Finally, Unbreakable Message Encryption

Pablo Valerio, International Business & IT Consultant | 10/26/2012 | 35 comments

Pablo Valerio
Some international corporations say they can't have data stored in the US or by any US cloud provider, under any circumstances, because of the USA Patriot Act. The fact that the law gives some agencies, such as the FBI (through National Security Letters) the authority to compel companies to hand over data without judicial control is unacceptable for companies handling regulated data or with concerns about intellectual property or industrial secrets.

But individuals are also concerned. Last year, it was reported that the FBI had paid developers for years to place back doors and side-channel key leaking mechanisms into the OpenBSD cryptographic framework. Since the revelation, most open-source code has been revised to purge those back doors, and it is supposed to be secure. The FBI has set up a special unit to "develop new electronic surveillance technologies, including intercepting Internet, wireless, and VoIP communications." It has also requested legislation that would require encryption system providers to have back doors for law enforcement agencies. Thankfully, the FBI doesn't have jurisdiction outside the United States.

In a blog post last year, I mentioned that Skype uses 256-bit AES encryption between users, which makes it impossible to access communication by others, unless you have back-door access. The system is integrated into Skype's protocol and is completely transparent to users. The company uses central servers to store call logs and (presumably) the key used to encrypt communication. But now that Skype is under Microsoft's umbrella, there is no reason to believe it will resist NSLs asking it to hand over the key, instant messages, or call logs.

A new concept is starting to appear in encryption services for data and messaging: zero knowledge. Providers of such services claim that they do not know who you are, and that they never store the encryption key anywhere outside of your device. One such service from FoxyFone of Switzerland (a country famous for bank security and secrecy) is now available on the Apple App Store for the iPhone, iPod Touch, and iPad. The app, Foxygram, lets the user encrypt data on the device, including contacts, email, pictures, and video, with 256-bit AES security.

FoxyFone has no servers, and there is no user registration for the app. Basically, the company doesn't know its users. It never stores the key anywhere, and it is helpless in recovering information for anyone (including the user) if the key goes missing. Users who want to keep informed about updates need to visit the company's Website or Like its Facebook page.

The application allows you to sync data with Apple's iCloud, but the data is encrypted on the device and can be unlocked only on that device or other authorized systems. This basic functionality is included on the free version, but a premium version for $4.99 gives you some special features, including different access codes.

Some cool features are the "cover up" and "nuke" access codes. Users who are forced to open the app against their will can use the cover up code, so that only items previously marked as displayable will be shown, and confidential information will be hidden. With the nuke code, all encrypted data will be destroyed on the device, and no one -- not even the user -- will be able to retrieve it.

The app allows users to send an encrypted message to anyone, but the recipient must install Foxygram to open the message. After that, they can communicate via email or text messaging (using standard email and texting applications) with complete security. FoxyFone says an Android version is in the works and will be available soon.

Messages sent with Foxygram are owned by the sender; the recipient can't copy or forward them without taking a picture of the screen. The app allows remote deleting of one or all messages sent to a contact. It is also possible to establish a time limit and a specific location for reading a message. If you send a message to someone who is supposed to be in Paris, no one with the device and the key could open the message from anywhere else.

In addition to being serverless, Foxygram has no user registration. This is to ensure the company cannot identify its users. The only way to know if someone is using Foxygram is by reading the log from the Apple store that shows a certain device has downloaded the app. But key generation is done at the device and is never shared. Markus Kristian Kangas, founder and CFO of FoxyFone, told me how its service differs from others, like SpiderOak Blue:

One has to blindly trust the claim that the private keys are generated on the local device only and not accessible by the company. Foxygram has no user registration. This means you can never be tracked or have your personal information shared by FoxyFone with an external agency. With Foxygram, the sender retains full control of shared media, and the recipient cannot copy or forward the data. The sender can even remotely delete the already sent media at any time. In case there was a legal investigation against someone who uses Foxygram, we would be willing to help in a case-by-case basis [if there were] reasonable and legal grounds. However, we would be very limited in what we could do.

One of the reasons to use the iPhone and iPad is that both devices perform encryption internally. Also, Apple says in a security whitepaper that the basic 256-bit key is unique to each device and is not recorded by Apple or any of its suppliers. In this way, it is possible for Foxygram to identify the device uniquely, adding an extra layer of security.

There are limits to using Foxygram. For starters, you need an iPhone or iPad, and the company isn't planning a desktop version. "There is no way to uniquely identify a PC unless it has a dongle," the company says. At this moment, for serious enterprise security, Foxygram is limited due to the type of devices it supports, but similar services offering zero-knowledge privacy should be used by executives traveling with extremely sensitive data.

I can understand the concern that law enforcement agencies may not be able to access some communications, but I also believe in the right of people and corporations to protect their privacy. I believe companies have the right to full control of confidential data. As we've discussed before, some governments have been paying for confidential data to chase down tax evaders, and they've been encouraging employees to steal extremely confidential information.

Also, the US cloud providers doing business in Europe -- Amazon, Apple, Google, Microsoft, and others -- should start considering a zero-knowledge approach and local servers for their European customers.

Finally, as Marcus Kangas said by email, "The only way to 100 percent know your private key and identity remains safe is open-source software or serverless design as used in Foxygram."

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 4   >   >>
batye   Finally, Unbreakable Message Encryption   11/13/2012 6:29:12 PM
Re: I don't know about "unbreakable"
agree, good point...
vnewman   Finally, Unbreakable Message Encryption   11/13/2012 5:49:46 PM
Re: I don't know about "unbreakable"
A quick thing I wanted to note is that if the app publishers want to be taken seriously in the enterprise setting, they may want to remove the "Do you have a secret lover?" in the first line of the app description!  A bit too spicy I think!!!
batye   Finally, Unbreakable Message Encryption   11/1/2012 12:43:50 PM
Re: I don't know about "unbreakable"
or until technology changes again - it like catch 22
Pablo Valerio   Finally, Unbreakable Message Encryption   11/1/2012 5:45:25 AM
Re: Electronic Robin Hoods
@vnewman, Unfortunately they don't have an Android version yet. They rely on the security system of the iPhone and iPad to make the encryption work. So I'm unable to test the App now.

Please share your experience when you have tested the premium version.
User Ranking: Blogger
The_Phil   Finally, Unbreakable Message Encryption   10/31/2012 10:16:04 PM
Re: The challenge of unbreakable
You must remember that nothing in computing is truly "new" nor is it "unbreakable". It is just a matter of time before everything is hacked. It may take a long while (and you hope in that time the methods are updated) but it is not going to last forever with all of the prying & trying eyes.
vnewman   Finally, Unbreakable Message Encryption   10/31/2012 3:08:11 PM
Re: Electronic Robin Hoods
I was intrigued by this app and so I tested it out on my iPhone and it seems that the free version is buggy - it crashes a great deal when just performing the simplist tasks.  I've purchased the premium version, which incidentally, is where all the bells and whistles are anyway, and will be interested to see if it lives up to all its promises.
kicheko   Finally, Unbreakable Message Encryption   10/30/2012 8:14:08 PM
Re: Electronic Robin Hoods
Its amazing how but Information Security or lack of it is an industry. A multi-billion dollar industry. Nobody in the business wants fool-proof security because that would mean "shut down this business, you're no longer needed." That is why i don't ever believe any story about fool proof solutions. If no outsider hacks them, they will "hack themselves" so that they have reason to continue with work. Only i doubt it will ever get to the point where they need to hack themselves.
nasimson   Finally, Unbreakable Message Encryption   10/29/2012 10:31:36 PM
Re: Electronic Robin Hoods
@Hospice: Very rightly said. I agree with you. I believe that the profit motivated hackers are sponsored ones. I mean breaking a code may not be a difficult task for them however, its not a kid's play as well. There must be a source that every hacker gets its input from to breach enhanced securities without getting caught.
Hospice_Houngbo   Finally, Unbreakable Message Encryption   10/29/2012 7:54:56 PM
Re: Electronic Robin Hoods
"Surely, every hacker has a different motive."

I don`t doubt that, but there are less and less "Robin hood" hackers than profit motivated ones.
David Wagner   Finally, Unbreakable Message Encryption   10/29/2012 6:58:16 PM
Re: I don't know about "unbreakable"
@pablo- I don't feel spied on by my phone provider. I feel I'm made anonymous by the herd. And if a little data about me makes service better, that's great. My problem is that I don't know if I feel the service is getting better.
Page 1 / 4   >   >>

The blogs and comments posted on do not reflect the views of TechWeb,, or its sponsors., TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Pablo Valerio
Pablo Valerio   10/3/2013   35 comments
One of the factors keeping doctors from getting a complete picture of a patient's health condition is lack of patient cooperation. Patients are often advised by doctors to regularly record ...
Pablo Valerio   9/25/2013   21 comments
It's nearly impossible to do business anymore without access to huge amounts of data, whenever and wherever you want it. Yet cellular data roaming charges are pricey, WiFi spectrum is ...
Pablo Valerio   9/24/2013   20 comments
Aided by big-data and cloud computing, "personalized medicine" is enabling doctors and researchers to evaluate the potential of existing drugs in different individuals and make better ...
Pablo Valerio   8/28/2013   29 comments
A few weeks ago, Neelie Kroes, vice president of the European Union for the Digital Agenda, warned that American cloud companies could lose $35 billion because of the NSA spying scandal ...
Pablo Valerio   8/21/2013   39 comments
A new study by researchers from the MIT Sloan School of Management, the Hebrew University of Jerusalem, and NYU Stern School of Business shows that many people like or give positive ...
Latest Archived Broadcast
We talk with Bernard Golden about accelerating application delivery in the cloud.
On-demand Video with Chat
Register for this video discussion to learn how tablets can provide true business usability and productivity.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
[email protected]
Dell's Efficiency Modeling Tool
The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise.

Read the full report
The State of Enterprise Efficiency in the Virtual Era: Virtualization – Smart Approaches to Maximize Gains
Virtualization is a presence in nearly all enterprise data centers. But not all companies are using it to its best effect. Learn the common characteristics of success, what barriers companies face, and how to get the most from your efforts.

Read the full report
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.

Read the full report
A Video Case Study – Translational Genomics Research Institute
e2 Video

On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments

Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments

The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments

TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments

The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments

Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments

IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments

TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments

TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments

The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments

The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
The Big Reason to Use Office

3|18|14   |   02:24   |   46 comments

Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
E2 Editors
SPONSORED: Mobile Security — A Use Case

3|4|14   |   04:27   |   16 comments

New mobile security solutions can accommodate a wide array of needs, including those of a complex university environment.
Tom Nolle
Killing Net Neutrality Might Save You Money

1|16|14   |   2:13   |   16 comments

The DC Court of Appeals voided most of the Neutrality Order, and whatever it might mean for the Internet overall, it might mean better and cheaper Internet VPNs for businesses.
Tom Nolle
The Internet of Everythinguseful

1|10|14   |   2:18   |   19 comments

We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Tom Nolle
Maturing Google Chrome

12|30|13   |   2.18   |   25 comments

Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
Sara Peters
No More Cookie-Cutter IT

12|23|13   |   03.58   |   21 comments

Creating the right combination of technology, people, and processes for your IT organization is a lot like baking Christmas cookies.
Sara Peters
Smart Wigs Not a Smart Idea

12|5|13   |   3:01   |   46 comments

Sony is seeking a patent for wigs that contain computing devices.
Tom Nolle
Cloud in the Wild

12|4|13   |   02:23   |   15 comments

On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
E2 Editors
SPONSORED: Is Malware Evading Your IPS?

11|18|13   |   03:16   |   4 comments

Intrusion prevention software is supposed to detect and block malware intrusions, but clever malware authors can evade your IPS in these five main ways.
Sara Peters
Where Have All the Mentors Gone?

9|27|13   |   3:15   |   38 comments

A good professional mentor can change your life for the better... but where do you find one?
Tom Nolle
SDN Wars & You Could Win

9|17|13   |   2:10   |   5 comments

VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Ivan Schneider
The Future of the Smart Watch

9|12|13   |   3:19   |   39 comments

Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Tom Nolle
Cutting Your Cloud Storage Costs

9|4|13   |   2:06   |   3 comments

Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
Sara Peters
Do CIOs Need an IT Background?

8|29|13   |   2:11   |   23 comments

Most of the CIOs interviewed in the How to Become a CIO series did not start their careers as IT professionals. So is an IT background essential?
Ivan Schneider
The Internet Loves Birthdays

8|27|13   |   3:25   |   69 comments

The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.