Why do we need to Verify Every Single Bit on each Digital Transfer
Blockchain enthusiast developer and writer. My telegram: ksshilov
Do you care about the security of your messages, emails, and the files that you send online? That’s great if you do, because the Internet is full of dangers and leaks can damage anyone’s reputation. Good examples are Hillary Clinton
or the celebrities
whose private photos were leaked, both situations showing us that security is nothing to joke about.
The majority of popular data transfer methods can be secure, if used properly and with precautions. But in this article we're going to review most of them from a technical standpoint to find out where they stop being as secure as they claim to be. In this context, we’ll also cover the advanced blockchain technologies that solve the problem of security in digital transfers to understand if decentralization covers the shortcomings of the current solutions.
The channels for everyday use
The most common channel of communication we use is the ordinary email. It's plain text sent by an SMTP server
to the POP server. Its biggest vulnerability is to sniffing
– when you suddenly get a middleman spying on your traffic and reading everything you send. The problem can be fixed by using a P2P-encrypted email service, such as ProtonMail
and many others. These email providers allow the encryption of all outgoing mail messages with your own unique password. Recipients can read your mail by also using that password, and those who don’t know the password will only see the meaningless, jumbled text. This is one way to send emails securely, but still you can’t get a certain confirmation that the receiving party actually received it, and you can’t send large files via email either.
Another channel of communication we use everyday is messengers, the most popular of them being Telegram and WhatsApp. These apps are more secure than email by default, as they include end-to-end encryption right from the start. Telegram has its own encryption protocol, MTProto
, which is open sourced, so everyone can check the code and its security, and WhatsApp uses Signal, another popular encryption protocol that is free-to-use. This protocol, however, is more inconsistent
in its performance. A security site, the Electronic Frontier Foundation, made a series
of detailed reviews regarding the flaws of both messengers, and they came to the conclusion
that WhatsApp might be more flawed than its competitor, Telegram:
- Both of them store backups in the cloud, which is a potential security flaw.
- Both of them have HTTPS-secured web interfaces that have to be loaded every time a user visits the site. While HTTPS security prevents decoding the messages, the hack can be done by replacing the browser software with a modified version that would send all your messages to a third party.
- WhatsApp shares data with its parent company Facebook, which means they could bypass encryption anytime they want. So Telegram is a bit more secure; at least it doesn’t intend to capitalize on its users.
Another solution for data transfer is cloud storage. There are many competing services, such as Dropbox
, Google Drive
, Microsoft OneDrive
. Generally, they are secure. Every large storage platform, at least these three, have
advanced external firewalls, internal firewalls, intrusion detection, event logging, and encryption. Also, all data centers where the files are stored are protected
- armed guards, fingerprints, access levels. However, many users are still susceptible to phishing attacks
; they still give passwords to hackers. In addition, security-oriented people may be concerned by the fact that all data in public clouds is stored together and they don’t have any control over its storage. And let’s not forget about the fact that’s it’s always hard to download a large file (over 4 GB) via a slow HTTPS connection.
Dedicated solutions for securely transferring files
The above examples serve us well in everyday life. They are convenient to use, as we typically don’t need high security when sending our cat’s photo to our parents. As an alternative, you can use specialized software designed especially for handling a high volume of transactional data, such as Microsoft Azure
, a global research and advisory firm, has named
Microsoft Azure a leader in enterprise cloud solutions in 2019. The solution by Microsoft offers a wide range of services, from storing files to deploying cloud applications for your business. One of its services, Rights Management System
(RMS), is a special security-oriented encryption system for setting permissions to access stored files. Overall, it’s a very large ecosystem that has several advantages, but there are also a few major disadvantages.
- Its uptime is 99.95%, which means that you almost never experience trouble accessing it.
- You should pay only for the resources that you use. If you need large computational power or storage for some task for only a single day, you can buy it, then go back to your low-budget payment plan one day later.
- It’s very fast in almost all countries, except Brazil.
- You must have platform expertise available. After all, it’s a complex solution, and it’s not oriented to retail users.
- You might consider using Azure if you’re a large company with a lot of stuff going on. Being an individual it’s hardly worth paying even $20 for what you might get for free.
Speaking of “free”, there’s also the BitTorrent software, the most popular file-sharing software in the world. The whole file-sharing activity accounts for 3% of global downstream and 22% of upstream traffic, and 97% of that traffic is from BitTorrent, according to a study
by Sandvine in 2018. BitTorrent can be used not only to illegally download games and movies, but also as a genuine peer-to-peer service. Its decentralized protocol allows users to directly share various files between two parties without the need for any middle man. Simply create a magnet link to your file, and send it to another user - that’s enough to transfer a file.
- It’s free. No need to pay for sending and receiving files.
- It’s decentralized, you don’t need a central server to connect to. The transfer goes from your computer to another; no one can interfere in the process.
- It divides a file to many chunks, speeding up the download process, allowing to download from many nodes simultaneously.
- The transmitted files aren’t encrypted, so anyone who gets the magnet link can directly download and read the file.
In some special situations (for example, sending an NDA document or an unreleased movie) you would probably want to control who is downloading your files and how well it is protected. In this case we would need a decentralized encrypted blockchain solution that would only give you full control over your files.
Secure blockchain solutions
Why would you need a blockchain service to transfer your files? Don’t forget, our privacy is shrinking. The Snowden scandal
revealed that all our actions are under global surveillance, so it would be wise to try to keep at least some part of our activities from the eyes of the curious government, hackers, and other prying eyes. Blockchain technology was created as a response to this surveillance, which is why they continue to be perfected in the sense of security and privacy.
Over the past three years, a few prominent blockchain solutions for secure data transfer and storage were created, such as Authpaper Delivery
, and Storj
. All of them offer a distributed network of nodes that can be used to store encrypted data, which can be read only by having a special cryptographic key. All of them have similar features, but the most advanced is Authpaper Delivery, as it allows for the storage and transfer of data alongside the ability to control the delivery. It even uses an already existing BitTorrent network instead of building its own from scratch. But now let’s check out the finer details.
As we’ve said before, Authpaper Delivery is based on the BitTorrent protocol but with very important tweaks. Their solution allows users to send encrypted files over the network as easily as the regular torrent files. The recipients who have the download link can get it and decrypt the file using two private keys. Those who don’t have the keys can download the file, but they can’t read its content. The platform allows users to send very large files as well, as it’s supported by the underlying BitTorrent protocol, so it can be used to transfer any types of files, from classified documents to unreleased movies, without the fear of making a Wolverine-sized leak
Every action related to the sent file is documented, being written to the Authpaper Delivery ledger. The BitTorrent network nodes, who take on an extra role of file keepers in Authpaper’s ecosystem, also verify and record all operations on data and its delivery. Additionally, they verify the consistency of the file. To keep them motivated in storing the data without the ability to read it, they are paid with the platform’s tokens, Authpaper coins (AUPC). It works like this:
- Any user can create a file on the platform, using his/her email and name, and send it to someone else using the recipient's email. The file gets encoded with symmetric encryption. The magnet link contains enough info to check the file integrity after delivery.
- Nodes in the network download the parts of an encrypted file and seed it.
- The receiver receives two keys in the form of QR codes, one directly from the sender in a most convenient way, and the second gets sent to the email of the recipient.
- The receiver gets the link via his/her email and downloads data from the nodes.
- The receiver can sign the data with his/her key if necessary.
- The time of delivery and the signature gets recorded to the blockchain.
- The recipient decodes the file using two QR codes.
- Nodes get their reward; after the successful delivery they don’t have an incentive to keep the data anymore, so they can delete it from their hard drives.
This whole cycle is secure; it divides file to many pieces, it divides QR codes with private keys into many pieces, and it ensures that the confidential file won’t stay uploaded after the delivery, as the seeds will almost immediately delete it to clear up hard drive space. At the same time, the record of the delivery will stay in the Authpaper Delivery blockchain forever. So it’s a great solution, as anyone can use it to send files without having to be concerned about the integrity of the process.
Everyday we face the inevitable necessity to protect our private data from curious eyes. It's a non-stop game where two parties try to outsmart each other. One party tries to get your data for some benefit, and you don't want them to. Any method of sending information via the Internet can be very secure if some precautions are made. Also, anyone can be hacked, it depends only on the effort put into finding a breach. That's why the decentralized solutions for transferring files privately and verifying them have become far more popular.
Subscribe to get your daily round-up of top tech stories!