{"id":15725,"date":"2019-07-08T09:10:04","date_gmt":"2019-07-08T17:10:04","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/07\/08\/news-9472\/"},"modified":"2019-07-08T09:10:04","modified_gmt":"2019-07-08T17:10:04","slug":"news-9472","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/07\/08\/news-9472\/","title":{"rendered":"How to securely send your personal information"},"content":{"rendered":"

Credit to Author: Seth Rosenblatt| Date: Mon, 08 Jul 2019 16:00:00 +0000<\/strong><\/p>\n

This story originally ran on The Parallax<\/a> and was updated on July 3, 2019.<\/em><\/p>\n

A few months ago, my parents asked a great security question: How could they securely send their passport numbers to a travel agent? They knew email wasn\u2019t safe on its own.<\/p>\n

Standard email indeed isn\u2019t safe for sending high-value personal information such as credit card or passport numbers, according to security experts such as Robert Hansen, CEO of intelligence and analysis firm OutsideIntel, now part of Bit Discovery<\/a>.<\/p>\n

\u201cEmail sometimes has good cryptography but often does not,\u201d Hansen says. When sending between Gmail accounts or within a company, he adds, secure transport \u201cprobably isn\u2019t an issue.\u201d But people should ask themselves, \u201cCan somebody steal the data when it\u2019s at rest?\u201d<\/p>\n

There\u2019s no 100 percent hack-proof way to send your personal information across the Internet. But thanks to the development of end-to-end encryption<\/a>, which secures data from even the company providing the encryption, there are tools and techniques you can use to make the process safer for you and the identification numbers we use to rule our lives.<\/p>\n

Here are three expert tips for securely sending someone your personal information when planning your summer vacation, buying your next house, or just sending documents to your doctor\u2019s office (when they don\u2019t have their own secure messaging system<\/a>.)<\/p>\n

Tip 1: Use an app with end-to-end encryption <\/h3>\n

The use of encryption has been increasing \u201csince the mid-1990s,\u201d notes security expert Bruce Schneier, thanks to a seminal\u00a0court case<\/a>\u00a0allowing companies to work on computer cryptography without having to first seek the government\u2019s permission.\u00a0<\/p>\n

Some phone apps protect your text messages using end-to-end encryption. We have highlighted several of the best in a\u00a0guide to apps offering end-to-end encryption<\/a>. Here are a few we find exceptionally useful for securely sending personal information.<\/p>\n

WhatsApp<\/a>,<\/strong>\u00a0used by\u00a0more than 1.5 billion people<\/a>, is on every major and several minor platform, including an easy-to-use desktop browser app, and it provides end-to-end encryption by default. If you use WhatsApp (acquired by Facebook<\/a>\u00a0in 2014,) you use end-to-end encryption. It\u2019s that simple, and its popularity means that you might not have to convince your intended recipient to install it.<\/p>\n

WhatsApp\u2019s encryption tech is actually provided by\u00a0Open Whisper Systems<\/a>, which makes its own end-to-end encryption text and voice app,\u00a0Signal<\/a><\/strong>. So which app should you use? Signal arguably has two advantages over WhatsApp, at least from a security perspective. Signal doesn\u2019t\u00a0store any metadata<\/a>\u00a0on its chats, while WhatsApp does. It\u2019s not the content of messages, but it can help identify the type of content being sent. Signal can be set to auto-delete messages, which is effective as long as the recipient hasn\u2019t taken a screenshot or otherwise copied the content of the message.<\/p>\n

Signal is also open-source, which means that the code on which it\u2019s built is subject to independent reviews. WhatsApp development is closed, and doesn\u2019t have people not associated with the company poking around in its code. While Signal is only for iPhone and Android, both Signal and WhatsApp can comfortably exist on the same device\u2014they don\u2019t conflict with each other. (Sometimes, however, Signal\u00a0struggles to let its users go<\/a>.)<\/p>\n

As of July 2019, WhatsApp and Signal are the only two end-to-end encrypted messaging apps for which the advocacy nonprofit\u00a0Electronic Frontier Foundation<\/a>\u00a0offers installation instructions in its\u00a0Surveillance Self-Defense Tool Guide<\/a>. The organization\u00a0elsewhere in its guide recommends<\/a>\u00a0the end-to-end encrypted messaging app\u00a0Wire<\/a><\/strong>. Wire works on Android, iOS, and desktops. One of Wire\u2019s benefits is that it doesn\u2019t require you to share your phone number to use the service, instead relying on usernames. That can help minimize the ability of others to track you. But it also stores conversation threads in plaintext<\/a>\u00a0when you use it across multiple devices.<\/p>\n

End-to-end encrypted\u00a0Wickr<\/a><\/strong>\u00a0also allows users to delete messages they\u2019ve sent after they\u2019ve been viewed. Once you\u2019ve deleted a message you\u2019ve sent, you don\u2019t have to worry about the recipient\u2019s device storing it. However, because Wickr runs only on iOS and Android, and it has no password recovery method, you might have a hard time convincing your recipient to use it. (Editor\u2019s note: Since this story was originally published, Wickr is still available to all users but is focused on businesses, not consumers.)<\/em><\/p>\n

Tip 2: If you must use email… <\/h3>\n

If you must use email\u2014perhaps you\u2019re sending the\u00a0Panama Papers<\/a>\u2014strongly consider learning about Pretty Good Privacy. The\u00a0challenge with PGP<\/a>\u00a0is that not only do you have to use it correctly, with different instructions for\u00a0Windows<\/a>,\u00a0Mac<\/a>, and\u00a0Linux<\/a>, but so does your recipient. You can consider\u00a0sending a password-protected ZIP file<\/a>, as long as the password isn\u2019t in the same email you send.\u00a0<\/p>\n

Electronic Frontier Foundation technologist Jeremy Gillula advises against creating a simple code for sending important numbers, such as changing all 1s to 2s. \u201cIf you\u2019re using simple cipher, might as well call up the recipient and tell them over the phone,\u201d he says.<\/p>\n

Some email networks are encrypted within their own systems. If you know that your recipient is using Gmail, and you\u2019re using Gmail, the content of the messages will be protected from snooping while being sent, Gillula says. \u201cIt can thwart a passive eavesdropper, but you\u2019re still susceptible to active attacks.\u201d<\/p>\n

Tip 3: Ask questions <\/h3>\n

If you\u2019re not sure about your recipient\u2019s computer security, ask him or her about it. Hansen tells a story about trying to get a mortgage, and the mortgage company wanted \u201cunbelievable amounts of information. I took one look at their website and found a number of different flaws in it.\u201d <\/p>\n

He ended up finding a larger, more computer-savvy mortgage company. Good starter questions include:<\/p>\n