Tuesday, March 28, 2017

More on VPN and End-to-End Encryption

VPNs
One of the most basic forms of encryption that you’re probably familiar with is the Virtual Private Network, or VPN.   There are a variety of different VPNs for different purposes, such as:
  • Corporate VPNs that encrypt an entire network’s traffic
  • VPNs to connect to corporate servers away from the office (ex. The UA VPN) 
  • VPN routers that automatically reroute and encrypt users’ network traffic
  • Web or application-based VPNs for personal use


Among the many VPN protocols, IPSec is considered the most secure. In fact, our friend Edward Snowden (or enemy and national traitor, depending on your point of view) has stated that the US Government has yet to crack IPSec, although they have in fact cracked other VPN encryption protocols. Below are a few free IPSec VPN options for personal use:

End-to-End Encryption – Things to Know

Here are some examples that have end-to-end encryption technologies in place (with some caveats):
  • WhatsApp: The company claims that it does not store messages on its servers, which means it can’t hand over messages if approached by law enforcement officials. 
  • iMessage - Apple’s iMessages are end-to-end encrypted, which means they can only be read on users’ phones and the company can’t read them. But, you back up your messages in iCloud, then Apple can read them and could be forced to hand them over to authorities if provided with an appropriate warrant.
  • Telegram: Telegram messages can be totally private if you want them to be. The company offers end-to-end encryption if users turn on the app’s “secret chat” feature and thus can’t read those user messages. Regular messages are stored on Telegram’s servers. 
  • Signal: Owned by Open Whisper Systems, Signal is also end-to-end encrypted. The company explicitly states on its website that it “does not have access to the contents of any messages sent by Signal users.”
  • Line: Line offers end-to-end encryption, but only if both the sender and recipient of a message turn on a feature called “Letter Sealing.” This will encrypt your messages so the company can’t read them, but regular messages without the feature are not end-to-end encrypted and Line may have to hand them over if required by Japanese law.
  • Cyber Dust: Cyber Dust messages are encrypted end-to-end and the company claims they never even touch company servers. They’re also deleted from user phones as soon as they’re read (a la Snapchat). That means the company cannot hand over messages to authorities, even if a formal warrant was provided. “Once it’s gone it’s [gone],” CEO Ryan Ozonian told Re/code.
These Companies Can Read Your Messages
  • Facebook (Messenger and Instagram):  Both Facebook Messenger and Facebook-owned Instagram encrypt messages only when they are en route between a user’s device and company servers where they are stored. This means Facebook might have to hand over private messages if required by law. 
  • Google:  Messages sent via Google Hangouts are also encrypted en route and even on the company’s servers, but Google can still read them if needed. Encrypting the messages while on Google servers is intended to keep others from jacking in and reading them, but Google itself has the encryption key. This means Google might have to hand over private messages if required by law. 
  • Snapchat:  Like Google, Snapchat messages are encrypted while at rest on Snapchat’s servers (though the company has the encryption key if needed). Snaps are deleted from the servers as soon as they’re opened by the intended recipients, and Snapchat claims  these delivered messages “typically cannot be retrieved from Snapchat’s servers by anyone, for any reason.” But unopened Snaps are kept on the servers for 30 days before being deleted. That means Snapchat might have to hand over unopened, private messages if required by law. 
  • Twitter:  Direct messages on Twitter are not end-to-end encrypted. The company might have to hand over private messages if required by law. 
  • Skype:   Microsoft-owned Skype does not offer end-to-end encryption for instant messages. They are stored on Skype’s servers for a “limited time,” which means Skype might have to hand over private messages if required by law.
  • and soon, Comcast, Cox, and all IPSs...  (without an end-user agreement).  😱

No comments:

Post a Comment