ANON::form offers a complete solution for secure web contact and other forms sent as e-mail. ANON::form meet all existing requirements for not only security, but also anonymity and privacy.
1. ANON::form
when privacy is important
“We believe in a world with a free flow of data and
information, with freedom of expression without
retaliation and with respect for human rights.”
anonform.com #privacy #gdpr #cybersecurity #infosec
(The ANON::form Team)
2. ANON::form
the short story…
ANON::form offers a complete solution for secure web
contact and other forms sent as e-mail. ANON::form meet
all existing requirements for not only security, but also
anonymity and privacy. Such as:
Registration forms for whistleblowers (important!)
News tip forms for journalists
Contact forms for lawyers
Sickness leave and similar forms for employees
Business lead and contact forms
Order forms without a backend system
and all other kind of forms where privacy matters…
Do not leave your contact forms to be the forgotten
weakest link in your cyber security! Get in touch!
anonform.com #privacy #gdpr #cybersecurity #infosec
3. Who should have the right, or even the opportunity,
to read your communication? The obvious answer
should be; I who send and you who receive the
message!
In reality, it does not work that way at all. In fact, there are quite a
few who have access to your digital communications; everything
from the staff who take care of the systems that handle your
messages, to cybercriminals who break in or steal on the road, to
authorities who, under various pretexts, request access.
And when a message is sent, data is created and saved in various
cache, intermediate storage, logs, metadata, etc.
In some cases, your message can be saved complete with not only
the content in clear text, but also info about sender, recipient, time
and a lot of other sensitive data, in a forgotten server log.
This is, of cause, also true for all web forms who use e-mail
as transport layer and end up in some user mailbox.
This is important to consider, not only in matters of GDPR or
other regulations, but also in terms of profiling or economic
and industrial espionage.
Web forms sent by e-mail are still the most common type of
contact form, but also the most overlooked when it comes
to security and privacy.
Interesting? Read more here…
anonform.com #privacy #gdpr #cybersecurity #infosec
4. It can be stated that the security and anonymity of e-
mails is still downright lousy. The absolute majority
of sent e-mails are completely unprotected.
I the beginning, all e-mail traffic was sent and stored in clear
text.
Modern e-mail systems of today encrypt the transfer and run at
secure servers. But all messages are still sent and stored as
clear text.
Some major e-mail systems do encrypt messages, but only
when stored. Providers claim and sell these systems as "Secure
E-mail“. But be aware; all messages are still accessable by the
system and the system personnel.
anonform.com #privacy #gdpr #cybersecurity #infosec
5. True secure e-mail communication require End-to-
End Encryption (E2EE). Anonymous communication
require no logs, no caches, no cookies, no tracking.
In true End-to-End Encryption, encryption occurs at the
device level. That is, every message or file is encrypted
before it leaves the phone or computer and isn't decrypted
until it reaches its destination.
But be aware that all communication still generate a lot of
metadata about sender, receicver, timestamps, device,
place etc stored in logs, cache, cookies and tempfiles.
Metadata can be used for tracking, profiling and even
revealing a sender who must be anonymous.
Interesting? Read more here…
anonform.com #privacy #gdpr #cybersecurity #infosec
6. “The EU is committed to having a well functioning
democratic system based on the rule of law. That
includes providing a high level of protection across
the Union to those whistle-blowers who have the
courage to speak up. No one should risk their
reputation or job for exposing illegal behaviours.”
From 2021, the EU requires that all public activities and
companies with more than 50 employees, municipalities with
more than 10,000 inhabitants and organizations that are
sensitive to money laundering or terrorist financing be
required to create safe, effective and efficient reporting
channels that guarantee protection against whistleblower
retaliation.
Other example of where protected reporting (whistleblowing)
channels are required are tip reception for journalists,
newspapers and other media.
Anyone who uses this channels must dare to trust that
confidentiality and anonymity are maintained
throughout the process.
Interesting? Read more here…
anonform.com #privacy #gdpr #cybersecurity #infosec
(Anna-Maja Henriksson, Finland’s Minister of Justice)
7. ANON::form
about the service…
The ANON::form service are built for privacy. Beside true
End-to-End Encryption (E2EE), everything are locked
down and wrapped in multiple security and anonymous
layers.
All form data are encrypted already in the form and sent
by encrypted transport directly to the receiving e-mail
system, to be stored encrypted. And decrypted in the
receiver e-mail application only.
The ANON::form service do not store anything in the
browser or in any system server log. The visible sender of
the message is the service itself.
All standard forms are responsive with all images and
code embedded. Full language support are provided by
language libraries. Three domains are available. Forms can
be embedded in your website or be used standalone.
But you are, of cause, free to design your own forms and
use your own domain. With some assistance from us.
anonform.com #privacy #gdpr #cybersecurity #infosec
8. ANON::form
about the technical…
The ANON::form system is a hybrid solution where the form
content is encrypted in the browser and then sent to a back-end
system which, after “delousing” and control, sends the content
to a secure e-mail recipient where the content is decrypted in
the recipient’s e-mail client.
Please note; ANON::form does not provide any e-mail service.
The recipient must have at least one secure e-mail box that
supports PGP. Either from an external provider, or in their own
existing system. We can assist to create that part when needed,
there are even free solutions available.
The back-end system also generates forms from templates and
language libraries which provides great, almost endless,
opportunities to create custom forms for most existing needs,
well integrated into existing solutions.
We offer three different domains for our forms according to
"[your shortcode].domain.tld"; sec.contact, secure.ax and
turvaisa.fi. We support other domains and can both register
and administer domains and required certificates when needed.
anonform.com #privacy #gdpr #cybersecurity #infosec
9. ANON::form
privacy and security…
E2EE encryption with OpenPGP; private key generated,
owned and managed by the user
Transport encryption with SHA256/RSA 2048 bits/TLS 1.2+
Multiple firewalls, DDoS protection, active intrusion system
with IP blacklisting, anti injection protection
Our servers are located in Europe and are operated by
European providers
One-time fetch; all images and code are embedded in page
Zero Access, stored encrypted
No-Trace Policy for messages; no logs, nothing saved in
computer or browser, no external services embedded
Spam protection with locally installed Captcha service
Compliant with GDPR, PCI DSS, HIPAA and NIST.
Receive A+ rating from Qualsys SSL Labs and ImmuniWeb
anonform.com #privacy #gdpr #cybersecurity #infosec
10. ANON::form
the pricing model…
We charge a monthly service fee based on user services, paid
for in advance. The minimum subscription time is 3 months.
Long term subscriptions and 6+ months pre-payments
entitles to a discount.
We charge a one-time fee for the set-up of the service.
We offer a Basic package who include our 4 standard forms,
3 standard languages and one standard subdomain. You
may use your own logo and CSS at no extra cost.
All customization, including language libs, made or handled
by us are charged for as one-time fees. Extra or customized
forms, domain(s) and certificate(s) are charged for in the
service month fee.
Services used to receive our form submissions are managed
and charged for by the used service provider. Support or
installations we perform are charged as consulting work.
Please visit our website for current prices and conditions.
anonform.com #privacy #gdpr #cybersecurity #infosec
11. The next step…
Do not leave your contact forms to be the
forgotten weakest link in your cyber security!
As you have learned in this presentation;
ANON::form provide you with a world class
secure channel, affordable and easy to
implement in your existing solution.
anonform.com #privacy #gdpr #cybersecurity #infosec
Get in touch!