Bitdrop app beats NSA surveillance with anonymous encrypted file transfers

Swiss developer hails 'zero knowledge privacy'

A small Swiss app developer has invented what it claims is a way to securely and anonymously transfer files between a browser and a mobile device without having to leave any traces of the user's identity, device ID or location.

Marketed by creators Bitdrop as a way of defeating surveillance by the NSA and others - "zero knowledge privacy" - users simply initiate transfers from the firm's upload portal after scanning a QR Code using a dedicated app running on their mobile device.

This code creates a unique and time-limited window for files to be transferred to the user's mobile (or shared with a third party that has a download code), secured using what the company calls 256-bit "variable encryption," essentially a way to randomise conventional symmetric keys for each transfer.

The keys themselves are sucked onto the sender's own mobile device during a temporary connection. Files can't be accessed by Bitdrop itself or any other authority because the encryption key is stored only on the sender's mobile device. In the event the files are not moved from the firm's servers to the mobile by a third party receiver within 24 hours they are destroyed.

The location of the encryption key is critical. They keys are never retained on the sending computer, never sit on Bitdrop's servers and are never moved to third-parties receiving the files. Only the sender has these keys.

The firm heralds the concept as a way of moving encrypted data around without it being tied to any identity; Bitdrop does not require users to register or reveal their email address. Neither the sender nor receiver can be identified.

What about the security of the mobile app itself? According to Bitdrop, the identity of all contacts using the service is accessible only after entering an access code.

It sounds like complex 'down the rabbit hole' security but it should be simple to use with an interesting extra advantage that although the sender needs to install the app to scan the QR code, the receiver does not, making it free of the friction of many secure file transfer systems that require both ends to use identical software.

This is the kind of app that not long ago would have sounded like overkill but that was before the NSA and Edward Snowden alerted the security-conscious to the reality of state surveillance. This might or not bother US or UK users who trust their Governments but what about business users using their mobiles in other parts of the world; do they trust the Russian or Chinese Governments too? Undoubtedly these already have or will soon have systems similar to Prism.

Explaining its architecture, founder 'Markus Kristian Kangas had this to say when contacted by Techworld:

"Bitdrop is a Swiss company with engineering offices in Zurich, Switzerland which gives us more freedom toward US legislation - we are not an American company or affiliated to any American company. We use a flexible server architecture that is not tied to any specific location."

One slight issue is that the launch app is iPhone-only although an Android app is promised, as is a version for web-to-web transfers. The company is also a total unknown so issues such as longevity, support and security must be taken on trust. The app costs $4.99 (£3.20).

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal Techsecuritynsa

More about mobilesNSAPrismQRSwitzerland

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts