A new Chrome extension (called Netflix Hangouts) will make your Netflix stream look like a 4 person video conference by adding 3 additional video boxes onscreen. The Netflix show is housed in the bottom right hand box. You engage the extension by clicking on it and you stop it by clicking on it again (or closing the Netflix tab).

This will not trick network based traffic inspection devices. It just makes the screen look more business like. If your company employs network base traffic analysis, you may want to VPN out first.

Telegram Messenger isn't as secure as you think

November 23, 2015GeneralEdward Kiledjian

Right after the horribly tragic terror attacks in Paris, we started to read badly written articles by journalists trying to attract readers with sensational headlines.

The easiest target was encrypted communication tools and one of those is Telegram Messenger. It was said ISIS/ISIL used Telegram to chat securely and that they considered it a good solid secure and trustworthy platform. Does it really deserve that reputation?

I wrote a article on March 2014 that explained some of the shortcomings of this messaging platform.

With all the publicity it is receiving now, I wanted to revisit the tool.

Some of the security issues for people wanting the best security available:

Uploading your contacts In order to register for Telegram, you have to use your real telephone number and upload your phonebook contacts (to find others that are using Telegram). This means they know with absolute certainty who owns each account and have a list of your contacts.
Metadata Metadata Metadata With everything Snowden has released, we know what metadata is and why it is so important to protect. It is how governments around the world can build very accurate profiles of users. Most users will use Telegram Messenger via a smartphone which is a horribly leaking end point for metadata. Even if you encrypt the actual message, your provider, phone manufacturer and phone OS provider know what app is installed, when it was installed, how often it was used, when it was used and for how long. Combining this with triangulated location information and general information collection means tracking down individual users becomes much easier for crafty well-funded hackers or governments.
Custom encryption Read my original article about Telegrams custom encryption. We are at a point in Information Security where there are well documented, tried, tested and reliable encryption mechanisms and it is strange that a company comes along and creates it own. This becomes especially worrisome when the protocol and tool aren’t completely open sourced.

Looking back at Telecom

Looking back at Telegram 1 year after the original article, I would still rate its security as medium level. It may be better than the most popular platforms but is nowhere near a level I would call really secure.

What’s the most secure instant messaging tool?

I write a blog post entitled “The most secure smartphone messaging app in 2013 and my recommendation still stands. The most secure instant messaging tool available today is Threema. Key management is handled by each user (not by the platform provider which weakens the security). It’s security model and back end infrastructure has been independently vetted for security.

Whatsapp to become more secure than Apple Messages

November 25, 2014technologyEdward Kiledjian

Image by downloadsource.fr used under Creative Commons License — Image by downloadsource.fr used under Creative Commons License

I'm an advocate of personal privacy through encryption. I love the Threema instant messenger (Link) but none of my contacts used it. This is the problem with secure instant messenger apps, your friends aren't there so it becomes useless.

Now Whatsapp is including the encryption functionality of TextSecure from Open Whisper Systems in their Android client and this will make Whatsapp the most secure instant messenger (beating even Apple's a Messages/iMessage).

Like Whatsapp, Apple's iMessage/Messages offers end to end encryption but in Apple's design, they control the encryption keys which means they could create a man in the middle type situation and you would never know. In the new Whatsapp with encrypted messenger app, the keys are controlled by the client and you will be able to verify the counter-parties encryption key using QR code scanning (similar to Threema) or by verbally exchanging the encryption key verifier. This will make sure beyond any doubt that the messages are encrypted for the intended recipient and no one else.

How will it work?

When you start a conversation with another Whatsapp android users using the latest version, you will be asked to initiate a secure session. Once initiated, you will see visual marker (lock icon) in a couple of places to remind you the session is protected : next to the send button, next to each encrypted message and in the title bar.

When?

If you are using the latest android client, your version already includes the new end-to-end encryption mechanism and it is activated when talking to other Android based Whatsapp users.

Although I haven't seen any promises for an IOS version upgrade containing this secure technology from Whatsapp, I am confident we will eventually see it on iPhone as well.

Apple Messages most secure messaging platform

November 6, 2014technologyEdward Kiledjian

Image by Daniel Dudek-Corrigan used under Creative Commons License — Image by Daniel Dudek-Corrigan used under Creative Commons License

The Electronic Frontier Foundation has released an interesting comparison chart showing how well the most common instant messaging platforms compete on security.

The EFF analysis looked at these criteria:

Encrypted in transit
Encrypted so the provider can't read it
Can you verify contacts identity
Are past communication protected if keys are stolen
Is the code open to independent review
Is security design properly documented
Has the code been audited
Are

The highest rated tools (scoring 7 out of 7) were:

ChatSecure
CryptoCat
Signal/Redphone
Silent Phone
Silent Text
TextSecure

Not surprisingly, Apple's Facetime & iMessage (Messages) were ranked as the most secure mass market messaging tools.

“although neither currently provides complete protection against sophisticated, targeted forms of surveillance”

— EFF

Google Hangouts, Facebook Messenger, Blackberry Messenger and Microsoft's Skype were dinged on several fronts including lack of protection of past communications and lack of detailed documentation about security.

EFF Press Release : Link

EFF Scorecard : Link

Screenshot of Whatsapp's new voice calling feature

March 17, 2014technologyEdward Kiledjian

February 25, I wrote an article about an announced upcoming feature called Whatsapp voice. It will basically allow you to make a Voice Over IP (VoIP) call to any other Whatsapp subscriber. Sure VoIP is a crowded space but many of your friends are likely already on Whatsapp (with its 400M subscribers) which means this may get immediate traction.

iPhoneItalia (link) published the first leaked screenshots of this upcoming feature .

When starting the updated version, you will be prompted to permission to use your microphone. Like most calling apps, you have Mute, Message and Speaker buttons. I am guessing that bluetooth will also be supported but we'll have to wait and see.

Based on other leaks, we believe Voice calling will work on both WIFI and 3G.

Although the leaks only show an IOS 7 designed version, it is safe to assume Whatsapp will bring this to all of its other platforms (eventually).

Watch Netflix safely in the office