Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
Table of Contents

B2B: business to business

E2E encryption: End-to-end encryption

GSM: Global System for Mobile Communications

Haas: Hardware As A Service

Hardening computing: Making devices more safe & locked down

HW: Hardware

ICT: Information and Communications Technology

IDS: Intrusion detection system

IPS: Intrusion prevension system

MMS: Multimedia Messaging Service

PGP: Pretty Good Privacy

RTC: Real-Time Communication (multimedia and audio via VoIP)

Saas: Software As A Service

SMS: Short Message Service

SW: Software

VoIP: Voice Over IP

VPN: Virtual Private network

  1. The problem - Old-school IT security
  2. The solution - Verifiable cybersecurity
  3. High-level description
  4. Verifiably secure standards
  5. Detailed description
  6. Secure RTC overview
  7. Secure Infrastructure overview
  8. Useful ISO/IEC information security links
  9. Useful cybersecurity & monitoring tools
  10. Useful links on IT privacy
  11. Next steps


Unverifiable solutions

Strings attached / Mothership

= Imaginary security

Because proof of trust is better than The cybersecurity level of any closed source or black box solution cannot be verified, hence their "cybersecurity level" is purely a created by the companies marketing department. Be careful.

, , , ...

Mothership(s) included. Third party server / backend solutions which are not under your control and physically located in a unknown place & country. Massive information leakage + Unknown usage of your data. Perfect for state and/or privately funded IT criminals.


CyberSecurity? Anonymity? Privacy? You. Your family. Your customers. Your clients. Blind trust required. These sorts of solutions costs a lot of money yet cannot ever form a truly trustworthy platform since they cannot be verified. So what have you really gained?

Imagine buying an apartment that has extra doors in each room which you are unable to open. Yet unknown persons travel through them all the time. Why worry?

A fresh approach is needed to properly fix the problem

Most of our target customers are addressing their cybersecurity problems via:
  1. Choosing a non-verifiable & closed source platform-X (Windows / Apple / Android etc.)
  2. Adding more security layers + non-verifiable & closed source applications on top of (A)
  3. Paying licence fees to both (A) and (B). The bigger the company, the bigger the licence fees usually are.
  4. (blindly) Placing their cybersecurity trust in big companies with big promises (As opposed to being able to verify the security of the whole chain by themselves).
  5. Tying themselves to the providers backend solutions (As opposed to owning & hosting the whole solution by themselves). And thus automatically leaking company internal information as well. Think: username & password data, login/logout times, call/message meta data, with whom you called/messaged with, from where and when. Possibly even the raw data. You can never know.

This is pretty much the standard how big companies go about solving their cybersecurity needs in todays world. In short: You pay a lot of money to get a system that is not yours to begin with. You are not able to verify the market departmens big cybersecurity promises + the server part is missing from your corner.

The attack vector that these solutions contain and the unverifiable security promises that these tools make cannot form a verifiably trustworthy platform. This is clear from both a philosophical standpoint and from looking at the never ending stream of breach/bug reports coming in on a daily basis.

Let reality speak for itself (visit the external links...)


Verifiable Solutions

No strings attached

= True security

All Zen-mode solutions can be verified by a third party, even by you yourself (thanks to our all open source approach).

Our standalone solutions can be hosted at the customers site(s) or at our secure sites. The Customer decides.

Trust your devices and work Anonymously & Securely from anywhere. We can prove it. Anytime. Anywhere.


The best design is the simplest one that works.
— Albert Einstein (1879-1955)

Putting You In Charge

By placing all Software & Hardware under customer control: The customer holds all the keys.

No mothership and no strings attached. All our solutions are verifiably secure and self-hosting. Your end-devices are only talking back to your / our secure servers using multiple layers of encryption.

Secure solutions accompanied by our OPSEC training = Intelligently behaving IT users using secure tools = Verifiable privacy.


Verifiable Open Source Solutions

What you see it what you get. Anybody can verify that we have no backdoors and that our secure solutions are correctly implemented.

All our code is available and recompilable to form the same end product, bit by bit. All packages are gpg signed and hashed. Any unwanted changes will not go unnoticed.


No Easy Way In

Removing attack vectors. No black boxes or leaky & unverifiable solutions. No Microsoft / Apple / Google / XYZ proprietary products and none of their App stores or update services.

No unknown thirdparty cloud / hardware provider with direct hardware & software access (possibly even clear-text access)...

No commercials and no meta-data slurping. Hence, disabling all easy ways in + most exploits. Your data is safe by default.


Hardened Solutions + CyberSec Consultation

Via hardened and verifiable open source solutions shipped & maintaned by open source specialists.

Since we are not using any closed source solutions (only verified open source solutions coming from us), the normal bugs / exploits won't work on our systems (Windows / Mac / Android etc), thus disabling most exploits right off the bat. To further minimize the exploit vectors we harden the OS, use strict Intrusion Detection and Preventions Systems (IDS + IPS) accompanied by Tripwire rules + active monitoring.


Encrypt Everything

All of our solutions use the best available end-to-end + filesystem encryption + a tailored stealthy communication suite.

Thus preventing any man in the middle / eavesdroppers from listening or getting access to your private communication / data at rest.

In other words, it does not even matter how you got connected: Work securely through any network on the planet
(LAN, LTE, 3G, 4G, WIFI etc).


Secure Site & Infrastructure

Via using your existing infrastructure or hosting your server(s) at our secure site(s).

If you choose to place your server(s) at our site(s), then you are also protected by the Finnish ICT laws.

Sane ICT laws + our secure site(s) + encrypted filesystems = your server's cannot disappear from under your feet + your data is safe. For more information see our Secure Infrastructure overview


Zen-mode VPN
Secure Network Presence

Via encrypting & anonymizing your network activity using Zen-mode's VPN.

Hide your real IP and network actions via using Zen-mode's fast & secure VPN. Your ISP / adversaries can only see that you have a secure connection to our VPN, after that your trail goes cold...

We got your back.


Zen-mode VPN + Tor
Mui Anonymous Network Presence

  1. Via Tor you can also hide the fact that you are using Zen-mode's VPN. And on top of that...
  2. Via using our VPN as your Tor entry node you are also disabling the Tor nodes from ever giving away your real IP (Your IP trail starts & ends at our VPN).

We got your back.


Simple & Nice GUIs

Q/A: So are these secure system hard to use? No

Our tools are as easy to use as any Android or Windows device. Normal GUIs with normal work flow. Minimal learning curve required.

However, to stay secure you might need to update your way of working. Meaning basic Operations security (included in our Cybersec training programs).



X.509 Certificate

X.509 is an cryptography standard for a Public Key Infrastructure (PKI) to manage digital certificates and public-key encryption and a key part of the Transport Layer Security protocol used to secure web and email communication but it's also used in offline applications (electronic signatures etc).

The X.509 public key contains information like: the domain(s) which it is certifying (which must match where it is being used), the validity period of the public key, the issuer and the organization / invidudal who it was generated for etc.

For more info see the X.509 Certificate Wiki page.


TLS/SSL protocols

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are cryptographic protocols that provide communi- cations security over a computer network (commonly referred to as "SSL").

SSL is the defacto standard for web related security.
It is used by a wide range of applications such as web browsers (securing your bank access via https etc), e-mails (encrypting your user & password data while sending & receiving your mail), instant messaging, and voice-over-IP (VoIP) etc.

For more info see the TLS/SSL protocols Wiki page.



RSA is one of the oldest and most well tested Public-Key Cryptosystems which is still in use today (Published in 1977).

A Public-Key Cryptosystems is build up from two halves:
(A) a public-key and (B) a secret key (both containing a large prime number). To successfully decrypt / encrypt data one must have access to both of these halves (which together form the key)

RSA was created by Ron (R)ivest, Adi (S)hamir, and Leonard (A)dleman.

For more info see the RSA Wiki page.



The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

AES is a subset of the Rijndael cipher which can use different key and block sizes. NIST selected three key lengths: 128, 192 and 256 bits, each with a block size of 128 bits.

The Rijndael cipher was developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen.

For more info see the AES Wiki page.



Pretty Good Privacy (PGP) is an encryption solution that provides (A) cryptographic privacy and (B) authentication for data communication. PGP is the defacto standard for signing, encrypting, and decrypting e-mails and other data.

For PGP to be really useful one needs to have some form of a Public Key Infrastructure in place (to receive, send and verify your recipents public-key(s)) + a secure host to store your secret key(s) on.

PGP was created by Phil Zimmermann in 1991.

For more info see the PGP Wiki page.



ZRTP (Zimmermann Real-time Transport Protocol) is a cryptographic key-agreement protocol to (a) negotiate the keys for encryption between two end points and to (b) check for possible man-in-the-middle attacks in a Voice over Internet Protocol (VoIP) applications.

ZRTP was developed by Phil Zimmermann, with help from Bryce Wilcox-O'Hearn, Colin Plumb, Jon Callas and Alan Johnston (Published 2006)

For more info see the ZRTP Wiki page.


    Open source
    End-to-end encryption
    • Via using verified & highend e2e ciphers for our voice, e-mail and our message app, we are preventing any man in the middle or eavesdroppers from listening in on your conversations / private messaging.
    • VPN (Hiding your true IP behind us + Encrypting all network traffic between you and the VPN server)
    • TLS/SSL (2048/4096-bit, X.509 Certificate)
    • PKI
    • ZRTP
    • AES (128/256-bit)
    • Twofish
    • Threefish
    • PGP (4096-bit,RSA-RSA) etc.
    Different hardware vendors
    • Making it as hard as possible to fall victim of bad / backdoored hardware.
    • Rationale: backdooring some major vendors HW may be possible but backdooring all HW vendors is a lot harder...
    • In short: Minimize the "all eggs in one basked" flawed hardware scenario of a easy way in...
    • Via encrypting your HW's root filesystem we protect all of your data from falling into unwanted hands.
    • Unless the user provides the correct root filesystem password upon boot, nothing will start. Your data is safe.
    • Unless the user provides the correct unlock password for a powered-devices, nothing will happen. Your data is safe.
    • Solution is 100% in customers hands.
    • The only servers that our tools are talking back to are your own servers (mail, calendar, RTC etc.)
    • All mobile devices are in your hands.
    • All required servers are kept at your / our site (real HW or cloud). You choose.
      • Own: mail, calendar, RTC and package servers etc which are only accessed via encrypted channels
      • This also means "old school" stealth. No more easy data leakage (or even metadata leakage). Your companies internal data stays internal, since you are no longer using another companies cloud / infrastructure for your companies internal affairs.
    • And via avoiding using third party / commercial "central server solution" like Facebook, Skype, Gmail, Yahoo mail, outlook etc your private data is no longer passing through known entry points in clear-text...
    • This trivially minimizes the "let's just tap-in" surveillance / data leakage scenario on your part.
    • Which make the devices non-standard, hence default exploits + "easy ways in" won't work.
    • Strict IDS, IPS and tripwires rules.
    • Possible breaches will not go unnoticed + will be traced and reported to the corresponding authorities.
    • All apps & packages are generated in air-gapped + clean-room (No network connections)
    • All apps & packages are shipped from read only media
    • Tamper safe: All software packages have a:
      1. sha256 checksum file: a single bit change in a file will be noticed
      2. .gpg signature file: which can only be generated by Zen-mode staff
      3. idempotent builds: All packages can idempotently be recompiled.
        Bit by bit, even by you yourself (recompilable with same end-result). The sha256 checksum of your "home made Tool-X" using our build chain should be identical to ours.
    • Thus making it as hard as possible for non-wanted changes to be included in our SW development chain (backdoor / viruses etc).

    Goal: Zero third party leakage via open source and self-reliance

    • Secure and local mail & calendar servers hosted by you or us
    • Your secure network meeting system @ your company which is completely under your control.
      All that you need is an up-to-date browser. No third party central server are involved.

    Zen-mode's VPN, your companies VPN, Zen-mode's Tor Bridge relay

    We have multiple ways to preserve your IP security & anonymity, all with different good / bad side effects. You can trivially switch between the different network modes depending on your needs.

    A VPN is great way to help secure your network presence but is a VPN all that need to stay secure? No.

    For you to be as safe as possible your whole platform + tool chain should be verifiably safe (think: verified open source solutions). The more closed source or unverifiable tools you have, the more questionable you whole tool chain is. This is why we are Zen-mode only use open source solutions.

    6 alternatives to network Speed, Anonymity and Security:

    Scale:   Worst 0 Medium 2 Best 3

      • Second most anonymous alternative (Our VPN IP will be the "starting point" the normal Tor system), but most secure one.
      • Even if an external could trace your IP throught the Tor network all the way back to your starting point (our VPN), we will not provide any information about who is using our system (multiuser pool host from different companies). We got your back.
      • Second most anonymous alternative (Our Zen-mode Tor Bridge / Node name is included in your Node list), but most secure one (our VPN + our Relay == your safe).
      • Externals can see network activity coming Zen-mode's Tor Bridge relay, but the buss stops there.
      • Even if an external could trace your IP all the way back to our Zen-mode Tor Bridge, we will not provide any information about who is using our system (multiuser pool host from different companies). We got your back.
      • Even if an external could trace your IP throught the Tor network all the way back to your starting point (our VPN), we will not provide any information about who is using our system (multiuser pool host from different companies). We got your back.
      • Fast & secure + VPN level Anonymity
        • Externals can trace you back to Zen-mode's VPN IP space but no further.
        • We will not provide any information about who is using our system.
      • Our VPN network speed should be as fast as your network speed (odds are that your part of getting to our VPN is the speed bottle neck, since we are directly connected to Finland's core network).
      • We have multiple users from different companies behind same IP so externals can only see network activity coming from Zen-mode's VPN.
      • We can setup a VPN at your own company as well.
      • Externals will see that somebody at your company is producing some network activity.
      • Most likely less anonymous than Zen-mode's VPN since we have multi-user-pool from different companies (higher random users entropy), where as your companies private VPN only consists of your own workers...
      • Your comany VPN network speed is the same as your companies network speed (hence the 2.x).
      • Besides making your network activity more anonymous & safe, the VPN technology also makes it possible for you access office tools even from home (printers, office only software-XYZ).
      • Good: Most likely the most anonymous alternative.
        • You entered the Tor network from some-IP and....
        • are you are bouncing from any randomly chosen Tor Nodes...
      • Main weaknesss: Your real IP will be starting point for the normal Tor system. Think: Your ISP/ Mobile operators IP range / Coffee house-X
      PROBLEM / WARNING: If your adversaries have access to:
      • Enough of your randomly chosen Tor nodes, they can figure out your current IP
      • Your ISP operators system / approach them with the right pappers, they can trace your IP directly to you (home / current location).
      • Use Alt. 1-4 == Problem solved. (use our VPN-X solutions)
      • Most likely the fastest network connection but your real IP is visible.
      • No anonymity, you are completely traceable!
      • Direct network access == Your adversaries have you in their sites...
    Finland's non-invasing stateside ICT laws (which help protect both you and us)



To summarize: Zen-mode's got your back
It is better to have clear rather than blind faith.
This is why we at Zen-mode Solutions only use open source solutions. And last but not least...
Base our company in a country that has sane ICT laws.





For more information / price list give us a call or use our Secure Web Contact and we will call you back.

For a quick intro what Zen-mode is all about visit our our Home page.

To watch our solutions come alive, checkout our Products page.

Find your Zen