Tutanota Encrypted Email

I love encrypted email, and I love writing about it.  In researching the next book in the Your Ultimate Security Guide series, Your Ultimate Security Guide: iOS, I decided to give Tutanota a try and I’m glad I did.

Tutanota_logo

 

The name “Tutanota” comes from the Latin words “tuta” (secure) and “nota” (message).  Tutanota offers free, end-to-end encrypted email accounts.  No personal information at all is required to create an account, and account creation is allowed through the Tor network.  Tutanota encrypts your message including the subject line, and any attachments and stores all of your emails in an encrypted state.  When you log in with your username and password, an encrypted version of your password is stored on Tutanota’s servers for the duration of your session.  If you lose your password it cannot be reset.  Tutanota also allows you to send encrypted emails to non-Tutanota users

Tutanota is incredibly streamlined and user-friendly and Tutanota apps are available for both iOS and Android, and Tutanota also offers a premium level of service for €1 per month.  Premium accounts offers some expanded functionality including the ability to create and use up to five aliases (alternate email addresses), unlimited outgoing emails (free accounts are capped at 100 per day), and the option to use your own domain.  Both free and paid accounts offer only 1Gb of storage but more (up to 1Tb) will be available for purchase soon.

Unfortunately Tutanota lacks several features that most of us have come to expect in an email service.  First, it does not allow you to save drafts (and as a result does not have a “Drafts” folder).  It also lacks a search function and the ability to assign labels (an important feature for email power-users).  Because of this I see it being used only for exchanging encrypted emails and not a day-to-day, Gmail-replacement system.

Though I am a fan of Protonmail and have been using it much longer, I do like the look and feel of Tutanota and will work it into my daily email routine.

AxCrypt – File Encryption Made Simple

Immediately after finishing Your Ultimate Security Guide: Windows 7 Edition a close friend who’d bought the book called me and asked why I hadn’t included AxCrypt.  The answer I gave him was that I was unfamiliar with the program.  After looking into it and testing it for a few weeks I’m sorry that I didn’t include it; it will definitely be included in Your Ultimate Security Guide: Windows 10.

AxCrypt 256x256 logo

AxCrypt uses the AES encryption algorithm (128-bit) and operates entirely from the right-click context menu.  When you want to encrypt a file right-click it, find AxCrypt in the context menu, and hover until the flyout appears.  The flyout menu allows you the option to Encrypt, Encrypt a Copy, and Enrypt to .EXE, among several other options.  Encrypt does exactly what you would think – it encrypts the file.  Encrypt a copy creates a new, encrypted copy of the file and leaves the original unencrypted.  Encrypt to .EXE allows you to create an executable file that can be opened on a computer that does not have AxCrypt installed.  AxCrypt also offers you the ability to use keyfiles in addition to a password, though it restricts the types of files that may be used to keyfiles generated by AxCrypt.  If you’ve read Your Ultimate Security Guide: Windows 7 Edition,  you know I’m a fan of keyfiles.

Opening a file encrypted with AxCrypt is even easier – just double-click and enter the password (and keyfile if necessary).  The file will open where you may view and edit it; closing the file will revert it back to its encrypted state.  If you wish to decrypt the file permanently, right click on it, hover on AxCrypt, and select Decrypt from the flyout.  After you enter the correct password the file will be decrypted and written in plain text to your hard drive.

AxCrypt also has a “Secure Delete” function that overwrites files with a single, pseudo-random pass.   After speaking to Axantum Software founder Svante Seleborg I also learned that it can be configured to do a seven-pass overwrite via the registry, but I will  stick to using Eraser for my data erasure needs due to its flexibility and convenience.

If you are looking for a simple, painless application for encrypting individual files AxCrypt is definitely worth considering.  AxCrypt is free and available from http://www.axantum.com/AxCrypt/.

Blur: The One-Stop Privacy Shop

As any of my readers know I hesitate to give out any personal information.  Using the same physical address, email address, phone number, and credit card number helps data marketers build very thorough profiles about us and I do everything I can to undermine this.  A service that is relatively new (at least to me) helps to make it much easier to avoid giving out this information.  This service is called Blur.

Before moving on it should be pointed out that Blur is a paid service.  Though there is a free version available, its functionality is very limited.  Blur Premium costs a very reasonable $39/year with discounts for purchasing multiple years ($59/2 years and $79/3 years).  For the features Blur provides the cost is totally worth it, and most of the features described below require a premium subscription.

full_MaskMe_512x512@2x

Blur helps to protect your privacy through a number of features including Masked Emails, Masked Phones, and Masked Cards.  The Masked Emails function works similarly to services like notsharingmy.info and 33mail.  When you create a masked email, Blur will give you a randomly-generated email address that will forward your mail to your real account.  You can create as many masked email addresses as you like, allowing you to have unique usernames on your accounts and protect your real address.  Masked Emails even protect your email address when you reply, a feature not currently offered by notsharingmy.info and only offered as a paid feature in 33mail.  Blur allows you to cancel forwarding to any masked email at any time, so if you sign up for a service that is bombarding you with junk mail you can simply login to your account and toggle forwarding to “off”, or delete the address entirely.

Blur also has a built-in username and password generator.  When you sign up for a new account or service and generate a username with Blur it will be a masked email address.  Unfortunately the passwords generated by Blur are only 12 characters long (though they are complex) and I have found no way to change this.  Masked Phone is another interesting feature that allows you to generate a phone number through Blur that will forward calls and text messages to your phone.  Unfortunately you can only have one Masked Number at a time, and the cost to change your masked number is $7; additionally there is a $.01 charge for each incoming call, for each minute used, and for each incoming text.  At this time you cannot send outgoing text messages from your masked number.

Blur’s most exciting feature by far is Masked Cards.  Blur allows you to create masked credit cards for online purchasing.  When you wish to make an online purchase you log into Blur and create a new masked card.  The amount of purchase will be charged to your “real” card, and the masked card works much like a pre-paid gift card.  Blur will give you a credit card number, expiration date, CCV, and billing address, and you can choose the name and shipping address.  This limits the amount of information that retailers, credit card companies, and third-parties can accumulate about your purchases, the benefits of which are obvious.  It also limits the exposure of your real credit card number on the internet.

With the ability to obscure your email address and phone number, create masked credit cards, generate unique, complex usernames and passwords, and manage it all in one place, Blur is almost a one-stop-privacy solution.  Your Blur account can be protected with very strong passwords (I haven’t found a length limit yet) and two-factor authentication and can be accessed through your browser, Blur’s add-on for Firefox/Chrome, or their Android/iOS app.

Letting Go of Google

I have used Google for years, mostly in the form of Gmail.  In Your Ultimate Security Guide: Windows 7 Edition I wrote about Gmail.  I threw in some well-deserved praise about Google’s security; it is very, very good.  Google offers one of the most user-friendly two-factor systems I have used.  They alert you when your account is logged into from a new IP and browser.  Your entire sessions is HTTPS encrypted, and encrypted inside of Google.  From a security standpoint it’s hard to complain about Google.  Privacy is another matter completely.

As Bruce Schneier recently pointed out, Google wants you to be secure from everyone except Google.  Google keeps your data safe from hackers and the NSA (they say), but they don’t keep it safe from themselves.  Google scans all your emails, records all your searches, remembers what videos you’ve watched, and what sites you go to when you leave Google.  And it never forgets.  Though I never created a Google + account, don’t log into YouTube, and don’t upload files to Google Drive, Google still knows an incredible amount of information about me.  That information will be remembered forever.  It will be accessible with warrants.  It may be seen if Google is hacked (Google holds a lot – a lot – of data and is a target because of it).  It will still be sold to advertisers.  And I don’t like that.

DDG_Full_Vertical.2x

I have managed to subvert much of Google’s ability to track me through with several tools.  I don’t use Google’s browser, Chrome.  Instead of searching through Google I use DuckDuckGo, a search engine that doesn’t collect or store data about its users.  Another very good tool is Disconnect Private Search, a browser add-on for Firefox and Chrome that routes all your searches through a “light” VPN.  Google doesn’t know who sent the request and can’t track me (Disconnect Search also allows you to use Bing, DuckDuckGo, and Yahoo!).  I also configure my browsers to delete history and cookies each time it is closed and I close it frequently.  I run BleachBit or CCleaner several times a day, too.

I have also been a fairly heavy Google Voice user.  I liked Google Voice because I could give out a GV number instead of my “real” number.  I could get calls, texts, and voicemail from my phone or computer, and the most compelling feature was its price: free.  I have managed to subvert this, too, through Silent Circle.  Though I have to pay for it Silent Circle offers me security from everyone, not everyone-but-them.

These steps seem simple in comparison to finding a suitable substitute for Gmail.  Other “mainstream” (read: free) email providers scrape emails, too, and unfortunately I don’t have the confidence in my own technical accumen to run my own email server.  Through the last several months, however, I have managed to piece together a workable email solution.  Unfortunately there is no sole-source replacement for Gmail, but with paid services like KolabNow and free ones like ProtonMail I know my communications are, if not more secure, at least more private.

You should also know that if you contact me, your communications are stored privately and securely on email servers that are not scraped for advertisments.  The email address to which the contact form on this site links is a ProtonMail email address.  Additionally, I have removed Google Analytics from this site.  I do not have access to any data about the individuals who visit my site, whether specifically or in aggregate.  When I initially set up this blog I thought it would be a good idea to see how often the site was visited, but I quickly realized that I had become part of the problem.  This is my mea culpa.

Thoughts on the LastPass Breach

I have a couple of thoughts regarding the breach on the popular password manager LastPass earlier this week.  Initially I was disheartened to hear about the breach but was very glad that LastPass dealt with it swiftly and responsibly.  I actually learned of the breach from LastPass, with an email alerting me to change my master password.  Additionally LastPass is verifying all intial post-breach logins via email unless two-factor authentication is enabled on the account. I was also glad to hear that the attackers were unable to make off with anything more substantial than very strongly hashed (encrypted) master passwords, cryptographic salts, and email addresses.  Though certainly less than ideal, the attackers were still unable to capture plaintext password vaults.

LastPassLogo822x100

Though I don’t use LastPass anymore I did for several years and because of this and my comfort with it, I recommended it in Your Ultimate Security Guide: Windows 7 Edition and plan to in the upcoming iOS 8.3 Edition.  The two big take-aways from this breach (at least in my mind) are:

Cloud-based password managers are inherently risky.  This may be a provocative statement because many people use web-based password managers without incident.  But for how long?  Because of the treasure trove of information a password manager contains they are naturally a target.  Secondly, because they are a more complex system than a host-based password manager like Password Safe there are more potential points of failure.  The data must transit the internet, back and forth from your computer to the internet, be decrypted locally to be used, be re-encrypted before being re-uploaded to the cloud server, etc.  A lot of things have to be done correctly for it to be secure throughout the entire process.

Two-factor authentication is important.  When I first saw the email from LastPass about the breach my heart sank.  I no longer use LastPass but I know a lot of people who do.  Fortunately I know that msot of them also use two-factor authentication and as I learned more about the breach I realized that accounts protected with two-factor were still safe.  I gave high praise to LastPass in Your Ultimate Security Guide: Windows 7 Edition for the multitudinous two-factor options it offers: “The Grid” (my favorite), Google Authenticator, fingerprints, Yubikey, etc.  With two-factor enabled my friends were able to rest easy that their passwords had not been breached.  This is the kind of confidence I want in an internet system, especially one with which so much critical data is entrusted.

As I said earlier, I would still recommend LastPass to anyone who is determined to have a web-based password manager.  The convenience of the system is hard to deny, but personally, I’d rather have the security of knowing exactly where all of my passwords are stored.

Why YOU Need a Virtual Private Network

Using a virtual private network (VPN) is an important part of strong digital security.  A VPN can accomplish several tasks.  First, it creates an encrypted tunnel to a remote server through which your traffic transits.  This means that anyone inspecting your traffic (from internet service providers to malicious hackers) will capture nothing but unusable, encrypted data.  For best security I recommend using the OpenVPN or IPSec encryption protocols.  Next, because your traffic appears to originate from a remote server your IP address is not correlated with your browsing.  This is important: if you visit a website that logs your IP address they can use the IP address to find your geographical location, your internet service provider, and all your visits to that site.  Using a VPN server that hundreds of other people also use makes you less distinctive and protects your physical location.  Lastly, VPNs can be used to help bypass geographical restrictions.  If you are in a country that blocks certain content you can use your VPN to connect to a server in another country, bypassing geographical restriction.

IPv6 Test

I recommend strongly against using free VPN services.  The recent story about a free VPN known as Hola! last week is an excellent reminder of why paying for a VPN is worth it: Hola! was selling the bandwidth of anyone who had their plugin installed, sometimes to malicious users who conducted botnet activity.  This opens users up to a number of security risks.  Free VPN providers have also been known to monetize by collecting and selling user information which defeats much of the raison d’être for a VPN.

To determine if your VPN is leaking information about you or how much information you are leaking if you are not using a VPN, Private Internet Access (with which I am an affiliate) has some helpful links.  They will test whether your DNS is leaked, if your IP address is leaked when you send an email, and if your IPv6 address is leaked.

Though I like Astrill, Private Internet Access, and WiTopia, there are pleny of great VPN options out there.  Most are under $100 per year and offer a great many features.  This is a very small price to pay for the disporportionate level of security and privacy they provide.

Fixing Firefox’s WebRTC Vulnerability

Earlier this year a major vulnerability called the WebRTC vulnerability was discovered in Windows machines running Chrome and Firefox.  This vulnerability can compromise your privacy by allowing websites to see your true IPv6 address despite the use of a VPN.  When using a VPN any site you visit should only see the IP address of the VPN’s exit server.  This prevents them from correlating you with your visit with your geographic location, and building profiles based on your IP address.  To test your system and see if your IP is leaking you can visit https://ipleak.net/.

Thankfully this vulnerability is very easy to correct in Firefox but it cannot be corrected through the “Options” dialogue.  To correct it go to your URL bar in Firefox and type “about:config.”  This will open a menu where power-users can make many adjustments to the application (many of these adjustments can be made through the Settings, but many cannot).  Bypass the warning and scroll down to “media.peerconnection.enabled.” This setting is “true” by default.  Double-click this line which will toggle the value to “false.”  This is all that is required to turn off WebRTC and secure this vulnerability.

WebRTC Vulnerability

There are add-ons for Chrome (WebRTC Leak Prevent and ScriptSafe) that are intended to defeat the WebRTC vulnerability.  It has been reported that these add-ons can be bypassed by a malicious adversary and should not be relied on.  However, if you must use Chrome you should enable one of these add-ons.

For full protection use Firefox and adjust as described above.  Using NoScript may also help mitigate this vulnerability.

ProtonMail Update

As I mentioned in Your Ultimate Security Guide: Windows 7 Edition, ProtonMail is one of my favorite new email providers.  As time has passed I have only grown to love this service more.  ProtonMail has been featured in Forbes, Huffington Post, at TED, and in many other prominent outlets.  While I mentioned ProtonMail in YUSG: Win7, those pages only allowed limited space to cover this email service so I discussed only a few of the most important features.  There are several more options that deserve some attention.

Privacy and anonymity:  Protonmail does not require you to submit your name, date of birth, telephone number or other personal information when requesting an account. Because ProtonMail is still in beta an email address is required to request an account at this time (it will be used to notify you the account is ready), but this can be anonymous, too.  I have successfully used Gmail addresses with modifiers (as discussed in Chapter 2 of YUSG: Win7), notsharingmy.info, and 33mail addresses to request Protonmail accounts.

Message expiration:  Messages can be set to expire after as little as one hour (or as many as 672 hours/28 days).  Message deletion works with ProtonMail and non-ProtonMail recipients alike and allows you to have some control over how long your messages are retained.  Be aware that this expiry is from the time it is received in the recipient’s inbox, not from the time it is opened meaning it may be deleted before the recipient has a chance to read it.  Also be aware that if the recipient replies to your message a copy of that message will be saved in the reply and stored in his or her “Sent” folder.

Secure messages to and FROM non-Protonmail users:  When I was working on YUSG: Win7 ProtonMail offered the ability to send an encrypted email to a non-ProtonMail user.  Since that time ProtonMail has added the ability for non-ProtonMail users to respond securely to these messages.  The problem with this is still exchanging a password securely (this is perhaps best done face-to-face) but if a password can be securely established this would be a fairly elegant solution for communicating with users who can’t or won’t set up a ProtonMail account.

Encrypted Attachments:  As of May 5, 2015 ProtonMail now offers encrypted attachments between ProtonMail users (it does not encrypt attachments to non-ProtonMail accounts).  Currently very few options exist for encrypting attachments (Mailvelope doesn’t do it) and this ability alone is a huge benefit.

Email Notification:  If you have a ProtonMail account but don’t use it daily, fear not!  ProtonMail offers the option of notifying you at another email address when you have email in your ProtonMail inbox.  Though I may gradually transition a large percentage of my email to ProtonMail for now I only use it occasionally and really appreciate this feature.

https://protonmail.ch
https://protonmail.ch

Things I would still like to see:  Though ProtonMail is really endearing itself to me and I find myself using it more and more there are still a few things I would like to see it offer:

  • Two-Factor Authentication.  I have a very hard time trusting my security to a password only.  I would much rather have the added security of a second authentication factor (maybe a system similar to the LastPass Grid could be a useful option?).  On the upside ProtonMail places no limit on the number or type of characters that may be used in either the login or mailbox passwords.  Both my login and mailbox passwords are in excess of 200 characters and changed frequently which gives me some peace of mind.
  • PGP Integration.  I would love the ability to import my PGP keys into ProtonMail.  This would allow me the ability to communicate securely with PGP users who have not migrated to ProtonMail, and to use my own keypair(s) if so inclined.
  • Encrypted for Attachments for Outside Users:  Being able to encrypt an attachment to outside users would be a huge benefit.  On the other hand accounts are free; if the person with whom you need to share attachments won’t set up an account you could set one up for them.
  • App(s) for Android and iPhone:  It would be great to access ProtonMail on mobile devices.  That said, it is hard to input long, complex passwords on mobile devices making two-factor authentication even more important (as well as the need for users to utilize a password manager).  According to the ProtonMail blog (scroll down to the comments) apps are forthcoming for both Android and iOS.

So how do we make this happen?  Setting all of this up costs money, and interest in ProtonMail has seen an incredibly spike in account requests over the last months.  The best way to make this happen is to donate to ProtonMail (via PayPayl or BitCoin).  I have no financial interest in ProtonMail but I strongly believe universal, easily implemented, user-friendly, encrypted email to be a worthy cause.

USB Flash Drives

Since YUSG: Win7 was released, several of you have asked which USB flash drives I prefer.  There are two that I use on a daily basis for my backups, the Kingston Data Traveler and the SanDisk Cruzer Fit.

The Kingston Digital DataTraveler SE9 64GB USB 2.0 Flash Drive. I like this flash drive because it is rugged and can survive life on my keychain; I have had the same one for almost eighteen months now and it is still going strong. There is a new version that is USB 3.0 capable but I have yet to try it (link HERE).  Though I am quite certain it performs, the redesigned keychain hole doesn’t look as sturdy.  I intend to get my hands on one in the coming weeks and report back.

The other USB flash drive I use is the SanDisk Cruzer Fit CZ33 64GB USB 2.0 Low-Profile Flash Drive. This flash drive is low-profile enough to remain in my USB port full-time and does not snag when taking my laptop in and out of a bag. I have two of these, and one of the two is always in my machine being backed up by CryptSync and the other is at my offsite backup location. There is also a USB 3.0 version of this drive available and I have tried it but do not prefer it because it is much larger and sticks out much further (link HERE). This is probably not an issue if you primarily utilize a desktop PC or travel with your laptop infrequently.

All three of the flash drives I use for backups are full-disk encrypted with TrueCrypt.

The 64 Gb versions of the SanDisk Cruzer Fit (left) and the Kingston Data Traveler.
The 64 Gb versions of the SanDisk Cruzer Fit (left) and the Kingston Data Traveler.