Encrypted Storage App ‘Boxcryptor’ Integrates Better With Files App

Boxcryptor received a major update for iOS and iPadOS that eliminates its own file browser. Instead, you’ll browse through your encrypted files completely within Apple’s Files app. Robert Freudenreich explains the decision: “By taking a ‘Files app first’ approach, we enable the best user experience for working with encrypted files in Apple’s Files app.” The integration with the Files app has been in place since iOS 11. But by eliminating the additional Boxcryptor-owned file browser, the Files app now becomes the exclusive file manager. For users, this primarily means an even simpler workflow.

Encrypted Cloud Storage Service ‘Cryptee’ Announces Massive Update

Cryptee is an end-to-end encrypted cloud storage service and announced a huge update on Sunday.

We’ve re-designed the entire platform, re-engineered everything from ground up, added hundreds of new features, and created an entirely new Cryptee experience for you. Along the way we’ve realized it’s going to be a massive leap forward, so we thought we should get a new logo too.

I think Cryptee is a great service and one that I’ve recommended in the past.

Cellebrite Has Not Broken Signal’s Encryption

On Tuesday, security company Cellebrite claimed to have broken the encryption that Signal uses to keep user communication safe. The blog post has since been removed, but the BBC has an archived version here. But Signal says that claim isn’t true.

It is important to understand that any story about Cellebrite Physical Analyzer starts with someone other than you physically holding your device, with the screen unlocked, in their hands. Cellebrite does not even try to intercept messages, voice/video, or live communication, much less “break the encryption” of that communication. They don’t do live surveillance of any kind.

Private Messenger ‘Signal’ Adds Encrypted Group Video Calls

Good news for users of Signal. The app now supports group video calls, and they are end-to-end encrypted like the rest of the app’s communications.

Now when you open a group chat in Signal, you’ll see a video call button at the top. When you start a call, the group will receive a notification letting them know a call has started.

When you start or join a group call, Signal will display the participants in a grid view. You can also swipe up to switch to a view that automatically focuses the screen on who is speaking, and it will update in real time as the active speaker changes.

Encryption App ‘Cryptomator’ to Integrate With iOS Files

Cryptomator is my top recommendation for file encryption and it recently shared its late 2020 development roadmap.

What’s up with Cryptomator for iOS? For the last 6-7 months, we have been hard at work on a completely new app written in Swift.

What will be so special about the rewrite? Cryptomator will be fully integrated into the Files app. This comes with many benefits like thumbnails, support for third-party apps that can edit files directly inside the vault, and many more!

Great news. What I’ve also been hoping for is the ability to access Cryptomator vaults in external storage on iOS/iPadOS, like you can on the Mac.

NSA Avoids Discussing Back Doors in Commercial Products

The U.S. National Security agency is dodging questions about back doors in commercial products and whether it’s continuing this practice. The article mentions Dual EC, a type of encryption algorithm the NSA tried to get ratified as a global standard. Why? Because they could easily crack it.

Juniper Networks got into hot water over Dual EC two years later. At the end of 2015, the maker of internet switches disclosed that it had detected malicious code in some firewall products. Researchers later determined that hackers had turned the firewalls into their own spy tool here by altering Juniper’s version of Dual EC.

And that’s the reason we oppose these kinds of back doors or “weaknesses on purpose” on Security Friday. If one group can easily crack it, so eventually will other groups.

Zoom Rolls Out End-to-End Encryption for Video Calls

Starting next week, video conferencing app Zoom is finally adding end-to-end encryption to its platform.

Zoom’s E2EE offering uses public key cryptography. In short, the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to that used by most end-to-end encrypted messaging platforms today.

Good to see Zoom doing this; they’ve certainly had misses in the past. Update: The new version is now available for most users.

ProtonDrive’s End-to-End Encryption Security Revealed

ProtonDrive (from the makers of ProtonMail and ProtonVPN) is in the final stages of development before it gets a beta launch later in 2020. The team revealed its end-to-end encryption security in a blog post.

Files and folders are arranged in a tree structure. Therefore, there is a recurring pattern where a file or folder’s asymmetric key is locked with a passphrase, which in turn is encrypted with the asymmetric key of their parent folder. All passphrases are signed with the address key of the user, without which a malicious server could forge the contents of the tree.

pCloud Update Lets Users Decide Where Files are Stored

pCloud is an encrypted cloud storage service, and a recent update gave users the ability to decide in which server their files are stored.

All pCloud users will be able to choose the server location where their files are stored. This will give users greater control over the security of their files. Once the choice of where to store the data is made during registration – in the US or Europe – it is practically impossible to transfer them without the user’s knowledge or permission. Currently, the option to select the server location is available only to newly registered users.

‘Lawful Access to Encrypted Data Act’ is Latest Encryption Attack

Senators Lindsey Graham (R-South Carolina), Tom Cotton (R-Arkansas) and Marsha Blackburn (R-Tennessee) introduced the Lawful Access to Encrypted Data Act yesterday. It seeks to bring back the Crypto Wars of the 1990s by crippling encryption with the introduction of backdoors.

Yet increasingly, technology providers are deliberately designing their products and services so that only the user, and not law enforcement, has access to content – even when criminal activity is clearly taking place.  This type of “warrant-proof” encryption adds little to the security of the communications of the ordinary user, but it is a serious benefit for those who use the internet for illicit purposes.

”Adds little to the security of the communications of the ordinary user.” That’s the level of contempt these people have for the rest of us.

Zoom Backtracks, Will Give Free Users Encryption Protection

After a lot of negative attention from press and privacy advocates, Zoom has backtracked on its stance. It will provide free users with end-to-end encryption, a feature previously limited to paying customers.

The company said that free users will have to verify themselves with a phone number in a one-time process. It claimed that this will stop bad actors from creating multiple abusive accounts.

Zoom is also releasing an updated design of its end-to-end encryption solution on GitHub that intends to achieve a balance between “the legitimate right of all users to privacy and the safety of users.”

Good to see Zoom do this.

IBM Releases Homomorphic Encryption Toolkit for iOS, macOS

IBM has released a toolkit for iOS and macOS to help developers to easily add homomorphic encryption into their programs.

While the technology holds great potential, it does require a significant shift in the security paradigm. Typically, inside the business logic of an application, data remains decrypted, Bergamaschi explained. But with the implementation of FHE, that’s no longer the case — meaning some functions and operations will change.

In other words, “There will be a need to rewrite parts of the business logic,” Bergamaschi said. “But the security that you gain with that, where the data is encrypted all the time, is very high.”

If you haven’t added homomorphic encryption to your technology watch list, be sure to do so. As I wrote in the past, this type of encryption lets a company perform computations on data while still keeping that data encrypted.

HideMyAss VPN 2-Yr Subscription: $79.99

We have a deal on a 2-year subscription to HideMyAss, a VPN featuring 256-bit AES encryption and a strict no logging policy. The subscription is good for unlimited installs with up to 5 connections at once, and 2-years is $79.99 through our deal.