Better security – dropping support for TLS 1.0

by The Zamzar Team
This change has been completed as of 14th August 2018.

 
Security Shield with Lock Icon Encrypted DataIn line with many other online services Zamzar is announcing the end of support for TLS 1.0, a cryptographic protocol used to secure communications between your web browser (or API client) and our systems.

From August 8th 2018 August 14th 2018 the main Zamzar website and the Zamzar Developer API will no longer support secure connections using the outdated TLS 1.0 protocol, so you will need to plan accordingly. Read on for more information …

Why are you ending support?

In short – to make your use of our services more secure. Transport Layer Security (TLS) was originally developed by Netscape in the early 1990s and has undergone several revisions since then. TLS 1.1 was introduced in 2006, and TLS 1.2 in 2008, and both provide safer, more modern alternatives for connecting securely to web services. There are many serious vulnerabilities in TLS 1.0 which mean that is no longer safe to use reliably. The Payment Card Industry (PCI) Security Standards Council is also recommending that websites drop support for TLS 1.0.

What does this mean if I use the Zamzar website?

If you want to use the main Zamzar website at https://www.zamzar.com you will need to ensure you are using a modern web browser capable of using up-to-date security protocols – in practice this means using one of:

  • Chrome v22 or later
  • Firefox v27 or later
  • Safari v7 or later
  • Opera v12.18 or later
  • Internet Explorer 11 or later (or Edge)

Since the Zamzar website will no longer work with older web browsers we strongly recommend upgrading your browser before 8th August 2018 14th August 2018 in order to ensure you can continue using our services. After this date we cannot guarantee that you will be able to convert files via the website when using older browsers.

What does this mean if I use the Developer API?

If you use the Zamzar Developer API at https://developers.zamzar.com/ (and associated endpoints at sandbox.zamzar.com and api.zamzar.com) you should ensure that any client code that you use to connect to the API is not using TLS 1.0 to connect to our services.

We provide some guidance below on checking your TLS usage in popular languages, but you should also consult the “How can I test this?” section below to verify any updates or changes you make:

  • C# – Make sure that your client code is configured to use a modern TLS version for your System.Net.Http.HttpClient (see here for more info).
  • Curl – Supports TLS1.2 starting from v7.34, so ensure you are using this version or higher (download updates here).
  • Java – TLS 1.2 support was added to the JRE in 1.7.0_131-b12, so API calls made using older versions of Java may fail.
  • Node.js – Check the version of TLS that your “requests” package is using (see here for more info).
  • PHP – Uses the system-supplied cURL library, which requires OpenSSL. Ensure this version of OpenSSL is at v1.0.1 or later.
  • Python – Also uses the system OpenSSL so you should check this is later than v0.9.8. OpenSSL v1.0.1 supports TLS 1.1 and TLS 1.2 by default.
  • Ruby – Also uses the system OpenSSL. OpenSSL v0.9.8 will no longer work, but OpenSSL v1.0.1 or later will work since it adds support for TLS 1.1 and TLS 1.2.

How can I test this?

If you want to verify that your browser or client code is ok you can connect to https://tlstest.zamzar.com/ to verify that you can still use Zamzar services. This link is setup to mimic how the website and API will behave once support for TLS1.0 is dropped on 8th August 2018 14th August 2018.

If your connection is successful you should see the string Zamzar-TLS-OK returned.

For example in a web browser that works you will see:
tls-browser

If using client code (for example cURL) you would see:
tls-curl

Further Questions

If you have any further questions on this topic or need any advice from our engineering team please get in touch with us at support@zamzar.com.

Happy secure converting!
The Zamzar Team.

Advertisements

Announcing Zamzar’s GDPR compliance

by The Zamzar Team

GDPR General Data Protection RegulationThe General Data Protection Regulation (GDPR) is upon us! Hopefully this spells the last of companies you have never heard of desperately trying to get you to click a button in an email!

At Zamzar we aren’t interested in using your data as a marketing commodity, and we never have been. We wrote last month about the hard work we have been doing to extend the data protection measures we already take to add extra safeguards for your data.

Today we are pleased to announce that we have completed the steps necessary for full GDPR compliance.

What steps has Zamzar taken?

We have taken a number of measures to increase protection for your data – here’s a summary of the key points:

> Strengthened security for your data
We have taken a number of steps to further improve how we secure your data. At the start of the year we turned on secure HTTPS encryption for all users of the main Zamzar website, and more recently we have switched many of our internal services to encrypt your data when it is “at rest” (i.e. stored) within our infrastructure.

> Rigorously reviewed our 3rd party vendors
We use a number of third party services to convert your files and have taken the opportunity to review each of their data practices to ensure they provide contractual guarantees for keeping your data safe.

> Dropped personalised advertising in the EU
We have taken the decision to stop serving personalised advertising to anyone using Zamzar’s main website from the EU. Ads will still be served, but no personalised data will be shared with 3rd party advertisers.

> Updated Policies
We have updated our Terms of Service and Privacy Policies to provide detailed information on how we access, process and handle your data, who we share it with it and what steps we take to secure it. We have also made our Cookie Policies clearer (see our Web and API versions).

> Made available a Data Processing Agreement (DPA)
We have put together a standard “Data Processing Agreement” (DPA) which you can sign if you use Zamzar’s services to process data for your own customers. Email us at dpa@zamzar.com if you’d like a copy of this agreement.

What does this mean for YOU?

The steps we have taken will ensure that when you use our services you will have even stronger guarantees that your data is protected. You can check to see what data we store, how long we store it for, who we share it with and crucially what your rights are in relation to it.

We have pro-actively applied most of these measures to all customers (not just EU citizens).

What do you need to do?

You don’t need to take any explicit actions to carry on using Zamzar, but should review our new Terms and Privacy policies so that you are aware of how we handle your data.

If you use our website (at https://www.zamzar.com)
You should review our new Terms of Service and Privacy Policy to make sure you are happy with the contents before using our services.

If you use our Developer API (at https://developers.zamzar.com)
Check out our updated Terms or Service and Privacy Policy to ensure you understand how we handle your data.

If you use Zamzar as a “Data Processor”
If you use our services to process your own customer data the GDPR requires you to sign a “Data Processing Agreement” with us. If you signed up for an account to use our services before 25th May we provide a standard Addendum that you can sign – just email us at dpa@zamzar.com to request a copy. If you signed up after that date check out our standard DPA agreements for the Web App and API.

Still have questions?

If you have any questions about Zamzar and GDPR do let us know by emailing us at info@zamzar.com and we’ll get back to you.

This is just the beginning …

Protecting your data is a journey and it doesn’t end with an arbitrary deadline. Tomorrow we’ll be back working hard to provide you with amazing file conversion services and taking steps to continue keeping your data safe and secure.

Happy converting!
The Zamzar Team.

 

Zamzar and GDPR

by The Zamzar Team 1 Comment

GDPR General Data Protection RegulatioHas your email inbox been flooded with dozens of notices about “privacy policy updates” recently?

If so, this is likely the result of the forthcoming General Data Protection Regulation (GDPR), which comes into force in less than four weeks time on 25th May 2018.

It provides long overdue protections for the data of EU citizens and places legally-enforceable responsibilities on businesses that process this data. Zamzar strongly supports this new regulation since it will provide better transparency and protection for your data, values that are already at the centre of what we do.

What is GDPR?

Much ink has been spilled attempting to explain GDPR, but at a high-level:

  • GDPR is a new EU regulation that replaces national-level EU privacy and security laws with a single, all-encompassing EU-wide law. It regulates how businesses like ours gather, use, share and transfer personal data.
  • It is likely to affect most companies (hence your bulging inbox). The regulation is not limited to companies based in the EU, since it is concerned with where personal data comes from – if it originates from within the EU it is covered.
  • Crucially it strengthens protections for you as an end user of Internet services. It means Facebook can’t absent-mindedly lose control of the data for 87 million users, and Eldon Insurance can’t use your car insurance data for political advertising without consequences.

If you’d like to read more about the technicalities of GDPR there are handy overviews from both BBC news and Wired. The UK Information Commissioners Office (ICO) provides a meaty 162-page guide to GDPR and if you want to go direct to source you can read all 99 Articles of the GDPR directly on the main EU legal site.

What is Zamzar doing about GDPR?

Along with many other companies we are putting the finishing touches to our GDPR compliance, and will be publishing more information over the coming weeks.

In the meantime here is an overview of our plans:

  1. We will be fully GDPR compliant by the implementation deadline of 24th May 2018.
  2. We are currently working on updates to our terms and privacy policies which will be made available to users for review in the coming weeks.
  3. We are reviewing relationships with 3rd party vendors to ensure that any Data Processors we use are fully GDPR compliant.
  4. On our main file conversion website we are reviewing relationships with 3rd party advertisers to offer stronger protections for user data when serving advertising.
  5. We are taking steps to further enhance internal security measures to provide even stronger protection for your data. For example we recently rolled out “at rest” encryption for files processed through our Developer API. We will be posting updates about these measures in coming weeks too.
  6. Where a customer deems us to act as a “Data Processor” for their data we will be providing an extra “Data Processing Agreement/Addendum (DPA)” to ensure customers can meet their own GDPR commitments. If you would like to be provided with this agreement please contact us at info@zamzar.com.

In short, GDPR helps us to build on top of practices that have been at the core of what we do since we started Zamzar over 10 years ago. Our business prospers when we can competently, securely, quickly and professionally assist with your file conversion needs. We don’t need or want to trade your personal data to stay in business, nor have we ever sought to do so.

When will I hear more from Zamzar?

We will be posting further updates here on our blog and our Twitter and Facebook pages over the coming 4 weeks. In the meantime if you have any further questions related to our GDPR compliance please do get in touch with us at info@zamzar.com.

Happy secure converting!
The Zamzar Team.

Announcing HTTPS – secure file conversion for everyone

by The Zamzar Team

A nefarious spy. Probably from the government. Likely trying to crack your files.We’re pleased to announce that we just launched support across the entire Zamzar website for HTTPS for all users.

Effective immediately this means that the entire site is now secured with the familiar green padlock:

secure-https-zamzar.png

All files uploaded to or downloaded from the website will automatically be protected from prying eyes, enabling you to be safe in the knowledge that your file conversions are being protected by industry standard secure encryption.

In June 2013 Edward Snowden first revealed the full extent of government spying on their citizens via the Internet and the extent to which Internet connections were actively mined for data. HTTPS helps to protect against this snooping and gives you assurances that your data cannot be seen or tampered with. It does this by scrambling the data sent between your computer and the secured website into indecipherable characters, so that it is not possible to snoop on it.

Here at Zamzar we have long been supporters of efforts by the Electronic Frontier Foundation to fight for privacy protection online, and we’re proud to continue supporting the efforts being made to make the web a more secure place to be.

Happy secure converting!
The Zamzar Team.

New on the API – import & export files

by The Zamzar Team

You can now use the Zamzar file conversion API to import files for conversion from Amazon S3, HTTP / HTTPS URLs and FTP / SFTP servers. You can also export converted files back out again too.

transfers-overview

This opens up some interesting possibilities:

  • Convert files that aren’t on your servers
  • Import files from one location and export elsewhere
  • Grab files from password-protected URLs / FTP servers
  • Use AWS credentials for access to Amazon S3

To test this out, first make sure you are signed up for a an API account, then check out our docs on:

For example, here’s one single cURL command which will grab the Twitter logo, convert it from PNG to JPG and upload the  JPG file to a public Amazon S3 bucket:

curl https://api.zamzar.com/v1/jobs -u GiVUYsF4A8ssq93FR48H: \
-X POST \
-d "source_file=https://developers.zamzar.com/assets/app/img/social-twitter.png" \
-d "target_format=jpg" \
-d "export_url=s3://zamzar-public/"

We’d love to hear your feedback on these features – please let us know what you think! We’re also here to work with you on any issues you hit getting up and running, so do get in touch.

Happy Converting!
The Zamzar Team.

Zamzar is 10 Years Young

by The Zamzar Team

We’re celebrating our birthday here at Zamzar HQ – ten years ago today we launched the Zamzar website with a simple mission:

convert all the files.png

Things were very different ten years ago. In Internet years that’s like 8 centuries …

A potted history of 2006

Cast your mind back to 2006 …

  • The INTERWEBS™ was a small and barren wasteland with *only* 75 million websites online (there are 1.4 billion now)

We were about here on this graph:

netcraft

  • Twttr was 1 Tweet strong:

 

  • The iPhone didn’t exist yet (WAT!) – all the cool kids were using Motorola Razr’s. The, er, not-so-cool ones had Palm Treo 700’s.

     

    motorola_razr_red
    palm_treo_700
  • Dropbox was about to get flamed on Hacker News as “not very viral or income-generating” and Facebook’s only users were Mark and his mum [1].
  • ICanHasCheezburger hadn’t been invented (NO LOLCATS !), and the most popular meme of the year was a sneezing panda:

Launching Zamzar

It was into this primordial Internet soup that Zamzar was born. Most of the 9 months of intensive development time for such a key pillar of the Internet was spent on logo design
logo-drawings(obviously the key facet for any budding “web 2.0” service).

We’ve included the best of the bunch for your delectation – extra marks for spotting the malformed sheep motif. Graphic design was not our strongest asset at the time.

Despite the shameful attempts at back-of-a-beermat logo design Michael Arrington covered the launch at TechCrunch, Wired and Lifehacker both jumped onboard with very positive articles, the BBC gave Zamzar glowing reviews and Robert Scoble (he of Google Glass fame) liked what he saw.

The vogue for launching “web 2.0” applications into (seemingly perperobert_scoble_quotetual) beta at the time led Zamzar to be included in the Museum of Modern Betas a fascinating historical record of every-man-and-his-dog’s attempt to jump on the web 2.0 bandwagon.

The “museum” is still charting new beta launches to this day, and Zamzar has the privilege of rating as number 2 on the list of most popular betas of all time (just behind Flickr).

Launching Zamzar was primarily an exercise in “scratching our own itch” in developing software which allowed us to view, edit and save files in as wide a variety of formats as possible, without needing to have every version of every application ever made. We’re thrilled that this turned out to be a useful solution for others too.

Running Zamzar

We’re proud to have run Zamzar as a bootstrapped and profitable web business for 10 years now. If time on the Internet was calculated in dog years (which it should be) we’d be 65 years old.

During that time we’ve:

The fact that we’vemake-something-people-want never taken VC-funding (despite being courted on numerous occasions), allows us to keep focussed squarely on making our products better for our customers.

This is our number one goal, one which is shamelessly stolen from Paul Graham & Y-Combinator – Make something people want.

The Future

Our plan is to keep building products and services which you will love. Products that make handling and using file formats easier for everyone, whether they are new to the world of computers or a seasoned developer.

City urban street art, Shoreditch, East London.We recently launched a file conversion API capable of converting thousands of different file formats right from the command line or inside your own mobile or web application.

We’ll be making this service even better, improving the design and features on our main file conversion website, integrating with a whole bunch of other file-related services, building out some exciting new products (including a self-driving car powered by Word Doc macros) and much more.

If you’ve used Zamzar over these last 10 years then *thankyou*. It has been an honour and a privilege to convert your files.

Here’s to the next 10 years!

Chris & Mike Whyley,
Co-Founders @ Zamzar.

[1] Almost. Actually Facebook had 12 million users, but most were probably Mark’s shell accounts.

The dream boss? What it was like to work for Bill Gates

by The Zamzar Team

This is part three of a series of stories by Robert Gaskins who helped invent PowerPoint at Forethought Inc. in 1984 (see part one and part two). It was the first significant acquisition made by Microsoft. We spoke to Robert about the process of building a startup in the 1980s and what life was like negotiating with, and working for Microsoft. After the sale Robert reported directly to Bill Gates, heading up Microsoft’s business unit in Silicon Valley. He managed the growth of PowerPoint to $100 million in annual sales before his retirement in 1993.

This post looks at what it was like working with Bill Gates, including being grilled by him in an pre-acquisition interview, working closely with him, and the insights Gates bought to running Microsoft in the early days of its’ existence. 

Here’s Gaskins in his own words…

The Interview

One of the explicit conditions of the Microsoft offer to acquire Forethought was that I had to pass a full-blown interview by Bill Gates (I was the only person singled out in this way). So when the acquisition discussions were under way, I went up to Redmond alone, and met with Bill in his office, one-on-one, for a couple of hours. We had had a number of business meetings before, so we knew each other slightly.

Bill Gates 2Even so, it certainly concentrates the mind to be personally interviewed by Bill, with the whole $14 million acquisition and the best chance of liquidity for our investors and financial reward for our employees all riding on his evaluation.

Bill had a normal conversation with me, probing me about technical details of our software and the Mac platform, about marketing positioning and plans, about business numbers and ratios, and about individual employees. It went very well, since I had all those areas at my fingertips. I had just written my history of the company’s restart in the prior two weeks, I prepared all the business plans, I lived and breathed the technical details, and I had had six weeks to recover from the first customer ship.

I didn’t expect anything different, but just for the record, Bill did not ask me:

  • Why manhole covers are round
  • How many gas stations there are in the U.S.
  • Whether I could code FizzBuzz in a language of my choice on the whiteboard.

We just had a perfectly normal and pleasant conversation, all of it at the enhanced level of intellectual intensity characteristic of Bill. I came away feeling that things had gone very well.

By Monday, two days later, word came in a telephone call that Bill had approved me and was in agreement with the deal, but was leaving the details of that deal to others.

Working with Bill Gates

After the acquisition, I worked a lot with Bill. For the first year after the acquisition, I reported directly to Bill, in his role of Acting VP of Applications. Then Bill hired the great Mike Maples to replace Bill VP of Apps, but I still saw Bill and talked with him often.

gates1.png
Microsoft Applications Division Management Circa 1989. (Mike Maples, VP Apps, and his direct reports). Seated, from left: Jeff Raikes, Bob Gaskins, Pete Higgins, Mike Maples, Susan Boeschen, Tandy Trower. Standing, from left: Charles Stevens, Peter Morse

Bill very often came down to Silicon Valley to review PowerPoint progress, because he considered it an important product, and because (since we were the only development group outside of the Redmond campus) he heard less about us in hallway conversations.

We would go over every detail of the code and of the business plan with Bill, and he would give us feedback on everything. This was extremely valuable; there was virtually never a time when Bill had an opinion that we thought was wrong. And Bill had in mind every detail of all the other Microsoft applications, of all of our competitors’ applications, of the various operating systems (Mac, Windows, OS/2), of all the personal computer hardware shipping or forthcoming, and of how actual customers were using all of these, so he could offer informed opinions and specific facts that were invaluable in our planning.

Bill especially was a perfect master of judging when a piece of software was adequate to ship.

He would personally review our specs, try our builds, and try our competitors, and tell us very frankly whether he thought the product concept was adequate and whether the implementation was sound enough to ship. He didn’t try to make the decision for me, but there was no one whose opinion we took more seriously.

Gates’ skills

In short, Bill Gates was just the perfect hands-on technical guru to be my boss. Things got even better when he hired Mike Maples, because Mike also knew how to manage thousands of people in a deep multi-level organization and get things done. The combination of Bill and Mike, during the first years after the acquisition, was an ideal context for success.

bil-gates-4Part of Bill’s secret was that he had a healthy respect for decentralized knowledge. He had a strong opinion on everything, but he didn’t ignore other opinions. At the Apps Division’s executive staff retreat in early April 1989, there was a discussion of the outcome of having reorganized the division into business units the preceding September. There were still some authoritarians who thought it was too messy to have all these independent units doing different things in their own ways.

Bill had the right comeback, immediately:

“We don’t lack the power to enforce our decisions; we lack the information about what we should require.”

The Microsoft system of the time allowed our group to make repeated course corrections and get to the right final result for our product, while other products at the same time made different calls.

Gates’ belief in PowerPoint

The first breakthrough version of Windows was version 3.0, shipped in May of 1990; PowerPoint’s new version 2.0 shipped the same day, and Bill Gates used PowerPoint to demonstrate what the new Windows could do. Both Windows and PowerPoint started flying off the shelves.

Two years later, in April 1992, the next version of Windows (version 3.1) introduced proper typography and TrueType fonts. PowerPoint had contributed a great deal to that, and again a new version 3.0 of PowerPoint was shipped on the same day as the new Windows, again Bill Gates used PowerPoint to demonstrate the huge improvements in Windows and again sales blew away all expectations.

Bill Gates 3.png

With these two versions of Windows and of PowerPoint, Windows PCs began to outsell Macintoshes by large multiples: from ten times as many (1992) to twenty-five times as many (1997) to fifty times as many Windows machines as Macintosh machines sold (2003). The success of Windows was crucial to PowerPoint, but the success of PowerPoint was also crucial to Windows.

Bill Gates was my direct boss for the first year after the acquisition, so we saw a lot of each other. It was a great experience.

If you enjoyed reading this post you’ll love our online file converter and API.
We even convert PowerPoint files!

 

This is the last in a series of stories from our interview with Robert Gaskins. Why not check out the other posts in the series:

Image credits:
Bill Gates with floppy disk – adapted from https://flic.kr/p/7BFWkj
Bill Gates with hand on chin – https://flic.kr/p/7BFWkj
All other images are sourced from Robert Gaskin’s excellent website covering the history of PowerPoint. His book “Sweating Bullets” remains the definitive read on that topic.