A Vault for all your Circuit Conversations

and for all your Private Information

Introduction

The Circuit Conversation Vault (Circuit Vault) is a 'Chrome browser to Chrome Browser' text encryption add-on for Unify Circuit that allows the user to add additional encryption to conversation messages (you must have a Circuit account for this add-on to work). All encryption is carried out locally and you are truly the owner of your own content. The Circuit Vault enables you to protect selected content safely with or without a key. Creating Vaults with keys means that Circuit admins will not be able to decrypt the string. NOTE: Unify say that your content is encrypted in the Circuit database. However, with a bit of work and applying inside knowledge, it may be technically possible for your own admins to see the contents of any conversation. Any Circuit Vault generated text without a key could, technically speaking, be decrypted if your Circuit admin spent enough time re-engineering your string (this is highly improbable but still possible). If you use a key your Circuit admin will not be able to open your Vault without you handing over the key. Circuit Vault is a reinforced Vault that uses the Advanced Encryption Standard (AES-256) to encrypt your string . This means that even without a key and without admin privileges any attempts to open your Vault are near on impossible. The Circuit Vault is independent of Unify Circuit and your organisational Circuit admins which puts control back in to your hands. The trade off is that your local admin will not support you if you cannot open your Vault.

Data Protection and Google Chrome Store Policies

The Circuit Vault successfully passed the new Chrome store program policies via an Internal Google review on 14th September 2019. This extension is clean with no misleading information and no malicious code in the background and no additional permissions have been added to the extension outside the scope of its intended use (collecting data, camera, microphone, location, etc).

Your data belongs to you and you only. This extension is designed for privacy and is fully GDPR compliant and is inf act aimed at strengthening the GDPR for your Circuit conversation content. This extension does not have any ads and will never support ads. There are no 3rd party services in any part of the code and no data is transmitted from your browser during any part of the extensions functionality.

The Circuit Vault uses your personal information (from Circuit) and embeds the information into your Vault. At no time will this information leave the confines our your local browser session (your personal information will never be transmitted or used outside the confines of the Chrome extension).

Google analytics are used to track the number of installations and removals (including installation location needed to assess the success of the extension and to see if other languages are needed). This information is collected and stored in the Google Chrome Developer Dashboard only and no other information is collected apart from what is mentioned above.

Application Manifest Permissions

The Circuit Vault requires the following permissions for the extension to work fully:

tabs - needed to send messages back to the allowed site (only connects to https://*.yourcircuit.com and no other site)
contextMenus - needed to put menus on the right click
storage - needed to store your settings
background - needed to run all the functions that make Circuit Vault possible

For some strange reason Chrome is stating the following:

Permissions (Read your browsing history)

This isn't correct as "history" has not been added to the list of permissions above. I have raised a ticket with Google to investigate this error further. I have noticed that the wording has changed since mid September. Maybe, Google is trying to simplify the message to the end-user by saying that 'if the extension can access the storage then it is possible that the extension can read saved data from past sites visited'. My promise to you is that this is not happening. Only your Circuit ID is being read from your browser's storage if the active tab is https://*.yourcircuit.com. If you change tabs, and Circuit is still active in the previous tab, then the Circuit Vault will deactivate itself until you return to the tab containing Circuit. Try it out: open a new tab > navigate to a new site that is not Circuit > click the icon in the top right corner > click 'Setting' - nothing will happen. Now navigate to your Circuit instance (i.e. https://eu.yourcircuit.com) and do the same. Now you will be able to open the Circuit Vault settings page because this is how the extension has been developed (designed for Privacy).

The use of Mutation Observers

The Circuit Vault comes with a function called 'Smart Vaults'. Smart Vaults clean up your conversations and format the text making your Circuit experience more enjoyable. Observers are needed to scan through all your messages for potential Vaults (no other information is touched by the scans). No information touched or untouched by a scan is transmitted or processed outside the confines of the Chrome Extension in stalled on your local browser.

Even though no information is transmitted out of your browser, some users may not like the idea of having Mutation Observers running in the background looking for changes to conversational text. By default, when you first install the Chrome extension, the Smart Vaults are turned off. You can turn Smart Vaults on/off anytime in the Circuit Vault setting.

Why should I use the Circuit Vault?

Technical answer: The Circuit Vault protects the document's textContent by adding additional legalities which are needed by law to successfully prosecute any unauthorised access to personal or protected data. The Circuit Vault also adds an additional security layer to your data when at rest on Circuit servers and keeps your data safe when sent to the browser's DOM tree. The Circuit Vault ensures that no 3rd party infringements or attacks can read, or copy any Circuit Vault data from your conversations. All data is encrypted using AES-256 CBC encryption (block chains).

Non-technical answer: A Chrome extension that creates output that is fully owned and controlled by you by means of applying strong encryption techniques to encrypt selected text in Circuit and adds additional legal terms needed to proceed with successful prosecutions so as to prevent any unwanted 3rd party access from reading or stealing personal or protected data and ensures that your data is not readable if anyone manages to take information out of the central Circuit environment and protects from any unwanted applications taking information from your browser without you knowing whilst adhering to open encryption standards and local and international legislation.

Using Circuit without the Circuit Vault add-on:

All messages are encrypted by Circuit and kept safe inside their database
Circuit encrypts all messages transmitted to and from your browser
Circuit is GDPR compliant (as a cloud service provider)
After Circuit transmits the data to your browser all messages can be read in clear text in the back of the browser exposing sensitive information to any unwanted code running on your computer
Circuit admins can export all data stored in the database in clear text
All content is accessible on your mobile phones (if lost and phone is unlocked)
Your content can be copied and pasted into another conversation
Your account is protected by a login and anyone who accesses your account without permission can be prosecuted

Using Circuit with the Circuit Vault add-on:

All messages are encrypted by Circuit and kept safe inside their database and your can add a further security layer to ensure that only people involved in a conversation can read the content
Circuit encrypts all messages transmitted to and from your browser (no change)
Circuit is GDPR compliant (as a cloud service provider) and the Circuit Vault adds an additional GDPR layer allowing you, as the user, to employ pseudonymous techniques (mask someone's identity) to protect personal data inside your own conversations
After Circuit transmits the data to your browser all messages can be read in clear text in the back of the browser but sensitive information encrypted by the Circuit Vault are protected from any any unwanted code running on your computer
Circuit admins can export all data stored in the database in clear text except for Circuit Vault strings which are still encrypted
All content is accessible on your mobile phones (if lost and phone is unlocked) except for Circuit Vault content which cannot be decrypted on a mobile phone
Your content can be copied and pasted into another conversation except for Circuit Vault content. Encryption is strictly bound to the conversation and the encryption owner is the only one who can edit the clear text message
Your account is protected by a login and anyone who accesses your account without permission can be prosecuted. The messages you submit are also protected against unauthorised decryption. You can customise legal prompts and watermarks for group members to see before and after decryption

Is there a Mobile Circuit Vault App?

At present no. Mobile users cannot view encrypted content and as it stand today the Circuit Vault is a Chrome to Chrome browser extension. it is intended that by not adding mobile apps the security of your encrypted strings are enhanced. If you misplace your mobile and somebody manages to open up your phone and log into Circuit then your encrypted strings are protected. The official Circuit Apps are also signed by Unify meaning that no additional code can be added without Unify signing the changes first. A new 3rd party Circuit Vault App, which connects to our Circuit instance, would be required in order for strings to be decrypted. This is not currently in the development line but may developed if enough interest is shown.

Installation

To install the Circuit Vault during the beta phase you will need to contact the person who encrypted the string and ask them for the Google Chrome App Store link. Add the extension to Chrome and you will be able to generate and decrypt strings. The plugin will be available on the Google Chrome App store when fully released. By default all setting for the Circuit Vault are turned off. Use the 'Settings' option in the menu to build your personal Vault environment.

Menu Settings

When you first add the Circuit Vault you will need to activate your preferred encryption menus. By default no menus are selected.

When installed left click on the Circuit Vault icon in the top right corner of the browner (or right click anywhere in Circuit). Select 'Settings' and tick the menus that you most prefer.

Locating the Menu Options

To see the options above, edit a Circuit Conversation. Mark the text that you want to encrypt using the mouse (left click and drag). Right click on the selected text and choose the desired encryption option. To edit the Circuit Vault (only Vault owners can do this) open the conversation in edit mode as you would normally do when editing a standard conversation. Once the Vault is in edit mode the contents will be displayed in encrypted form. Select any part of the text and select 'Open Vault'.

Some conversations may contain a number of sentences. To make selection easier the Circuit Vault comes with a tool that will allow you to increase the size of the editor window (Temporarily increase Circuit edit box).

In Action

Any part of the Circuit Conversation can be added to a Vault:

Simple sentences such as "Welcome to Circuit" can be added anywhere in the conversation without adding the rest of the conversation to the Vault..
Complex paragraphs or special characters such as 'Welcome to Circuit', which has a hyperlink embedded into the sentence will require that the entire conversation be added to the Vault. Once the Vault has been created you can re-edit the conversation and add clear text anywhere around the Vault.

If the Circuit Vault identifies that a complex structure is being added to the Vault it will be prompt you to add the whole message to the Vault. This is needed to help maintain the document structure that the browser needs to display the page properly.

In brief: a simple text paragraph has no special elements placed inside the paragraph and a complex paragraph will have items such as bold, italics, highlight, bullet lists, emojis, hyperlinks somewhere in the text. Once the Vault has been created you can always go back and add more clear text to the Conversation (as you would normally do in Circuit).

Creating a Circuit Vault

Original Text = 'I would like to encrypt the name John Smith as well as his telephone number +44 1234 555999 as this is personal information that should be protected. I will encrypt the text with no watermarks and no legal notices'

When the Vault has been encrypted the paragraph will resemble the text below (note: I selected the first menu which creates a "<vault1>" string. This Vault can only be decrypted inside the same conversation that it was created in. No key is needed and the encryption is strictly bound to the message context:

As seen in the Conversation Edit Box

Encrypted Text=<vault1>33493-aa76b-1658f-8beda-b7cd5-01bb9-0b4ce-da744-8334c-f3fe2-34fa5-bcae3-c757Q-kdB2I-CsCDL-YgvVM-oVTQs-M1XPh-MM+rC-e3IxZ-a1q/3-Ys+KC-zwoy2-HP33u-U2uKA-Uydv3-bpuAx-xrTNN-mdlJl-7toxX-1JNv4-6QHi1-KU5RA-8Cg0g-KkzId-Oxd3r-Hu00h-nLIDm-LTxmE-Ah7cq-NBPFm-smwMt-iw3yt-e4R6x-OiRrz-tfDBe-FF4uA-Y1n0+-ALa23-1eJPj-Ll2gj-26QOt-5GOIj-ihPGv-8amKM-P42yc-ZNun1-BRPf4-B9ypz-m2jAa-rDVdU-ZdbVX-ZLUAz-dErt6-nLRZ9-dAy/+-B0NAb-IMyQW-Hhnpu-nOsWJ-Fw+p7-F72us-uOJ0y-3nWci-sI4oI-+ro6X-SczBL-X3O2p-ROHgv-JynQ8-eLzM1-QPSIq-FB9vI-xwB4S-uKJ8p-30=</vault1>

How Conversation Members View Encrypted Text

Only Vault owners can edit the contents of the Vault. All other members of the conversation will be presented with a protected read only version of the Vault. Here you can be assured that at no time will clear text be shown in the background of the browser. Below is an example with 'Clean Vaults' enabled before and after the Vault is opened:

Watermarks & Legal Notices

All Watermark, Legal Notices, and Legal Prompts are encrypted into the encryption string. Even if you change your Watermark at a later date the old Watermark will persist in previous encryptions. Also, changing the Legal Notice will render the encryption void (i.e. removing AUTHORISED DECRYPTION ONLY@legal from the string below). The string has to be decrypted in it's entirety.

Below is similar text with watermarks and legal notices (previous Vault was opened, edited, and saved). Note that when you open a Vault and create a another Vault the encrypted string will be completely different (even if the contents are exactly the same as the previous Vault. No two Vaults are the same):

You can see your Watermarks in the setting of the extension with a live example of how they will look (see the first diagram above).

How Conversation Members View Encrypted Text

with Watermarks & Legal Notices

Only encryption owners can see the clear text variants of the encrypted text. All other members of the conversation will be presented with a read only representation of the decrypted text. Here you can be assured that at no time will clear text be shown in the background of the browser. To acknowledge that they are authorised to view the result of the decryption the user will be prompted to enter an Acknowledgement PIN. If the PIN matches, the results will be shown.

Without the Circuit Vault installed (or with Circuit Vault installed but with 'Clean Vaults' turned off) the conversation group will see the following (NOTE: this is how Circuit admins see the text as well):

<vault1>AUTHORISED DECRYPTION ONLY@legal-1b69c-80d1b-924b3-a805c-ab010-f65c3-29c0e-17c9f-4cbad-b0638-f9836-9b230-a38cW-WJYfa-cGDO2-hYlW+-J6GBe-Uhnck-T0anm-W35TN-RQZ5z-ntF2x-PVKoT-t0XXJ-Yw9kB-oRNBm-p52F2-B1RB7-jM0ph-it+2J-0BP5q-6ieD6-r/V0u-TKRZh-B7cOy-y0qrD-E7++7-xgPUg-aeGlm-L6cDp-VE1Ui-rka4T-0V0mv-C6wO/-bqfZ4-MaSGx-TqXHQ-2zSmY-1n0xj-1tbZF-0bSQC-sGgHE-nCdeJ-O8HkC-6CuoG-zMWkt-Cy8vh-0shfA-A1647-P3W79-5JJz4-qi1JC-dde8m-KdHFq-9VCyd-cna8J-aV6zC-zQxNs-mISrq-W9SMV-5cJHq-IKwlx-3/jsr-hD1my-Bjsuh-pDRVC-sKRDl-n82LY-hd0sY-YgJHX-nwQnw-PC3sX-KN7K9-g37bR-0UUJN-paJrb-fE/Zd-cHPZE-9ctXg-PfxHj-PS2oK-N+YTN-G05rg-oggp7-Oz92h-ybtcl-IDfn+-JySzZ-MgU1A-TN0h4-kZHng-h2WTJ-67Sx4-ihwl+-ieshf-/jX01-DHFM9-by/mz-FYsO5-EmxEr-glh6k-=</vault1>

If the conversation group have Circuit Vault installed with 'Clean Vaults' enabled they will see the following (before and after being opened):

You can fully customise your Watermarks and Legal Notices in the Settings menu.

Adding a 2nd Key to the Vault

As with A Deposit Bank you do not have to hold a key to ensure that you contents are safe. The Bank holds on to the key for you. Once you pass certain checks you can access your deposit box. As with a Deposit Box you can also hold a 2nd key ensuring that no one in the bank opens your Deposit Box. The Circuit Vault acts in the same way. Circuit will have their key and you will have your own key. To open the Circuit Vault both keys will have to be presented. NOTE that you will be required to share the key to the conversation members if they are to be able to have access to the Circuit Vault. TIP: you can create a private conversation where you are the only person in the conversation. This is a great place to store sensitive information.

To add a key to your Vault, edit the conversation and select your text and choose the 2nd menu option 'Add selected text to Vault with Key'. Note: do not forget your key! You will not be able to access the Vault otherwise and no one will be able to recover the Vault contents for you.

Mixing and Matching Vault Types

You can mix the Vault types as and when you desire.

Original Text = 'I would like to encrypt the name John Smith with no Legal Notice and a Legal Prompt saying 'GDPR PROTECTED DATA' and to his telephone number +44 1234 555999 I will add a Legal Notice saying 'Personal Information' and a Legal Prompt saying 'NO MARKETING CALLS REQUESTED'.

Vault Text = 'I would like to encrypt the name <vault1>91c2d-f5a93-f0e1d-64337-a86b9-7b8f7-fab02-50cd3-36f01-3eb3e-b78b8-859a3-f9c8Z-ezidM-VnWJS-lT3ym-jUJ1y-U40Qq-tCW7x-gKGXh-6Qqck-z/okx-5dVHF-rILdI-QOmlg-Q3pL3-s/lin-nWLFK-dD6Es-cfZ62-9i6KE-+oNRw-qFr7p-eoYK0-/p/Ky-kvIuR-wSQSs-AHIpk-8AiM/-rk+4s-dZ6aP-BDNYY-OIHIs-C88Re-et9yy-qeBGq-oTgy7-GeQSH-S4/fL-Qe357-LrKRW-P</vault1> with no Legal Notice and a Legal Prompt saying 'GDPR PROTECTED DATA' and to his telephone number <vault1>Personal Information@legal-407de-5cdc3-68599-fa5ba-474d5-0d255-aa3fd-06350-911f6-85b4e-95082-14840-62a20-fVnk6-AKcIN-DCzwU-ZX22q-d85FR-O7Dd6-id7Ka-9BreL-NhW/u-/EUK7-AyB0y-KH7Kp-5tCEH-bb5mQ-/n339-mJx8j-sfrF/-WSgBc-9/nNA-uwafo-a4gRc-C3W91-NN/CZ-rfHl1-cujgZ-vsw/F-QDZjU-6gUWj-d74JI-NmgUu-Fz6v1-qY5cc-frxRs-IhKok-nY4To-VIWKd-/5TbK-+Lrd5-RU2eo-tcEOe-x6EVr-WPX/L-dPA==</vault1> I will add a Legal Notice saying 'Personal Information' and a Legal Prompt saying 'NO MARKETING CALLS REQUESTED'.

The results will be 2 different Vaults:

no Legal Notice but with a prompt saying 'GDPR PROTECTED DATA'
with Legal Notice saying 'Personal Information' and a Legal Prompt saying 'NO MARKETING CALLS REQUESTED'

Below are examples of creating a Vault right up to the opening of the Vault in read only mode. The diagram below is also how the Vault Owner sees the Vault when editing:

Below is an example of what the Vault looks like once the Circuit Conversation has been saved. This is how group members will see your Vault if they have the extension installed. If they do not have the extension installed then they will see the same as the previous diagram:

Below are the prompts before the Vault contents are shown:

Below is what the Vault looks like once opened. Note: The Vault text is still in it's closed state in Circuit, no clear text is being exposed to the background of the browser, all legalities have been added to the content of the text, and GDPR Protected Data is being fully respected:

If the Circuit Vault helps you protect your Circuit content please give a thumbs up. Your support will be grateful.

Page updated

Google Sites

Report abuse