Thursday, July 09, 2015

Recommendation: Unseen

Disclaimer #1: This post includes affiliate links. If you purchase a premium account at Unseen using those links, I will receive a commission on your purchase (and you will receive a 10% discount!). Other than the prospective commissions, I have received no payment or gratuity for promoting Unseen.

Disclaimer #2: I am NOT an Internet security or cryptography expert, and I do understand that there are potential security compromises involved in using web-based email. I will mention some of those possible compromises in this post, but the bottom line is caveat emptor and do your own risk assessments.

So, disclaimers out of the way, I do like Unseen. It's a web-based (but also with downloadable apps for Windows, Mac, Linux, Android and iOS) "secure" email, chat and voice calling service based in Iceland. There's a free version and a reasonably priced premium version with extra storage and other goodies. If I earn any commissions by referring KN@PPSTER readers there, I'll spend them on upgrading to premium myself.

I haven't used the chat or voice calling functions of the service, because I seldom use chat or voice calling services of any kind. According to the FAQ, Unseen uses the xAES algorithm for chat with NTRU for key exchange, and TLS 2048 for audio and video calling.

The web mail is reasonably user-friendly and includes openPGP key generation and management online. You can encrypt and send mail. You can receive and decrypt mail. So far I haven't been able to find a way to digitally sign plaintext mail using openPGP on Unseen, but remember that I am using the web interface. The downloadable apps may have that feature.

Obvious security concern: Your keys are stored on Unseen's server, so you're trusting them to keep them secure. Can you trust that security? There's no way to know. If I wasn't running an entirely web-based OS (ChromeOS), I'd keep my keys on an encrypted thumb drive hidden somewhere convenient but non-obvious when they weren't in actual use. But since I am on a Chromebox/Chromebook, that's a compromise I have to put up with.

One up side, and a promise I consider bankable, is that Unseen is domiciled in and operates its servers from Iceland, honors only Icelandic court orders for turning over data (Iceland is known for having good Internet freedom and privacy protection standards), and deletes all of its logs on a fortnightly basis. So to the extent that you don't want e.g. the FBI just demanding your data and getting it without a fight (and without you even knowing!), Unseen seems like a good bet.

Check it out. If it seems to fit your needs, as it very well may, give it a try. If it fits your needs well enough that you want more of what it offers, upgrade to the premium version. Thanks in advance for any commissions you send my way!

No comments: