1 00:00:00,000 --> 00:00:06,000 Now, before we discuss the methods that we can use to send files, let's talk about metadata. 2 00:00:07,000 --> 00:00:14,000 So each file, whether it's an image, a PDF or a document, any digital file has metadata. 3 00:00:14,000 --> 00:00:21,000 What we mean by that is it's information that is attached to the file that can reveal more information 4 00:00:21,000 --> 00:00:24,000 about the file itself, such as the creator. 5 00:00:24,000 --> 00:00:30,000 The program used to create this application, the time it was created and more. 6 00:00:30,000 --> 00:00:32,000 Let me show you an example. 7 00:00:33,000 --> 00:00:39,000 So right here I have an old picture taken with an old phone, and if I right click this picture and 8 00:00:39,000 --> 00:00:46,000 view its properties and go to the image tab, as you can see, we get a lot of information about this 9 00:00:46,000 --> 00:00:47,000 picture. 10 00:00:47,000 --> 00:00:54,000 Now, the first few things might not look very interesting, such as the type of the image, the width 11 00:00:54,000 --> 00:00:55,000 and the height. 12 00:00:55,000 --> 00:00:59,000 But then if you go down, you can see the camera type, which was apple. 13 00:00:59,000 --> 00:01:00,000 You can see the camera model. 14 00:01:01,000 --> 00:01:05,000 You can see the date this picture was taken, the exact date with the day. 15 00:01:05,000 --> 00:01:06,000 With the time. 16 00:01:06,000 --> 00:01:09,000 You can even see if the flash was used or not. 17 00:01:10,000 --> 00:01:12,000 Now, this is an example of a picture. 18 00:01:12,000 --> 00:01:17,000 If you do the same for a document, you will see the creator, the operating system, the program used 19 00:01:17,000 --> 00:01:19,000 to create it and so on. 20 00:01:19,000 --> 00:01:26,000 Therefore, all of this information can be pieced together to understand what platforms you use and 21 00:01:26,000 --> 00:01:28,000 work from there to de-anonymize you. 22 00:01:28,000 --> 00:01:36,000 Therefore, if you want to share files anonymously, it's a really good idea to remove all of this information 23 00:01:36,000 --> 00:01:40,000 to minimize the amount of information that can be used to identify you. 24 00:01:41,000 --> 00:01:44,000 Now, luckily, doing this is very, very simple entails. 25 00:01:44,000 --> 00:01:51,000 All you have to do is right click the file that you want to remove its metadata and click on remove 26 00:01:51,000 --> 00:01:52,000 metadata. 27 00:01:52,000 --> 00:01:58,000 And then right here we have a backup of the image, as you can see in here, just in case the process 28 00:01:58,000 --> 00:01:59,000 could break something. 29 00:01:59,000 --> 00:02:06,000 And then right here we have the image itself after clearing the metadata from it. 30 00:02:06,000 --> 00:02:09,000 So right click it and go to properties now. 31 00:02:09,000 --> 00:02:15,000 And if you go to the image tab, as you can see, we won't see any information related to me, to the 32 00:02:15,000 --> 00:02:17,000 person that created the image. 33 00:02:17,000 --> 00:02:23,000 So we don't see the phone type, the camera type and the time it was created and so on. 34 00:02:24,000 --> 00:02:30,000 Now, once you have the image cleared, you're ready to share it so you can go ahead and use one of 35 00:02:30,000 --> 00:02:36,000 the file sharing services that we already know on the clear net, such as Google Drive, Dropbox and 36 00:02:36,000 --> 00:02:36,000 so on. 37 00:02:36,000 --> 00:02:43,000 The only problem is with these services similar to many clear net services, they are not private. 38 00:02:43,000 --> 00:02:45,000 They're going to log data. 39 00:02:45,000 --> 00:02:48,000 They're going to track you and they're not secure. 40 00:02:48,000 --> 00:02:55,000 Not only that, but the way these services work is not very private because they upload your files to 41 00:02:55,000 --> 00:02:57,000 an online server or to the cloud. 42 00:02:58,000 --> 00:03:01,000 So you might think, okay, I am not going to use this. 43 00:03:01,000 --> 00:03:07,000 I'm going to use the email services that I showed you before because all of them allow you to send attachments, 44 00:03:07,000 --> 00:03:09,000 but they suffer from the same problem. 45 00:03:09,000 --> 00:03:13,000 Your file will be uploaded to a server to the cloud. 46 00:03:13,000 --> 00:03:15,000 So let me show you what I mean. 47 00:03:15,000 --> 00:03:22,000 Let's say David wants to send a file to John here on the right, and what they want to do is they want 48 00:03:22,000 --> 00:03:27,000 to use Google, Dropbox, or even one of the email services that I showed you earlier. 49 00:03:27,000 --> 00:03:35,000 So to do that, the file is going to be uploaded to the cloud, to a server owned by one of these companies. 50 00:03:35,000 --> 00:03:39,000 And then John is going to download this file from the cloud. 51 00:03:40,000 --> 00:03:47,000 So the end result is both David and John will have copies of the file, which is fine, but at the same 52 00:03:47,000 --> 00:03:55,000 time the server used to host the file is going to have a copy of this file, which raises a number of 53 00:03:55,000 --> 00:03:55,000 problems. 54 00:03:55,000 --> 00:04:00,000 Anybody who has access to this server will have access to the file. 55 00:04:00,000 --> 00:04:06,000 So the employees that work at that server, hackers that manage to gain access to the server and government 56 00:04:06,000 --> 00:04:12,000 agencies that have some sort of an agreement with the owners of these servers. 57 00:04:13,000 --> 00:04:20,000 Therefore, this method is not very private and is not good if you're sharing sensitive files. 58 00:04:20,000 --> 00:04:28,000 Now, the creators of Firefox have attempted to solve this problem by offering a file sharing service 59 00:04:28,000 --> 00:04:30,000 that uses end to end encryption. 60 00:04:30,000 --> 00:04:38,000 So the way this will work is the file will get encrypted using code that runs on the client side. 61 00:04:38,000 --> 00:04:43,000 So this is code that runs on the computer on your own local computer. 62 00:04:43,000 --> 00:04:47,000 It will encrypt the file that you want to share first and only. 63 00:04:47,000 --> 00:04:51,000 Then your file is uploaded to their server. 64 00:04:51,000 --> 00:04:57,000 And then you share a special link that contains a decryption key with John. 65 00:04:57,000 --> 00:05:04,000 John will use this link to download the file and because the link contains the decryption key, John 66 00:05:04,000 --> 00:05:08,000 will be able to decrypt the file and read its content. 67 00:05:08,000 --> 00:05:14,000 Now let me show you how this works so you have a better understanding of it, and then we'll discuss 68 00:05:14,000 --> 00:05:16,000 the cons of this method. 69 00:05:16,000 --> 00:05:23,000 So let's go back to my Tails computer and I'm going to try to share the same image that I cleaned that 70 00:05:23,000 --> 00:05:25,000 has no metadata at the moment. 71 00:05:25,000 --> 00:05:32,000 And keep in mind, this image is stored in my Tor browser directory because remember when we spoke about 72 00:05:32,000 --> 00:05:39,000 how Tor browser is configured on tails, it can only upload and download files stored in the Tor browser 73 00:05:39,000 --> 00:05:40,000 directory. 74 00:05:40,000 --> 00:05:47,000 So the image is in the right place and it contains no information that can be used to identify me. 75 00:05:47,000 --> 00:05:50,000 The only thing that's left to do is upload this image. 76 00:05:50,000 --> 00:05:56,000 I'm going to go to my Tor browser and I'm already at the file sharing service. 77 00:05:56,000 --> 00:06:01,000 I will include that link in the resources of this lecture and as you can see, it's very simple, very 78 00:06:01,000 --> 00:06:02,000 easy to use. 79 00:06:02,000 --> 00:06:06,000 All you have to do is click on the file that you want to upload. 80 00:06:06,000 --> 00:06:10,000 You'll be at the Tor browser directory by default. 81 00:06:10,000 --> 00:06:12,000 You want to pick the file that you want to share. 82 00:06:12,000 --> 00:06:17,000 This is my image and we're going to click on open to start uploading it. 83 00:06:18,000 --> 00:06:22,000 Now you can actually select multiple files by clicking on the plus here. 84 00:06:22,000 --> 00:06:27,000 You can actually configure this file to expire after certain amount of downloads. 85 00:06:27,000 --> 00:06:33,000 For example, after one download, or you can set up an expiry date so it expires after five minutes, 86 00:06:33,000 --> 00:06:36,000 an hour a day or seven days. 87 00:06:36,000 --> 00:06:40,000 You can also protect the file with a password by ticking this box. 88 00:06:40,000 --> 00:06:44,000 So I'm going to keep everything to the default and I'm just going to click on upload. 89 00:06:46,000 --> 00:06:46,000 And perfect. 90 00:06:46,000 --> 00:06:53,000 As you can see, we have the download link right here so you can copy this and share it with the person 91 00:06:53,000 --> 00:06:54,000 that you want them to download. 92 00:06:54,000 --> 00:07:01,000 So I'm going to click on copy to copy it, and then I'm going to go on a new tab and paste the link. 93 00:07:01,000 --> 00:07:08,000 Now as you can see in the link right here, this is the decryption key and this is the key needed in 94 00:07:08,000 --> 00:07:16,000 order to decrypt the file so that the person that downloads it will be able to see its content unencrypted. 95 00:07:16,000 --> 00:07:22,000 Without this, without this part right here, the file contains no useful information. 96 00:07:22,000 --> 00:07:29,000 Therefore, even the owners of Firefox or anybody who has access to their servers will not be able to 97 00:07:29,000 --> 00:07:32,000 see the contents of your file without this key. 98 00:07:32,000 --> 00:07:39,000 And keep in mind, this key gets generated by code that runs on the client side, by code that runs 99 00:07:39,000 --> 00:07:40,000 on your browser. 100 00:07:40,000 --> 00:07:42,000 So it's not code that is running on their servers. 101 00:07:42,000 --> 00:07:46,000 Therefore, they should not be able to see this key. 102 00:07:46,000 --> 00:07:48,000 Now if we hit enter. 103 00:07:49,000 --> 00:07:56,000 As you can see, we'll get a download page and if we click on download, it will first decrypt the file 104 00:07:56,000 --> 00:08:02,000 again using code that runs on the client side on your own local computer, and then you'll be able to 105 00:08:02,000 --> 00:08:03,000 download the image. 106 00:08:03,000 --> 00:08:09,000 Let's just call it 20 to save and that should be downloaded. 107 00:08:09,000 --> 00:08:11,000 So if we go here. 108 00:08:12,000 --> 00:08:17,000 You can see we have the image which is identical to the image that we uploaded. 109 00:08:17,000 --> 00:08:19,000 So that's perfect. 110 00:08:20,000 --> 00:08:28,000 Now this method might seem secure and it is more private than uploading your files using Google Drive 111 00:08:28,000 --> 00:08:29,000 or Dropbox and all of them. 112 00:08:29,000 --> 00:08:33,000 But there are still a number of things to keep in mind. 113 00:08:34,000 --> 00:08:37,000 First of all, the link contains the decryption key. 114 00:08:37,000 --> 00:08:45,000 Therefore, anybody that has access to the link will be able to download your file and see its content. 115 00:08:45,000 --> 00:08:48,000 Then we have the other problem Do we trust that server? 116 00:08:48,000 --> 00:08:54,000 Now I know I said that the file will be encrypted before uploading it to the server and the encryption 117 00:08:54,000 --> 00:09:00,000 will be done using code that runs locally so the server does not know the decryption key. 118 00:09:00,000 --> 00:09:04,000 But do you really trust that this code will never change? 119 00:09:04,000 --> 00:09:10,000 What if a hacker gains access to Firefox servers and modifies the way this code works so it actually 120 00:09:10,000 --> 00:09:13,000 sends the key to their server or to his own server? 121 00:09:13,000 --> 00:09:19,000 What if an employee that is -- off and don't like Firefox does something like that? 122 00:09:19,000 --> 00:09:21,000 What about government agencies? 123 00:09:21,000 --> 00:09:28,000 So again, even though encryption is used in this case, it still suffers from the same problems as 124 00:09:28,000 --> 00:09:33,000 normal file sharing services because we still have to trust that server. 125 00:09:34,000 --> 00:09:41,000 So the main problem that we're facing here is the way these file sharing services are implemented, 126 00:09:41,000 --> 00:09:43,000 not a problem with encryption. 127 00:09:43,000 --> 00:09:49,000 We will actually talk about how you can manually encrypt your files without relying on code pulled from 128 00:09:49,000 --> 00:09:50,000 another server. 129 00:09:50,000 --> 00:09:57,000 The main problem that we have here is our file is being stored somewhere that we do not control. 130 00:09:57,000 --> 00:10:02,000 Regardless of how this file is stored, whether it's using encryption or not does not really matter. 131 00:10:03,000 --> 00:10:10,000 Ideally, we want to keep our files locally and only share it in places where we have full control on. 132 00:10:10,000 --> 00:10:13,000 And this is what I'm going to show you in the next lecture. 133 00:10:14,000 --> 00:10:17,000 Now, one more thing to add for this service to work. 134 00:10:17,000 --> 00:10:23,000 Like I said, it uses client side code to encrypt and decrypt the files. 135 00:10:23,000 --> 00:10:30,000 Therefore, you need to have your security settings on low or medium to work because the client side 136 00:10:30,000 --> 00:10:37,000 code that will do all of this work is JavaScript code and the high security level as we know, disables 137 00:10:37,000 --> 00:10:37,000 JavaScript. 138 00:10:37,000 --> 00:10:44,000 Therefore, you might not want to use a medium or standard security setting because it doesn't fit your 139 00:10:44,000 --> 00:10:45,000 threat model. 140 00:10:45,000 --> 00:10:49,000 So again, this will be another problem with using this service. 141 00:10:50,000 --> 00:10:56,000 But in general, if you have something that is not very sensitive, then this could be a nice and quick 142 00:10:56,000 --> 00:10:58,000 way to share files.