myKryptofon General FAQs
We provide a service that delivers privacy and security for phone calls, text chat messaging, file transfers, pictures, picture transfers, PANIC declarations, and any type of communications now and in the future.
Our objective is simple: to help secure the human right to communicate freely, securely, and privately. It's all too common today that rogue governments, less than ethical organizations, over reaching states and corporate factions intercept our phone calls and text messages for whatever purpose they choose. The primary goal in providing the myKryptofon solution is simply to help reestablish the concept of privacy to good, law abiding men and women.
Read the news and understand what has happened. Sadly, the world has shifted in the last two decades to the point where no one is safe from the eavesdropping and theft of a simple phone call or text message and more. The world has gone digital, and the evils capabilities of an open digital world has been absorbed by many bad actors. Rogue elements (both domestic and international) - have been caught red-handed, scanning and monitoring our once assumed to be private conversations. No more. In light of the news over the past several years of this wide ranging eavesdropping, it's hard to feel safe from even simple marketing organizations, much less from organized crime, terrorists and rogue governments who can be listening to your phone calls and reading your messages at will.
We don’t intentionally serve terrorists or other rogue elements, nor do we work with those who do not support the objective of secure and private communications for law biding citizens. "Bad actors" use the internet, social media, search, telephones and more. We do not support these bad actors. Should we find that a licensee has gone rogue or become a bad actor, we disable their license.
Yes. myKryptofon utilizes the data your smartphone, tablet or PC uses to connect tot he internet. This includes:
- Satellite Bgan
None. Both parties must have myKryptofon in order to secure the communication and both must be on a data network.
Yes, both parties need to have the myKryptofon app running on their Android or Windows.
Right now - No. We have a concentrated our efforts with Android, and will soon be developing for iOS. When we release on iOS, we will definitely let our subscriber base and everyone at large via our blog.
No, that would not be secure. myKryptofon wipes all history and trace of the communication at the end of each communications session. Think of it as bleaching a stain from a white shirt. After the shirt is bleached, there's no trace that the stain was even there.
All data-at-rest files myKryptofon uses or creates are encrypted with different encryption keys from those when data transfers over the air to another myKryptofon instance.
Yes, all Panic communications are uniquely encrypted.
Before using the feature, you designate a person from your Contact list that will receive a Panic alert when you issue it.
Press the device power button rapidly 5 times. When you feel the smartphone or tablet vibrate, the panic alert has been sent.
myKryptofon Technical FAQs
Alright all you techies out there- this one is for you!
There are several architectural elements:
First: all myKryptofon application instances and servers are Trusted Nodes. They are authenticate through a out of band authentication upon installation. The installation process collects forensic information as to where and what the software was installed on. This forensic must match up every launch of an app instance. If there's no match, then, the app or server shuts down.
Second: all communications to and from myKryptofon are doubly encrypted, with a SHA256 algorithm, by utilizing AES-256 bit encryption. Both are proprietary implementations not using any open source or other 3rd party code. This is inclusive of the authentication process for determining if the app or server is consistent with what is expected to be on the device, and on the specific device. And, if any device is rooted, the app shuts down.
Third: the encryption process never shares a key with another instance for securing the communications. Both sides validate each other as trusted, and then utilize a proprietary algorithm of encrypting the communications session, not once but twice.
There's more, but this is the core of the process. See the Technical Page. Know this: No information shared provides a hacker or bad actor any information of what is being communicated, how, and where. A sniffer could see packets, but will has not and will not be able to interpret the packets.
Let's logic this out - myKryptofon never sends or receives the security keys. There is no tradition key management server. Instead, myKryptofon securely moves the communication credentials to the endpoint you are communicating with, and then begins the voice or text or other communications. When the communications are terminated by one of the two parties in the communication session, the credentials are immediately destroyed, never to be used again, the the fact that the communications session even existed, is shredded, or bleached (to use a recent popular word)
- There are no security keys put in the air or on the wire for someone to intercept, and therefore, nothing to intercept and try to decrypt the media or data.
- No encryption keys are stored on a server or the endpoint device, and therefore, there's no location to harvest the key and then try to decrypt the media or data.
- There's no history of the secure communication session stored.
We have endured 20+ commercial and government tests over a 4 year time. In not a one of them, not once was there a penetration of our communications. We've been told that decrypting AES256 bit encryption without having an encryption key could be done, but a the organization decrypting the data stream would need 5 years dedicated use of a supercomputer to accomplish it.
Now, we doubly encrypt our data. Each call, chat, transfer, alert, etc., is uniquely encrypted. A bad actor has very little prospect of success in decrypting the myKryptfon data steam to begin with, much less succeed in the complete eavesdropping.
We have eliminated the attack surfaces. All myKryptofon applications themselves have securely encrypted executables. All names, strings, classes, etc., are encrypted. No temporary data is ever saved to storage.
They can try, but we recently have passed top-secret level tests whereby the attackers could not even start to successfully get into the server. Why would this be? Once again, we've eliminate the attack surfaces on a server. This includes elimination of:
- All email software
- All Web software - we do not use a web server or web browser in the myKryptofon solution
- We close down most ports
- Any communications arriving from a non-trusted source are dropped. Repeated attempts of communications from a non-trusted source are blocked.
- Most user information on the server does not exists, and that little that does, is encrypted on the server
Every communication between myKryptofon endpoints is completed with a unique encryption key. The key is uniquely generated for that communications session only, and, never is reused in part or in total.
In addition, if you make 25 calls in a day, each call is uniquely encrypted. If you make 50, you have 50 uniquely encrypted sessions. If you have a call, a text chat, a group chat and a picture transfer occurring simultaneously, each of these are an individual communication session, and each is encrypted with a unique encryption key.
Yes, however you must have data access. Usage will not count against you normal voice minutes or SMS message limits, but will instead count against your data usage.
It depends on what you are doing with myKryptofon
The largest consumer of data is a voice call. This will use 60kbps.
The next largested user of data is picture or file transfers, and the usage is determined by the size of what you are transferring.
myKryptofon operates on the most secure mobile platform available: Android. Unlike other mobile systems, Android provides us with the ability to actively detect attempts to eavesdrop or steal your communications - for example: myKryptofon will not work if another application on the Android is using the microphone. When an intrusion is detected, myKryptofon makes you aware of the attempt, and if necessary, shuts down the communication before the eavesdropping or theft can be successful.
myKryptofon requires an Android device with an Android OS 4.0+ operating system. Smartphones and tablets from a variety of manufacturers are supported.
No. The communications signalling is secured with every communications session. There is no "metadata" to show who was calling whom (or who was texting whom).
Hackers, cyber-spies, rogue organizations and the like can capture anything in the air. With myKryptofon, all of the of the communication session data is uniquely encrypted with no decryption occurring anywhere along it's path to the other myKryptofon endpoint.
If they capture our encrypted packets, they would have to decrypt dual SHA-256 encryption with no idea what the encryption keys for the dual encryption are. For a hacker or other entity to access the data would require them to decrypt our AES-256bit encrypted packets...twice. And, with every communications session protected with this proprietary method, there currently isn't enough computing power available to successfully attack our data streams in a timely and meaninful fashion.
No. Once a communication session is ended, there is no residual information, history, or breadcrumb trail, encryption key, etc., left on the Android device to show that the communication session ever happened!
No. The security credentials are negotiated between the endpoints where myKRyptofon is running, and each myKryptofon endpoint calculates the security key to be utilized. Cifercom has no clue what the encryption key is.
No. The secure communications occur endpoint to endpoint, not through any server.
No. The communications never decrypt for anyone to be able to intercept your communication (and therefore find metadata or the actual communications). Our approach is to block anyone from seeing any of the communications in any possible fashion. Our motto: No Eavesdroppers allowed! We do not rely on centralized administrators to communicate securely.
Since all security credentials take place between two myKryptofon endpoints, we have no abilities to eavesdrop through a backdoor. A backdoor simply doesn't exist...it can't by design. Not even we can access your secure and private communications....meeting our objective of enabling the human right to communicate freely, securely, and privately.