briefgeheimnis.at enables you to send secure electronic messages, which no hacker, law enforcement, or intelligence agency can ever monitor or access. In Europe, the Privacy of Correspondence is considered a fundamental civil right and one of the major societal achievements; one which should never be compromised, particularly now in the Information Age. We can— in contrast to many providers — guarantee and prove that even the technicians who operate our service cannot read your personal messages and that the authorities, even in the event of the confiscation of our servers, cannot access your personal correspondence. With briefgeheimnis.at you can always be certain that correspondences remain strictly confidential between the sender and the intended recipients.

briefgeheimnis.at was created in collaboration between two groups of Austrian experts. With years of experience and a shared way of thinking, they built a robust, protective and completely tap-proof system.

• A group of world-renowned IT experts from the research company RISE, who are also the technical patent-holder. The software technology specialists are responsible for innovations like the Austrian national medical card (eCard).
  

• Created and designed by experienced, former high-level executives in intelligence services of military and police, with a strong interest in preserving the privacy of communication in the Internet. The professional network of these insiders ensures the verification of integrity of briefgeheimnis.at. Information about the identity of these persons only on personal requests.

In Europe, the Privacy of Correspondence is a constitutionally protected civil right and these practices represent a blatant violation of years of established law and political tradition. In the past, regardless of the size or method of the correspondence, access could only be granted by the order of a judge. Now, however, with all the recent expansions in global communications monitoring and metadata collection, the debate over privacy has become increasingly focused on the telecommunications sector.

This has been driven in recent years by large national and global telecommunications companies that have mainly focused their efforts on marketing and establishing strong growth in the areas of email, SMS and social media. Unfortunately, the privacy of their users has not been their primary objective. As a result, users are often forced to accept that:

• The contents of their personal messages can be searched automatically.
• Foreign Intelligence agencies can monitor communication without a warrant or the knowledge of the author.
• The internal IT staff that operates their computer systems has easy access to their personal information.
• Often the encryption techniques of many IT specialists are flawed and ineffectual.
• Sometimes unauthorized copies of their correspondence become the collateral damage of police seizures.
• Their personal data is vulnerable to theft from hackers and other unauthorized third parties.

In contrast, briefgeheimnis.at has the primary goal of providing its users with completely secure electronic correspondence that was specifically developed as a response to these recent developments in global communications monitoring and metadata gathering. We can guarantee, if you join our network, that no intelligence agency, private investigator, law enforcement officer, or hacker will ever be able to access your personal correspondence. Similar systems to briefgeheimnis.at have been shutdown in other countries, but in a democratic and civil rights conscious Europe, the government and qualified technical specialists agree: there is a clear need for this service and the protection of the system is guaranteed.

Now, the right to privacy and personal correspondence is returned to you. You decide who reads your messages, no one else.

(In Europe, this is typically guaranteed by the fundamental laws of a country, as in Austria by Article 10 of the Basic Law (Organic Law) for the secrecy, Article 10a of the Basic Law for the secrecy and Article 8 ECHR (right to respect for private and family life), in Germany by the Article 10 of the Basic Law or in France including through the Article 226-15 of the Constitution. In Austria, for example, the § 118 of the Criminal Code sanctions the breach of the "secret writing", at European level, for example, regulates the directive 97/66 of 15 December 1997.)

briefgeheimnis.at does not ask for any personal data for registration.

briefgeheimnis.at does not store any personal data or meta-data.

briefgeheimnis.at does not collect, monitor, or share any of your data.

briefgeheimnis.at is completely independent in terms of financial and technological issues. Secure and reliable functionality are always our primary concern and this level of independence ensures that briefgeheimnis.at will be continuously enhanced and remain state-of-the-art.

briefgeheimnis.at is not dependent on funding from third parties. We guarantee that the system will always remain ad-free.

The mission of briefgeheimnis.at to provide secure communication is based upon longstanding research and development. The result is a hybrid of state-of-the-art performant cryptography with a convenient and elegant Web client. This web client is designed to offer the user the benefits of modern cryptography for exchanging confidential messages, while keeping touchpoints with the underlying complex technology to a minimum.

The core of briefgeheimnis.at is the cryptography concept which is transparent and disclosed to interested users and encrypts the users' communication in several successive steps. In addition to SSL/TLS, an own security layer is used for transport encryption and end-to-end encryption of the messages to avoid unwanted abuse of the system. This method prevents monitoring by any third party and allows access to the messages only by the corresponding sender and recipients. You, as a user, now have the assurance that you can freely exercise your right to private communication.

briefgeheimnis.at is based on client-server architecture. The client is implemented as a web application using JavaScript. The integrity of the client is ensured by using a browser plug-in (currently available for Firefox, support for other browsers to follow).

The communication between client and server is protected through TLS and an additional secure channel based on EC-FHMQV (authenticated key exchange based on EC M511, 256bit Security) and AES-GCM (authenticated secure channel using one-time session key, 256bit Security). The cryptographic primitives used offer Perfect Forward Secrecy (PFS). Even if the private key somehow becomes exposed in the future, any decryption of intercepted data is still not possible. The end-to-end encryption of data is based on ECDH (authenticated key exchange based on curve25519, 128bit Security) and AES-GCM (content encryption, 256-bit security). This guarantees an implicit integrity of messages by a cryptographic signature.

On the one hand the server has the role of a directory service for exchanging public keys. On the other hand it also serves as a storage medium for the messages. The messages themselves are stored in a way that the system is only aware of the message addressee (i.e. messages are relatable to a recipient), yet the identity of the sender will remain unknown.

The basic idea behind briefgeheimnis.at is to provide reliable protection for your communications against spying during transmission and collateral damage of police seizure or the confiscation of servers. The end-to-end encryption of all transferred data and the underlying cryptographic concept extend far beyond the typical requirements of traditional e-mail encryption. The entire architecture of the system is designed to minimize the amount of information necessary for communication, so that hardly any conclusions can be made about the users.

Risk model and maturity level of protection:

• Large-scale eavesdropping and spying on communication connections
  • It is not possible to find out who is communicating with whom, only which IP addresses communicate with the briefgeheimnis.at server.
  • Contents of the communication are protected for all contacts (verified/non-verified).
• Confiscation of the briefgeheimnis.at server
  • The data stored at the server-side does not reveal any information about who has communicated with whom in the past. It can only be determined to which user a message is addressed (but not which attachments).
  • Contents of the communication are protected for all contacts (verified/non-verified)
• Confiscation of a client
  • The level of security depends on the strength of a users' chosen password for protecting the private key. If the password is not known, there is no increased risk to the user compared to the other scenarios mentioned so far.
  • If the password is known, all communications, communication partners, and contents of the particular account are visible.
• Infiltration of the briefgeheimnis.at server
  • In this unlikely event, it is possible to determine at the IP layer, who communicated with whom
  • The protection of the contents of a communication is in this case only ensured for verified contacts.

The risk of backdoors in software (i.e. system access by bypassing normal protective measures) is greater now than ever before. However, briefgeheimnis.at has no interest in such methods or to support such methods, and certainly would not implement these methods themselves. The law in Austria strictly prohibits the introduction of backdoors on constitutional and prosecutorial levels.

Here, a distinction must be made. Data involved in an electronic communication contains much more information than the actual content of the message. There are three distinct types of data:

• Master data (such as name, address, date of birth, etc.)
• Traffic data (metadata, which are used in the course of digital communication, such as IP addresses, timestamps, etc.)
• Content data (the actual content of the communication, such as message text, attachments, etc.)

briefgeheimnis.at is committed to data minimization. For this reason, briefgeheimnis.at will never disclose any users' master data. We have no need to share this information and certainly would not take advantage of this information for any financial or business reasons. The processing and storage of traffic data is done solely to the extent that it is necessary for the system to operate. Therefore, all user data will be strictly safeguarded, exclusively kept on our system and integrated into the cryptography concept when possible. The system development follows the principles of need-to-know as well as of the strict regulation of purpose, to avoid gaining information from metadata. The content data of any conversation is also subject to the cryptography concept of briefgeheimnis.at and therefore protected against spying and monitoring by third parties.

When you create an account, a private key is generated which is used for decrypting your data. This private key must be saved so it remains available after restarting the Web browser. For saving your private key, different mechanisms are available depending on which browser you use. Note, that an application in a browser cannot simply save the private key to a file on your hard disk because the browser is running within a "sandbox" and therefore does not allow direct access to your local hard drive.

• Firefox and Internet Explorer both use the "IndexedDB", which stores these objects within the database on the browser.
• Chrome and Opera use the "File System API" which provides dedicated local file system where Web applications can save files. For this purpose, a dialogue needs to be confirmed by the Web application before write accesses are allowed by the user.
• Safari uses "WebSQL". This is the predecessor of "IndexedDB" and allows to store data within a relational database of the browser.

Simply click the button "Register for free" on our start page. On the next page you will be prompted to choose a name and enter a password. This password is used to encrypt your private key. Neither passphrase nor private key are transmitted to the server, they are only stored locally within your browser. After a click on the "Create Account" button your personal key pair (public key + private key) will be created for you and unlock your profile. By selecting the profile and entering your password you are now able to use your profile.

Your profile is your identity in the briefgeheimnis.at system, similar to an email address for a traditional email system. Each profile is independent and autonomous and will not provide any information about you or any of your other profiles.

briefgeheimnis.at offers two different profile types.
Private profiles afford the greatest security. Before sending messages from a private profile to other users, an additional code (token) must be exchanged between the two contacts. In contrast, public profiles enable sending and receiving messages to and from other public users without any preceeding verification process. You only need the profile name of the other contact.

Yes, you can create as many profiles for briefgeheimnis.at as you want.

briefgeheimnis.at's authentication process is largely based on cryptographic keys. A user‘s password is used as an additional security measure, as it also encrypts the user‘s cryptographic keys. For this reason, a sufficiently complex password should be chosen. Since the actual decryption of the message content makes use of the cryptographic keys, they should be backed up. You can find the corresponding function "Export profile" in the settings screen. An information dialog will remind you the first time you log in.
In case you lose your password and did not create a backup of your profile, there is no way to access your profile or to reset your password or keys. If someone else gains access to your profile backup, they will be able to access your profile and view your messages. Therefore, you should store the backup file containing your cryptographic keys only on a secure storage medium, such as an encrypted USB drive. The actual name of a user‘s profile is secondary: it is used to distinguish between identities if you have created multiple profiles and (in case of a public profile) enables others to find you.

To ensure optimal security, briefgeheimnis.at currently does not support unencrypted messages from and to traditional email providers. This means, for securely exchanging messages, both sender and receiver need to have a briefgeheimnis.at account. The support of traditional email within briefgeheimnis.at is a potential future feature.

There are two categories of security levels, but they are casually related to each other: those of contacts and those of messages.
With contacts found in the address book, there is a distinction between "Verified contacts" and "Non-verified contacts". "Verified contact" means that a token has already been exchanged between the two parties and you can be sure that the contact really is who he or she claims to be. "Non-verified contact", however, means that you are dealing with a public contact that could be anyone registered under that name. Also, your former contact may have deleted his or her profile and someone else could have re-registered with the same name.
Each message is signed by the sender with a cryptographic key.

• The status "Signature verified" indicates that a message is really from the intended profile and that the sender's profile has not been compromised or manipulated. In the "Sent" folder you should only find the "Signature verified" status because it is your own signature.
• The status "Signature verification failed" indicates that your profile has sent a message to a contact with whom you have not exchanged tokens, or whose token you previously had, have been deleted. Even if the token is exchanged again, the status does not change later for that particular message. In other words, this status means that this message has been tampered with.
• The status of "Unknown contact" means that it is a private contact that you do not have in your address book. Alternatively, this could indicate a private or public contact that was previously in your address book, but has been deleted. The status of the message will remain even if you add the contact later.
• The status "Non-verified contact" and the status "Verified contact" mean the same for messages like in the address book.

SafeGuard is a browser plug-in that makes your messaging even more secure. SafeGuard establishes a separate connection to the briefgeheimnis.at server and checks, whether the web application has been initialized correctly on your computer. The plug-in is able to detect, whether a third party has tampered with any files or is otherwise trying to gain access to your profile, and thus provides additional protection against unwarranted monitoring. Currently, SafeGuard is available for Firefox, yet in the near future the plug-in will also be available for further Web browsers.

In general, in briefgeheimnis.at all data is encrypted and the system itself does not know anything about its users. This means, however, that briefgeheimnis.at cannot ensure that your counterpart is in fact the person he or she claims to be. To solve this problem, there are verification tokens. A token is a code that you can generate automatically when you create a contact. This code should then be passed to your intended recipient in a secure way, ideally in person. A token is valid only once and after it has been entered it cannot be used by anyone else.
This means that if the token verification succeeds you know for sure that a contact is the person he or she claims to be. Conversely, if the input fails, you know that someone is trying to impersonate your intended recipient and the communication has been compromised. In addition to the verification code, a random image will be generated. This image is displayed next to the token input of your counterpart. If it is different from the image generated at your counterpart’s side then this is another indication that the token has been manipulated (i.e. another protection mechanism for the token).
In case, your counterpart deletes his or her profile and somebody else tries to contact you under the same name, this is reported by briefgeheimnis.at after a token exchange. Thus we can expose impostors immediately.

For security reasons, your keys are only stored locally on your computer. If you lose your keys and did not backup your profile, it is impossible to log in again or to regain access to your messages. Therefore, we strongly recommend to backup your profile.

Since your password is only stored locally on your computer, no new password can be requested and the current password can not be reset. However, you can change your password, if you are already logged-in. Simply click on your name and in the following menu on the button "Change Password".

When a message was sent to multiple contacts, none of the recipients is able to see the other addressees. This approach fosters both security and privacy. However, it is possible to manually add additional recipients to a reply message from your address book.

To use your profile in different browsers and on different devices, you need to export and import its profile key. First, you must be logged in on the device and browser that the profile was created with. When you are logged in, click on "Settings", then on "Export profile" to save the backup file. Please note that the created file should be securely stored at a location where only you have access to, such as an encrypted USB stick or an encrypted hard drive. Storing the key file in a cloud storage service is strongly discouraged.

Now open briefgeheimnis.at in the new browser or on the new device you would like to use. Find the function "Import profile" just below the button to register a new profile. Click the link and select the previously exported file. Now your profile will be imported and the device will be ready for use.

After logging in, you find your support code in the "My profile" screen. The support code is only known by you. If you pass it on you can be clearly identified. This can be useful, for example, if an error occurs in your briefgeheimnis.at client and you want to have help from our support technicians. The code is not mandatory in all support cases and the disclosure of the code is completely voluntary. This can also be useful when you have grounds to believe that someone else has access to your profile. If you tell us the code, we can lock your profile at your request.

If you cannot find the answer to your problem on these pages, please contact us! If you own a public profile, simply use the feedback or support function in the top right corner. In case you do not have a briefgeheimnis.at profile yet (or use a private profile), please contact us by email at info@briefgeheimnis.at.