Encryption in Transit and At Rest

19 05 2017

There is an app for that.

It’s Boxcryptor by the German Secomba GmbH and it’s easy to use with a perfect design. Nothing is saved on Secomba’s servers without being encrypted by the user’s password, a zero-knowledge relationship between the user and the company behind Boxcryptor.


Here’s a short guide for backup freaks enabling them to even access their sensitive information in the worst case (iPhone died or was stolen). The good news is that they can even do it with their 💯$ Windows 10 backup phone.

Let’s get ready to rumble …

If a note contains sensitive information it can be locked with iOS’s built-in encryption capabilities. As an option it’s either stored locally on the iOS device or on iCloud.

It’s intended to

  • store an encrypted backup on a further cloud storage like Dropbox, Box, OneDrive, Google Drive, etc
  • ensure access to encrypted files from a device running on a different OS, e.g. a mobile phone running on Windows 10

Here is the workaround to transfer files from Apple Notes on an iPhone to Dropbox as a strongly encrypted PDF.

  1. Write a note.
  2. Tap on the Action Menu (top right).
  3. Choose PRINT.
  4. In PRINT PREVIEW force press on page 1.
  5. Tap on the Action Menu (bottom left).
  6. Choose BOXCRYPTOR.
  7. In BOXCRYPTOR choose UPLOAD.

Note …
A zero-knowledge service provider will always store any private and sensitive information in an encrypted form protected by the user’s password – which is never transferred to the provider. Passwords, password keys, and file keys never leave the users’ devices and are never transferred anywhere or to anyone.

Handle with care! Zero-knowledge means that Secomba cannot help you if you forgot your password. You’ll lose access to all encrypted files.

Benefits …

Your are safe and so you are. If you buy a new device you mustn’t take care of the OS. Boxcryptor runs on Windows, Windows Mobile, macOS, Android, iOS, Blackberry, and Chrome. 28 clouds are supported including Apple iCloud. You can share files with non-Boxcryptor users (Dropbox, OneDrive, Google Drive only as of May 2017).

More …

Boxcryptor Review

Boxcryptor Technical Overview

Thanks for reading.





Expensive password keeper?

17 05 2017

or even with a subscription model?

That’s the new way developers try to assure their livelihood and secure against poverty. That stands to reason and ad a retired programmer I know what I’m talking about.

But …

Users disagree substantively over subscription models although it’s the only way to do a meaningful economic analysis.

How much money are they willing to spend monthly for their let’s say 30 apps?

Stats tell us that this is the average number of apps frequently used by iOS users.

Well, I personally do not have any subscription (except my 50GB iCloud plan for 0.99€/month).

It’s not only Apple’s SVP Phil Schiller promoting subscription based models but also he makers of the well-known password keeper 1Password. So it was time for me to scrutinize alternatives.

And it turned out that Apple’s built-in app NOTES is now my first choice. I don’t need and don’t want to use the integrated browsers of 1Password or OneSafe. I have Apple’s strongly encrypted Keychain to save credentials for websites opened in Safari.

But what happens if things don’t go my way?

Well, then I still have the list of essential access information in a locked note of Apple’s built-in App Notes. For free.

More …

Apple Notes

Thanks for paying attention.





About Apple Pay, no kidding!

24 04 2017

A shopaholic’s best friend

If a new technology or service hits the market it shouldn’t be accepted without qualification.

Here are my thoughts and reservations not only about Apple Pay but also about electronic payments with smartphones or smart watches in general.


Well, in your everyday life the easiest way to get rid of your -bogus- money is to pay cash. But carrying cash with you is followed by two risks: loss and mugging. Both may also happen to your password.

So there is a need to innovate and make payments secure and fast with something you always carry with you: eyes and fingers.

Admittedly you also carry your belly with you but after intense scientific researches it turned out that the waist circumference isn’t as unique as required.

Apple decided to use the fingerprint as the biometric identifier.

Your fingerprint might be unique but the technique to transform it into bits and later retrieve you as the actor can be buggy according to Murphy’s law.

So, what happens if things don’t go your way?

If you need support the worst case that can happen, a customer’s nightmare, is, that you have more than one partner. Here it’s Apple and your bank. Apple will say that they don’t have access to your data because the transaction isn’t done with real data but with generated tokens. The bank will tell you, that it’s not responsible for the technique and it suggests to contact Apple or, that your Axx processor should be repaired.

And what about the lost money?

It’s way to complicated to explain the strange redemption of John Doe’s or Mr A.N. Onymus’ money. Refunds are announced many times, according to legislation. But it seems that there are some unexpected black holes implemented in laws.

For God’s sake do not invest in any technique except your pillow (only halfway filled but secure). SMSs are winging it’s way to recipients in a jiffy but money still uses the Silk Road on the back of turtles.
Abso-fucking-lutely fuckers, that’s what bankers are when returning money or gaming via Investment Fonds, sorry, ASFs, aka Arrant Scoundrels Fonds.

Btw, did you know that ASF is also the official abbreviation for ‘African swine fever virus’?

Bankers are responsible for the financial crisis, they dashed people’s hopes, force people into poverty, and forward a very special legacy to our children, valuelessness.

So we learn:

Isn’t the law – still not adapted to activities in the Internet – a nicely flexible and bendable thing?

If you are a shopaholic or not don’t use the ultra-modern techniques. Get rid of your money by paying cash or using the old-fashioned credit card. Don’t trust all the involved techniques and transfers of data over thousands of miles via cables, servers, and through the air. They are not qualified to build up confidence.

I’m an Apple fan and trust in what Tim Cook tells us about privacy. But there should be limits because even Tim and his excellent engineers can’t kill all bugs living in Apple’s ecosystem. Some bugs are like bacteria, they are resistant. Some others are doing their job on the way to Maiden or other data centers.

Summary …

New kinds of electronic payment systems are not designed to reduce the costs but to get more personal data and force people to spend money they don’t have.

Why going a long way round? The next level of paying is to do it even without any device, just with your fingertip or your eye.

Follow Roman poet Ovid’s slogan Nip things in the bud (“Principiis obsta”) to prevent the society getting fully electronic instead of improving humanity.

Thanks for reading and
sorry for going ballistic.

If you ask me “Are you serious?”
my answer is “Nine times out of ten.”.