@normharris3 just asked me how I share sensitive information and documents over the Internet, to which I replied:
For a username or password, I use 1Password’s built-in feature for sharing. Before I used 1Password, I’d use https://1ty.me/ to create a single-use link. That also works for sharing small bits of text.
For documents, the problem is having the attachment sitting in your or the recipient’s email, where it could be accessed if an account is hacked. What I generally do in such situations is put the document in Google Drive or Dropbox, sometimes protected by permissions, sometimes not, and then share a link. I then ask the person to tell me when they have the document so I can delete the copy behind the link, thus rendering it inaccessible in the future.
But that got me thinking that this would be a great TidBITS article. So I’m curious, when you have to send something sensitive over the Internet, how do you do it? Do you use email or a messaging app or something else? And if you use email, how do you protect the information from being accessed if your or the recipient’s email account were to be compromised?
I created a password protected PDF (with Adobe Acrobat), and put the password to open the document in a second text file. Both documents were uploaded to a domain that I maintain, and I created a very basic HTML page linking to both documents (compressed into a zip file). Once the recipient confirmed that they had downloaded (and opened) the files, I deleted them on my end and took down the page.
Of course, this isn’t the most secure, as theoretically someone could have hacked the recipient’s computer in the future, and possibly figured out the procedure to open the file. But it seemed better than emailing.
For sharing username/passwords, I tend to use actual words mixed with other characters, (something like Sensitive303~decisionLatkes or whatever), these can dictated orally fairly easily.
-edited to add
Obviously, either of my methods are not even close to being the most secure way to transmit sensitive info, but these weren’t classified documents or anything so serious, just financial records that I didn’t want floating around.
It would be a great article… definitely email is a no go, it was not designed for that. But it would depend on the size of and sensitiviy of the information, a secure messaging app as Signal can be enough for some non critical, small sized information, and there are corporate solutions available for big files that are 3rd party audited… as always risk / threat should be assessed first. Just my 2 cents.
I do something similar to Adam. Only I use Proton Drive. And password protect the file. Send the password by a completely different channel than the link, never on SMS nor email. Usually Messages, or other end to end encrypted service. Also set the “download flag” to only one download.
Then in a reasonable amount of time, check the “download count” on Proton and remove the document.
Of course the “best” way to do this is to use public key encryption. And I do use this. If the person or people I am sending the file to, are tech savvy, and have a recent PGP public key, singed buy a trusted person.
I then Zip the file. Encrypt it with the proper key. And send or upload that.
The best PGP program for the Mac, GPG Tools, no longer supports email on Sonoma. But it still works great for creating keys. encrypting and decrypting files.
This is the big problem I hit. Most of the people I need to share sensitive information aren’t at all tech-savvy, and many of them don’t even get why I’m not just sending the password or whatever in plain text, so I have to explain every time.
So that’s something I’ll have to cover in the article too—the capabilities of the recipient.
My solution has to always been to send an encrypted Zip file and then use a voice call to tell them the password. It works out well because I’m on the phone with them when they’re ready to decrypt it and I can walk them through the process.
(I do try to use a password that can be easily communicated via voice.)
Well, email can be made secure, but a standard Gmail or Hotmail account is of course useless in this respect.
Microsoft Outlook supports S/MIME encryption, and so does Apple MAIL and many others. For MS Outlook it can be fiddly to nightmarish to set up. I had once a two week long support case when MS support tried to make it work, several senior MS supporters were baffled why it would not work. Once we had it working it was very clumsy to use and we abandoned it in favour of EGRESS https://www.egress.com.
The GPG Suite team is working on SONOMA compatibility, but they need more time.
EGRESS Switch is free to use to some degree, but check their terms here Subscription (called EGRESS Protect) at ~100 US$ per year may be too much for many use cases.
@ace’s question about how to make it usable for non-tech users is the biggest challenge. Should a received secure email be open forever or should the recipient decrypt it every time he wants to see it? What should happen if the recipient forwards it?
@seth I thought that this doesn’t encrypt the PDF but only prevents opening. Is that not true anymore?
When I send financial info, the people I send it to have a secure web drop site. My sending of secure info (usually sign in passwords for the daughter) involves sending a link with 1Password or sometimes on Messages.
I have pdfs that are password protected on my drive that I cannot get access to because I cannot locate the password. I get nervous when people want to send me secure items via email, and I get the impression that they don’t know that it is less than secure. Having to use and be aware of HIPPA regulations (that govern medical communications) probably makes me more aware of these things.
When I was involved in a real estate transaction recently, there were many documents to be signed and transferred to the escrow company. This was done by a commercial service. The service was DocuSign, but there are other similar services.
One document I had to transfer to the real estate agent (who doesn’t have DocuSign). It was personal information, so I didn’t want it sent in the clear.
I made an encrypted .zip file. I made a password that was simple words and a number and a special character. I telephoned the agent with the password. The agent used a Mac, so the decryption app was there and the process was not completely unfamiliar.
That depends on how sensitive the info is. Many ways to communicate such stuff have been listed here, and many are pretty good. But really top-secret stuff, stuff that only very, very few should know (like, for instance, where, exactly is the artillery brigade firing from in a war), should NEVER, EVER be communicated online or over the telephone unless it’s absolutely necessary.
First, I make a copy of the document and put it into a new Finder folder. Then I use Disk Utility > File > New Image to create an encrypted disk image. Finally, I telephone or text the recipient to let them know an encrypted file is coming to their email and to tell them the password.
One thing I haven’t had to deal with is sending these .dmg files to non-Mac users. It does look like, though, that Windows users have many options to open them:
It depends on to whom I’m sending the info. If it’s a professional (banker, doctor, etc) most of them will have their own encrypted messaging systems via your account with them. If those are available, I use those. And sometimes, the recipient insists that I do anyway.
If it’s not a professional, but they are an iOS/macOS user, an attachment via Messages is end-to-end encrypted.
If they’re a PC/Android user, they get an encrypted .zip and a “good luck with that.”
There is a common theme with many of the strategies here: Send file as encrypted/password protected and transmit the password via another channel (text or voice). Using 3rd party hosting services that provide their own encryption adds another level as you can often control by whom or how many times files are accessed.
From my perspective, the key is separate “channels” for each part. One tiny hitch is how you track the password / destination user combo for yourself in case they forget or lose it. In most cases it may be easiest to just re-encrypt the file and repeat the process vs. keeping a log of party names, addresses, file sent and password… which would open up other security issues if that log were somehow compromised.
A personal note on password managers: They are a great convenience, but I have never felt completely confident in their security. 1Password, for example, was somewhat compromised (through no fault of their own) by this summer’s WebP critical vulnerability. This was very unlucky timing due to their switch to the Electron system in version 8.
I send a link to the files. The link goes clear text. But the download will happen through https. And I can discontinue the link at any time. So if their email gets hacked in the future, the link will be dead.
I use this all the time with applications, correspondence, etc. It also solves the problem of sharing large files. And it also allows me to modify the files after I send the link in case tweaks are needed.
1Password 7 used to generate random password. Depending on recipient and item size either use Keka to create Zip or 7Z AES 256 encrypted folder or Disk Utility to create an AES 256 encrypted APFS sparse.bundle. Sent via email or by courier on encrypted thumb drive. Password(s) sent to recipient via iMessage or similar. If recipient loses password – star from scratch.
Please, please address this in an article; this issue has plagued me for quite awhile. My current issue: I need to send some info to my daughter re:my Power of Attorney but don’t know how to get it to her. Don’t need to send details but instructions on how to find the info in my home, if she ever needs it. But that would include password for my computer & a few other sensitive items.
It’s all in a short PDF document but I don’t know how to get it to her. She’s not particularly tech savvy - doesn’t understand my hesitancy to send via email or Messages - so I need something secure but fairly easy for her to use.