How do you share sensitive information over the Internet?

I’m probably less worried about interception of sensitive information than many of you. I would not consider using email, but I would send information like you described by Messages which is end to end encrypted, assuming you both have iPhones with recent software and don’t do it in a public setting…

Printed in a sealed envelope of a unique color to only open if needed and a similar one kept in a dresser or other spot that you show her when she is next home?

The digital information is harder because it will be a matter of her finding it when she needs to.

If she has an iPhone, you can put the information in a pinned note in her Notes that is locked and only able to be opened with her passcode or FaceID

Yes. Regardless of the method of transmission, their long-term storage of an unencrypted file is likely riskier than the initial file transfer. (And if the long-term storage is encrypted, you’re depending on the recipient to be able to decrypt when needed.)

This is a case where paper may be the best solution, at least for a minimal set of key access codes that will then grant access to your full store of encrypted keys.

Dave

It’s tough, as I only want her to have the info if it’s necessary. Not a matter of trusting her, it’s my own issue of privacy.

Your suggestion about showing her where to find the info next time she’s here is my backup plan. It’s a matter of getting her here at some point. It’s not that she’s so far away, it’s more a scheduling logistic.

This is pretty much a good description of the notes that we’ve created for our kids in case something happens to both of us. I try to update it every quarter or so.

As for sending sensitive info, it really depends. I don’t often need to do this. With our investment advisors, they have an encrypted mail system that we can use. For sending passwords to my kids (say, when they want to log on to Disney+ using my account, which is set to be able to be used by multiple people), I just use iMessage to send the password when they need it. And, speaking f D+, because it tends to send me a code that I need to enter when logging in to a new device, I have a server-side mail rule that looks for these and forwards them to my kids’ email accounts.

You’re right. I’m overly organized, she’s not organized at all. I’ll find a way to make it all work. It was merely that Adam’s idea about writing about transmitting info electronically hit me as it’s something I’ve been struggling w/on a personal level for awhile.
Even before privacy of information became such an issue due to internet & email, I was always very guarded about personal info. It’s just part of my general nature, I suppose, not due to a past issue.

Until this thread, I didn’t realize that Messages was considered so secure. I assumed its security was no better than email. Good to know.

This is a very interesting suggestion, since you can share notes. I wonder how secure it is to have a permanently shared note that you can edit with the latest info?

If I were facing a similar situation, I probably would mail or drop off a printed copy of the Power of Attorney with a Post-It or separate page attached describing where to find the password information in my house. This is mostly driven by the recipient’s tech knowledge level and by the risk of having sensitive information on a computer that is owned by somebody who isn’t vigilant about security and privacy.

Basically you need a secure channel and/or file encryption. You may optionally want time-based or count-based access control but IMO that’s less important because, ultimately, once the secrets are divulged, it’s open season on your target, who has them in whatever (probably insecure) form is most convenient to them. Just get them to confirm they have the goods and then you can delete the file / shut off the server / etc.

“Security” is subjective. Some people think iMessage is secure because Apple says so, others won’t. And the harder stuff, which is more concretely secure, is only really accessible to techies and other social inadequates. And of the forms that are more generally available, portability is much harder.

If I were aiming high, at a reasonably non-techie audience, I’d suggest Bitwarden Send (part of the BitWarden password manager), which allows you to store encrypted files that are decrypted in the browser of the recipient using a password and enforce some controls on access. This is enough for confidential documents. For much larger files, services like sendfiles.dev allow you to peer-to-peer send files from browser to browser with the recipient’s browser decrypting the file received, again using the password set by the sender. These both impose essentially no burden on your recipient: tell them to go to a web page and enter a password. The channel is secure, and so the file data. The key is the use of WebCrypto, which makes the browser do the cryptography.

Of course you can aim somewhat lower, too. The humble encrypted zip is all very well and good, but beware the legacy zip 2.0 encryption algorithm which is trivially broken using a known-plaintext attack: use AES-128 or better, supported by WinZip (Mac and Windows), or command-line implementations. Other archivers, like rar and 7zip, have good encryption too (Windows native, command-line on *NIX). There is the disk image, but really, it’s a Mac-to-Mac solution; these files aren’t intended to be portable. The Windows internal zip support doesn’t support encryption with AES, so you’ll have to get your recipient to install the corresponding archiver. Alternatively, there is the option of “self-extracting” archives: the archive also includes the code to decompress it on the target platform, but can also be extracted with an installed archiver. This has a risk, which is that with no realistic way for the recipient to verify that the archive hasn’t been tampered with, it is possible that it could compromise your data when the archive is run, so if it’s important to you to eliminate this risk, you’ll need a secure channel for communicating the file.

And of course, if you trust the big boys, there’s always the various end-to-end messengers WhatsApp, iMessage, Signal, Threema. Take your pick. If you trust them to be good about security, it’s probably OK to trust them with a temporary transfer of your file.

The one you need to be super careful about is email. In general, unless you know that the sender and recipient use services that strictly enforce a secure channel between themselves, with or without prior arrangement (the latter, for instance, can be done using DANE and DNSSEC) then you can’t rely on email to be secure. So, that potential consideration aside, just assume email is insecure, and only use it for the transfer of already-encrypted data (in an archive, with S/MIME/OpenPGP, etc).

To be specific, iMessages (blue bubbles) are end-to-end encrypted. Green bubbles (SMS or group MMS threads) are not encrypted at all - so be careful how you use this. I only do this with people who own iPhones and use iMessage (and I make sure that the setting to fall back to SMS is turned off when I send these.)

The blue/green bubbles may indicate whether your outgoing messages are end-to-end encrypted, but you don’t know that until after you send them. And there is no indication as to whether to not messages that you are receiving are end-to-end encrypted. So if the recipient echos back something you wrote, you don’t know if that was end-to-end encrypted.

Some of my messages to a couple of iPhones show up in blue bubbles, but some show up in green bubbles. (The messages are to one iPhone – they aren’t to a group, but there are several iPhones that exhibit this behavior.) Perhaps that means that a particular iPhone did not have Internet access (to Apples’s Messages servers) but did have SMS access when I sent the message. Maybe the iPhone’s “Cellular Data” is turned off and it is not connected to Wi-Fi, or the iPhone was in Airplane mode and not connected to the Internet via Wi-Fi.

When I am sending them to people I know are iMessage-enabled, I know they are end to end encrypted iMessages. I wouldn’t use this method without knowing the recipient uses iMessage (but you can tell when you address the message - when you enter their phone number or address, and it shows up as blue, they are iMessage users.)

So I’ll go back to my previous message. I turn off settings / messages / send as SMS. This will prevent the SMS fallback for those messages.

And, look, as I said, I’m doing this when my kids call or text asking for a password to HBO or Disney+ or something like that. I know that their phones are active - they just texted me, it came as a blue bubble, etc.

As a side note from the sharing-sensitive-info-online topic, if you have made a Will, Trust or other legal documents with a lawyer, they can usually provide those documents to your children or a family member if anything happens. If they are named in your documents, the law office contact info is about all you need to give them. Now, of course, many give a copy of these documents to the people in question when they are above a certain age anyway, so you are back to the original topic (or sending physically via certified mail, FedEx pack, etc.)

I wouldn’t trust a “password protected” pdf. A simple internet search will turn up several sites that claim to strip the password from a pdf. I haven’t tried any so I don’t know if they work but if they do, it’s possible they are bad guys who will also read your pdf.

For documents like these, I have them printed in a binder. I have added to that binder a printout of my “Bucket File”, which has all the names, addresses, phone numbers and passwords needed by my wife or daughter to access all my accounts. I generally keep it up to date, and just in case it isn’t, one of the first sections is how to log on to my Mac and access my master password file there.

My wife and daughter know where I keep these documents. I trust them both enough that I know the information won’t be abused.

If you can’t trust all of your heirs with this kind of information, I assume you could arrange to have your estate plan’s lawyer keep it on file with the rest of the documents.

For other sensitive documents, when I have had a need, I have used a few methods over the years:

• Hand-delivered. Bring a printout, or CD with the content. I suppose I might use a USB drive today. I wouldn’t bother encrypting the device. Once delivered, the recipient needs to be trusted either way.

• Encrypt the data (usually as a password-protected zip file), e-mail that or put that on a shared folder somewhere. Then deliver the password out of band (e.g. via phone call or postal mail)

  BTW, if your content consists entirely of Microsoft Office documents, password protecting the documents from within Word/Excel/PowerPoint works fine. For those who don’t know, all of Microsoft’s “XML” format documents (.docx, .xlsx, .pptx) are actually zip files containing the document’s content (binary files for images and stuff, XML files for most of everything else). When you add a read-password to the document (so you need the PW to view the content), a password (not sure if it is the doc’s password or something derived from it) is applied to the zip file, effectively encrypting the entire content.

  FWIW, my broker used postal mail to send me the initial password used to access my on-line account. I of course changed it after the first login, but it is interesting that more recent on line accounts for other similarly-sensitive accounts have done no such thing. They just set the initial password to a hint on the web page (e.g. your employee ID number suffixed with your SSN), but that isn’t really secure, since an attacker could research that information. But maybe its OK if the time-window is really small (e.g. if you log in the same day the account is created).

• My current employer uses Microsoft SharePoint and relies on its access controls for most corporate documents these days. I suppose that implies that doing something similar with a personal OneDrive account should also be OK, but I’m not quite ready to trust any third-party service. And I don’t know if a personal OneDrive is as secure as a corporate SharePoint.

• My employer also uses a proprietary system (developed by our IT department, based on Aspera from IBM) for secure file transfer with people that don’t have access to our SharePoint servers. But that’s clearly not an option if you aren’t a big company with an IT department that develops its own apps.

• I would really like to use end-to-end encrypted e-mail (based on S/MIME or a related technology like PGP or GPG). The problem with all of these is that in order to encrypt and authenticate a message, both parties need to have generated keys/certificates, and each needs access to the other’s public key.

  A former employer had this all set up via their MS Exchange server. The system auto-generated keys/certificates and stored them on a sercure server (part of Active Directory? I’m not sure). This worked great because your installation of Outlook (logging in via your AD credentials) was configured to automatically download your private key and everybody’s public key was available via the global corporate contacts list. So you could just click the checkboxes to authenticate and encrypt a message and Outlook would do the rest. And the receiving side was equally automatic - Outlook would tag the messages as secure, but the reader didn’t need to take any explicit action to view the contents.

  But in the absence of such an infrastructure, it would be extremely awkward to use. You’d have to convince your recipients to generate keys for themselves and then send you an authenticated message (whose certificate typically includes a link to the public key). After receiving the message, your mail client would (hopefully automatically) extract the public key and store it with the person’s contact card. Only then could you send an encrypted mail message.

  And S/MIME doesn’t work well via webmail services (and I don’t think very many web mail services even offer the capability). And the old days where “Finger me for my PGP key” was typical, went away a long time ago.

Reasonable security for most and easy to use: kdrive from infomaniak.com.
For really sensitive information Tresorit.com (HIPAA GDPR etc)
Both work like any of the cloud services but not even Tresorit can read the content, it’s encrypted on your computer.
HTH

I’ve tested some of these and they only work if the password is short and simple. With a long, complex password, they fail.

One trick we use is to create a scalable disk image file with a 256-encryption keyword applied to it, so that the disk itself is maybe one megabyte larger than the enclosed content.

Hardcopy via Registered mail