is being marketed for privacy and security and not as a way to bypass the Great Firewall of China.

Freedome F-Secure OpenVPN smartphone
Freedome F-Secure OpenVPN smartphone

Freedome has servers in Europe, North America and Asia, unlimited bandwidth and they keep no logs. Tapping Freedome’s big single button starts the VPN in your phone and automatically connects to the closest server to you, it can be changed to any other location you like, the UK, USA, Sweden and Hong Kong are all available in between many others. For a smartphone only VPN, I was very pleased with the wide range of servers and speed.

The level of protection provided can be customized to your needs. One example would be the Internet browsing protection checking websites you visit for viruses, this feature can be turned off in Freedome if you feel it is not needed. I have been using this VPN app for 6 months in my Android phone and I have never noticed any kind of slow down with the virus protection on, the only reason why you might want to disable it, is if you don’t trust F-Secure to filter out harmful sites for you.

I experienced a few disconnections with Freedome, it wasn’t too often, but sometimes, like once a week, my VPN would disconnect in the middle of a session for no reason, very annoying. Google Play reviews of this app parade more customers complaining about disconnections, the developers surely know about the problem and lets cross fingers that it will be fixed.

There is no desktop version for this app, it has been developed for smarpthones only, this gives Freedome more leverage when it comes to protect you than other VPN services supporting desktop and mobile phones. Every single security layer that Freedome provides you can be switched on and off.

In VPNs that are not smartphone specific you only get protection for your Internet connection in Wifi hotspots and anonymity hiding your IP, no protection at all from malware infecting your smartphone. Freedome can check what apps do and it will not allow you to download an app that contains a virus.

Freedome F-Secure VPN server location
Freedome F-Secure VPN server location

Another good point for Freedome is that unlike other companies claiming to provide a secure VPN for smartphones selling the insecure PPTP protocol without informing the customer that PPTP encryption can be cracked, Freedome provides you with pure OpenVPN that has no known vulnerabilities.

I was using Freedome at home because it was free during the beta testing, I didn’t feel I needed it, my home wireless connection is already protected with WPA2, but the VPN was useful to stop advertisers tracking me browsing the Internet. Now that my VPN trial has expired I will be using the Dolphin Zero browser to avoid storing cookies in my smartphone, but for those travelling and using a smartphone at hotels access points, I think that a VPN is a must have, otherwise what you do on the network can be captured by anybody.

I liked Freedome’s simplicity and easy to use, I was not so fond of their prices, for slightly more money you can buy a cheap desktop and mobile phone VPN provider, what might make you buy Freedome VPN over something like PIA VPN, is that Freedome has malware protection on top of their VPN, and other services do not.

Visit F-Secure Freedome homepage

Encrypted voice calls and secure chat with Silentel

Silentel is a scalable suite for secure communications, it can be used in mobile devices and desktop computers. The program provides a software based solution to protect your voice calls, secure chat, file transfer and text messages from wire tapping

Data is secured with end to end encryption, there is a central server redirecting traffic to the intended receiver but everything is encrypted on the client site, it is not possible for a third party to access plain text on the server, there isn’t any text to find, only metadata would be visible to a rogue observer, like timestamps and who is communicating with who. Metadata information that is hidden from your mobile network operator, Silentel protects you from well known spy agencies backdoors on mobile networks.

Encrypted mobile VoIP Silentel
Encrypted mobile VoIP Silentel

Data transmission is secured with public key encryption managed by Silentel in the hosted plan (enterprises can have their own infrastructure), voice calls are authenticated with the RSA algorithm and encrypted with AES256-bit one time keys. Phone calls employ a unique key that is never reused and destroyed as soon as somebody hangs up, this guarantees that if one of the keys falls in the wrong hands it won’t be of use to decrypt more than a single call. SMS text messages will also be encrypted and they can be set with an expiration date after which the message is wiped.

This is a very simple to use secure voice calling software, once you have it installed you should add contacts of other people who are also Silentel users, when you want to place an encrypted call or establish a secure chat select the person from your contact list and choose “Make a call” from the menu, Silentel will automatically create the ephemeral encryption keys, and once the call has finished it will delete those keys. Text messages, files and contacts are not kept in your smartphone, if you lose the phone you will not have to worry about anybody finding them

This product can be used by individuals, corporations and governments, Silentel is included in NATO Information Assurance Products Catalogue and it has a NATO confidential certification as well as a National Security Authority and Ministry of Defence certificates of the Slovak Republic.

Silentel encrypted call
Silentel encrypted call

This product is not cheap but the kind of customer they are targeting, government employees and CEOs will risk much more by placing insecure calls and sending plain text messages containing trade secrets or compromising details. Furthermore, if you are on Wifi, Silentel calls will be free and you won’t have to pay any charges for placing them.

Silentel security model is satisfying and the security certificates they hold are reassuring, not being a USA company is of great advantage to avoid invasive NSA spying orders, that is perhaps one of the main reasons to choose them over similar services like Silent Circle. I did not like that there is no Linux or Mac version of their software but on the mobile front they cover iPhone, Windows and Android devices.

Just remember that the receiver will have to be using the same software to be able to communicate securely, that is perhaps the hardest part, to convince colleagues of the need to secure against spying but once you achieve that, the learning curve for Silentel is very very low, if you know how to use a smartphone, you will know how to use Silentel out of the box.

Visit Silentel homepage

iPhone and iPad email encryption with iPGMail

iPGMail is an iOS low cost encryption app based on OpenPGP, an open source implementation of the data encryption program Pretty Good Privacy (PGP). It has no backdoor and it is used by corporations protecting trade secrets and people whose opponent is an entity or country with large resources. Even for a spy agency, there is no way to break OpenPGP encryption other than guessing or stealing the password and encryption keys.

You can use iPGMail to encrypt and digitally sign email and files. Encryption keys can be imported if you already have them, or you can create them in the app, designating a few configuration options like key size and expiration date.

Like all public key encryption schemes, you will need the encryption key of the recipient you are sending mail to. iPGMail is able to search various public keyservers where to download other people public encryption keys from and upload your own to the server for others to find. Another option is to get iPGMail to automatically attach your public encryption key to messages you send.

iPhone and iPad encryption app iPGMail
iPhone and iPad encryption app iPGMail

The iOS mail application will automatically pass PGP attachments to iPGMail for processing but when selecting to send encrypted messages as text pasted in the main body, rather than as attachment, then you will have to copy and paste the received encrypted text into iPGMail to decrypt it.

You can choose for email messages to be only encrypted, only digitally signed or encrypted and digitally signed at the same time. When an email message is decrypted after entering the correct password, two bars on top of the application will turn green to let you know that encryption and digital signature verification were both accurately executed.

iPGMail can also be used to encrypt files, like documents, photos and videos. Those files can be send attached via email or distributed uploading them to Dropbox or iCloud. iPGMail can link up your Dropbox account inside the application and give you access to your Dropbox folders without leaving the program.

Encrypted files will have the extension .pgp, and can only be deciphered by those whose public key encryption has been used to secure them. To protect against someone accessing your encrypted messages, if you lose your iPhone or iPad iPGMail times out the cached password when you are not using it, and optionally, it can also password protect the app with a PIN number.

iPhone email encryption iPGMail
iPhone email encryption iPGMail

One of the beautiful things of OpenPGP based programs is that encrypted data can be deciphered in any other operating system. A free program tool to do that on a Mac desktop computer is GPGTools, on a Windows OS it can be done with GPG4Win, Unix computers can use GnuPG and Android users APG. To be able to exchange encrypted messages with your friends they will not need to have the same app or operating system installed, any of the free applications mentioned above will suffice to securely correspond with you.

I you only want to encrypt files you can find better applications, but to exchange encrypted email in iOS, iPGMail is most likely the best solution. A similar iOS app you might want to look at is oPenGP.

Visit iPGMail homepage

Create an SSH tunnel in Android with JuiceSSH

JuiceSSH is a full SSH terminal client for your Android phone. After installation you only have to create a profile of the remote server by entering its IP, port number, username and password and tapping on it once to quickly establish a connection with a Linux terminal opening up. Settings can be synchronised across multiple devices and identities reused in servers but it is a good security practice to have a unique username and password for each connection, the possibility of reusing identities should not be even there in my humble opinion as it encourages lazy security.

You should also set up a private key file with your password, when you set up a private key something you know, the password, with something you own, the private key, are needed to log in, this stops malicious hackers from brute forcing their way into the server or sniffing out your password. Double authentication raises security considerably since it is much more difficult to steal a key than it is to guess or intercept a password.

Android SSH tunnel JuiceSSH
Android SSH tunnel JuiceSSH

The downside I found on this app is that by keeping a record of your SSH credentials if anyone gets access to your phone your remote servers will also be compromised, the only way to erase passwords and private keys is by completely erasing the identity altogether. This is too much of a danger to bear, sysadmins keep all kind of valuable data on servers you can’t risk giving easy access to crooks, it could even lead to a sysadmin being fired from his job if a serious security incident occurs because he lost his phone with root usernames and passwords.

The Pro version of JuiceSSH encrypts settings with AES256-bit, that is acceptable security and changes the rules of the game, JuiceSSH Pro version has other nice features like terminal colour themes, a security lock activated after inactivity period and easy port forwarding set up, which could be used to set up an SSH tunnel in your Android browser to hide your smartphone IP when browsing the Internet.

I liked the app design and features but server credentials storage in clear text on the phone was a deal breaker for me, and since I only use SSH tunnels occasionally I can not justify the expense of having to buy the Pro version to plug that security hole. I can easily put up with less features in the free version, like not having a coloured Unix terminal, but I definitely can not put up with less security, since it was to either pay up or give up, I am now using Connectbot SSH for Android instead.

Visit JuiceSSH in GooglePlay

Free open source Android operating system Replicant

Replicant is an open source OS for Android phones, while Android is built on a Linux kernel and claims to be open source, in reality it contains proprietary libraries and drivers necessary for interfacing with the phone’s hardware, these include the GSM radio interface library, bluetooth firmware, speech recognition and others, Google has allowed vendors to introduce their own closed source binary drivers into the system that the community can not redistribute, it also uses pushes its own proprietary apps into the system, like Google Maps, Gmail and Gtalk.

The Replicant operating system intends to replace proprietary drivers and have Android run 100% free software.

Ghost commander running on Android Fdroid
Ghost commander running on Android Fdroid

Because Google Market is proprietary software, Replicant uses a client app released under the GPL license called FDroid that comes with its own repository full of free and open source software (FOSS) apps, it doesn’t include any Google app and comes with alternatives that do exactly the same, you can use Google Market apps in Replicant phones without using Fdroid, but this is not encouraged. Fdroid can also be build in Linaro, a set of tool to help popular Linux distributions run on ARM computers.

Installing Replicant on your phone will void the warranty, eliminate Android OS and erase the data it holds, but if you are a hardcore  open source supporter and can risk something going wrong it is probably worth it, check the list of supported devices on their website.

Visit Replicant OS homepage