The last decade has witnessed one of the greatest global personal privacy takedowns, proving personal data to be one of the largest parts of the world’s economy. Our interests, likes, dislikes, medical information, etc., are an open book for businesses around the world, given away by tech giants and their advertisers. This has created insecure channels of communication which are subject to great vulnerabilities.
The responses to data protection have been immediate too. Many data protection regulations have been enforced, and more laws are expected to be enacted in the near future. However, with an increased user awareness, internet users all across the globe are being more vocal regarding privacy issues. In this light, a shift in perspective has been brought about: What if the main issue is not data protection but rather data collection?
Data/information protection goes back to ancient times; cryptography was back then concerned with protecting messages only. Nowadays, information integrity, authentication, and confidentiality are among the regular checking concerns. All this is done with the purpose of ensuring that data is not compromised by those who monitor private communications.
The very first system known to use a coding parameter called the encryption key is the Caesar cipher, named after Julius Caesar, who used it to convey and protect messages of military significance. It is a simple method of encryption technique, in which each letter of the plaintext is replaced by a letter rotated left or right by some number of positions down the alphabet. For example with a shift of 2, A would be replaced by C, C would become E, and so on.
From the ancient world to the 90s Engima of Arthur Scherbius, used for encoding secret messages by Nazi Germany, to one-time pad, an encryption technique that cannot be cracked, but requires using a one-time preshared key the same size as, or longer than, the message being sent. In this technique, a plaintext is paired with a random secret key, who was used for encoding secret messages by Nazi officials; ever since, different initiatives paved the way to new means of coding.
As data becomes more and more digitalized, and more information is being shared online, data privacy is becoming more significant. Organizations all over the world leverage user data to strengthen their position in the market and increase their revenues. It is, at the end of the day, a data-driven economy, made possible through marketing. This has emerged the need for a more secure online environment, made partly possible by E2EE – end-to-end encryption. In E2EE, data is encrypted by the sender, and only the communicating users can read the messages.
Public Key Infrastructure (PKI)
In order to ensure a secure and trusted environment in the evolving business models that are becoming more dependent on electronic transactions and digital documents, PKIs are no longer isolated to email security; they are instead supporting a larger number of applications and complex ecosystems. In addition to ensuring compliance with regulations on data protection, organizations are becoming more reliant on PKI as a tool which guarantees, first and foremost, trust.
The Public Key Infrastructure (PKI) is the foundation that enables the use of technologies and authenticating users and devices in the digital world. The most distinctive feature of PKIs is the usage of a pair of keys to ensure the underlying security service. By using the principles of asymmetric and symmetric cryptography as well as digital certificates that facilitate the verification of identities between users in a transaction, PKIs ease the establishment of secure exchange of data between users and devices.
As the call for data privacy laws will grow louder and privacy will become a differentiator in every business industry, some companies have already taken a proactive approach towards data privacy. Signal, for instance, is a messaging application which uses end-to-end encryption to keep conversations secure. Unlike WhatsApp and Facebook Messenger, that still collect some of your data for advertising purposes, regardless of having end-to-end encryption messaging, Signal does not allow advertisers, and more importantly, the government, to access your messages.
Applications like Signal have become a go-to tool for many who want privacy of their communications. End-to-end encryption has become an important feature when choosing a messaging or mailing service.
Your messages and calls can be read and listened by only you and the receiver of the message. No one else! Strong end-to-end encryption and no user records – this means, no log of your calls. End-to-end encryption ensures that there is no chance of a “man in the middle” attack.
In addition, there are verification methods available for ensuring that you are communicating with the right person. “Disappearing Messages” tap is another feature that enables for messages to be deleted as soon as they are received and read, with no way to get them back. This app has become the app of choice of the European Commission and its staff too. It is considered to be one of the most secure apps available. It is open source (experts have had the chance to test the app and make sure it is as secure as it seems), it does not build a contact list within its own systems and does not have to store contact data on its servers. It is compatible with the majority of devices around the world (Android, iOS, and desktop computers). Even Edward Snowden uses it (there must be something to it).
User experience is built upon three needs: privacy, security, and accessibility. Another advanced data protection tool that has proved a user-driven emailing experience/ services is ProtonMail. Messages stored on ProtonMail servers are in encrypted format. They are also encrypted when in transition from servers and user devices. The data is not accessible to the service provider, meaning that ProtonMail has a zero architecture where data is encrypted from the client side using an encryption key, without the possibility to decrypt your messages or hand them to third parties – privacy, in this case, is mathematically ensured.
As a result, data recovery is not an option. If you forget your password, there is no possibility of data recovery. Furthermore, ProtonMail is open source, which allows for security researchers to review its source code and make sure that the encryption algorithms used ensure the highest protection. However, a must-know factor is that ProtonMail is end-to-end encrypted only if both parties are using ProtonMail (not, for instance, Gmail, Outlook).
Another useful feature is the expiry one, which gives the user the opportunity to set how long an email can be visible to the recipient.
Tor is a free and open-source software which is designed to prevent people, including government agencies and corporations, to learn your location or tracking your browsing habits. Based on the research conducted, it offers a technology that bounces internet users’ and websites’ traffic via “relays” run by thousands of volunteers around the world, making it extremely difficult for anyone to identify the source of the information or the location of the user. Due to those relays, Tor has the disadvantage of being slower.
The videoconferencing company Zoom saw its star rise during the COVID-19 pandemic outbreak. As working from home became the new normal for most of the people worldwide, Zoom was the tool of choice for video meetings and conferences. However, it recently was found that there were security issues and privacy at stake: Zoom had itself access on unencrypted video and audio from meetings, giving them the technical ability to “spy” on private video meetings.
This scandal has increased the need for promoting a good security culture through open-source security communities. Open source promotes digital literacy in technological and non-technological communities. Since the open-source codes are transparent, there is a possibility for experts, developers, and contributors to find bugs or vulnerabilities in the software. However, relying on the community for security is never enough; security must be taken into account at the beginning (design stage) and tested continuously.
With these developments one might think that privacy concerns are finally coming to an end, and digital freedom is ours. This is unfortunately untrue; however, a clearer path to building better privacy, improved online experience, and a safer virtual world have started to be seen on the horizon.
As nothing is guaranteed in life except death and taxes, we are still empowered to decide what information we share with others, what software applications we decide to use, what makes a difference and what does not.