End-to-end Encryption for the Rest of Us
By now you have certainly heard about end-to-end encryption. You are maybe even using end-to-end encrypted chat applications. If you are a professional dealing with customers, then most certainly, somewhere deep inside your heart, you have a feeling that you too must level-up when it comes to privacy and security of your communications with clients.
Indeed, businesses working with European citizens data need to comply with GDPR rules, such as Article 30 that imposes the application of state-of-the-art security, including encryption, when dealing with personal data. It might sound scary for non-technical ears.
Even a simple e-mail can put you in violation of GDPR
If you are a pharmacist, and your client sends you a medical prescription by e-mail, you might find yourself at a violation of GDPR.
Why is that so?
Simply, e-mail protocols are very old. They were made for a very different world when the internet was used mainly by well-intentioned academics, way before it bacame a medium for commerce and mainstream communication. A simple, non-encrypted e-mail does not grant sovereignty of the content. Also, when the e-mail leaves your clients’ device, before reaching you, it will pass over by a multitude of servers that may be geographically distributed anywhere in the world. On each of those servers the e-mail message will spend some time unencrypted, and thus exposed to risks of being read by an unintended observer. These risks are real and they are the reason why GDPR regulation exists.
Now, what can you do?
Even if you subscribe to an encrypted e-mail service, in order for your communication with the clients to be encrypted, they too must use an encrypted e-mail service. In most cases it is cumbersome to put in place, and simply too much to ask.
No sane professional wants to expose their clients to risks, but applying state-of-the-art security, such as end-to-end encryption, is simply not easy to fit in their workflow. That is why you can see so many pharmacists receiving patients’ confidential prescriptions by e-mail. It is quite similar with lawyers — I never saw a single one who doesn’t ask their clients to send them sensitive information by e-mail. I also recently got a request from my bank, to send them confidential information about my financial situation over e-mail.
There is an easy way
We’ve made blindsend — an open-source tool for end-to-end encrypted file transfers. With minimal changes to your workflow, with blindsend you can easily reach GPDR compliance of your file transfers.
Step 1
Let’s say you have a client that wants to send you a confidential or sensitive file containing personal data. Go to https://blindsend.xyz/ (an instance of blindsend that we made available for free). Enter a unique password. Blindsend will generate a link.
Step 2
Share the link with a customer, as you normally would share information with them.
Step 3
A customer can securely upload a file by clicking on the link you shared with them. This is where the all the magic happens. Before reaching the internet, the file is encrypted on your customer’s local device in such a way that only you, with the password you entered in step 1, can decrypt it on your local device.
Blindsend temporarily stores the encrypted file, but can’t decrypt it. Blidnsend blindsend does not have the notion of its user identities.
Step 4
Go to the link, enter your password, and download the file. Blindsend will decrypt it on your local machine.
Blindsend adds a layer of privacy and security to everyday file exchanges. It leverages modern cryptographic primitives to make end-to-end encryption easy for everyone.
And that’s all?
Too easy to be true? Almost. There are obviously some considerations you must bare in mind. If you send the blindsend link by e-mail, someone other then your customer might gain access to the link, and before your customer get to click on it, upload an unwanted file. Depending on what the file is, and how easy it is for you to verify its authenticity, you might actually in many cases disregard this risk and still offer easy-to-use end-to-end encryption.
And what if I am sending the file to my customer? We are working on that. Stay tuned and we’ll soon launch a new feature allowing the file sender to initiate the exchange.
Stay tuned, follow and star Blindsend on Github.
