Is Your Messaging App Really Secure?

Messaging applications are one of the most—if not the most—important apps that we use
every day. Whether it’s to stay in touch with family and friends across the
world, contact coworkers, or run business operations, messaging apps like
WhatsApp, iMessage, Skype and Facebook Messenger play an important part in our
daily communications.

We often share things such as personal pictures, business
secrets and legal documents on messaging apps, information that we don’t want
to make available to the wrong people. But how far can we trust your messaging
apps to protect all our confidential messages and sensitive information?

Following are some guidelines that will help you assess the
level of security that your favorite messaging app will provide.

A Few Words on Encryption

Of course, all messaging platforms profess to encrypt your data. Encryption uses mathematical equations to scramble your data in transition to prevent eavesdroppers from being able to read your messages.

Proper encryption makes sure that only the sender and the
recipient of a message will be aware of its content. However not all types of
encryption are made equal.

The most secure messaging apps are those that offer end-to-end encryption (E2EE). E2EE
apps store decryption keys on users’ devices only. E2EE not only protects your
communications against eavesdroppers, but also makes sure that the company that
hosts the application won’t be able to read your messages. This also means that
your messages will be protected against data breaches and intrusive warrants by
three-letter agencies.

More and more messaging applications are providing
end-to-end encryption. Signal was one of the first platforms to support E2EE.
In recent years, other applications have adopted Signal’s encryption protocol
or have developed their own E2EE technology. Examples include WhatsApp, Wickr
and iMessage.

Facebook Messenger and Telegram also support E2EE messaging,
though it’s not enabled by default, which makes them less secure. Skype also
added a “Private Conversation” option recently which gives you end-to-end
encryption on one conversation of your choice.

Google’s Hangouts does not support end-to-end encryption,
but the company provides Allo and Duo, text messaging and video conferencing
apps that are end-to-end encrypted.

Message Deletion

There’s more to security than just encrypting messages. What
if your device or the device of the person you’re chatting with gets hacked or
falls into the wrong hands? In that case, encryption will be of little use,
because the malicious actor will be able to see messages in their unencrypted
format.

The best way to protect your messages is to get rid of them
when you don’t need them anymore. This makes sure that even if your device
becomes compromised, malicious actors won’t get access to your confidential and
sensitive messages.

All messaging apps provide some form of message deletion,
but again, not all message removal features are equally secure.

For instance, Hangouts and iMessage enable you to clear your chat history. But while messages will be removed from your device, they will remain on the devices of the people you have been chatting with.

Therefore, if their devices become compromised, you’ll still lose hold of your sensitive data. To its credit, Hangouts has an option to disable chat history, which will automatically remove messages from all devices after each session.

In Telegram, Signal, Wickr and Skype, you can delete messages for all parties to a conversation. This can make sure that sensitive communications don’t remain in any of the devices involved in a conversation.

WhatsApp also added a “delete for everyone” option in 2017, but you can use it to delete only those messages you’ve sent within the last 13 hours. Facebook Messenger also added an “unsend” feature very recently, though it only works for 10 minutes after you send a message.

Signal, Telegram and Wickr also provide a self-destructing
message feature, which will immediately remove messages from all devices after
a configured period of time passes. This feature is especially good for
sensitive conversations, and saves you the effort of manually wiping messages.

Metadata

Every message comes with an amount of auxiliary information, also known as metadata, such as sender and receiver IDs, the time a message was sent, received and read, IP addresses, phone numbers, device IDs, etc.

Messaging servers store and process that kind of information to make sure messages are delivered to the right recipients and on time and to enable users to browse and organize their chat logs.

While metadata doesn’t contain message text, in the wrong hands, it can be very harmful and reveal a lot about users’ communication patterns such as their geographical location, the times they use their apps, the people they communicate with, etc.

In case the messaging service falls victim to a data breach, this kind of information can pave the way for cyberattacks such as phishing and other social engineering schemes.

Most messaging services collect a wealth of metadata and
unfortunately, there’s no sure way to know what type of information messaging
services store. But from what we know, Signal has the best track record.
According to the company, its servers only register the phone number with which
you created your account and the last date you logged in to your account.

Transparency

Every developer will tell you their messaging app is secure,
but how can you be sure? How do you know the app is not hiding a
government-implanted backdoor? How do you know the developer has done a good
job at testing the application?

Applications make the source code of
their application publicly available, also known as “open-source,” are more
reliable because independent security experts can examine and confirm whether
they’re secure or not.

Signal, Wickr and Telegram are open-source messaging apps,
which means they have been peer-reviewed by independent experts. Signal in
particular has the support of security experts such as Bruce Schneier and
Edward Snowden.

WhatsApp and Facebook Messenger are closed-source, but they
use the open-source Signal Protocol to encrypt their messages. This means that
you can at least rest assured that Facebook, which owns both apps, won’t be
looking into the content of your messages.

For fully closed-source applications such as Apple’s
iMessage, you must fully trust the developer to avoid making disastrous
security mistakes.

To be clear, open-source doesn’t mean absolute security. But
at least you can make sure that the app isn’t hiding anything nasty under the
hood.

How To Create Video Subtitles Quickly For Free

The future of internet content and social media sharing is in
video. But many social media platforms mute their videos by default. So to hear
the video, you must either turn on the volume or have subtitles attached.

To be safe, it’s better to have both. A lot of people scroll through their social media feeds at high speed, so all they are going to see is you mouthing your words silently.

Which is pretty much useless. But on the other hand, what if there are subtitles? Then they might read something you’re saying to be interesting. Interesting enough to stop scrolling and turn the volume on. Unless they are in a public space, in which case subtitles are essential.

Many people advertise their audio transcription services on places like Fiverr and Upwork. But quite honestly, even the cheapest quotes can make you hesitate if you are on a tight budget (or no budget).

I’ve also previously written about creating your own subtitles using free software, but it’s quite time-consuming. This is why you can get them done quickly and for free, using YouTube.

Wait…YouTube?

Not many people realize this, but every single video that gets uploaded to YouTube gets transcribed automatically by the service. To prove it, go to any YouTube video and click the Subtitles/Closed Captions option at the bottom right of the video.

You will then see the subtitles start when the person starts
speaking.

You can see right away though that the transcription is not
perfect. It is done by computers, not actual people. So if you have a weird
accent like mine, words are going to get mangled. If it can’t hear a word, it
guesses (sometimes hilariously). Plus it quite often doesn’t put in
punctuation.

That doesn’t mean the transcription is useless. I would say there is between an 80-90% accuracy rate. For a free service, that is great and fixing the errors really doesn’t take very long.

Many people choose not to fix the subtitle errors, either because they don’t realize the subtitles are there in the first place or through sheer laziness on their part. This is a big mistake because subtitles can really make a difference in how many people engage with your videos.

You can edit the errors in the subtitles and re-upload them
to your YouTube videos. Or use that file anywhere else you want. Consider it a
free gift from Google.

Upload Your
Video To YouTube

The first step is obviously to get your video onto YouTube. I
would recommend uploading it privately or unlisted first until you get the
subtitles sorted out.

Private or unlisted videos are also good if you don’t plan to
keep the video on YouTube and are only uploading it there to take advantage of
the subtitles service.

Click the camera icon in the top right hand corner of YouTube and choose Upload Video.

On the next page, before you drop the video onto the page, choose your listing preference. Private and unlisted are pretty much one and the same to me, but I tend to choose Private.

Now drop your video onto the upload window and let it upload
to YouTube. To make it go faster, choose a low resolution video with as small a
size as possible. But don’t skimp on the audio quality. The worse the quality,
the worse the transcription will be.

Access Your
Subtitles

Once your video is sitting on YouTube, leave it there for a
while. I have noticed that sometimes the audio transcription can take a while.
Obviously videos are queued for transcriptions in the order they are uploaded.

Eventually though, log into YouTube
Studio
and go down to Transcriptions.

Tap on the video you want to download the subtitles for. When the new window appears, choose Other Features – Translation & Transcription.

YouTube Studio is still in beta so choosing this option will
take you out of YouTube Studio and into the old-style format of the page.

Now click the language you want to access your subtitles in.

Technically you can edit the subtitles inside YouTube, but I
wouldn’t recommend it. I would instead suggest you download the text file and
edit it on your computer.

So click the Actions menu and download your preferred subtitles format. “SRT” format is normally a good one to go for.

Edit Your
Subtitles.

Downloading the subtitles file will add a file to your
computer that you can open with any text editor (such as Windows Notepad or
MacOS’s TextEdit). Then start looking for the errors.

Do NOT change the timestamps unless you absolutely have to
make big changes to the text which would put the video out of sync. In most
cases, it will be a simple case of changing small words and adding punctuation.

Save the edited subtitle file and now go back to the screen
where you chose the subtitle file to download. You will notice a blue button to
upload new subtitle files. Choose your preferred language or search for another
one if your chosen one is not already there.

Obviously you only need to re-upload subtitles to YouTube if
you intend to keep the video there.

Once you have chosen a language, click Upload a file and upload the newly edited subtitles file.

Republish your YouTube video with the new subtitles and then
check it to see if the subtitles are now OK. Then remember to go back into
YouTube Studio and change the listing from Private to Public so the world can
see your handiwork.

Facebook Also
Has Subtitles

Facebook also has subtitles auto-generated, but like YouTube, they are not perfect.

Therefore, you can click the “Edit” setting on any of your videos and upload a new set of subtitles, perhaps the ones you’ve just modified from YouTube.

If you’re just looking for a way to add subtitles to a movie you downloaded, then check out my other post on displaying SRT files in a video player. Enjoy!

SSD (Solid State Drive) Buying Guide for 2019

In our SSD buying guide, we’ll be arming you
with all of the knowledge you need to help make an informed purchasing
decision. We’ll help steer you to the right brands, teach you about different
SSD technology, and explain how much you should be spending for different SSD
types.

Hopefully, by the end of our guide, you’ll
know everything there is to know about buying SSDs. If you’re not buying an SSD
today, make sure to bookmark this page so that you have the information ready
for when you do decide to purchase one.

Why Buy an SSD?

It’s quite straightforward – SSDs are far faster than standard hard drives and typically less likely to break down. SSDs use flash cells that are charged up with electricity. The cells remember their state forever. Your PC reads a charged cell as a 1 and a non-charged cell as a 0 in binary.

Hard drives, on the other hand, are more like record players with moving parts. A real arm has to press down on the disk to physically write into it. When reading the disk, the same must be done.

As you can imagine, moving parts are not good
for longevity. Hard drives can slow down over time and completely fail. SSDs
can break, too, as cells are used and reused over and over, but they are
predicted to last for far, far longer.

Obviously, longevity isn’t the main selling point for SSDs. It’s all about the speed. To compare, a high end 7200 RPM drive has a speed of up to 210 MB/s read/write, whilst an entry level SSD like the Crucial CT250MX has a speed of up to 560/510 MB/s read/write. More advanced SSDs can go much faster.

In terms of real world performance, this means
a number of things:

  • Much faster boot up times
  • Programs load faster
  • Less hitching and freezes in video
    games
  • File transfer time is quicker
  • Programs run better side by side

What Types of SSDs are There?

If we ignore the different form factors for a
second, there are two SSD technologies being sold right now. We have the
typical SATA 3 AHCI SSD and then we have the NVME SSD. Both NVME and AHCI are
types of software ‘controller’ used to communicate with storage drives.

AHCI is an older, more outdated technology, whilst NVME is far newer and much faster. As a result, an NVME SSD is considerably more expensive than a SATA SSD. To make things more complexing, the full potential of NVME is only reached if you move over large files. We explained more in our SSD technology overview.

For boot up times, gaming, or light office
work, the speed difference in an NVME and an AHCI SSD is just a few seconds.
For moving large files or editing videos and photos, the difference will be
very noticeable. We’re talking almost 7 times faster. Below is an overview of
different file transfer speeds and boot times.

Read/write
speed:

  • 7200 RPM HD – up to 210 MB/s
  • SATA 3 SSD – up to 550MB/s
  • NVME SSD – up to 3500MB/s

Boot
times (estimated):

  • 7200 RPM HD – 36 seconds
  • Sata 3 SSD Boot time – 9 seconds
  • NVME SSD – 6 seconds

Boot times based on this video.

As you can see, the boot time decrease from hard drive to SSD is huge. The jump from SSD to NVME is very small. However, the NVME still has a large lead in file read/write speeds when larger files are concerned.

So, with that in mind, go for an NVME if you
are after the fastest speed possible for moving large files. If you don’t
necessarily need that, you can put the same budget into a higher capacity SSD
drive.

How Much Should You Pay For a
Sata 3 SSD Drive?

Whilst SSD prices are constantly dropping, they are still more expensive than traditional hard drives. The amount you pay per GB will depend on the brand you choose and the drive capacity. At the time of writing, we monitored the prices of different SSD drives on Amazon and concluded that the average price to pay per different capacity drive is as shown below.

  • 1TB drive: On average $135
  • 500GB drive: On average $67
  • 250GB drive: On average $44
  • 120GB drive: On average $24

How Much Should You Pay For an
NVME Drive?

As mentioned earlier, NVME drives are more expensive than standard SSD drives. You must also make sure you have a suitable M.2 connector on your motherboard before you purchase one. An M.2 connector looks like this:

Whilst the standard SSD prices are very
similar across brands, it’s a different story with NVME drives. For example,
you can pay around $250 for the 1TB Samsung 970 PRO or $145 for the Crucial P1
1TB.

If prices are lower than $200, there’s usually
a catch. Take the P1 for example – its top speeds are 2,000MB/s read and
1,500MB/s write. The Samsung 970 PRO, on the other hand has speeds of up to
3,500MB/s read/write.

For a real NVME SSD with full speed potential,
you’re looking at the following average prices:

  • 1TB drive: On average $240
  • 500GB drive: On average $130
  • 250GB drive: On average $80
  • 120GB drive: On average $50

If you see a product with significantly lower
speeds, read through the description carefully and read reviews online to
understand why.

Which SSD Brands are Reliable?

Buying an SSD from a reliable brand is
important because flash memory can be a tricky thing to get right. If longevity
is a concern, you should aim for brands that have a proven track record of
manufacturing long lasting drives.

An interesting experiment showcased that Kingston, Samsung, and Corsair drives survived after writing 1000 TB of data. Keep in mind, that’s a lot of data. Other lesser known brands may not last quite as long.

The best thing you can do when choosing a drive is to read customer reviews on longevity and research the brand on the internet for potential issues. Ultimately, is a slight reduction in price really worth it when you may be choosing a lesser trusted brand over one that is reliable?

Whilst this study was done on typical AHCI
SATA 3 drives, we’re confident similar results would be seen on an NVME drive.

Summary

Thanks for reading our SSD buying guide. We
hope that this guide has been informative enough to help you make your next
purchase.

Have any more questions about SSDs? You’re welcome to send me a tweet and I’d be happy to respond. Enjoy!

How to Download And Delete Your Data From Facebook

There’s no doubt that social media has made keeping connected with family and friends a whole lot easier. With a timeline of all your friends’ activity, it’s easy to stay close with those you love even if you’re thousands of miles away.

However, if you aren’t paying for a product, chances are that you’re the product yourself – and Facebook has made billions off of providing highly effective tools to advertisers using your information and browsing habits.

Over the past couple of years, a series of leaks and whistleblowers have made it very apparent the extreme amount of information Facebook has collected from users, and they haven’t always been the most scrupulous when it comes to privacy concerns.

Many have started to migrate away from the service, but there are a few extra steps you may have to take beyond simple profile deactivation if you want to keep your personal data protected.

Fortunately, Facebook has become pretty transparent about the type of data they’ve collected and also provide easy access to tools you can use to manage that data.

Download & Delete Facebook Data

Follow the steps below to download and delete data from Facebook and reduce your digital footprint.

Step 1. Log into your Facebook account on a web browser and click the drop-down menu at the top right of the screen.

Step 2. Select Settings.

Step 3. On the left side of the screen, select Your Facebook Information.

Step 4. Click Download Your Information.

Step 5. On the next screen, click Create File.

Step 6. At this point, Facebook will give you a notification that your file is being processed. This can take a little while depending on how long you’ve been on Facebook and how active you have been on the site and around the web, but it shouldn’t take more than an hour or two in most cases.

Once the file is finished processing, you’ll get a notification on the website that the file is ready for downloading and can then download a full file of all of the information that Facebook has collected. This is great for collecting information you’d like to save before you delete your Facebook account completely, or even if you’d just like to be able to easily sort through the content the site has amassed over the years.

While we’re waiting for the file to be processed, however, we can look at a few more Facebook data settings.

Step 7. Head back to the previous page and click Activity Log.

Step 8. This page is a collection of all of your activity and interactions with the website. You’ll see all your posts, comments, and even your reactions to every post on the site. For easier sorting, you can choose the data you’re interested in looking at using the Activity Log Filters at the left side of this page.

Step 9. Next to any activity, you’ll see two different icons. The icon on the left allows you to take a look at who that specific entry is visible to, and the icon on the right allows you to delete specific entries from your log. This is great if there are particular photos or posts that you’d rather not be floating around the web but are okay with the data management in general.

Step 10. In the event that you’d like to completely delete your account and all information associated with it, that’s an option too! Head back to the Facebook Information screen and click Delete Your Account and Information.

Step 11. The next screen gives you some information about what is going to happen when you confirm the setting, as well as some other options such as simply deactivating Facebook in order to retain access to Messenger. If you’d like to completely cut off Facebook, hit Delete Account at the bottom right of this window.

Just be sure that you’re 100% positive that you’d like to remove the account and data permanently, as there’s no going back after this point in the process. We highly recommend at least downloading your Facebook information through the process in steps 4-6 so you have a copy of any memories you’d like to keep for the future.

Overall, while Facebook has certainly come across as a little shady when it comes to the way they handle their users’ data, they do give you access to that data if you’re willing to do a little bit of digging.

One thing worth mentioning that many users don’t realize is that “rival” social network Instagram is also owned by Facebook. So if you’re looking to remove your data from the company’s servers completely, you’ll need to avoid using that app as well.

It’s certainly inconvenient to have to cut out two of the biggest social networks on the web, but for those who want better control over the way their personal information is used, it’s well worth a couple hours of effort to take a look at the collected data and ensure you’re as well-informed as possible. Enjoy!

The post How to Download And Delete Your Data From Facebook appeared first on Online Tech Tips.

How to Encrypt All Your Online and Offline Data

We use dozens of online services and applications every day to send and receive emails and text messages, make video calls, read news and watch videos online, and much more. And it’s extremely hard to keep track and secure the insane amount of data we produce and consume every day.

And in case you’re thinking, “I have nothing to hide,” you’re wrong. Every piece of data that you unleash in the web and fail to secure can be used against you. In the wrong hands, those data points can be gathered and correlated to create a digital profile, which can then be used to commit fraud, forgery and phishing attacks against you.

Your digital profile can also be used to invade your privacy in annoying and creepy ways such as showing you ads that are personalized based on your most intimate preferences and information.

However, it’s never too soon to start protecting your digital information from unwanted eyes. In this regard, your best friend is encryption, the science of scrambling data using mathematics. Encryption makes sure only intended people can read your data. Unauthorized parties who access your data will see nothing but a bunch of undecipherable bytes.

Here’s how you can encrypt all the data you store on your devices and in the cloud.

Encrypt Your On-Device Data

First, the easy part. You should start by encrypting the data you physically hold. This includes the content you store on your laptop, desktop PC, smartphone, tablet and removable drives. If you lose your devices, you risk placing sensitive information in the wrong hands.

The most secure way to encrypt your on-device data is full-disk encryption (FDE). FDE encrypts everything on a device and only makes the data available for use after the user provides a password or PIN code.

Most operating systems support FDE. In Windows, you can use BitLocker to turn on full-disk encryption on your PC. In macOS, the full-disk encryption is called FileVault. You can read our step-by-step guide on using BitLocker and FileVault.

Windows BitLocker also supports encrypting external drives such as memory cards and USB thumb drives. On macOS, you can use the Disk Utility to create an encrypted USB drive.

Alternatively, you can try hardware encrypted devices. Hardware encrypted drives require users to enter a PIN code on the device before plugging it to the computer. Encrypted drives are more expensive than their non-encrypted counterparts, but they are also more secure.

You should also encrypt your mobile devices. On-device encryption will make sure that an unauthorized person won’t be able to gain access to your phone’s data, even if they get physical access to it. Both iOS and Android support full-disk encryption. All Apple devices running iOS 8.0 and later are encrypted by default. We suggest you leave it that way.

The Android landscape is a bit fragmented since OS default settings and interfaces might differ based on manufacturer and OS version. Make sure to check yours is encrypted.

Encrypt Your Data in the Cloud

We rely on cloud storage services such as Google Drive, DropBox and Microsoft OneDrive to store our files and share them with friends and colleagues. But while those services do a good job to protect your data against unauthorized access, they still have access to the contents of the files you store in their cloud services. They also can’t protect you if your account gets hijacked.

If you don’t feel comfortable with Google or Microsoft having access to your sensitive files, you can use Boxcryptor. Boxcryptor integrates with most popular storage services and adds a layer of encryption to protect your files before uploading them to the cloud. This way, you can make sure that only you and the people you share your files with will be aware of their content.

Alternatively, you can use an end-to-end encrypted (E2EE) storage service such as Tresorit.  Before storing your files in the cloud, E2EE storage services encrypt your files with keys that you exclusively hold, and not even the service that stores your files can access their content.

Encrypt Your Internet Traffic

Perhaps equally as important as encrypting your files is the encryption of your internet traffic. Your internet service provider (ISP)—or a malicious actor that might be lurking on the public Wi-Fi network you’re using—will be able to eavesdrop on the sites you browse to and the services and applications you use. They can use that information to sell it to advertisers or, in the case of hackers, use it against you.

To protect your internet traffic against nosy and malicious parties, you can sign up to a virtual private network (VPN). When you use a VPN, all your internet traffic is encrypted and channeled through a VPN server before reaching its destiny.

If a malicious actor (or your ISP) decides to monitor your traffic, all they’ll see is a stream of encrypted data exchanged between you and your VPN server. They won’t be able to figure out which websites and applications you’re using.

One thing to consider is that your VPN provider will still have full visibility on your internet traffic. If you want absolute privacy, you can use The Onion Router (Tor). Tor, which is both the name of a darknet network and a namesake browser, encrypts your internet traffic and bounces it through several independent computers running a specialized software.

None of the computers in the Tor network has full knowledge of the source and the destination of your internet traffic, which gives you full privacy. However, Tor comes with a considerable speed penalty, and many websites block traffic coming from the Tor network.

Encrypt Your Emails

I guess I don’t need to tell you the importance of protecting your emails. Just ask John Podesta, whose leaked emails might have cost his boss her chance at presidency. Encrypting your emails can protect your sensitive communications against people who gain unwanted access to them. This can be hackers who break into your account, or your email provider itself.

To encrypt your emails, you can use Pretty Good Privacy (PGP). PGP is an open protocol that uses public-private key encryption to enable users to exchange encrypted emails. With PGP, every user has a public, known to everyone, which enables other users to send them encrypted emails.

The private key, which is only known to the user and stored on the user’s device, can decrypt messages encrypted with the public key. If an unintended party intercepts a PGP-encrypted email, they won’t be able to read its contents. Even if they break into your email account by stealing your credentials, they won’t be able to read the contents of your encrypted emails.

One of the advantages of PGP is that it can be integrated into any email service. There plenty of plugins that add PGP support to email client applications such as Microsoft Outlook. If you’re using a web client like the Gmail or Yahoo websites, you can use Mailvelope, a browser extension that adds easy-to-use PGP support to most popular email services.

Alternatively, you can sign-up to an end-to-end encrypted email service such as ProtonMail. ProtonMail encrypts your emails without the need to take any additional steps. Unlike services such as Gmail and Outlook.com, ProtonMail won’t be able to read the content of your emails.

Encrypt Your Messages

Messaging apps have become an inseparable part of our lives. There are dozens of messaging services you can use to communicate with family, friends and colleagues. But they provide different levels of security.

Preferably, you should use a messaging service that is end-to-end encrypted. Nowadays, most popular messaging services provide end-to-end encryption. Some examples include WhatsApp, Signal, Telegram, Viber and Wickr.

However, those that enable E2EE by default are more secure. WhatsApp, Signal and Wickr enable end-to-end encryption by default.

Also, messaging services that are based on open-source protocols are more reliable because they can be peer-reviewed by independent industry experts. Signal Protocol, the E2EE technology that powers WhatsApp and Signal, is an open-source protocol that has been endorsed by many security experts.

The post How to Encrypt All Your Online and Offline Data appeared first on Online Tech Tips.