Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Encrypting links when sending them?

24 Jan 2017   #1
JordanMihailov

windows 7 Ultimate x64
 
 
Encrypting links when sending them?

Hi all, recently I needed to do that so that I can send my drawings (mainly for approval) more secured. I have come across and used that site: URLCrypt.to - Keeping your links safe
Please give my your opinion about if it is any good because i honestly have no knowledge in that field.
I'll appreciate your feedback.
Thank you.


My System SpecsSystem Spec
.
24 Jan 2017   #2
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Hi,

Even though URLCrypt.to - Keeping your links safe checks out safe on Virustotal and google's safe browsing site, though check the hosting link at the bottom of the testing details for some ambiguity. It can be a bad practice to use an online service for something like this.
In all good faith you sent a link to an online site that if believed originates in the Kingdom of Tonga a sovereign state and archipelago in the Pacific ocean 5,212 km/3,239 miles to the East of Australia. That's what the .to in the urlcrypt link stands for.

The reasoning is you don’t know who’s behind the service, and anything done in a browser no matter how protected is questionable at best. The better way would be to have an encryption program on your computer and if need be send the un-encryption key by secure means to anyone you need to see your emails.

If I may ask; What are your reasons for encryption? I can understand the sensitivity of your drawings and it sounds like you might have them stored in a "cloud service", and concern whether or not the link would be scraped from the email by a spambot. It would help to know what browser(s) and email client(s) you use because some encryption works better with some browsers.

Meanwhile I'll see if I can round up the "troops" for more ideas and help.
My System SpecsSystem Spec
25 Jan 2017   #3
townsbg

Windows 7 pro 64-bit
 
 

If you are running a website you should set up encryption on your server. Unfortunately that can be expensive for a signed cert which all browsers look for. For personal use you might look for a site that does VPN through a browser. That creates a secured connection between you and the server. I've never looked into it though so I can't recommend any. However if the website already has encryption you shouldn't have to worry about it.
My System SpecsSystem Spec
.

25 Jan 2017   #4
Alejandro85

Windows 7 Ultimate x64
 
 

It's generally not a good idea to rely on third parties when you need privacy and protection for personal and confidential data. The fundamental problem it has is that "encrypting" links is, in fact, just eye candy and adds little or no real security.

For explaining this, I'm going to assume that you have some confidential file stored in a shared hosting and want to privately send it to someone else (correct me if I'm wrong).
In the most simplest of its options, you send the "encrypted" link and it redirects to the real file. Problem is, anyone getting the link just follows it and also gets the real file. This adds zero protection, you just exchanged one link for another, maybe more difficult to remember, but nothing else. Obfuscation at best. Adding the captcha option neither adds security, it just makes it harder for bots, but an human won't be deterred by this.
What about putting the link a password? Here is where the real security comes from. Anyone following the link will need the password to make any use of it (assuming no flaws in the site). But this creates another problem, how do you send the password securely? You need another means of delivering both the link and the password, as sending them together defeats the purpose.

There is a catch however: By creating such a link, you give the real link to the site! This means, anyone controlling the site knows the real link and can easily access the file, regardless of password. An additional problem is that the site where the file is stored also has full control of it, potentially exposing it if they really want.

Instead, I'll suggest something along the lines of what Anak said, encrypt the file locally, then upload it. This way, the storage service has just a meaningless chunk of data, and anyone getting the real link cannot make any use of it without the password. And you eliminate the link-obfuscating service altogether. There is still the problem of how to send the password securely, but that can be achieved by other means, like phone or a text message.
Doing so can be as easy as compressing the data in zip/7z/rar format and putting a password of it, that most people will know how to access it.


Quote   Quote: Originally Posted by townsbg View Post
If you are running a website you should set up encryption on your server. Unfortunately that can be expensive for a signed cert which all browsers look for. For personal use you might look for a site that does VPN through a browser. That creates a secured connection between you and the server. I've never looked into it though so I can't recommend any. However if the website already has encryption you shouldn't have to worry about it.
This only protects the data in-transit, a good thing, but doesn't prevents a bad guy from getting the link or making use of it. Neither VPN helps, it just encrypts the browser-VPN link, while the VPN-site is still in the plain, and again, the file is still unprotected. There are some free certificate authorities out there that browsers already trust, and may suffice for personal usage, but doesn't solve the particular problem at hand.
My System SpecsSystem Spec
25 Jan 2017   #5
JordanMihailov

windows 7 Ultimate x64
 
 

Generally i use firefox and have some local abv.bg mail service. So are most of the oldschool engineers that a have to deal with.
So the process is as follows. These colleages of mine ( not all but many of them) are retired and work from home on some projects we make. They use barely autocad and have skype ( or telegram) and mail from 15 years to say. They have no ideo of cloud and dropbox and other recent technologies. So to make it as simple as i can i make one .rar file with .dwg files inside. Quite often the size of the file is more than 100-200mb. After that i upload it to so site which generates me link. In the end i encrypt the received link and send it to the recipient. That's the whole process.
My System SpecsSystem Spec
25 Jan 2017   #6
JordanMihailov

windows 7 Ultimate x64
 
 

The other think that turned me to this kind of sending is that is easy and free.
( in response to "If you are running a website you should set up encryption on your server. Unfortunately that can be expensive for a signed cert which all browsers look for. For personal use you might look for a site that does VPN through a browser. That creates a secured connection between you and the server. I've never looked into it though so I can't recommend any. However if the website already has encryption you shouldn't have to worry about it.")
My System SpecsSystem Spec
25 Jan 2017   #7
rvcjew

7 Pro x64, 10 Pro x64
 
 

I sounds like it this might be too complicated but if you can get them to get crytomator then it would be much easier to send them things. It is also free.

Cryptomator: Free Cloud Encryption for Dropbox & Others

Malcolm
My System SpecsSystem Spec
26 Jan 2017   #8
JordanMihailov

windows 7 Ultimate x64
 
 

I am not sure how that is going to happen as i told you what type of people i am dealing with It's the same as showing my grandmother the smartphone I used that unpopular, as i see method, because it's easy and free and the recipient need to know only the password which i can tell him by the phone.
My System SpecsSystem Spec
28 Jan 2017   #9
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Hi,

It has taken me awhile to respond because I have been busy trying to track down some way to make what you are trying to do easier, but you have one condition that does not allow anything other than what you are already doing, that condition is working with your group, the old-school engineers (OSE).

I tried finding something to use on your machine or your Firefox (FF) browser:
  • FF does have one obfuscation add-on but it does not hide well and only changes the letters of words that can still be read easily.
  • Then there is Lock the Text, I installed this onto my version of FF but I still have not mastered it yet to where I can understand how it works so I can not endorse it, and with the passwords you can apply it seems like it would be too difficult for the OSE.

So, what does this boil down to? I might get some discussion from fellow members that my endorsement of what you are already doing is not safe, but if you feel comfortable and okay with doing it, then okay, do it.

This is from your post #5 and I took the liberty of shortening your quote(s), clicking on the orange dot beside your name will take you directly to the post the quote came from:
Quote   Quote: Originally Posted by JordanMihailov View Post
.......So to make it as simple as i can i make one .rar file with .dwg files inside. Quite often the size of the file is more than 100-200mb. After that i upload it to so site which generates me link. In the end i encrypt the received link and send it to the recipient. That's the whole process.
And later on in your post #8
Quote   Quote: Originally Posted by JordanMihailov View Post
.....it's easy and free and the recipient need to know only the password which i can tell him by the phone.
If I understand correctly:
  • You compress the .dwg file with the .rar program and upload it to the so site that generates a link to the file, then use urlcrypt on that so site link, and add a password to the urlcrypt link to give to the OSE.
  • Another layer of security would be to set a password to the compressed .dwg/.rar file if you are not already doing it, the added burden for you would be to give two passwords to whoever you phone.
  • Is your desire to encrypt the link because of spambots or do you have another reason? The only other reason I can think of is to hide the link from engineers that would try to do harm to your drawings.

In my research I used whois.com to see where the URLCrypt.to - Keeping your links safe link goes to and found information that shows the registrant and administrator of urlcrypt Markus Schneider is based in Homburg Germany, there is even an email, address, and phone number if you wanted to contact him to address your concerns about security.

Some reasons for using an offshore domain could be; Price, domain availability, and site ranking. So if it works for you and you are comfortable with using it continue using it.


Code:
urlcrypt.to

Domain:               urlcrypt.to
Created on:           Sat Apr 16 06:38:25 2016
Last edited on:       Sat Apr 16 06:38:25 2016
Expires on:           Sun Apr 16 06:38:25 2017
Primary host add:     None
Primary host name:    ns1211.ispapi.net
Secondary host add:   None
Secondary host name:  ns2202.ispapi.net

Results from checking SOA records for listed servers:
ns3178.ispapi.net:         2016052200
ns2202.ispapi.net:         2016052200
ns1211.ispapi.net:         2016052200

END

related domain names
ispapi.net
Then clicking on the related domain ispapi.net I found:
Code:
ispapi.net

Domain Information
Domain:
ispapi.net
Registrar:
1 API GMBH
Registration Date:
2008-10-05
Expiration Date:
2017-10-05
Updated Date:
2016-10-06
Status:
clientTransferProhibited
Name Servers:
ns1011.ispapi.net
ns2011.ispapi.net
ns3011.ispapi.net

Registrant Contact
Name:
Markus Schneider
Street:
Zweibruecker Strasse 26
City:
Homburg
State:
Saarland
Postal Code:
66424
Country:
DE
Phone:
+49.684192430
Email:
email@ispapi.net

Administrative Contact
Name:
Markus Schneider
Street:
Zweibruecker Strasse 26
City:
Homburg
State:
Saarland
Postal Code:
66424
Country:
DE
Phone:
+49.684192430
Email:
email@ispapi.net

Technical Contact
Name:
Markus Schneider
Street:
Zweibruecker Strasse 26
City:
Homburg
State:
Saarland
Postal Code:
66424
Country:
DE
Phone:
+49.684192430
Email:
email@ispapi.net

Raw Whois Data
Domain Name: ISPAPI.NET
Registry Domain ID: 1522833768_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.1api.net
Registrar URL: http://www.1api.net
Updated Date: 2016-04-28T08:19:29Z
Creation Date: 2008-10-05T15:20:23Z
Registrar Registration Expiration Date: 2017-10-05T15:20:30Z
Registrar: 1API GmbH
Registrar IANA ID: 1387
Registrar Abuse Contact Email: email@1api.net
Registrar Abuse Contact Phone: +49.68416984x200
Domain Status: clientTransferProhibited - http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: 
Registrant Name: Markus Schneider
Registrant Organization: 
Registrant Street: Zweibruecker Strasse 26
Registrant City: Homburg
Registrant State/Province: Saarland
Registrant Postal Code: 66424
Registrant Country: DE
Registrant Phone: +49.684192430
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: email@ispapi.net
Registry Admin ID: 
Admin Name: Markus Schneider
Admin Organization: 
Admin Street: Zweibruecker Strasse 26
Admin City: Homburg
Admin State/Province: Saarland
Admin Postal Code: 66424
Admin Country: DE
Admin Phone: +49.684192430
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: email@ispapi.net
Registry Tech ID: 
Tech Name: Markus Schneider
Tech Organization: 
Tech Street: Zweibruecker Strasse 26
Tech City: Homburg
Tech State/Province: Saarland
Tech Postal Code: 66424
Tech Country: DE
Tech Phone: +49.684192430
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: email@ispapi.net
Name Server: ns1011.ispapi.net 194.50.187.11
Name Server: ns2011.ispapi.net 194.0.182.11
Name Server: ns3011.ispapi.net 193.227.117.11
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-01-28T09:14:51Z <<<

For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.

; This data is provided for information purposes, and to assist persons
; obtaining information about or related to domain name registration
; records. We do not guarantee its accuracy.
; By submitting a WHOIS query, you agree that you will use this data
; only for lawful purposes and that, under no circumstances, you will
; use this data to
; 1) allow, enable, or otherwise support the transmission of mass
;    unsolicited, commercial advertising or solicitations via E-mail
;    (spam); or
; 2) enable high volume, automated, electronic processes that apply
;    to this WHOIS server.
; These terms may be changed without prior notice.
; By submitting this query, you agree to abide by this policy.


related domain names
1api.net
icann.org
internic.net
My System SpecsSystem Spec
29 Jan 2017   #10
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

You just want to send a link securely and nothing else?

Try: Privnote - Send notes that will self-destruct after being read

Privnote Privacy Policy

How Privnote Really Works - Pablo Hoffman

If you want to be really secure you'd have to use encrypted email to send the link.
My System SpecsSystem Spec
Reply

 Encrypting links when sending them?




Thread Tools




Similar help and support threads
Thread Forum
links is missing when pasting text with links in any browser or office
Hi, When I'm copying text withe links from the web and trying to paste it, The links is missing. I try to paste it into word or excel, and in all kinds of html editors in all browsers but the links are still missing. only text is shown. Is anybody here knows how to fix it? Tx very much...
Browsers & Mail
All files encrypted without me encrypting them.
OK, yesterday, a random .exe was found on my desktop (that i never downloaded) and it opened automatically saying that all of my files were encrypted and i needed to click something to remove encryption... Sensing an obvious trojan I decided to shred the file with iobit and everything was fine....
System Security
Encrypting USB flash drive
Hi , I encrypted a USB pen drive and it's all fine. I'm concerned though if encryption increases the chance of file corruption over time, i.e. if eventually I won't be able to have access to the files due to file corruption.
General Discussion
Encrypting hdd
Hey Guys, just wondered how many of you have encrypted your hard drives. Is it some-thing you would advise every-body to do? Cheers 24seVen
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 19:47.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App