1
00:00:00,900 --> 00:00:07,120
Now before we discuss the methods that we can use to send files let's talk about metadata.

2
00:00:07,530 --> 00:00:15,360
So each file whether it's an image a PD f or a document any digital file has metadata what we mean by

3
00:00:15,360 --> 00:00:22,260
that is it's information that is attached to the file that can reveal more information about the file

4
00:00:22,260 --> 00:00:31,110
itself such as the creator the program used to create this application the time it was created and more.

5
00:00:31,170 --> 00:00:38,110
Let me show you an example so right here I have an old picture of my car taken with an old phone.

6
00:00:38,280 --> 00:00:46,310
And if I right click this picture and view its properties and go to the image tab as you can see we

7
00:00:46,310 --> 00:00:49,040
get a lot of information about this picture.

8
00:00:49,070 --> 00:00:55,970
Now the first few things might not look very interesting such as the type of the image the width and

9
00:00:55,970 --> 00:01:00,890
the height but then if you go down you can see the camera type which was Apple.

10
00:01:00,890 --> 00:01:03,460
You can see the camera model it was an iPhone 6.

11
00:01:03,470 --> 00:01:09,480
As you can see the date this picture was taken the exact date with the date with the time.

12
00:01:09,620 --> 00:01:13,400
You can even see if the flash was used or not.

13
00:01:13,400 --> 00:01:15,350
Now this is an example of a picture.

14
00:01:15,470 --> 00:01:20,690
If you do the same for a document you will see the creator of the operating system the program used

15
00:01:20,690 --> 00:01:22,820
to create it and so on.

16
00:01:22,820 --> 00:01:29,510
Therefore all of this information can be pieced together to understand what platforms you use and work

17
00:01:29,510 --> 00:01:31,970
from there to the anonymize you.

18
00:01:32,120 --> 00:01:38,690
Therefore if you want to share files anonymously it's a really good idea to remove all of this information

19
00:01:38,900 --> 00:01:44,080
to minimize the amount of information that can be used to identify you.

20
00:01:44,210 --> 00:01:50,450
Now luckily doing this is very very simple and tells all you have to do is right click the file that

21
00:01:50,450 --> 00:01:58,290
you want to remove it's metadata and click on clean metadata one click on this.

22
00:01:58,440 --> 00:02:03,970
It will first create a backup of the image as you can see in here just in case the process could break

23
00:02:03,970 --> 00:02:04,680
something.

24
00:02:04,870 --> 00:02:11,050
And then right here we have the image itself after clearing the metadata from it.

25
00:02:11,440 --> 00:02:14,720
So right click it and go to properties now.

26
00:02:14,720 --> 00:02:21,250
And if you go to the image tab as you can see we won't see any information related to me to the person

27
00:02:21,250 --> 00:02:22,660
that created the image.

28
00:02:22,690 --> 00:02:27,060
So we don't see the phone type the camera type and the time it was created.

29
00:02:27,070 --> 00:02:35,080
And so one now once you have the image cleared you're ready to share it so you can go ahead and use

30
00:02:35,080 --> 00:02:41,020
one of the file sharing services that we already know on the clear net such as Google Drive Dropbox

31
00:02:41,080 --> 00:02:42,310
and so on.

32
00:02:42,310 --> 00:02:49,150
The only problem is with these services similar to many clear net services they are not private.

33
00:02:49,210 --> 00:02:54,160
They're going to log data they're going to track you and they're not secure.

34
00:02:54,160 --> 00:03:00,820
Not only that but the way these services work is not very private because they upload your files to

35
00:03:00,820 --> 00:03:02,960
an online server or to the cloud.

36
00:03:04,020 --> 00:03:06,750
So you might think okay I'm not going to use this.

37
00:03:06,840 --> 00:03:11,580
I'm going to use the e-mail services that I showed you before because all of them allow you to send

38
00:03:11,640 --> 00:03:14,750
attachments but they suffer from the same problem.

39
00:03:14,850 --> 00:03:19,110
Your file will be uploaded to a server to the cloud.

40
00:03:19,110 --> 00:03:20,440
So let me show you what I mean.

41
00:03:21,330 --> 00:03:25,790
Let's say David wants to send a file to John here on the right.

42
00:03:26,040 --> 00:03:31,620
And what they want to do is they want to use Google Dropbox or even one of the e-mail services that

43
00:03:31,620 --> 00:03:33,190
I showed you earlier.

44
00:03:33,300 --> 00:03:40,700
So to do that the file is gonna be uploaded to the cloud to a server owned by one of these companies.

45
00:03:40,830 --> 00:03:44,720
And then John is going to download this file from the cloud.

46
00:03:45,690 --> 00:03:52,650
So the end result is both David and John will have copies of the file which is fine but at the same

47
00:03:52,650 --> 00:04:00,240
time the server used to host the file is going to have a copy of this file which raises a number of

48
00:04:00,240 --> 00:04:01,400
problems.

49
00:04:01,410 --> 00:04:05,540
Anybody who has access to this server will have access to the file.

50
00:04:05,610 --> 00:04:11,880
So the employees that work at that server hackers that manage to gain access to the server and government

51
00:04:11,910 --> 00:04:18,620
agencies that have some sort of an agreement with the owners of the servers.

52
00:04:18,630 --> 00:04:26,080
Therefore this method is not very private and is not good if you're sharing sensitive files.

53
00:04:26,130 --> 00:04:33,060
Now the creators of Firefox have attempted to solve this problem by offering a file sharing service

54
00:04:33,270 --> 00:04:36,300
that uses end to end encryption.

55
00:04:36,300 --> 00:04:43,520
So the way this will work is the file will get encrypted using code that runs on the client side.

56
00:04:43,530 --> 00:04:48,820
So this is code that runs on the computer on your own local computer.

57
00:04:48,900 --> 00:04:56,370
It will encrypted file that you want to share first and only then your file is uploaded to their server

58
00:04:56,790 --> 00:05:03,260
and then you share a special link that contains a decryption key with John.

59
00:05:03,330 --> 00:05:10,110
John will use this link to download the file and because the link contains the decryption key John will

60
00:05:10,110 --> 00:05:13,980
be able to decrypt the file and read its content.

61
00:05:13,980 --> 00:05:15,900
Now let me show you how this works.

62
00:05:15,920 --> 00:05:22,050
So you have a better understanding of it and then we'll discuss the cons of this method.

63
00:05:22,200 --> 00:05:28,390
So let's go back to my tells computer and I'm going to try to share the same image that I cleaned.

64
00:05:28,440 --> 00:05:31,020
That has no metadata at the moment.

65
00:05:31,020 --> 00:05:37,200
And keep in mind this image is stored in my third browser directory because remember when we spoke about

66
00:05:37,200 --> 00:05:44,520
how Tor browser is configured on tables it can only upload and download files stored in the third browser

67
00:05:44,520 --> 00:05:45,310
directory.

68
00:05:45,960 --> 00:05:52,460
So the image is in the right place and it contains no information that can be used to identify me.

69
00:05:52,470 --> 00:05:56,110
The only thing that's left to do is upload this image.

70
00:05:56,250 --> 00:06:02,890
I'm going to go to my Tor Browser and I'm already at the file sharing service offered by Firefox.

71
00:06:02,970 --> 00:06:06,960
You can access it by going to send dot Firefox dot com.

72
00:06:07,320 --> 00:06:10,470
I will include that link in the resources of this lecture.

73
00:06:10,710 --> 00:06:13,650
And as you can see it's very simple very easy to use.

74
00:06:13,740 --> 00:06:17,510
All you have to do is click on the file that you want to upload.

75
00:06:17,790 --> 00:06:21,330
You'll be at the Tor Browser directory by default.

76
00:06:21,330 --> 00:06:23,760
You want to pick the file that you want to share.

77
00:06:23,760 --> 00:06:28,930
This is my image and we're going to click on open to start uploading it.

78
00:06:29,300 --> 00:06:33,460
Now you can actually select multiple files by clicking on the plus here.

79
00:06:33,530 --> 00:06:39,680
You can actually configure this file to expire after a certain amount of downloads for example after

80
00:06:39,680 --> 00:06:42,650
one download or you can set up an expiry date.

81
00:06:42,680 --> 00:06:47,930
So it expires after five minutes an hour a day or seven days.

82
00:06:47,930 --> 00:06:52,220
You can also protect the file with a password by tick in this box.

83
00:06:52,220 --> 00:06:57,950
So I'm going to keep everything to the default and I'm just going to click on upload and perfect as

84
00:06:57,950 --> 00:07:04,280
you can see we have the download link right here so you can copy this and share it with the person that

85
00:07:04,280 --> 00:07:05,650
you want them to download.

86
00:07:05,660 --> 00:07:12,790
So I'm going to click on copy to copy it and then I'm going to go on a new tab and paste the link.

87
00:07:12,920 --> 00:07:20,330
Now as you can see in the link right here this is the decryption key and this is the key needed in order

88
00:07:20,330 --> 00:07:27,650
to decrypt the file so that the person that downloads it will be able to see its content unencrypted.

89
00:07:27,650 --> 00:07:33,600
Without this without this part right here the file contains no useful information.

90
00:07:33,650 --> 00:07:40,430
Therefore even the owners of Firefox or anybody who has access to their servers will not be able to

91
00:07:40,430 --> 00:07:43,940
see the contents of your file without this key.

92
00:07:43,940 --> 00:07:50,540
And keep in mind this key gets generated by code that runs on the client side by code that runs on your

93
00:07:50,540 --> 00:07:51,260
browser.

94
00:07:51,260 --> 00:07:53,990
So it's not code that is running on their servers.

95
00:07:53,990 --> 00:07:57,770
Therefore they should not be able to see this key.

96
00:07:57,800 --> 00:08:05,650
Now if we hit enter as you can see you will get a download page and click on Download it will first

97
00:08:05,650 --> 00:08:12,670
decrypt the file again using code that runs on the client side on your own local computer and then you'll

98
00:08:12,670 --> 00:08:14,680
be able to download the image.

99
00:08:15,070 --> 00:08:20,680
Let's just call it 22 save and that should be downloaded.

100
00:08:20,710 --> 00:08:29,230
So if we go here you can see we have the image which is identical to the image that we uploaded.

101
00:08:29,230 --> 00:08:31,410
So that's perfect.

102
00:08:31,510 --> 00:08:39,100
Now this method might seem secure and it is more private than uploading your files using Google Drive

103
00:08:39,160 --> 00:08:41,000
or Dropbox and all of them.

104
00:08:41,170 --> 00:08:45,550
But there are still a number of things to keep in mind.

105
00:08:45,610 --> 00:08:48,880
First of all the link contains the decryption key.

106
00:08:48,880 --> 00:08:56,440
Therefore anybody that has access to the link will be able to download your file and see its content.

107
00:08:56,590 --> 00:08:58,300
Then we have the other problem.

108
00:08:58,300 --> 00:09:00,100
Do we trust that server.

109
00:09:00,130 --> 00:09:05,830
Now I know I said that the file will be encrypted before uploading it to the server and the encryption

110
00:09:05,830 --> 00:09:11,480
will be done using code that runs locally so the server does not know the decryption key.

111
00:09:11,830 --> 00:09:15,640
But do you really trust that this code will never change.

112
00:09:15,640 --> 00:09:20,740
What if a hacker gains access to Firefox servers and modifies the way this code works.

113
00:09:20,740 --> 00:09:24,980
So it actually sense the key to their server or to his own server.

114
00:09:25,090 --> 00:09:30,350
What if an employee that is pissed off and don't like Firefox does something like that.

115
00:09:30,370 --> 00:09:32,440
What about government agencies.

116
00:09:32,470 --> 00:09:40,060
So again even though encryption is used in this case it still suffers from the same problems as normal

117
00:09:40,060 --> 00:09:44,630
file sharing services because we still have to trust that server.

118
00:09:45,550 --> 00:09:52,390
So the main problem that we're facing here is the way these file sharing services are implemented.

119
00:09:52,390 --> 00:09:54,160
Not a problem with encryption.

120
00:09:54,160 --> 00:10:00,550
We will actually talk about how you can manually encrypt your files without relying on code pulled from

121
00:10:00,550 --> 00:10:02,140
another server.

122
00:10:02,170 --> 00:10:09,190
The main problem that we have here is our file is being stored somewhere that we do not control regardless

123
00:10:09,190 --> 00:10:14,190
of how this file is stored whether it's using encryption or not does not really matter.

124
00:10:14,200 --> 00:10:21,190
Ideally we want to keep our files locally and only share it in places where we have full control on

125
00:10:21,700 --> 00:10:25,770
and this is what I'm going to show you in the next lecture.

126
00:10:25,840 --> 00:10:33,190
Now one more thing to add for the service to work like I said it uses client site code to encrypt and

127
00:10:33,190 --> 00:10:34,600
decrypt the files.

128
00:10:34,600 --> 00:10:41,110
Therefore you need to have your security settings on low or medium to work because the client's site

129
00:10:41,110 --> 00:10:48,160
code that will do all of this work is javascript code and the high security level as we know disables

130
00:10:48,160 --> 00:10:54,970
javascript therefore you might not want to use a medium or standard security setting because it doesn't

131
00:10:54,970 --> 00:10:56,430
fit your threat model.

132
00:10:56,440 --> 00:11:03,940
So again this will be another problem with using this service but in general if you have something that

133
00:11:03,940 --> 00:11:09,040
is not very sensitive then this could be a nice and quick way to share files.