Global Professional Services Since 1994

Security Based Protocols

BC Business Services, Inc. 
Global Professional Services Since 1994

Download this File  Opens in New Window)

Records Security - Emailing - Document Shredding

If you are interested in setting up such an email and security protection documents system that we employ (and you will see why you would want to), then let us know. We offer this service.

In reading this, keep in mind that you do want to do business with our firm and there is good reason for it.  The owners of BC Business Services Inc. have not only been employed as an Assistant Mathematician in the past developing PhD level texts in high-energy Physics but also have extensive education in Programming and Computer Operations among other areas.

That said, we know what we are talking about when it comes to high-security systems to the extreme end of the matrix. And as you will see, use our Physics and Computer knowledge to protect clients and the data that we may store for them.  

First and foremost, our Building contains cameras and alarms as well as sufficient security measures in place to protect your business records; documents, checks, mail and other parcels and there has never been a problem with break-ins.

For emailing, we use extreme security with Proton Mail which is a Secure Email Service with end-to-end encryption based in Switzerland. Emails to you by us in transit are fully encrypted and remain that way until they arrive in your email.

Please note, most email services that you may currently use are not the same.  G-mail and others have noted that they would implement end-to-end encryption but have not yet done so. As such many others that provide email services are not protected with end-to-end encryption. When we say end-to-end, it means that emails are encrypted and secure from the time it leaves our in-box, the time it travels over the internet, until it arrives into yours. 

Without such measures, emails you send or could receive, may be compromised and many times most likely are.  Perhaps even by the Government.  Perhaps this is the real reason for the extreme amount of cases relating to privacy, and as you will see, we do note Norton in this protocol.  It may not be as you mostly believe it to be? Then again, one would be need to better understand a bit more about physics, computer science, and programming to fully understand why.  Though we will try to explain it here.

In addition, our email contains two security measures. One to enter the email server; and another one to decrypt messages on the server. All messages are stored encrypted on the servers. This means even if a hacker was to gain access to the server, they would still need to decrypt the in-box to see the messages. So if by chance one method were compromised, the other would still prevent it.

And gaining access to even one level; would not be an easy task as you will see. We employ extreme protocols that contain 40+ characters for each password, composed of special characters, non-English words, multiple languages, and/or words that are just not words at all which do show up in dictionaries.  And this is very complex for hackers as you will see. It should be noted that average passwords are only 8 or so characters.

Many hackers, use what are known as brute force attacks, employing in many cases, dictionary attacks. This means they try to find a password and use dictionaries to do so. Or using what personal information that may be known them about the victim. 

Birthday, marriage date, city married, kids names, mothers name, and many others. And many people use these combinations and other particulars when they create paswords. For simple reason, they are easy to remember. Or they count on their computer or phone etc. to store them. Which may be vulnerable. Once they gain access to such devices which in most cases are not that secure, they have what they need to gain access to your life. As such, using passwords that most people employ, they are relatively simple to break in such instances. 

It should be noted that statistical reference shows that many passwords that people use, are easily broken using cray computer systems. Many are broken in less than 30 minutes or even a minute in most cases. The increased operating speeds of the CPU of course, particularly with cray systems leads to faster brute forces.

Complicating it further, using multiple-language passwords and other non related words, makes it extremely more difficult. And adding special characters and otherwise further complicates it to the nth degree.  And when passwords exceed even 10 characters they become astronomically more difficult to crack. Let alone 40+. But that is not all, as you will see below. We up the ante on server sides and brutes as well.   Perhaps to the point of frying a perpetrator's systems in the process. One can only dream (smiles).

Without the noted matters below instituted, there can be little doubt that it would be estimated that to break one password of ours, by brute or other force, even using advanced cray systems, would take 1000s of years to access it.

Even so servers would time-out with denial, in many cases, depending on the complications, forcing termination to the brute . This is important to prevent brutes from gaining access. Even so using the measures we employ may, as noted, even fry a system that is trying to brute as they run into machine code, that may create system dumps and loops to further complicate it. In terms of computer operations and routines this is entirely possible to accomplish,

To up the ante, which is extreme, we also encrypt attachments many times using PGP and other security measures at the extreme end of the helix. Simply stated, this is over the top measures for most businesses, but we do understand computers, physics and programming so we don't see it the same.

It should be noted however, even without these measures, Proton was developed by Physicists and Mathematicians from Cern, who controls the system. Think of Super Collidors, Particle Physics and Einstein, And you will know Cern. Much like Fermilabs in the United States, except a bit more advanced.

They also add to it with all open source libraries which means they make codes available to the public. This prevents backdoors as they are known. And it has not been hacked to date; though they have run gambits of tests from experts in Physics and otherwise PhD level professors from MIT and others to challenge them with high prize awards to do so. And all have failed. 

Even so using as we do at times, PGP encryption as well other methods, which is a nightmare to crack in itself, provides not two but 3 measures and more. Even if they were to hack into the Proton System, which is highly unlikely through backdoors or otherwise, they would still need to decrypt the PGP files as well.  This in itself is not a simple thing to do. And passwords are not locally stored on systems to do so. This further complicates the matter.  And we take it further with shredding as you will see.  

In all, could a person or agency crack our passwords and codes that we use, anything is possible but in today's world of computing and understanding the true bare bones of the matters, along with Physics and otherwise; we can say that with all methods employed; No they will not do so. Computing is quick today but it's still not fast enough. And even advanced cray and other system are still far from being capable to penetrate.

Keep in mind that many passwords are locally stored on systems. Not long ago, to our knowledge, Dropbox and others do the same. This is one reason we do not use Dropbox and many others for cloud systems.

With proper subpoena and otherwise, people can and will gain access to them. And having passwords stored locally on their systems allow them to decrypt your emails or attachments in doing so.  And they are not secure on the servers though many people do use them believing them to be so.

This thinking is the same thinking that users of TOR believe. That they are secure in what they do and using such systems they cannot be tracked or their identities known when using the “Dark web.”

This web, or TOR was originally created to protect government agents, Spys if you will from being tracked by foreign governments. Of course there are always bad apples out there so many have turned to the “dark web.” Though this is not all what TOR is about.

To make a long story short and to get to the point, there is a matter known ad bridging which TOR uses. This means that a persons IP (Internet Protocol) address may show up in say Brussels when they are actually in the United States. This is because others users of TOR act as bridges so that IP addresses seem to be somewhere else but are really just piggybacking if you will on another user who is located in Brussels.

As noted many people believe this is protection but they are sadly mistaken. The problem with Bridging is one thing and that is it changes at times to put their IP in another location. Say in Russia. And when that happens, when they “switch bridges” as it is generally known as, they are not under the TOR system. Or in other words their IP address is readily visible for anyone that many be trying to track them. Of course it happens in milliseconds and even faster but in terms of a good CPU, it's into the hours. And thus they are tagged.

Getting back to the point of this Article, t
his is not the same here.  Unlike Dropbox and others; even with a properly Served Subpoena, that one would need to submit to Switzerland, (which has some of the worlds best privacy laws) one would could still need all the encryption codes to decrypt messages. Proton does not have them stored locally. Unlike Dropbox or other providers they can't decrypt the in-box without it.

Subpoenas have been served but most do not bother as when they get the messages they only get piecemeal encrypted junk that is not usable.  As noted even though messages and otherwise may be delivered under subpoena, messages are still stored encrypted server sides (encrypted stored on servers).  Unusable without proper decryption codes which are not stored locally. So why bother. Lawsuits are about economics; and the overall understanding is that the more you can cost the adverse party, the more likely they are to cease-and-desist as the old saying goes.  We also have education in the legal fields as well.

In Latin, serving such a Subpoena on the Swiss servers for records is a moot point. It should also be noted to date (to our knowledge), less than 100 subpoenas have been served onto Proton for these reasons from the United States.  Simply put it is high security. And smart law firms also know that. It should be noted that G-mail, Yahoo and others receive 10s of thousands each year. And comply with most. 

The same holds true for many others; Dropbox and others. Though to what degree they comply we are not aware and it does not matter. The whole point here is that unlike Proton, they store passwords locally. To that extent there can be only one logical conclusion here. They comply and turn over decrypted emails and attachments.

So the point is, we
do not implement these procedures for reasons of illicit activity but we do believe that privacy should be respected; regardless of a few over zealous attorneys and rights activists thinking otherwise. And concerning the nature of our business primarily being financial in nature; security is paramount. And we do not and will not allow others to compromise it.  

We take further measures as well when it comes to erasing files as we do, we do so with at least 20+ shreds. US Department of Defense procedures consider 7 to be sufficient to destroy file accesses.  But we are not the Department of Defense.  No offense to them of course. We just believe in added security. It should be noted that shredding above 7 times does take longer.

You can be sure, when they are shredded; not just deleted, they are gone.  But that's not all. As you will see below in relating to free space shredding on systems. Before doing so, in most cases, we not only shred them but convert files to binary based code and convert them to PGP files before shredding. 

In Physics related terms, an impossible task to accomplish in decrypting the threads.  The owners have been to schooling as noted for Computer Operations and Micro-Computer Operations. That means we understand what Binary and Hexadecimal and other computer machine languages are about.  Including Dos, OS, OS/JCL, JCL, C, C+, C++, E, Assembly and others. Including understanding IBM and other utility based programming languages which we also have been educated in.  

To make matters worse, we believe to the most extent that shredding a file does have its advantages in the bits and pieces, which we call threads. To the point that the files are converted many times to PGP encrypted files, this wold mean logically that without the full encryption codes attached to such files stores in their mailbox, partitions if you will in computer terms, there would be no way for a hacker or others to even view any threads that could be found.

In this sense, they would need the PGP encryption codes that were used before the shred took place. Which would be scattered throughout the threads. What is comes down to is that without full thread access which is not going to happen, they would still be encrypted when viewed. Complicating the matters worse, we also use the same to shred our computer free space. Which I will explain.

What I mean by this is that there is in terms of computer operations what is known as partitions in the computer. Think of them as most teach, they are like mail boxes. The CUP stores various file bits in each of these partitions and then when accessed say a word document the parts are pieced back together. Of course this happens lightening fast and in a split second in terms of computer output.

When files are deleted and even shredded they are not truly gone as they are stored in these partitions which have lost their address if you will And they are there until another file writes over them. In such case an in-depth computer audit and analysis may be able to bring back these files and piece them back together. Recovering them if you will.

When shredding free space however, it in essence shreds the bits in the partitions so that they are not recoverable. So when the computer looks for file threads or the bits they won't be located. If that makes sense. It's a bit complex I realize but in essence this is what is more or less happening in the virtual world.

The point above is simple, we do know what converting and binary conversions are doing to the internal workings of the computer and how the computer is looking at it in it's partitions and otherwise which in itself is going to confuse the CPU.

In some cases, creating such instances may as noted, very well indeed fry a brutes system; even the most advanced cray systems. Looping and dumping until it's routines are severed from timeouts. Of course we are not trying to fry a perfectly good CPU by employing such measures but we also did not ask them to invade our virtual world?

Important note relating to shreds and common systems:  
Many systems shred files now; Norton 360 for example may even do this, and they do, but keep in mind one thing, they are not shredding at the level we are and are not even close to it. It is most likely they are only shredding to 7 or so shreds as it is generally considered sufficient. Of course we do not know but it really does not matter for this.

We suspect though we wont' attempt such matters, that during a proper search of files on a system; shredded under such noted systems that Norton or others use; threads could be recovered and accessed.  Meaning one thing, they are not shredded to the level that it is noted in our matters.

Simply put in terms of looking at from a truly machine viewpoint, they don't even come close and it's not very unlikely they ever will unless they understand more in-depth complicated Physics which is related.

And we would believe based on our Physics education and computer programming and other knowledge; a "smart" person could get access to the threads.  Norton or others portray advanced security; or even companies like Dropbox being the thing for cloud storage; may deny access of course.  And for the most part, it works for most people.

Keep in mind that when you email us back, emailing us is not encrypted unless you are also using Proton Mail as well. In such case we suggest you delete or not include attachments or other sensitive information that may be compromised by a third-party. Sending messages over our website of course is not the same as it is secure.

We will in some cases, set up a pass-word for you to bypass this issue when sending emails or even give you access to secure cloud servers which are also based in Switzerland.  This way when you email back it will be on those Servers and not on G-mail or others who can be compromised in sending the responses. Of course most people do not need such high-security but again, we depend on it.  And with that said, our business saying holds true; coined much time ago: 

"If we can't do it or get it done. It can't be done."  Over the top for some perhaps, but we live in the realm of the doable. It's that simple! Not in the realm where many putter along watching us acquire more foothold overseas and taking away market share and customers. 

In fine, if you are interested in using Proton and high-security cloud systems; deploying the security measures that we employ; let us know and we can set up a system for you to eliminate any chance of hacking or data compromise. 

It's up to you as a company, or an individual; but we believe in security and protection of privacy and we don't compromise on it.  If you want to stay in business; or ensure that you are fully protected, let alone compliant, from hacks; etc., you may want to consider the same.

Thank you! 

BC Business Services, Inc. 
Global Professional Services Since 1994

Global Professional Services Since 1994