Encrypted Video Conference Calls With Signal

No intro paragraph needed. Title says it all. Let’s get started:

If a group chat for everyone that needs to be on the conference call doesn’t yet exist, you’ll need to create one and add participants. Once it exists, anyone can join in a conference or bail out at any time. They can do it by text, audio, and/or video as long as the group exists.

You can inform everyone that you’d like to start at a particular date and time and they’ll need to set their own reminders to show up.

To Create a Group

(To JOIN an existing conference call, go to your existing Signal group, then skip ahead to step #8)

  1. Start Signal.
  2. In the lower right, tap the blue icon with the pencil in it to start a new conversation.
  3. You’ll see “New group” at the top.
  4. Type in someone’s name from your contacts. Tap their name in the search results and they’ll be added to the group.
  5. Repeat step 4 for everyone you want to be in the group.
  6. Once done adding participants, in the lower right, tap the right arrow in the blue circle.
  7. Enter a Group Name. This will be visible to all participants. Then hit the blue pill button in the lower right with “create” in it.
    1. The group now exists
  8. Anyone in the group can now text the whole group or join a video or audio call. Tap the camera icon in the upper right hand corner.
  9. You will join an existing video conference OR if you’re the first one, you’ll start one.
  10. While IN the conference call, tap anywhere on the screen where there is NOT a button or other control… for example, tap on someone’s face, and you’ll get 4 icons at the bottom of the screen. To toggle your camera, hit the camera icon. To toggle your microphone, tap the microphone button. Swipe up to switch between views of each member.

Anyone in the group can come and go as they please. Anyone can participate as video+audio or audio only or just send texts.

The group stays forever until someone deletes it.

Enjoy your encrypted conference calls!

How to Install your first BitCoin wallet app

This is part of a multi-part series of articles on how to get started in cryptocurrencies. This article is the first step you need to take: Installing your first wallet app. Before you do anything else, you must first create your own BitCoin wallet.

What does this mean and why?

In the cryptocurrency world, YOU are your own bank. That means YOU are 100% in control of your cryptocurrency and no one else. This means no one can steal your funds… not a bank, not the government, not hackers that hack a cryptocurrency exchange.

What’s a cryptocurrency exchange?

A cryptocurrency exchange is a CENTRALIZED authority where you can buy cryptocurrency with fiat currency. One of the articles in this series will cover that. Fiat currency is money you’ve been using your whole life like U.S. dollars, the British pound, the Euro, etc… Currencies created by and issued by governments are “fiat” currencies. Cryptocurrencies are created by citizens with complex computer code and not under the control of governments and are not assigned to any one country. They are borderless.

A cryptocurrency exchange is essentially a centralized bank. They are your “on ramp” and “off ramp” for cryptocurrency. (they’re not the ONLY way to acquire crypto) Before you buy any cryptocurrency with fiat from an exchange, you need to have your own, personal cryptocurrency wallet set up so that you can immediately transfer your purchased crypto into your own personally controlled wallet. If you don’t do that, you’re not in control of your crypto. “Not your keys, not your crypto”.

Not Your Keys, Not Your Crypto!

People often make the HUGE mistake of purchasing crypto, but then NOT moving it to their own, personal wallets. This is why people WRONGLY claim that crypto is always stolen. IT IS NOT! If they had moved their crypto into their own personal wallet files, the massive thefts of crypto that happened at exchanges like Mt Gox would NEVER have happened!

The REASON people lost money with exchanges is because they made the fatal mistake of LEAVING their crypto IN A CENTRALIZED BANK! Hackers got ahold of the central bank’s keys and stole millions of dollars worth of crypto… FROM THE BANK! Only the users that FAILED to move their crypto into their own wallets ever lost anything.

DO NOT MAKE THAT MISTAKE!

Install the Electrum BitCoin wallet app on your PC. Below, is a video demonstrating the entire process.

There are MANY wallet apps for MANY cryptocurrencies. I created a website for decentralized apps and services and I’m adding more to it all the time. Here’s a (growing) list of cryptocurrency wallets. Electrum isn’t the only one.

Cryptocurrency Wallet Apps

What’s the best crypto-wallet for daily use?

Cryptocurrency is different than fiat money, as you probably already know.  But those differences make a HUGE impact on how you choose which wallet software to use.  And it’s all about control… YOUR control over your own money.

Let’s begin…

Rather than telling you which wallet apps are best, I’m going to lay out the features you need to look for in wallets, and the ones you need to DEMAND.  In other words, in the “demand” features, you should remove any wallet from consideration that does NOT have the complete “demand” list.  Other features, that may help, but are not deal breakers will be listed as “nice to haves”.  One of the reasons I’m not listing any wallets is because that would make this article dated eventually.  What I’m presenting here should be relevant for decades to come.

DEMAND

  1. Open Source:  If the software wallet you’re considering is NOT open source, then ditch it immediately!  Why?  Because open source wallets have no secrets.  Their entire source code is freely available for anyone to inspect, to guarantee there are no malicious intentions hidden behind the scenes.  Closed source wallets are a black box and you’re throwing out any chance of verification of honesty and relying SOLELY on the word of the wallet creator.  The whole point of cryptocurrency technology is that you DO NOT TRUST ANYONE ELSE WITH YOUR MONEY!  And that INCLUDES programmers… ESPECIALLY programmers!  And I say that AS A PROGRAMMER, MYSELF!
    1. Addendum:  Just because a wallet CLAIMS to be “open source”, doesn’t mean it IS.  For example, I could publish a closed source wallet and just CLAIM it’s “open source” and people would just believe it and download and use it, while I never publish the source code.  So, if some app CLAIMS it’s open source, DON’T BELIEVE THEM… EVER!  You go and FIND the source code (usually on https://gitlab.com or https://github.com) and verify the source code exists.  A reputable wallet author will also provide you a link to the source along with the binary to download.
    2. In addition to FINDING the source code, make sure you download the app FROM the source code repository’s binaries, NOT from an app store or anywhere else!
    3. If you’re a programmer, just download the source and compile it yourself and use THAT!  If you’re NOT a programmer, do #1.2 above.
  2. Must be an app that runs on your own hardware.  In other words, if it’s a website, then you’ve just completely obliterated the ENTIRE PURPOSE of cryptocurrency.  A website “wallet” is NOT a wallet.  It’s a BANK!  THEY are a centralized authority holding YOUR money.  By definition, if YOU are not in control of it, then it isn’t YOUR money, it’s THEIRS.  They ALLOW you to access it, until they DON’T!  Stay away from online wallets, with the brief exception of online exchanges where you EXCHANGE your cryptocurrency for fiat money or vice/versa.  But as SOON as you acquire crypto from an online exchange, you MOVE IT IMMEDIATELY into your OWN wallet!
    1. This means that you must DOWNLOAD an app (desktop or mobile).  And I recommend staying away from browser plugin wallets.  Browsers are just not a safe enough environment.
  3. Your keys or seed phrases are not transmitted over the internet FOR ANY REASON!  Your keys ARE your money!  Whomever holds they keys, holds and OWNS the money.  This is the very core and soul of cryptocurrency.  It’s its reason for being.  NO ONE other than YOU should EVER know your seed phrase or passwords… EVER!!!

NICE TO HAVES

  1. Easy to use user interface.  A lot of people mistakenly think this is a “demand” feature, but you’re better off with a klunky UI that puts you in control of your crypto rather than a sleek and polished wallet that doesn’t meet all the “demand” features.
  2. light vs full node.  What does this mean?  The most secure wallet will be one that’s ALSO a full node on the network for that cryptocurrency.  But to do that, it would need to download the ENTIRE blockchain for that cryptocurrency.  For a popular cryptocurrency, like #BitCoin, that would mean HUNDREDS OF GIGABYTES of data (eventually TERABYTES!) and hours or days of downloading, plus consuming all that space on your hard drive, forever.  It would also mean that your PC would be an actor in the BitCoin network, processing transactions.  That’s actually a GOOD thing for the network, but NOT a good thing for your local resources.  If all you’re looking for is a wallet, a full node is beyond overkill.  It’s like running a whole grocery store just because you need a refrigerator for your Milk.  I’m not discouraging you to NOT be a node.  By all means, PLEASE DO run a full node.  It helps the whole crypto community.  But, it’s not necessary for YOU if all you want is a wallet.  A “light” wallet is JUST a wallet, not a full node.  As such, light wallets are the only kinds of wallets that are available on mobile.  A full node requires a desktop PC, plugged into the electrical outlet.

Other Considerations

There’s another kind of wallet that I’m on the fence for at the moment, because it violates demand #1:  It’s NOT open source.  However, it has some other interesting security features.

The Samsung cryptocurrency wallet

I know I said I’m not going to recommend any specific wallet, and I maintain that.  I AM, however, going to TALK ABOUT one:  The Samsung cryptocurrency wallet meets all the other demand features, but it IS NOT OPEN SOURCE!  However, it has an important security feature no other software based wallets have.  That is, modern Samsung phones and tablets have a hardware based key store.  This is a special, isolated chip that can store encrypted versions of your cryptocurrency keys.  This hardware IS robust and is an important, core feature of the Samsung Knox (now known as “Samsung Secure Folder”) isolated security environment.  It’s the only mobile environment approved by the US Department of Defense for its employees.  Take that however you like.

What is Samsung Knox (or “Secure Folder”)?  You know how you enter a PIN or a password, or a pattern, or a fingerprint, or a face image to unlock your phone?  Well, on Samsung phones, you have all that, PLUS another, completely isolated, secure environment INSIDE of that.  It’s like a smartphone within a smartphone.  Once you set up “secure folder”, you get a SECOND smartphone environment, with another home screen and another set of apps.  Apps installed inside this secure area are NOT accessible to apps outside of it.  I personally install all my financial apps inside of this area.  My games and less sensitive apps and data are stored in the regular phone area.

Side note:  Whether you use the Samsung crypto wallet or not, you SHOULD install the mobile wallet you DO use inside the Samsung Secure Folder area on your phone (if you’re using a Samsung device).

The Samsung Cryptocurrency wallet is a software mobile wallet, and just like all other mobile wallets, it encrypts your seed phrase to your cryptocurrency with your password.  But the difference is that it stores that in the isolated, secure chip.  THAT makes it immensely more secure.  HOWEVER, the app is NOT open source!  Hence my hesitation of recommending this app.  We have no way to know what’s REALLY going on inside the Samsung wallet, because it’s closed source.

My Compromise:

So, here’s my recommendation:  If you DO use the Samsung wallet, never have more in it than you’d ever put in your real, physical wallet.  In other words, in the days when you’d have a wallet in your pocket with cash in it (you remember that right?  That green paper that you’d trade for stuff?), you’d rarely carry more than about $100, because that’s all you’d need for 1 day and it wouldn’t be the end of the world if you lost it or if it were stolen.

I recommend the same practice with the Samsung crypto wallet.  Only store about $100(USD) worth of crypto in your Samsung wallet.  If you run across a local place that accepts crypto, you can spend it, but if there’s ever any kind of a breach with Samsung’s OS and/or software, you’re not going to lose too much.

And I’ll give the same $100 limit advice for ALL OTHER mobile wallets too!  Store the remainder of your fortunes in multiple hardware wallets or multiple desktop wallets.

Conclusion

Cryptocurrency was created for the purpose of YOU being in control.  Therefore, it’s pointless to store your cryptocurrency in a place that you DO NOT control.  As always, don’t put all your eggs or cryptos in one basket.  Don’t put your life savings into your mobile wallet.

Addendum

Speaking of not putting all your eggs in one basket:  As you start accumulating more and more wealth in cryptocurrency, either by continuous investing or by the value of it rising, it’s smart to create more digital wallets and spreading your crypto among them.  Don’t store all your passwords and seed phrases in the same place.  Following these practices, if any of your wallets are ever compromised by your own failures to protect them, you won’t lose ALL of your assets.

In the comments below, tell us what wallets YOU use… THAT FIT THE DEMANDS listed here?  Please keep the conversation limited to those that fit the minimal demand list.

This is what the Decentralized Web 3.0 will look like

The Decentralized Web 3.0 will bring you the following benefits:

  • The end of ISPs and governments spying on your online activities.
  • The end of big tech collecting all your private data.
  • The end of email providers being able to see your personal email.
  • Encryption of EVERYTHING.
  • The end of social media censoring you.
  • The end of demonetization.
  • The end of spam.
  • The beginning of making money by receiving marketing email (if you choose to).
  • The end of censored banking.
  • The end of domain name confiscation.
  • The end of web hosters shutting you down.
  • The end of registrars shutting you out.
  • The end of app stores removing your apps.
  • The beginning you YOU being in FULL CONTROL of your personal data.

Here’s how, but first a short history…

Internet 1.0

introduced the world to the idea of everyone being a publisher.  Unfortunately, there was no security designed into the architecture and it was mostly static and difficult to have interaction.

Internet 2.0

was a more structured way of creating websites, with more user friendly user interfaces and lots of interactive content, in addition to improved security models.

But something went wrong.

Something went HORRIBLY wrong!  As individuals started becoming effective communicators across geographical and political boundaries, they started being silenced for multiple reasons… sometimes by anti-competitive companies with deep pockets, but usually political reasons by tyrannical regimes in back-assword countries, then in first world countries, by corporations (Twitter, Facebook, Google, Amazon, Instagram, etc…) and so-called “educational” institutions, and in some cases, even first world governments, themselves.

Anti free speech campaigns began successfully shutting out an entire class of voices via social media outrage mobs demanding voices they didn’t like be silenced and for some reason, the big social media companies complied and shut them down by shadow banning, removing them from search, suspending their accounts, or deleting their accounts altogether, frequently with no warning and no explanation.

Then they went after their income.

YouTube began demonetizing video creators.  PayPal began killing users’ PayPal accounts.  It even spread out to the real world.  Credit card companies began shutting down people’s accounts and even BANKS started deleting their OWN CUSTOMERS!  All for political ideological reasons!

They rewound the freedom clock back to the early 90s, and in some cases, back 100 years or more.

Enter Decentralization…

Decentralized services were already being created before “the purge” started, but decentralization started to accelerate because of this.  The FIRST popular decentralized service to hit the scene was #BitCoin, which is a fully decentralized, global currency.  What makes it so powerful is that there’s no central point of failure, and more importantly… no central point of attack.  It’s a BRILLIANT system that prevents double-spending, prevents counterfeiting, and gives control of assets back to the people.  Governments CANNOT control it!  It first rolled out in 2008 and has grown exponentially since then.  It’s been so successful, than many millionaires have been made because of it and thousands of other cryptocurrencies have been created.

The technology behind it can be used for so much more than JUST money.  In fact, all the strangle-points (or censor-points) of the current (or “legacy”) internet can be censorship resistant using the same or similar decentralized technology that BitCoin uses:

  1. DNS
  2. File Storage
  3. EMail

DNS

is the Domain Name System that allows you to type in human readable names into your browser like https://BitCoin.org or other sites you’re familiar with.  The reason this works is because your browser takes the name you enter into your browser’s address bar and looks it up in a publicly distributed database to find the actual IP address of the computer you’re really wanting to connect to.  Even though the database is decentralized, there’s a centralized authority that authorizes the names AND they are beholden to governments, so when a government demands control of your domain name, then you lose your domain name and all your visitors and paying customers, and there’s nothing you can do about it.  Domain name registrars can also take your domain names away, and this has been happening due to political reasons.

There are now several decentralized DNS replacements.  One of which is https://NameCoin.org  This is an open source project designed to have NO central authority.  It’s controlled by a blockchain (the technology that drives BitCoin).  In fact, it’s copied directly from Bitcoin, using BitCoin’s source code.  When you register a domain name on THIS system, you do it with a cryptocurrency called NameCoin.  Once registered, you own the domain name like you own your cryptocurrency.  It CANNOT be taken from you.  For now, there’s a problem in that current (legacy) browsers are unaware of this technology and so those names can’t be used with regular browsers unless you install plugins for them.

File Storage

Another weak point for censorship on the legacy 2.0 web is web hosting.  The way it works is you rent space and CPU capacity on someone else’s servers to host your websites.  If the hoster doesn’t like your politics, you’re GONE!  This has been happening at an accelerating pace.

The solution is decentralized file storage.  One of the most popular at the moment is https://IPFS.io which is a fully decentralized file distribtution system.  IPFS stands for InterPlanetary File System.  The genius behind this is that you don’t request content via a URL with a domain name and a path and file name.  Instead, you request it from the decentralized IPFS network via the HASH of the file you want.  (A “hash” is a mathematically generated number based on the CONTENTS of a file.  IPFS hashes are unique for every file).  If you’re a web publisher, you publish your files to the IPFS network.  Users can request your files (like website HTML pages) via the unique HASH of your file.  The IPFS network goes into action, looking for any node that has that file, and if found ANYWHERE on the network, delivers it to the user.  As a file is requested more often, it starts to spread across the globe, becoming more and more decentralized and faster to load.

Decentralized DNS systems, like NameCoin can be configured to return an IPFS file.

EMail

Your EMail will radically change too.  From your usage point of view, it will still look and feel similar to what you’re using now, but it’ll have the following, drastically different and improved features:

  1. Censorship-resistant, meaning no one can shut down your e-mail account.
  2. Decentralized.  There will be no central server that you connect to.
  3. Encrypted.  By default, ALL of your email will be heavily encrypted, without any effort on your part.
  4. Spam-Free:  NO ONE will be able to send you email unless you authorize them to.  You’ll also be able to set prices that spammers must PAY YOU in order to send you spam, should you elect to even receive spam.  The global system will prevent any email going to you unless you’ve authorized it AND that it includes the proper amount of cryptocurrency you’ve specified.

Conclusion:

In conclusion, the dark forces trying to silence you or block you from seeing speech that THEY do not approve of are coming to an end.  No websites will be blocked by other people deciding what you can see.  Your sites will not be blocked.  Your web hosting cannot be blocked.  Your social media will not be blocked.  Your videos will not be blocked.  Your content will not be demonetized.  Your banking will not be stopped.  Your web browsing cannot be spied upon.  Your email cannot be read by third parties.  Spam will be a thing of the past.  Censorship will be much more difficult for the censors.  And everything will be encrypted all of the time.  AND you’ll even MAKE MONEY by receiving marketing email and ONLY if you choose to do so.

All of your data will be 100% in YOUR control.

Your data will be stored, fully encrypted on your end, across multiple, replicated hosts (or locally only on your hardware), readable ONLY by YOU!

Decentralized Resources in the making (or already made):

The list keeps growing and is far far bigger than this list.  Check out all the decentralized apps on https://Blockstack.org as plenty of examples.

Samsung Blockchain Keystore “Couldn’t install app”

If you’re getting the “Couldn’t install app” error when trying to install the Samsung Blockchain Keystore app in your device’s Secure Folder, then read on.  Skip the background if you’re familiar with it and go straight to the Solution section.

Background

In mid-2019, Samsung came out with the Samsung Galaxy S10 phone.  At the same time, they introduced their first cryptocurrency wallet, the “Samsung Blockchain Wallet”.  At first, it only supported Ethereum.  But as of late 2019, it supports a few more cryptocurrencies, most notably, it now supports the most important one, Bitcoin!

But, to use the wallet app, it requires another app; the “Samsung Blockchain Keystore”.  I’m not sure why they separated that out into two apps, but my semi-educated guess is that you can create your keys and manage them in one app and use them in other apps, not JUST the wallet app.

Now, as anyone with any knowledge of cryptocurrencies knows, you have to be EXTRA careful with your keys for cryptocurrency.  YOU are 100% in control of your cryptocurrency.  If you’re careless, and it gets stolen, you have NO RECOURSE!  Unlike a traditional bank with FDIC insurance of up to $100,000 protection per account, there’s NOTHING for cryptocurrency.  That’s not a bug, that’s a feature!  With freedom, comes responsibility.  But that’s a speech for another day.  The point is, that if you’re going to do this on mobile, you want it to be a secure as possible, and on a Samsung phone, that means putting it in the ultra secure section called “Secure Folder”.  Now, let’s get back to the “Couldn’t install app” error.

Solution

Sorry to be the bearer of bad news, but there is no solution at the time of this writing (2020-01-04).  I spent an hour on chat support with Samsung, who then sent me to a phone tech support that’s a specialist on the Secure folder.  Both the chat tech and the Secure Folder tech were unaware of the problem and both confirmed that it is, indeed, a problem that they’re going to have to fix.

Here are the problems you’ll experience:

  1. When trying to install the Samsung Blockchain Keystore into the Samsung Secure Folder:
    1. It will not find it in the installed apps from the apps installed outside of the Secure Folder.
    2. It will not find it in the Play Store (to their surprise, it’s not in the Play Store at all.  You can search for it with a desktop browser.  It’s just not there).
    3. It WILL not find it in the Samsung Galaxy Store… at least, not directly.  First, you have to search for the Samsung Blockchain Wallet app, select it, scroll down for similar apps, and you’ll find the Samsung Blockchain Keystore down there.  Try to install it, and you’ll get the error:
    4. Installing the KeyStore app OUTSIDE of Secure Folder will NOT make it available to the wallet app INSIDE the secure folder.
    5. Even when installed outside of secure folder, it does not show up in the app drawer.  You cannot add its icon to the home screen.
    6. The ONLY way to launch it is to find it in the Galaxy Store and tap the “Open” button there.

So, the conclusion is that it’s not possible to use the Samsung Wallet app in the Secure Folder area.  And if you can’t use it in there, it’s not worth using.  You NEED the extra protection of the Secure Folder for your cryptocurrency.  DO NOT ATTEMPT TO USE IT OUTSIDE OF SECURE FOLDER!!!

Speaking of Decentralized Monetization,

If you like my work, you can contribute directly to me with the following cryptocurrencies (but, apparently, not with the Samsung Blockchain Wallet app in Secure Folder yet!)

BitCoin:

bc1qx6egntacpaqzvy95n90hgsu9ch68zx8wl0ydqg
bc1qx6egntacpaqzvy95n90hgsu9ch68zx8wl0ydqg

LiteCoin:

LXgiodbvY5jJCxc6o2hmkRF131npBUqq1r
LXgiodbvY5jJCxc6o2hmkRF131npBUqq1r

Must-Haves for Decentralized Apps

Whether you’re a developer or a user, these are the requirements for a truly decentralized app. If it lacks any of these, your app can (and should be assumed that it WILL) be censored:

  1. No reliance on legacy DNS.

    1. While you CAN make use of DNS as an additional measure, your app should still fully function even if the entire DNS system is compromised and/or your domain name confiscated.  You should think of the DNS as only a gateway for legacy users to find your services.
  2. No reliance on a centralized account creation system.

    1. User accounts should be created client side ONLY, like a cryptocurrency wallet. The app’s concern with the user account should ONLY be that the user cryptographicly signs their communication with you, using their private key and you use their public key to transmit private data from you to them.
  3. Deployment of the app should NOT depend on a centralized app publisher.

    1. The app should be obtainable if you or your company or your organization cease to exist. This does not mean that you can’t ALSO deploy to centralized app stores, but those should be SECONDARY. You should also dissuade your users away from centralized app stores.
  4. User’s personal data should ONLY be stored on their own device

    1. OR encrypted with their public key before being stored remotely to their choice of external storage.
  5. Remote storage

    1. All remote storage should be stored on a decentralized storage platform (The user’s SiaCoin or FileCoin accounts, for example. For published data, IPFS and/or a blockchain). This doesn’t mean you can’t also make use of centralized platforms. In fact, make use of popular centralized cloud storage like Amazon S3, DropBox, Google Drive, etc, but encourage the user to add 3 of those to their storage preferences and you encrypt their data locally, with their public key, then replicate it, like RAID 3, across at least 3 or more centralized storage platforms.
  6. Monetization

    1. Creator monetization should NOT be controlled by the app creator. The app creator should only facilitate code in their app to allow independent users to pay, directly, to each other, using a system outside the control of the app creator (such as cryptocurrencies).

Speaking of Decentralized Monetization,

If you like my work, you can contribute directly to me with the following cryptocurrencies:

BitCoin:

bc1qx6egntacpaqzvy95n90hgsu9ch68zx8wl0ydqg
bc1qx6egntacpaqzvy95n90hgsu9ch68zx8wl0ydqg

LiteCoin:

LXgiodbvY5jJCxc6o2hmkRF131npBUqq1r
LXgiodbvY5jJCxc6o2hmkRF131npBUqq1r

The Cryptography of a BlockChain

[Updated on 2019-09-11]

By now you’ve all heard of a blockchain and that it’s the backbone of cryptocurrencies like BitCoin, Ethereum, LiteCoin and others.  I’m not here to tell you that blockchains are the solution to every problem or that blockchains are the next best technology that everyone will use.  You’ve heard that 100 times.  I’m going to explain, in as simple and straightforward a way as possible HOW a blockchain is put together and how cryptography is central and core to the whole thing.

You’ll discover, on your own, that putting a couple of old ideas together creates something phenomenally more powerful than the individual parts summed together.

First, let’s list the parts:

  1. A simple transaction (a record showing a FROM address, a TO address, an amount being transferred, and a time stamp).
  2. A “block”, which is just a list of transactions.
  3. Hashing (the result of a complex math problem using the numbers of all the bytes of a file (or a block and/or a transaction record)), to uniquely identify a larger chunk of data.
  4. Encryption

That’s it!  No, really!  A block chain and a cryptocurrency contain no more than that.  Well, a cryptocurrency needs computers to do the calculations for the hashing and encryption, etc…, but they just build  and validate the block chain.

So, here is what a block chain is in a nutshell:

  1. Every transaction ever taken place since the creation of the blockchain.
    1. The list of transactions are divided into “blocks”.  If you create your own blockchain, you get to decide how big a block is and how many transactions are placed in a block.  In BitCoin, for example, a block used to be 1MB max (it was updated in August of 2017 to be bigger).  A new block is added to the blockchain every 10 minutes… at least, on BitCoin, it’s every 10 minutes.
    2. The transaction is digitally signed by the sender so the network can confirm the owner of the cryptocurrency is truly authorizing the transfer.
  2. Each transaction in the block has a hash that uniquely identifies the transaction.  No 2 transactions will ever have the same hash.
  3. Once all transactions for the next block are ready, the hash from the prior block is added to the new block and that hash, plus all the transactions, are hashed to create a final hash of the new block.
  4. Critically important:  That prior hash being added to the new block is what LINKS the new block back to the prior block!  That’s what makes it a “chain”.  Each new block references the old one and the new block’s hash is dependent on the old one, which was dependent on ITS older one, and so on, all the way back to the first “genesis” block.  The new hash is the way it is because of ALL the older hashes are the way they are.  If any single transaction anywhere in the blockchain were different, so would ALL the hashes be different following that one.

That’s it!  Really, that’s all there is.

But, some really important things have happened as a result of those simple pieces:

  • Every processing computer on that network has a full copy of the entire blockchain.
  • There’s no central blockchain server.  The blockchain exists ONLY on the hard drives of the machines of the volunteers.

That means a hacker can’t hack “the bitcoin server” and change records, because no such central server exists.  He’d have to hack into EVERY bitcoin node and change it.  (Well, he’d have to hack at least 51% of them).

Something else important happens with the technology:

  • When a BitCoin node computes the hash of a block, it doesn’t just compute the hash ONCE, it computes TRILLIONS and TRILLIONS of hashes.  A single, home laptop, would probably take years to compute that hash.  Why? The network won’t accept just any hash.  The hash produced MUST match a pre-defined pattern.  Specifically, it has to, by pure chance, come up with a hash that begins with a bunch of zeros.  The amount of zeros needed increases over time as computers get faster, to ensure that Moore’s law doesn’t overtake the network.  These hashing computations NEED to take a long time.  MANY BitCoin nodes are competing with each other to find that magical hash value.  The first one that finds it, submits it to multiple peers on the network for confirmation.  Confirmation is instant.  Once confirmed, the block is accepted into the blockchain and it’s distributed to every node on the network so they can all add it to their local copy of the blockchain.  And the computer that found the hash is awarded with 12.5 new BitCoins (worth about $92,000 at the time of this writing).  Those computers that spend all their time crunching numbers to produce those hashes are called “miners”.

So, why are miners required to compute all those useless hashes only to find yet another useless hash?  Because it has to cost the miners something to do it.  It’s too expensive to do that if there’s no reward, so a hacker is not going to waste their time doing it.  If a hacker tried to submit a false hash, the network would reject the false hash and would ban them from the network.  So, only hashes that actually went through the full AND EXPENSIVE computational process are accepted.

When a miner submits their hash, and it’s confirmed by other miners, that hash is a “proof of work”.

Again, WHY?

Aside from making it too expensive and mathematically improbable to submit false hashes, it makes it impossible to change records in the blockchain.  If you tried to change a record from 24 hours ago, you’d have to rehash it, then rehash the next block (because remember, the NEXT block has been hashed with the prior block’s hash… the one you’re CHANGING!).  You’d have to rehash EVERY block after the one you’re changing.  It takes about $1,000 worth of electricity to mine a block and thousands of specialized computers to get it done in time.  In a 24 hour period, there are 144 new blocks, so it would cost you $144,000 to rehash them all.  Every 10 minutes back in time of a transaction you’re trying to alter will cost you another $1,000 in electricity.

Then, you’d have to somehow hack 51% of all bitcoin mining rigs and REPLACE ALL their local copies of the blockchain.

There simply is not enough computer power in the world to accomplish that task, not even if you add all the world’s supercomputers owned by the NSA, Oak Ridge National Laboratories, China, etc…  Because while you’re doing that, the bitcoin network (the fastest supercomputer on the planet), is still churning out new blocks every 10 minutes.  You’d need the combined computational power of the ENTIRE bitcoin network, PLUS MORE to catch up with them.

It’s no longer a hacking challenge, but a thermodynamic problem that you simply cannot do with current technology.  It’s expected that a quantum computer would eventually be able to do that, but the BitCoin developer teams are working on new algorithms safe from quantum exploitation.  Side note:  It’s believed that current AES encryption is likely quantum-safe.

THAT is why any record written to the blockchain is permanent and unalterable.  That was accomplished with extra hashing of blocks and distributing copies of the blockchain all over the network.

Back to Cryptography

Hashing:  Again, hashing is taking a string of bytes, pushing them through a particular algorithm, and producing a fixed length, unique string of bytes, always the same size (for the SHA256 hashing algorithm, the one that BitCoin uses, that’s 256 bits long or 32 bytes long), regardless of the size of the original string.  A hash is non-reversible.  That means that you CANNOT reverse a hash to recreate the original data that was used.  Think of it in the same way you think of the remainder to a division math problem.  For example, 13/5 = 2, with a remainder of 3.  But how many other divisions have a remainder of 3?  An infinite number of them.  So, if all you have is the remainder, you have no way to determine what the original 2 numbers were.  That’s kind of how a hashing works.

Important to cryptocurrency (and blockchains):  You must have a “wallet” to keep your cryptocurrency in.  That wallet is simply this:  You create a new public/private encryption key pair.  Your private key is generated from random numbers put through an algorithm.  Your public key is generated from your private key by putting it through another algorithm.  Your wallet address is simply a hash of your public key.  You can freely give people your public key and your wallet address.  Your address is what you want people to have so they can send you money.

Signing:  For more details on signing, please see:

Understanding Encryption

But here’s a short explanation:  When you encrypt data, you use the recipient’s PUBLIC key.  When they DECRYPT your message, they use their PRIVATE key.  But, if you want to PROVE that YOU sent the message, you’d also SIGN it.  That simply means that you encrypt with your PRIVATE key.  The recipient DECRYPTS it with your PUBLIC key.  Anything encrypted with your private key can be decrypted with your public key.  Since your public key is public and anyone can decrypt your data with it that you encrypted with your private key, it’s not considered “decryption”.  And since ONLY YOU can encrypt anything with your private key and your public key can’t decrypt ANYTHING NOT encrypted with your private key, then that proves YOU are the one that encrypted it.  You digitally “signed” it.  That’s how you prove you created the content.

When you transfer digital money on a blockchain,  you digitally sign your transaction to move money out of your “wallet” (again, your wallet address is a hash of your public key).

The network refuses to transfer money from one address to another unless the transaction is digitally signed by the “from” wallet address’s owner.

Encryption: You don’t really encrypt anything in most blockchains, but I’ll mention encryption here, just so it’s not ignored from the conversation.  But “signing” and “hashing” are considered subsets of the larger “encryption” concepts.

Benefits of all these pieces of technology put together:

  1. An immutable (unchangeable), public ledger.  You never have to worry about someone changing a past transaction.
  2. Decentralized.  There’s no single place that a hacker can attack and no single place a dishonest website owner can manipulate, and no single place for a tyrannical government to shut down, and no single company to go out of business, tacking everything with it.
  3. You are 100% in control of your own cryptocurrency.  No one, not EVEN the government can technologically steal your funds or stop you from sending or receiving money on the blockchain.
  4. It’s virtually unhackable, not even someone with resources as deep as say the NSA.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

Validating Digital PGP Signatures & Why it’s Important

Do you ever see the checksums, CRCs, SHA, or PGP signatures presented to you when you’re downloading a file?  Like this for example:

These are actually SUPER IMPORTANT!

What are those signatures?

They are, in a very very simplistic explanation, answers to a math function where the numbers given to the function are the bytes of the file you want to download.

Why are they important?

They are used to prove to you that the file you’re downloading hasn’t been tampered with.   HOW? you may ask?   Because only the valid, original file, with the original set of bytes in it could have produced that signature.  If you change just ONE byte in the entire file, no matter how big the file is, you’d get a DIFFERENT answer to the math function.

This is CRUCIALLY important for things like cryptocurrency wallets for cryptocurrencies like #BitCoin, #Ethereum, #LiteCoin, etc…  Hackers frequently publish TAMPERED versions of wallet software and if you install and run the hacker’s version, they’re going to steal ALL OF YOUR CRYPTO!  This has already happened many times.  Websites are compromised and hacked versions are put on their websites.

This brings up another important concept of signatures vs. the files they’re supposedly coming from:

A published signature is absolutely USELESS if it’s on the SAME website as the download file.  Why?  Because if a hacker compromises the download site, then you can’t trust anything on that site, including the signature.  You’ll find that MOST sites that publish a signature do so on one website, but the downloaded file is hosted on another website.  For BOTH the signature AND the file to be compromised by the same hacker, they’d have to hack BOTH of those websites, which is much more difficult.

How can I validate them?

You’ll need software on your computer that can compute the same types of signatures that the website publishes for their downloaded files.  In short, these are the steps (I’ll go into explicit detail shortly):

  1. Install some signature making and validating software onto your computer (Do this only once).
  2. Make note of the published signature for the file you’re about to download. (Do this for every download that offers it).
  3. Download the file (DO NOT EXECUTE IT!  It’s NOT trusted until you validate the signature!)
  4. Use the signature software to make or verify the signature of the downloaded file.
  5. If the signature checks out, the file is safe.  If it doesn’t, DELETE THE FILE!  DO NOT EXECUTE IT!

Detailed VALIDATION instructions:

Before you get overwhelmed, scroll to the bottom and see that once you’ve done all this once, future validations are really simple…. Just those 4 steps at the bottom.  But for now, you’ll need to go through this more lengthy setup process.

In this tutorial, we’ll be dealing with a downloadable executable file that offers a public PGP signature for you to validate against.  You should know that there are many forms of signatures that an author could choose to publish.  Other than PGP, there are SHA1, SHA256, SHA512, MD5 (which has been broken), and several others.  These are the most popular ones.

We’ll be downloading and validating a popular BitCoin wallet app.  For this type of app, it’s critical to validate the downloaded file against the published signature.

Yes!  This looks very involved, but the good news is that most of these steps are only needed to be done ONCE EVER.  Since this is your first time, there are many steps to get new things installed and set up right.  Subsequent verification will be much simpler and I’ll provide a list of steps to do after you have everything set up.

First, install some PGP key software on your computer.

  1. Install gpg4win from here: https://gpg4win.org/
    1. It will install a few utilities and a GUI app that will hold all of your PGP keys and certificates. (You don’t need to understand what those are at this point).
  2. Skip this step if you already have a public/private PGP key pair.  Create public/private keys for your own e-mail address.  You’ll need this later and it has other benefits such as being able to send and receive encrypted e-mail on any e-mail system.  See: STICK IT TO THE NSA: HOW TO ENCRYPT YOUR WEBMAIL
    1. Open the “File” menu and choose “New Key Pair”.
    2. On the box that opens, choose “Create a personal OpenPGP key pair”.
    3. Enter your name and e-mail address, then click “Advanced Settings…” and on the top 2 drop downs, change it to 4096 bits.  That’ll make your key orders of magnitude stronger.  If you want, feel free to check “Authentication” and “Valid until” and pick a date.  I recommend 1 year into the future.  If you choose a date, your key will not be trusted by anyone after that day.
    4. Click [OK], then [Next], then [Create].
    5. It’ll prompt you for a password.  To use your private key, you’ll need this password, so DO NOT LOSE IT!!!!!  Go ahead and enter it.
    6. After taking a few moments (and it WILL take a few moments), you’ll have a key pair.  If you want others to be able to send you encrypted data, I recommend clicking the button “Upload Public Key To Directory Service…”.  People will be able to look up your public key via your name or e-mail address.  But, it’s not needed for validating signatures, which is the primary purpose of this article.  Now, click [Finish].
    7. You’ll now have a new, certified key in your key ring.  PROTECT YOUR PRIVATE KEY WITH YOUR LIFE!!!!

If you’re interested in more details about what they private/public key pair is that you created, please see.  It’s not necessary to know all of that for this article, but it will clear up some confusion, if you have any.

Now, let’s do an actual Verification!

  1. Go to https://electrum.org/#download and view that page.  (Note, if you have the know-how and the means to download and build from the source code, ALWAYS do that rather than downloading a pre-built executable!)  Notice the signature links next to every download option?  THAT’S what we’re working with in this article.
  2. Click the Windows Installer and download it.  DO NOT RUN IT!  In the folder in which you downloaded the file, you’ll see a file named something like electrum-3.1.0-setup.exe.  As you can see, I’ve downloaded prior versions of the file too.  Notice that some of the files DON’T have “.exe” at the end?  We’ll fix that shortly.
  3. Back on the web page, click the signature next to “Windows Installer”.  You’ll see something that looks like this in your browser:
    1. -----BEGIN PGP SIGNATURE-----
      
      iQIcBAABCgAGBQJanWcrAAoJECvVgkt/lHDm/a8P/iyHkc+2zkaL2JpbhBMEnPE3
      qf21G0xOmkq9x9bfnKhCT1WYbpJrkjbeSCUSlfENbpjpud+ANCDNLA16n4T9eVPL
      0VrrejOTtH37OwJUI35v5asqmT6N4XcuokY+D2f0uSjd4Pnh+SQP9D5NAk0/1DeH
      WgtEfTKYfiPHzl6NJ3XcVjdMNl2H536OwFZx0x4u0nsdFoAvZgHIA/rrSWxMkN+C
      AbMtTd0pGqPYo5gJnHaoYkxbDIvq/CXRgaHFp0arPaKkYSwqkG/Q7KC1z1zbFLcq
      gD2z9tkj3toBzyCUNrmbmmGd491T6XbZujtiFYbjNhyMBjuBBR4V1sae/mzXoFDb
      LW3wwl8OsrnQlFfSN/NbqEFPSUIbFl5rFpK/LgV3YId7kbujXukKxfTHDce2OsjP
      U7a8QrUm7C3MTz4zAlgWWDwN3rioEzlfebe1qCQxI4hAu7vglOE+cW3UKJVh7zyM
      J21KKKzIO1EZz91t8EfHYrJMWL7Yl3/orgDOEjM2t1IAEm5znAzO0uBujBykgLXV
      A0mF3CP1/Vt+Wosc1aRn7+rzMH1nPpOiEoXYDALASc1mXnNA4oS3/vK9BtzJtZJm
      1jG/Zc+ubB7ybUjKP6e9Z0O8eGX2sWdaqPZCXm2ZNpRidPV6S0Y4mVuoPWb1CIg2
      wJlzoxNsCRk4Ox7qOv6e
      =cof+
      -----END PGP SIGNATURE-----
  4. Click anywhere on the text and hit [Ctrl]+[A] to select all of that text, then [Ctrl]+[C] to copy it.  Or you can select all the text with your mouse and copy it.  You’ll be pasting it into a text file shortly.
    1. DO NOT COPY THE PGP SIGNATURE FROM MY ARTICLE TEXT!!!
  5. Open the folder to where you downloaded the Windows Installer file.  It should be named something like electrum-3.1.0-setup.exe.  Obviously, if you’re reading this in the future, there will likely be a newer version.  This is the latest version at the time of this writing.
    1. Right-click on any empty, white space in the folder and choose “New”, then “Text Document”.  A new, empty text file will be created.  Ignore the extra menu items I have.  I’m a developer and have extra features installed that you might not.
  6. Now hit enter to open the empty text file and paste the PGP key into it (from step 3.1 above, you should have the text in your copy buffer (or “clipboard”) still).  Hit [Ctrl]+[V].  This will paste the text you already had copied from 3.1 above into the text file.  Now hit [Ctrl]+[S] to save it.  And finally CLOSE notepad (or whatever text editor you’re using).
  7. Now rename the text file to exactly the same name as the downloaded electrum exe file, but with “.pgp” added to the end of the filename.  In my case, I rename the text file to electrum-3.1.0-setup.exe.pgp
  8. Now, let’s fix that problem where the file types (also called “file extensions”) are hidden.  While looking at the filename that you downloaded in Windows Explorer, open the “View” menu or tab.  On the right hand side (you might have to resize the window to something bigger to see it), open the “Options” drop down and choose “Change folder and search options”.
  9. On the “Folder Options” that opens up, click on the “View” tab and check OFF (or UN-check) the box “Hide extensions for known file types”, then click “OK”.  It should NOT have a check-mark in it.
    1. You’ll see the files changed from this…
    2. to this…  (again, these are MY files, you may have more or fewer and certainly different files in your downloads folder).
      1. It’s VERY important that you see the FULL filenames.  Before this, the electrum-3.1.0-setup.exe.pgp file looked like it it was named electrum-3.1.0-setup.exe and as you can see, there’s actually ANOTHER file that actually has that name.  Why Microsoft hides these by default is beyond me.   All it does is create confusion is severely increases the risk of hackers tricking you into launching a malicious program when you think you’re opening a safe text file or a picture file.
  10. LET’S DO IT! Let’s make an attempt to actually verify the PGP signature of the file.  Spoiler alert:  It won’t work, but that’s OK.  It will walk us through what we need to do.  Right click your newly created and renamed file that you added “.pgp” to the end of the filename on.  In my example, it will be electrum-3.1.0-setup.exe.pgp , and then choose “More GpgEX options”, then “Verify”.
  11. The verification process will complete as verified, but not fully verified…
    1. Here’s what’s going on.  The EXE file DID verify against the PGP signature, but the signature, itself, is not known to be trusted.  At least, your verification software you’re using (called Kleopatra) does not know the signature to be from a trustworthy source.  You’ll have to TELL IT that you trust that author’s key.  Once you do that, Kleopatra will fully verify everything produced from that author, signed with his same keys.  Click the “Search” button.  This will search on several public PGP key stores on the internet for one that contains that PGP key you have from that author.
      1. It SHOULD find a key from ThomasV@gmx.de after a minute or so…
      2. Click his e-mail address and then click the “Import” button.  That will import his public PGP key into your PGP keyring.  This will make it available for future use by you to validate new versions of this app and others from the same author.  You won’t have to go through all of these steps again for future downloads from him.
  12. Now we need to CERTIFY his signature.  This simply means we’re going to tell our local install of Kleopatra that we TRUST the key from ThomasV.  Open your start menu and find Kleopatra and launch it.
    1. It will show you all the public and private PGP keys you have installed.  Here’s what MINE looks like.  Yours may have only the one key from ThomasV and your own key.  (I’ve blurred my personal keys).
  13. Now, we’ll certify ThomasV’s key.  Right click his key (anywhere on the line with his e-mail address in it) and choose “Certify…”
  14. Check ALL the boxes on the “Certify Certificate” dialog box that pops up, then click “Next”.
  15. Now you need to tell it which of YOUR keys you want to certify it with.  It should show you all your keys that you already installed for yourself.  Select the one you wish to use to validate.  It’s not critical which one you choose, but I recommend choosing the latest one of yours that’s not expired and is associated with your most used e-mail address.  And select “Certify only for myself”, then click “Certify”.  (I’ve blurred all my personal signatures).
    1. You’ll see the following once Kleopatra has marked his certificate as validated by your own key.  We do this to make the software validation work.  Most of these steps are a one-time deal.  You will not repeat all of these every time you want to validate a signature on software.
      1. Click [Finish] and you’ll see your list of installed keys and see that his key is now marked as “certified”.  This is good.  This will REDUCE the number of steps to validate software from him in the future.
  16. Now, one more time, let’s right-click the electrum-3.1.0-setup.exe.pgp file you created, choose “More GpgEX options”, then “Verify”.  This time, you’ll get FULL VERIFICATION!

Congratulations!  You’ve now validated that the Electrum BitCoin wallet software is safe, unmodified, and from the original author.  It is safe to install.  Please note, this was NOT an article about installing the Electrum BitCoin software.  It was an example of how to validate software signatures from ANY software you download (as long as the author provides you validation signatures).  We could have used countless other apps to do the same thing.

It’s MUCH easier the second time!

Yes, I know.  That was quite a lot of work to do.  But that’s only because you’re new to this AND you had to install, configure, and create lots of new things.  Now that you’ve done it once, doing it again will be much less effort.

From now on, all you do is the following:

  1. Get the PGP signature of the file you want to download and save it into a text file.
  2. Download the file you want.
  3. Rename your PGP signature file to exactly the same name as the file you download, but with “.pgp” appended to the end of the file name.
  4. Right-click that pgp file, choose “More GpgEX options” -> “Verify”, and it’ll either validate or report that it’s not valid.

That’s it!  And getting newer versions of the app will be the same 4 steps.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

LastPass: Turn Off Auto-Fill NOW!

There are many reports recently of malicious websites and malicious scripts in ads and comments on websites that generate login name and password fields on legitimate sites that trigger LastPass and other password managers to auto-fill with your credentials, allowing the bad actors to literally steal your login credentials, without you doing anything except innocently visiting your favorite sites.

Side note:  This is a REALLY GOOD reason to turn on 2-Factor Authentication.

To turn off aut-fill in LastPass is pretty simple, but nearly impossible to find and know how to do with out someone else “in the know” showing you.

  1. On your desktop browser, open your LastPass vault.
  2. Click “Account Settings” in the lower left.
  3. Click on the “Never URLs” tab.
  4. Click the “Add” Button at the bottom of the dialog box.
  5. Now, you’ll need to do this 3 times, once for “Never Fill Forms”, “Never AutoLogin”, and “Never AutoFill Application”.  Choose “Never Fill Forms”, from the “Type” drop down and then type “all” (without the quotes!) in the “URL” box and click add.  Continue for “Never AutoLogin” and “Never AutoFill Application”.

That’s it!  From this point forward, LastPass will still work, but it won’t just blindly fill in your login name and password to just any field named “login” or “password”.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Encrypting Degoo Cloud Drive With Cryptomator

In this article in my series of “Encrypt All The Things!”, I’ll show you the specifics of encrypting a cloud drive using the Degoo.com cloud drive service. For a generic overview, that’s not Degoo specific, see:

If you use cloud drive services, of any kind, it’s critical that you do so ONLY with data that YOU have encrypted on YOUR END and that YOU are in control of the keys. Any service that handles the keys for you is NOT SECURE! The ONLY way your own data is secure is if YOU are in control of the keys. Some cloud drive services offer encryption at an extra price, which is crazy because you can do it FOR FREE with the added benefit of YOU being in control, NOT THEM!

The best way to ensure that you’re in control is for you to do the encryption yourself with software NOT provided by your cloud drive service.

In this article, I’ll show exactly how to do this with a commercial cloud drive service called Degoo.com and a free and open source encryption application called Cryptomator.

Create a Degoo account and install the software

First, you’ll need to sign up for the Degoo.com cloud drive service here.

100 GB Free Backup

Be sure to download and install the software. Don’t set up the download or sync folders yet. We need to get the encryption app installed first. BTW, Degoo has both free and paid options.

Install the Encryption App

Go to Cryptomator.org and download and install the software (It’s free and open source!). Once installed, you’ll need to setup one or more “vaults”, which are simply nothing more than a folder on your hard drive where encrypted files will be stored.

Set up a Cryptomator vault

First, you need to understand how Cryptomator works. DO NOT SKIP THIS!

The first time you run it, you will not have any vaults (encrypted folders). First, create a new folder on your drive in whatever way suits you best. This is where you’re going to have encrypted versions of your sync files stored.

  1. Click the “+” sign in the lower left and choose “Create New Vault” to create a vault.
  2. Navigate to the folder you want to store your encrypted files (the folder should be blank, right now) and give it a name, here I Cryptomator.
  3. Then create a password for it. DO NOT FORGET THE PASSWORD OR YOUR DATA WILL BE LOST FOREVER!!!!!
    1. I Highly recommend saving it in a password manager like LastPass.com. I also recommend using that password manager’s password generator to generate a long, random password for you.
  4. Create the Vault by clicking the “Create Vault” button. This stores a couple of small files in there that cryptomator needs.
    You’ll be prompted for the password again. This is not part of the vault creation process. You’re done. Now you’re ready to use it like you will everyday. Now you unlock the vault by entering your password.
  5. Click the “more options” button to see what you have available. Those options are pretty self-explanatory. I’ll skip those and let you choose how you want to configure it.

Your vault is now unlocked and is opened in a Windows Explorer window, usually as drive letter Z:.

The real folder on the real drive is here (below) (depending on where YOU chose to create it… this one is mine):

Now, I can store files in my Z: drive (as long as my vault is unlocked) and I can use any apps I want to read and write to the Z: drive. Everything works normally. Apps that read and write there have NO IDEA that they’re reading and writing to an encrypted folder.

You’ll notice that in Documents\deleteme\test (again, that’s where I created mine; yours will be where ever you put yours), you’ll see a “d” folder and 2 masterkey files. Those masterkey files have an ENCRYPTED version of your key. No one can decrypt it without knowing YOUR password that you just created.  This masterkey file WILL BE ON THE REMOTE SERVER, so this is why you need a STRONG password, preferably random characters generated by a password manager.

As you save more files into your Z: drive, you’ll see more files show up somewhere under Documents\deleteme\test (again, MY folder is here, YOURS is where ever you put yours). The files that show up here have unreadable filenames and if you try to open them, they will have what appears to be garbage in them. These are the files you stored in your Z: drive, but these are encrypted.

Think of your Cryptomator unlocked vault Z: drive as a decrypted, magic window into your physical, encrypted files stored in their encrypted state in your Documents\deleteme\test (again, MY folder name I chose, YOURS will be different).

One caveate: Files in your Z-Drive CANNOT be larger than 2GB! That’s a limitation with the current version of Cryptomator.

I created a text file in my new Z: drive. As you can see below, Cryptomator created a file in the Documents\deleteme\test\d\WQ folder with a funky name. That’s what’s REALLY stored on my REAL hard drive. If I try to open the funky named file, it looks like garbage bytes. Both of those windows are showing the SAME data, it’s just that the REAL data is encrypted (top window). The bottom window is a VIRTUAL drive with an decrypted view of the data. ALWAYS remember this! You will NOT back up your Z drive! EVER! You’ll back up and/or sync your Documents\deleteme\test folder. More on that later.

Now, how to sync your encrypted files with Degoo.com

Now that you have a folder that contains your encrypted files and an easy way to use the the encrypted files (your cryptomator Z-drive), you need to sync the encrypted files to your Degoo.com account. DO NOT SYNC OR BACK UP YOUR Z: DRIVE!!!!!!

  • If you haven’t already, download and install the software on Degoo.com and create an account.
  • When you open it, click on the “Choose what to backup” tab. The actual folders on disk that are being backed up are each in their own cryptomator vault folder with encrypted files.
  • Click the “Add folder to backup…” button and navigate to your Cryptomator vault folder… the one with the unreadable encrypted files NOT YOUR Z-DRIVE!!!! and click “Add folder to backup”
  • Your folder will be added to your list of folders to be backed up.

Now, you’re all set. Anything you put into your Z-Drive is automatically encrypted at the time it’s written and since the real folder with the encrypted files is the one that’s backed up, you automatically get your data backed up in addition to automatically encrypted. Now, no matter how malicious anyone at Degoo may be (I have to reason to believe the are (or aren’t)), your privacy is safe. They cannot see anything other than what you see when looking at the encrypted version of your folder. Unless they have your password to your vault (which, of course, should be DIFFERENT from your Degoo password), they’ll never be able to see the contents.

But that was hard!

No it wasn’t! And, the small amount of work you did above is only done when creating a new vault and installing everything for the first time. Once it’s done, here’s all you need to do moving forward:

  • Turn on your PC and log into Windows (or Mac or Linux)
  • Start Cryptomator and unlock your vault.

That’s it! You can even shorten that to not have to start cryptomator setting up your vault to save your password and auto-unlock on start.

You can also add more cryptomator vaults at any time.

Quick review:

In this tutorial you did the following simple steps:

  • Signed up with and installed Degoo.
  • Downloaded and installed Cryptomator.
  • Created a vault with Cryptomator.
  • Told Degoo to sync the encrypted version of your cryptomator vault.

That’s really all you did. And now, you’re protected both with encryption and with an automatic, encrypted backup.

What’s Next?

Just continue to use your computer with your Z-Drive as your unencrypted version of your data. You can even lock your vault and Degoo will continue to back up your data. Degoo doesn’t need you to have it unlocked because it’s NOT backing up the unencrypted files. It’s only backing up the encrypted bits.  Degoo isn’t even aware of the Cryptomator software.  From Degoo’s software’s point of view, all that matters is that folder with the encrypted files in it.

Conversely, the Cryptomator software is unaware of Degoo.  All Cryptomator knows is that you have a folder with encrypted files and it provides the means to unlock and use them.

You can create more vaults with Cryptomator, if you like and add them to Degoo as well.

You can create vaults inside your Google Drive sync folder, your Microsoft One-Drive sync folder, your DropBox sync folder, etc, etc… As many or as few as you want.  Cryptomator works by encrypting any folder and providing an unencrypted view of it.  Cloud drives work by backing up and/or syncing a folder.  Put the two of them together and you’ve got a robust and secure backup strategy.

I do strongly recommend you make a cryptomator vault in EVERY cloud drive sync folder and move all your non-encrypted files INTO your virtual drive letter created for that vault.

WARNINGS!

You MUST obey the following rules!!!

  • Don’t write files directly into your real folder that contains the encrypted files. If you do that, it will be backed up AS-IS… WITHOUT ENCRYPTION!
  • Do NOT backup your Z: drive (or whatever drive letter cryptomator makes for you). That is DECRYTPED and if you back THAT up, you’ve wasted all your time and effort and are NOT storing an encrypted version of your files. Your Z: drive should ONLY be used for your normal work. DO NOT BACK IT UP!!!!

You are, of course, free to break these rules, but your secure backup is not going to be encrypted if you do break them.