The 4Privacy app is built with a strong focus on security and privacy, providing users with end-to-end encryption and the ability to hold their own encryption keys. This ensures that the user’s data remains private and secure, even from the 4Privacy, the network, the cloud, the devices.
The app is designed around the principles of data sovereignty and ownership, giving users complete control over their data and resources, even when sharing them with others. This means that users always have access to their own data and can decide how it is used and shared.
To provide additional protection against attacks and breaches, the app employs proprietary password-free technology, which helps prevent phishing attacks and password reset hacks.
Overall, the 4Privacy app provides a secure and privacy-focused solution for users who value the protection of their data and resources.
End-to-end encryption is a security measure that ensures the confidentiality and integrity of data in transit and at rest no matter the number or type of networks and devices. This means that the data is encrypted at the sender’s device and can only be decrypted by the intended recipient, who possesses the necessary decryption key.
4Privacy app is designed so that only the user has access to their encryption key. This means that even if a third party were to intercept the encrypted data, they would not be able to access the contents without the user’s key. 4Privacy only relies on having an encryption key to allow or deny access to data. There are no access or permission lists that can be hacked to give access to your data.
End-to-end encryption is the only strong way to control access to your data, the trick is to make sharing the keys easy and secure. 4Privacy uses PublicKey encryption to share keys with another user without anyone else seeing or gaining access.
The 4Privacy app utilizes data segmentation, whereby each piece of information is individually encrypted with its own unique encryption key. This means that even if one piece of information is compromised, the other pieces will remain secure.
Using separate encryption keys for each piece of information provides an additional layer of security and helps to ensure that the user’s data remains private and protected. It also means that if an attacker gains access to one piece of information, they will not be able to access any other data without the corresponding encryption key.
Groups of data (e.g. folders or commonly tagged data) have keys that can be shared to allow easier organization and sharing of data. The group keys change over time providing a way to revoke access from the group and new data no longer being accessible to those removed.
The 4Privacy Engine is a separate module that the app uses to keep keys secure and perform all cryptographic functions. It uses open source cryptographic libraries, currently OpenSSL and soon will include libsodium.
The 4Privacy Engine is designed to use multiple cryptographic algorithms to future-proof itself against potential security threats and changes in technology and to give users a choice of cryptographic library and algorithms.
In order to use the app, your phone will act as your identity, and you will be required to provide a PIN or biometric authentication to gain access. The PIN is not stored or verified on the phone, after 8 failed PIN attempts the account is locked, so common techniques to crack a PIN will not work. The PIN is never transmitted or stored in the cloud. It is important to note, the biometric option while being more convenient than remembering a PIN does store the PIN on the phone (encrypted) which means that cracking the phone can expose the PIN – which is why for the highest level of security we recommend not using the biometric option.
Data sovereignty means that you control who can have access and use your data and that you always have access. This means that your data is yours, so you should always have access. This is a challenge with digital data as it has to be stored somewhere. If it is only on the device (like your phone) then if you lose access to your phone (broken, lost, etc), that means you lose your data. And you might want to store more data than can easily fit on a small device. So it is useful to have your data stored in a place that is accessible by many devices – like the cloud. This is secure because of end-to-end encryption. But what if the cloud provider or the network provider is down or decides to prevent you from accessing your data? 4Privacy solves this problem by using cloud storage (end-to-end encrypted with almost no meta-data) but giving you the option to make backups of your data to devices you own (or other cloud services). These backups can be made periodically or continuously. You can make cold storage copies (usb or external hard drives, or spread them to other clouds). This provides decentralized storage, where the cloud and you have copies of the data so there is no one authority that can prevent your access to your data.
To enable asynchronous sharing and extend the app’s resources beyond the capabilities of a single device, 4Privacy requires off-device persistence.
Off-device persistence refers to the ability to store data and information outside of the user’s device, typically in a cloud-based storage system or on a remote server. This enables users to access their data and resources from multiple devices and locations, and to share their data with others asynchronously.
By utilizing off-device persistence, the app is able to provide a seamless and convenient experience for users, while also ensuring that their data remains secure and protected. It also allows users to extend the app’s resources beyond the capabilities of a single device, enabling them to store and access larger amounts of data, and to collaborate with others more effectively.
The 4Privacy app has the ability to harden its cryptographic software development kit (SDK) by moving it into protected firmware, or deploying it on hardened devices.
A hardened device refers to a device that has been designed and manufactured with security in mind, with additional security measures and features built into the hardware and software. By deploying the app on such devices, the security of the app is further enhanced, as the device itself provides an additional layer of protection against attacks and breaches.
Moving the cryptographic SDK into protected firmware provides additional security benefits, as the firmware is typically more difficult to modify or compromise than other forms of software. This helps prevent attackers from gaining unauthorized access to the app’s cryptographic functions, even if they have compromised the device’s operating system or other software components.