Trigger warning: authoritarianism, state surveillance, the Holocaust. If you want to avoid these topics, please jump to the last paragraph of this introduction, starting with ‘Enough about the depressing stuff.’ Before we start, I feel like I need to give a bit of background on why I care so deeply about privacy. It’s partly historical. Being Ashkenazi, I learnt from a very young age about the importance of sensitive information, and who you give that information to. My grandfather broke the law by not going to the police station to register himself as a Jew. The Holocaust saw 76,000 Jews deported to death camps from France alone - around 1/4th of the country’s Jewish population at the time. There’s a chance that not being part of the Jewish census saved his life. Lesson: be careful who you give sensitive information to. My grandfather and two of his brothers left Paris in the middle of the war, and took a train south with no plan, no luggage, no contact, and no destination other than, well, heading south. They were helped by strangers and survived. Their mother however, along with two other siblings, had a plan. They had a deal with a smuggler to reach unoccupied France. The smuggler informed the Nazis, and all 3 of them died in deportation. Lesson: each person who has information on you represents an additional chance for it to be leaked. And yes, we can raise the irony of mentioning my Jewish grandpa to warn you against sharing sensitive information online. There, I just did. While this happened in the 1940’s, a data point’s lifespan is drastically different today. It’s possible that you posted something online 10 years ago, and it was fine back then, but 20 years from now you will hope that no one finds it. My message is: the Internet never forgets, cultures change, and retroactive laws exist. People can get screwed over digital data. Let’s take the obvious example: China’s state surveillance has an eye on literally each and every move of its inhabitants, whether physical or digital. The state uses extensive data to allocate social scores, which can have a on Chinese people’s lives, including banning them from purchasing train or plane tickets, providing them with lower Internet speed, and denying them visas and loans. drastic impact China also makes use of this surveillance system , detaining between 1 and 2 million people - the estimates vary - in concentration camps, where prisoners suffer . against its Uyghur population extensively reported torture, brainwashing and forced labour Apart from governmental issues, there’s also the topic of pervasive , championed by Facebook and Google. tracking and ads I’m yet to see the difference between today’s digital advertising and individually-customized mass manipulation. Maybe because there is none. Please try and change my mind if you have any conclusive elements. Enough about the depressing stuff. I’ve explained why your privacy matters, and we’re now about to dive into a few security concepts. I wrote this article with , as he knows much more about these concepts than I do. So here’s my first pro tip for you, unrelated to privacy or security: date people you admire. Now, let’s get into the technical aspects. lp1 CIA The CIA ‘triad’ is a summary of the main concepts of information security. There are 3 aspects regarding information which are targeted by infosec: : the assurance that a piece of information can only be observed by authorized third parties. Confidentiality : the assurance that a piece of information is and stays accurate over time. Integrity : the assurance that a piece of information can be accessed by an authorized user when they need it. Availability Encryption: Server-side vs. Client-side Encryption secures data and aims to maintain its confidentiality and integrity. We differentiate server-side from client-side encryption. Server-side means that only information stored on said server is encrypted. This means that the company has the encryption key, and therefore can access your communication (yes, including your nudes). However, server-side encryption doesn’t apply to the of your communication. The data you share is not necessarily encrypted, only the storage is, which is why you should favour platforms that use . transmission https Client-side – or end-to-end – encryption means that the transmission of your information is encrypted, and that has the key. If you log in from a different device, you won’t be able to see the exchanges. Since the company , they cannot access your messages. As a result, even if they were to store your exchanges, said exchanges would automatically be encrypted. However, this also means that you won’t be able to recover your messages, should you lose the key. only your device does not have the key In the case of a communication service, this means that the nudes you're sending to are encrypted from your device to the company's server, as well as from their server to your trusted partner's device. Without encryption however, anyone on your network can see and tamper with all your communications. By 'tamper with', we mean any kind of modification by an unauthorised third-party. Examples include someone changing your password and email address on a platform to take over your account, deleting your private files on a cloud file storage service, replacing software in your online backups with malware, etc. someone you trust A recent example is the July Twitter hack, during which . hackers managed to read users' messages from Twitter's admin control panel With end-to-end encrypted DMs, no one at Twitter would have been able to access them. Encryption vs. Hashing A distinction has to be made between two important notions: encryption and hashing. Encrypting information means that you turn it into scrambled text which can be decoded with a key. For instance, it's useful to make sure a communication between two peers cannot be read by an unauthorized person. Hashing a piece of data on the other hand means that you turn it into a which into its original readable state. The only way for someone to obtain the original input based on the hashing output, is to try inputs themselves until their output matches. Hashing is not intended as a cypher to decrypt, which is why encryption and hashing serve different purposes and are used in different cases. unique signature cannot be reversed Hashing is noticeably useful to store passwords, because you avoid storing the actual easy-to-steal-and-reuse passwords. Instead, you compare the hashing output that you store to the hashing output of what a user entered while trying to log in. If you get the same hash that you’ve stored, then the password is correct. 100% secure does not exist Flaws and vulnerabilities can always be found. However, the sturdier your tools, the safer you'll be. And contrary to , it is better to be safe than sorry. what A-ha used to sing Free vs. Open source Free and open source software are specific philosophies, based on specific values. Free software specifically refers to the notion of users' freedom, which isn't the case in open-source software. As puts it: the GNU website 'To understand the concept, you should think of “free” as in “free speech,” not as in “free beer”'. There are 4 criteria for software to be free: Freedom 0: The freedom to run the program as you wish, for any purpose. Freedom 1: The freedom to study how the program works, and change it so it does your computing as you wish. This entails having access to the source code. Freedom 2: The freedom to redistribute copies so you can help others. Freedom 3: The freedom to distribute copies of your modified versions to others. On the other hand, open-source software has a , and a different philosophy. You can also see the source code, amongst other things. less strict definition If you want to get into the political aspect of these terminologies, ’s a good explanation. here Credential stuffing attack Credential stuffing is a popular attack whose goal is to automatically test a user’s known credentials on multiple platforms on a large scale. Nowadays, it is widely used by malicious intruders because of the online accessibility of billions of credentials gathered from data leaks ( , , to name some of the biggest). MySpace Dailymotion Dropbox And there you have it, a roundup of the main security concepts. Feel free to reach out to or on Twitter. Part 2 will be available next week, with a list of the privacy and security tools we frequently use and recommend. lp1 me If you’re looking for a UX researcher or UX designer to work in the privacy and security sphere, I’d love to have a chat with you! You can find me or contact me via . on Twitter my website Previously published at https://thistooshallgrow.com/blog/privacy-security-roundup

Dropbox

Facebook

Google

Main Security Concepts and the Importance of Data Privacy

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

The Ultimate Guide to Privacy and Security Tools

5 Ways to Protect Your Cloud Storage

Application Security: A Primer

Crypto Regulations in U.S and Europe: Guide for a Novice Trader

Does The Best Secure Email Really Exist?

Federated Learning, a step closer towards confidential AI

The Ultimate Guide to Privacy and Security Tools

5 Ways to Protect Your Cloud Storage

Application Security: A Primer

Crypto Regulations in U.S and Europe: Guide for a Novice Trader

Does The Best Secure Email Really Exist?

Federated Learning, a step closer towards confidential AI

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps