Blog

Encryption: Why Encoding Information is Needed to Protect Your Data

GDPR news
Internet privacy is becoming more of a concern to both companies and individuals alike. Privacy advocates got started early this year, kicking off 2021 with concerns over a recent WhatsApp announcement in January stating that its next update would include sharing users’ personal information with Facebook. Headlines talked about privacy concerns and lack of encryption and many users flocked to other apps that supposedly offer better privacy.
While most people are aware that their privacy might be in danger when on the internet, the truth is, however, that many don’t fully understand what the word encryption even means, how it works, and why it is an important factor in maintaining the privacy so many people and businesses want and require. 
There’s no need to worry. We’ll dive into these aspects in hopes of shedding light on the confusing world of encryption.
At its core, encryption is a method of securing people’s private details. It takes information, known as plaintext, and converts it into ciphertext. Ciphertext is all but impossible to crack, unless you have the “key” to decode it. Encryption is one way companies help keep passwords secure and in the case of messaging, end-to-end encryption keeps the contents of your private conversations unreadable by anyone other than the intended recipient.
What is the difference between end-to-end encryption and regular encryption?
For starters, regular encryption takes place on the internet itself. While individuals might not be able to interfere or read the website traffic, major websites, such as Amazon and Google, accrue vast amounts of information from their users. That specific data can be shared and viewed within the company, including insights into consumers’ shopping carts and wishlists, making it extremely valuable to the brand collecting the information. 
Some of the data that is being saved is to help the site function properly, like relating information of the size and color of a shirt to a specific consumer’s shopping cart. This data is also typically encrypted to keep outside influences from the personal user data collected by these websites. 
However, encryption on messaging apps is an entirely different game. When using these apps, most users will see “end-to-end encryption” referenced somewhere on the application or in the terms and service agreement. Messaging apps are not looking to share users’ personal information with the rest of the world. Instead, they hope to provide a service where two or more people can communicate privately with one another. End-to-end encryption means that not even the company that produces the app will have access to messages on the platform.
People using encrypted messaging apps don’t want their information going to those tech giants––especially if the information obtained is through messages users believe they are sending in confidence. These applications aim to provide users with a feeling of security, but recently that feeling of security has been compromised.
Without end-to-end encryption, messaging apps would be able to obtain your messages, read and document them, before sending them to the original recipient. Theoretically, this means that the app has unlimited access to messages and conversations between users and could be used for a variety of things, including ad targeting. End-to-end encryption ensures that no third party has access to messages sent between users. 
So when does a website need your information?
There are many reasons why a social network or website would want to keep user information. For example, advertisers use data accrued by different users to help create ads that are personalized and relevant for a specific consumer. 
Social media sites also need to see everything being transferred on the website by individual users. The content users share is constantly stored on Facebook’s, Twitter’s, and Instagram’s servers, as the site has to be able to read the content and publish it to specific followers and on specific timelines.
Messaging apps also need to save and share some of the user's data. The intermediary has to be able to decipher data from the users to be able to perform the tasks at hand, like sending and receiving messages––so the apps will use standard encryption to obtain metadata of the message itself. The metadata is not the personal message in full, but sender/receiver information, what form of message is being sent, etc. The media and texts are encrypted between the senders, and the intermediary is not able to read or see them.
Where is this data going and who can access it?
More than likely, no one is going to go through all of your text messages or phone calls. Unless someone is being tried for a crime, personal messages are of little importance to most people. Most companies are not in the business of utilizing personal data for predatory reasons.
But cyberattacks do happen every day. If an app stores a lot of user data and that app is breached, all of the user's information could eventually be leaked or exploited. Some of the leaks over the past handful of years are a prime example of this. UnderArmor-owned fitness app MyFitnessPal was among the massive information dump of 16 compromised sites that saw some 617 million customers' accounts leaked and offered for sale on Dream Market. MyFitnessPal acknowledged the breach and advised customers to change their passwords, but did not provide details on how many users were affected, or how hackers gained access to the information. 
Companies are putting more effort into keeping their databases secure and only storing necessary data, so if an attack happens, there is less information for the hacker to obtain.
When an app is using end-to-end encryption, the company cannot read the messages, let alone the hacker. It's not that the messages are not necessarily stored on the servers but that the content of the messages is E2EE encrypted, and therefore even if it is stolen/read it is useless because it cannot be decrypted. A hacker would be able to access users’ names, birthdates, email addresses, and more if that is stored on the server, but if the end-to-end encryption is working correctly, actual private messages are not obtainable. 
How can users know if the company is secure?
Most social media and messaging companies have a security and privacy section on their websites so readers can understand their privacy policy. They will, however, not go as far as to reveal cybersecurity measures within the infrastructure of the app to the public. This is because revealing that information could give potential hackers a way to get through the company's security controls.
Typically, companies make an effort to let users know what features or services utilize end-to-end encryption or additional security measures. If the app doesn’t specify clearly that it has these security measures in place, users should be wary of what information they are choosing to put into the channel.
At the end of the day, end-to-end encryption is a great thing and something many users should demand when dealing with something personal like conversations between family, friends, and business associates. Hopefully, this quick guide helps shed some light on what encryption means and gives you the tools needed to understand what it means when an app boasts its security features.