How do you share sensitive information over the Internet?

Basically you need a secure channel and/or file encryption. You may optionally want time-based or count-based access control but IMO that’s less important because, ultimately, once the secrets are divulged, it’s open season on your target, who has them in whatever (probably insecure) form is most convenient to them. Just get them to confirm they have the goods and then you can delete the file / shut off the server / etc.

“Security” is subjective. Some people think iMessage is secure because Apple says so, others won’t. And the harder stuff, which is more concretely secure, is only really accessible to techies and other social inadequates. And of the forms that are more generally available, portability is much harder.

If I were aiming high, at a reasonably non-techie audience, I’d suggest Bitwarden Send (part of the BitWarden password manager), which allows you to store encrypted files that are decrypted in the browser of the recipient using a password and enforce some controls on access. This is enough for confidential documents. For much larger files, services like sendfiles.dev allow you to peer-to-peer send files from browser to browser with the recipient’s browser decrypting the file received, again using the password set by the sender. These both impose essentially no burden on your recipient: tell them to go to a web page and enter a password. The channel is secure, and so the file data. The key is the use of WebCrypto, which makes the browser do the cryptography.

Of course you can aim somewhat lower, too. The humble encrypted zip is all very well and good, but beware the legacy zip 2.0 encryption algorithm which is trivially broken using a known-plaintext attack: use AES-128 or better, supported by WinZip (Mac and Windows), or command-line implementations. Other archivers, like rar and 7zip, have good encryption too (Windows native, command-line on *NIX). There is the disk image, but really, it’s a Mac-to-Mac solution; these files aren’t intended to be portable. The Windows internal zip support doesn’t support encryption with AES, so you’ll have to get your recipient to install the corresponding archiver. Alternatively, there is the option of “self-extracting” archives: the archive also includes the code to decompress it on the target platform, but can also be extracted with an installed archiver. This has a risk, which is that with no realistic way for the recipient to verify that the archive hasn’t been tampered with, it is possible that it could compromise your data when the archive is run, so if it’s important to you to eliminate this risk, you’ll need a secure channel for communicating the file.

And of course, if you trust the big boys, there’s always the various end-to-end messengers WhatsApp, iMessage, Signal, Threema. Take your pick. If you trust them to be good about security, it’s probably OK to trust them with a temporary transfer of your file.

The one you need to be super careful about is email. In general, unless you know that the sender and recipient use services that strictly enforce a secure channel between themselves, with or without prior arrangement (the latter, for instance, can be done using DANE and DNSSEC) then you can’t rely on email to be secure. So, that potential consideration aside, just assume email is insecure, and only use it for the transfer of already-encrypted data (in an archive, with S/MIME/OpenPGP, etc).

2 Likes

To be specific, iMessages (blue bubbles) are end-to-end encrypted. Green bubbles (SMS or group MMS threads) are not encrypted at all - so be careful how you use this. I only do this with people who own iPhones and use iMessage (and I make sure that the setting to fall back to SMS is turned off when I send these.)

3 Likes

The blue/green bubbles may indicate whether your outgoing messages are end-to-end encrypted, but you don’t know that until after you send them. And there is no indication as to whether to not messages that you are receiving are end-to-end encrypted. So if the recipient echos back something you wrote, you don’t know if that was end-to-end encrypted.

Some of my messages to a couple of iPhones show up in blue bubbles, but some show up in green bubbles. (The messages are to one iPhone – they aren’t to a group, but there are several iPhones that exhibit this behavior.) Perhaps that means that a particular iPhone did not have Internet access (to Apples’s Messages servers) but did have SMS access when I sent the message. Maybe the iPhone’s “Cellular Data” is turned off and it is not connected to Wi-Fi, or the iPhone was in Airplane mode and not connected to the Internet via Wi-Fi.

2 Likes

When I am sending them to people I know are iMessage-enabled, I know they are end to end encrypted iMessages. I wouldn’t use this method without knowing the recipient uses iMessage (but you can tell when you address the message - when you enter their phone number or address, and it shows up as blue, they are iMessage users.)

So I’ll go back to my previous message. I turn off settings / messages / send as SMS. This will prevent the SMS fallback for those messages.

And, look, as I said, I’m doing this when my kids call or text asking for a password to HBO or Disney+ or something like that. I know that their phones are active - they just texted me, it came as a blue bubble, etc.

2 Likes

As a side note from the sharing-sensitive-info-online topic, if you have made a Will, Trust or other legal documents with a lawyer, they can usually provide those documents to your children or a family member if anything happens. If they are named in your documents, the law office contact info is about all you need to give them. Now, of course, many give a copy of these documents to the people in question when they are above a certain age anyway, so you are back to the original topic (or sending physically via certified mail, FedEx pack, etc.)

I wouldn’t trust a “password protected” pdf. A simple internet search will turn up several sites that claim to strip the password from a pdf. I haven’t tried any so I don’t know if they work but if they do, it’s possible they are bad guys who will also read your pdf.

For documents like these, I have them printed in a binder. I have added to that binder a printout of my “Bucket File”, which has all the names, addresses, phone numbers and passwords needed by my wife or daughter to access all my accounts. I generally keep it up to date, and just in case it isn’t, one of the first sections is how to log on to my Mac and access my master password file there.

My wife and daughter know where I keep these documents. I trust them both enough that I know the information won’t be abused.

If you can’t trust all of your heirs with this kind of information, I assume you could arrange to have your estate plan’s lawyer keep it on file with the rest of the documents.

For other sensitive documents, when I have had a need, I have used a few methods over the years:

  • Hand-delivered. Bring a printout, or CD with the content. I suppose I might use a USB drive today. I wouldn’t bother encrypting the device. Once delivered, the recipient needs to be trusted either way.

  • Encrypt the data (usually as a password-protected zip file), e-mail that or put that on a shared folder somewhere. Then deliver the password out of band (e.g. via phone call or postal mail)

    BTW, if your content consists entirely of Microsoft Office documents, password protecting the documents from within Word/Excel/PowerPoint works fine. For those who don’t know, all of Microsoft’s “XML” format documents (.docx, .xlsx, .pptx) are actually zip files containing the document’s content (binary files for images and stuff, XML files for most of everything else). When you add a read-password to the document (so you need the PW to view the content), a password (not sure if it is the doc’s password or something derived from it) is applied to the zip file, effectively encrypting the entire content.

    FWIW, my broker used postal mail to send me the initial password used to access my on-line account. I of course changed it after the first login, but it is interesting that more recent on line accounts for other similarly-sensitive accounts have done no such thing. They just set the initial password to a hint on the web page (e.g. your employee ID number suffixed with your SSN), but that isn’t really secure, since an attacker could research that information. But maybe its OK if the time-window is really small (e.g. if you log in the same day the account is created).

  • My current employer uses Microsoft SharePoint and relies on its access controls for most corporate documents these days. I suppose that implies that doing something similar with a personal OneDrive account should also be OK, but I’m not quite ready to trust any third-party service. And I don’t know if a personal OneDrive is as secure as a corporate SharePoint.

  • My employer also uses a proprietary system (developed by our IT department, based on Aspera from IBM) for secure file transfer with people that don’t have access to our SharePoint servers. But that’s clearly not an option if you aren’t a big company with an IT department that develops its own apps.

  • I would really like to use end-to-end encrypted e-mail (based on S/MIME or a related technology like PGP or GPG). The problem with all of these is that in order to encrypt and authenticate a message, both parties need to have generated keys/certificates, and each needs access to the other’s public key.

    A former employer had this all set up via their MS Exchange server. The system auto-generated keys/certificates and stored them on a sercure server (part of Active Directory? I’m not sure). This worked great because your installation of Outlook (logging in via your AD credentials) was configured to automatically download your private key and everybody’s public key was available via the global corporate contacts list. So you could just click the checkboxes to authenticate and encrypt a message and Outlook would do the rest. And the receiving side was equally automatic - Outlook would tag the messages as secure, but the reader didn’t need to take any explicit action to view the contents.

    But in the absence of such an infrastructure, it would be extremely awkward to use. You’d have to convince your recipients to generate keys for themselves and then send you an authenticated message (whose certificate typically includes a link to the public key). After receiving the message, your mail client would (hopefully automatically) extract the public key and store it with the person’s contact card. Only then could you send an encrypted mail message.

    And S/MIME doesn’t work well via webmail services (and I don’t think very many web mail services even offer the capability). And the old days where “Finger me for my PGP key” was typical, went away a long time ago.

1 Like

Reasonable security for most and easy to use: kdrive from infomaniak.com.
For really sensitive information Tresorit.com (HIPAA GDPR etc)
Both work like any of the cloud services but not even Tresorit can read the content, it’s encrypted on your computer.
HTH

I’ve tested some of these and they only work if the password is short and simple. With a long, complex password, they fail.

2 Likes

One trick we use is to create a scalable disk image file with a 256-encryption keyword applied to it, so that the disk itself is maybe one megabyte larger than the enclosed content.

Hardcopy via Registered mail

1 Like

I’ve also just encountered an issue in which some link sequestering protections deployed in our Exchange environment end up consuming a one-time use of a link (e.g., a Salesforce password reset email came with the URL wrappered and thereby already expired; some phishing testing we were doing in house showed almost all trial emails “clicked” within the same minute they were sent—actually triggered by the same URL wrapper)

1 Like

Just a suggestion- buy a small solid state usb disc- put all your pdf files and password data on it and a password to open it send it to her. call her or separately mail her the password for the thumb sized disc. consider buying two or three such and use for backups or copies.

I have three methods:

  1. For individual documents to family members, iMessage.

  2. Sometimes an encrypted PDF in eg Dropbox when we’ve previously agreed on a password (in discussion over FaceTime).

  3. For sharing files with ‘strangers’, I use 1Password’s secure sharing feature. Since you can add documents, arbitrary fields, and notes to 1Password items you can basically share anything. In the past I’ve even created a ‘note’ item and used it to write out (markdown-formatted) instructions/info and attached a file to the note. It’s a nice attractive way to provide a secure document to non-techy people. The secure sharing allows options such as limiting the recipient to a specific email address and time- and view-based limits.

iMessage when I can.

Encrypted file to Google drive (password on paper) when I have to. At least there I can enforce that only a certain user gets access to the file regardless of what happens with the link to that file.

Paper instructions and master passwords in sealed envelope in a safe at home. My brother and brother in law have access to that should both my wife and I become incapacitated.

Similar for me…there’s a 911 vault in my 1PW online account that has a sufficient number of things in it that our son can be us once he gets physical access to at least one of our devices and he’s got paper in his safe with the same info. He’s got a key to the 900 mile away house and the garage code as well.

I very much appreciate the replies w/suggestions for my situation; it brought forward options I had not considered, for which I’m extremely grateful.

But please understand that my initial post was to show support for Adam’s idea of an article re:sharing sensitive info over the internet; I mentioned my dilemma merely as one example as to why I would find such an article helpful.

A thousand thanks for all the great ideas. :heart:

2 Likes

(late to the thread)

I’ve used https://onetimesecret.com/ to send passwords in a second channel.

One time secret only allows the secret to be accessed once and then the enclosed secret is destroyed. You can safely pass the secret as well as detect that the secret may have been compromised.

Does this also prevent sending an SMS message to an Adroid phone?

No. If the number isn’t registered to iMessage, it doesn’t receive iMessage, and you continue to use SMS. It only disables fallback if the number is using iMessage and is registered to it, and even when you’re offline.

3 Likes