Better security – dropping support for TLS 1.0

This change has been completed as of 14th August 2018.

Security Shield with Lock Icon Encrypted DataIn line with many other online services Zamzar is announcing the end of support for TLS 1.0, a cryptographic protocol used to secure communications between your web browser (or API client) and our systems.

From August 8th 2018 August 14th 2018 the main Zamzar website and the Zamzar Developer API will no longer support secure connections using the outdated TLS 1.0 protocol, so you will need to plan accordingly. Read on for more information …

Why are you ending support?

In short – to make your use of our services more secure. Transport Layer Security (TLS) was originally developed by Netscape in the early 1990s and has undergone several revisions since then. TLS 1.1 was introduced in 2006, and TLS 1.2 in 2008, and both provide safer, more modern alternatives for connecting securely to web services. There are many serious vulnerabilities in TLS 1.0 which mean that is no longer safe to use reliably. The Payment Card Industry (PCI) Security Standards Council is also recommending that websites drop support for TLS 1.0.

What does this mean if I use the Zamzar website?

If you want to use the main Zamzar website at https://www.zamzar.com you will need to ensure you are using a modern web browser capable of using up-to-date security protocols – in practice this means using one of:

  • Chrome v22 or later
  • Firefox v27 or later
  • Safari v7 or later
  • Opera v12.18 or later
  • Internet Explorer 11 or later (or Edge)

Since the Zamzar website will no longer work with older web browsers we strongly recommend upgrading your browser before 8th August 2018 14th August 2018 in order to ensure you can continue using our services. After this date we cannot guarantee that you will be able to convert files via the website when using older browsers.

What does this mean if I use the Developer API?

If you use the Zamzar Developer API at https://developers.zamzar.com/ (and associated endpoints at sandbox.zamzar.com and api.zamzar.com) you should ensure that any client code that you use to connect to the API is not using TLS 1.0 to connect to our services.

We provide some guidance below on checking your TLS usage in popular languages, but you should also consult the “How can I test this?” section below to verify any updates or changes you make:

  • C# – Make sure that your client code is configured to use a modern TLS version for your System.Net.Http.HttpClient (see here for more info).
  • Curl – Supports TLS1.2 starting from v7.34, so ensure you are using this version or higher (download updates here).
  • Java – TLS 1.2 support was added to the JRE in 1.7.0_131-b12, so API calls made using older versions of Java may fail.
  • Node.js – Check the version of TLS that your “requests” package is using (see here for more info).
  • PHP – Uses the system-supplied cURL library, which requires OpenSSL. Ensure this version of OpenSSL is at v1.0.1 or later.
  • Python – Also uses the system OpenSSL so you should check this is later than v0.9.8. OpenSSL v1.0.1 supports TLS 1.1 and TLS 1.2 by default.
  • Ruby – Also uses the system OpenSSL. OpenSSL v0.9.8 will no longer work, but OpenSSL v1.0.1 or later will work since it adds support for TLS 1.1 and TLS 1.2.

How can I test this?

If you want to verify that your browser or client code is ok you can connect to https://www.zamzar.com/ to verify that you can still use Zamzar services.

If your connection is successful you should see the Zamzar website displayed.

For example in a web browser that works you will see:
zamzar-web-app

If using client code (for example cURL) you would see:
zamzar-web-app-curl

Further Questions

If you have any further questions on this topic or need any advice from our engineering team please get in touch with us at support@zamzar.com.

Happy secure converting!
The Zamzar Team.

Advertisements

Announcing Zamzar’s GDPR compliance

GDPR General Data Protection RegulationThe General Data Protection Regulation (GDPR) is upon us! Hopefully this spells the last of companies you have never heard of desperately trying to get you to click a button in an email!

At Zamzar we aren’t interested in using your data as a marketing commodity, and we never have been. We wrote last month about the hard work we have been doing to extend the data protection measures we already take to add extra safeguards for your data.

Today we are pleased to announce that we have completed the steps necessary for full GDPR compliance.

What steps has Zamzar taken?

We have taken a number of measures to increase protection for your data – here’s a summary of the key points:

> Strengthened security for your data
We have taken a number of steps to further improve how we secure your data. At the start of the year we turned on secure HTTPS encryption for all users of the main Zamzar website, and more recently we have switched many of our internal services to encrypt your data when it is “at rest” (i.e. stored) within our infrastructure.

> Rigorously reviewed our 3rd party vendors
We use a number of third party services to convert your files and have taken the opportunity to review each of their data practices to ensure they provide contractual guarantees for keeping your data safe.

> Dropped personalised advertising in the EU
We have taken the decision to stop serving personalised advertising to anyone using Zamzar’s main website from the EU. Ads will still be served, but no personalised data will be shared with 3rd party advertisers.

> Updated Policies
We have updated our Terms of Service and Privacy Policies to provide detailed information on how we access, process and handle your data, who we share it with it and what steps we take to secure it. We have also made our Cookie Policies clearer (see our Web and API versions).

> Made available a Data Processing Agreement (DPA)
We have put together a standard “Data Processing Agreement” (DPA) which you can sign if you use Zamzar’s services to process data for your own customers. Email us at dpa@zamzar.com if you’d like a copy of this agreement.

What does this mean for YOU?

The steps we have taken will ensure that when you use our services you will have even stronger guarantees that your data is protected. You can check to see what data we store, how long we store it for, who we share it with and crucially what your rights are in relation to it.

We have pro-actively applied most of these measures to all customers (not just EU citizens).

What do you need to do?

You don’t need to take any explicit actions to carry on using Zamzar, but should review our new Terms and Privacy policies so that you are aware of how we handle your data.

If you use our website (at https://www.zamzar.com)
You should review our new Terms of Service and Privacy Policy to make sure you are happy with the contents before using our services.

If you use our Developer API (at https://developers.zamzar.com)
Check out our updated Terms or Service and Privacy Policy to ensure you understand how we handle your data.

If you use Zamzar as a “Data Processor”
If you use our services to process your own customer data the GDPR requires you to sign a “Data Processing Agreement” with us. If you signed up for an account to use our services before 25th May we provide a standard Addendum that you can sign – just email us at dpa@zamzar.com to request a copy. If you signed up after that date check out our standard DPA agreements for the Web App and API.

Still have questions?

If you have any questions about Zamzar and GDPR do let us know by emailing us at info@zamzar.com and we’ll get back to you.

This is just the beginning …

Protecting your data is a journey and it doesn’t end with an arbitrary deadline. Tomorrow we’ll be back working hard to provide you with amazing file conversion services and taking steps to continue keeping your data safe and secure.

Happy converting!
The Zamzar Team.

 

Zamzar and GDPR

GDPR General Data Protection RegulatioHas your email inbox been flooded with dozens of notices about “privacy policy updates” recently?

If so, this is likely the result of the forthcoming General Data Protection Regulation (GDPR), which comes into force in less than four weeks time on 25th May 2018.

It provides long overdue protections for the data of EU citizens and places legally-enforceable responsibilities on businesses that process this data. Zamzar strongly supports this new regulation since it will provide better transparency and protection for your data, values that are already at the centre of what we do.

What is GDPR?

Much ink has been spilled attempting to explain GDPR, but at a high-level:

  • GDPR is a new EU regulation that replaces national-level EU privacy and security laws with a single, all-encompassing EU-wide law. It regulates how businesses like ours gather, use, share and transfer personal data.
  • It is likely to affect most companies (hence your bulging inbox). The regulation is not limited to companies based in the EU, since it is concerned with where personal data comes from – if it originates from within the EU it is covered.
  • Crucially it strengthens protections for you as an end user of Internet services. It means Facebook can’t absent-mindedly lose control of the data for 87 million users, and Eldon Insurance can’t use your car insurance data for political advertising without consequences.

If you’d like to read more about the technicalities of GDPR there are handy overviews from both BBC news and Wired. The UK Information Commissioners Office (ICO) provides a meaty 162-page guide to GDPR and if you want to go direct to source you can read all 99 Articles of the GDPR directly on the main EU legal site.

What is Zamzar doing about GDPR?

Along with many other companies we are putting the finishing touches to our GDPR compliance, and will be publishing more information over the coming weeks.

In the meantime here is an overview of our plans:

  1. We will be fully GDPR compliant by the implementation deadline of 24th May 2018.
  2. We are currently working on updates to our terms and privacy policies which will be made available to users for review in the coming weeks.
  3. We are reviewing relationships with 3rd party vendors to ensure that any Data Processors we use are fully GDPR compliant.
  4. On our main file conversion website we are reviewing relationships with 3rd party advertisers to offer stronger protections for user data when serving advertising.
  5. We are taking steps to further enhance internal security measures to provide even stronger protection for your data. For example we recently rolled out “at rest” encryption for files processed through our Developer API. We will be posting updates about these measures in coming weeks too.
  6. Where a customer deems us to act as a “Data Processor” for their data we will be providing an extra “Data Processing Agreement/Addendum (DPA)” to ensure customers can meet their own GDPR commitments. If you would like to be provided with this agreement please contact us at info@zamzar.com.

In short, GDPR helps us to build on top of practices that have been at the core of what we do since we started Zamzar over 10 years ago. Our business prospers when we can competently, securely, quickly and professionally assist with your file conversion needs. We don’t need or want to trade your personal data to stay in business, nor have we ever sought to do so.

When will I hear more from Zamzar?

We will be posting further updates here on our blog and our Twitter and Facebook pages over the coming 4 weeks. In the meantime if you have any further questions related to our GDPR compliance please do get in touch with us at info@zamzar.com.

Happy secure converting!
The Zamzar Team.

Announcing HTTPS – secure file conversion for everyone

A nefarious spy. Probably from the government. Likely trying to crack your files.We’re pleased to announce that we just launched support across the entire Zamzar website for HTTPS for all users.

Effective immediately this means that the entire site is now secured with the familiar green padlock:

secure-https-zamzar.png

All files uploaded to or downloaded from the website will automatically be protected from prying eyes, enabling you to be safe in the knowledge that your file conversions are being protected by industry standard secure encryption.

In June 2013 Edward Snowden first revealed the full extent of government spying on their citizens via the Internet and the extent to which Internet connections were actively mined for data. HTTPS helps to protect against this snooping and gives you assurances that your data cannot be seen or tampered with. It does this by scrambling the data sent between your computer and the secured website into indecipherable characters, so that it is not possible to snoop on it.

Here at Zamzar we have long been supporters of efforts by the Electronic Frontier Foundation to fight for privacy protection online, and we’re proud to continue supporting the efforts being made to make the web a more secure place to be.

Happy secure converting!
The Zamzar Team.

Zamzar is 10 Years Young

We’re celebrating our birthday here at Zamzar HQ – ten years ago today we launched the Zamzar website with a simple mission:

convert all the files.png

Things were very different ten years ago. In Internet years that’s like 8 centuries …

A potted history of 2006

Cast your mind back to 2006 …

  • The INTERWEBS™ was a small and barren wasteland with *only* 75 million websites online (there are 1.4 billion now)

We were about here on this graph:

netcraft

  • Twttr was 1 Tweet strong:

 

  • The iPhone didn’t exist yet (WAT!) – all the cool kids were using Motorola Razr’s. The, er, not-so-cool ones had Palm Treo 700’s.

     

  • Dropbox was about to get flamed on Hacker News as “not very viral or income-generating” and Facebook’s only users were Mark and his mum [1].
  • ICanHasCheezburger hadn’t been invented (NO LOLCATS !), and the most popular meme of the year was a sneezing panda:

Launching Zamzar

It was into this primordial Internet soup that Zamzar was born. Most of the 9 months of intensive development time for such a key pillar of the Internet was spent on logo design
logo-drawings(obviously the key facet for any budding “web 2.0” service).

We’ve included the best of the bunch for your delectation – extra marks for spotting the malformed sheep motif. Graphic design was not our strongest asset at the time.

Despite the shameful attempts at back-of-a-beermat logo design Michael Arrington covered the launch at TechCrunch, Wired and Lifehacker both jumped onboard with very positive articles, the BBC gave Zamzar glowing reviews and Robert Scoble (he of Google Glass fame) liked what he saw.

The vogue for launching “web 2.0” applications into (seemingly perperobert_scoble_quotetual) beta at the time led Zamzar to be included in the Museum of Modern Betas a fascinating historical record of every-man-and-his-dog’s attempt to jump on the web 2.0 bandwagon.

The “museum” is still charting new beta launches to this day, and Zamzar has the privilege of rating as number 2 on the list of most popular betas of all time (just behind Flickr).

Launching Zamzar was primarily an exercise in “scratching our own itch” in developing software which allowed us to view, edit and save files in as wide a variety of formats as possible, without needing to have every version of every application ever made. We’re thrilled that this turned out to be a useful solution for others too.

Running Zamzar

We’re proud to have run Zamzar as a bootstrapped and profitable web business for 10 years now. If time on the Internet was calculated in dog years (which it should be) we’d be 65 years old.

During that time we’ve:

The fact that we’vemake-something-people-want never taken VC-funding (despite being courted on numerous occasions), allows us to keep focussed squarely on making our products better for our customers.

This is our number one goal, one which is shamelessly stolen from Paul Graham & Y-Combinator – Make something people want.

The Future

Our plan is to keep building products and services which you will love. Products that make handling and using file formats easier for everyone, whether they are new to the world of computers or a seasoned developer.

City urban street art, Shoreditch, East London.We recently launched a file conversion API capable of converting thousands of different file formats right from the command line or inside your own mobile or web application.

We’ll be making this service even better, improving the design and features on our main file conversion website, integrating with a whole bunch of other file-related services, building out some exciting new products (including a self-driving car powered by Word Doc macros) and much more.

If you’ve used Zamzar over these last 10 years then *thankyou*. It has been an honour and a privilege to convert your files.

Here’s to the next 10 years!

Chris & Mike Whyley,
Co-Founders @ Zamzar.


[1] Almost. Actually Facebook had 12 million users, but most were probably Mark’s shell accounts.

Use Zamzar to convert files from your Desktop !

We’re excited to announce that we just launched three new applications which allow you to convert files right on your desktop !

  • Dropbox Converter – Convert files to various formats directly within your Dropbox account.
  • Hot Folders – Monitor folders on your desktop & automatically convert files to other formats.
  • Zamzar Bash – Convert files directly from the command line.

zamzar-apps

Using the Zamzar API

These apps all build on top of our powerful file conversion API which allows you to bake file conversion into your application using a tiny amount of code and  a simple REST API. Our API supports the conversion of 100’s of formats and is cloud-based to scale with your needs, whether you’re converting 1 file or 100,000.

We have made the source code for all these applications publicly available, so you can grab it, and build your own apps and tools on top of it (for both commercial and personal use).

Thanks to Michael Walsh and Joe Anderson for their efforts in developing the code for the Dropbox Converter and Hot Folders respectively, building on their initial efforts at our York University Hack Day.

Happy (desktop) converting,
The Zamzar Team.

Building a file conversion app in a day

We recently challenged students at the University of York to participate in a one-day hackathon. Their remit was simple: design and build a file conversion app that uses the Zamzar API . A few hours later, the students demoed their six fantastic applications, and the winning apps were announced.

What did the students build? Who won? Read on to find out…

The Apps

In most cases, students opted to solve a problem that they had faced themselves. This was immediately apparent from the first app, GIF-T, which turns a bevy of related photos into a short montage video and wraps it up with a (virtual!) bow and gift tag. When we asked about the inspiration for their app, the developers stated that they had grown tired of receiving hundreds of similar photos from weddings, birthdays, or particularly infamous trips to their local pub. Powered by the image-to-video conversions provided by the Zamzar API, the developers of GIF-T were able to build a simple prototype and wireframes for their final application in just a few hours.

IMG_0653

Three of the applications focused on making file conversion extremely straightforward for everyone. These included a Dropbox plug-in which allowed “hot folders” to be used for automatically converting files from one format to another, a browser plug-in for converting archive files from unusual formats (we’re looking at you WinRAR) to something more commonplace, and a UNIX command for converting files as part of a shell script.

Meanwhile, a trio of students experimented with combining file conversion with natural language processing in their automated illustrator app. The goal here was to analyse a story (in plaintext), use an image search engine to select appropriate illustrations for the story, and combine the end result into an eBook using the Zamzar API. The developers demonstrated their application using Alice in Wonderland as a source text.

IMG_0650

The final app was the excellent and bewildering Cat Meme Generator, which combined Web 3.o design sensibilities with the ability to generate cat-related memes. We’re not quite sure why this app exists, but we’re glad that it does.

IMG_0655

 

The Winners

Although we were thoroughly impressed with everybody’s efforts, we awarded prizes to our favourite three apps:

The plucky winners took home prizes, and we came away thoroughly impressed with how much can be achieved with a few hours work. We’ll be releasing the source code from some of these applications in the coming days on our GitHub repo so you can extend and reuse the code in your own applications.


If you fancy replicating the successes of the University of York students, why not sign up for a free Zamzar API account today?