This is a topic that has been talked about quite a bit, but I think it's an important one to reiterate to our users. Encoding is not Encryption! is a specific subset of encoding where the encoded messages can only be accessed by authorized parties (the ones holding the decryption keys). Encryption is simply a way of representing data in a specific format. For example, we can encode raw binary data using the ASCII format to visually display english text. Encoding In the context of programming, pure encoding schemes offer absolutely no security. Sometimes formats like JWTs or Base64 outputs can confuse entry-level programmers because they appear encrypted... Encoding formats are only useful because they give computers and humans protocols to view and process raw binary data in a meaningful way. They aren't! To illustrate this point, try the following tools to see how easy it is to decode messages that are just encoded (not encrypted): https://jwt.io/ https://www.base64encode.org Obligatory XKCD https://xkcd.com/257/ Story Time At a job where I worked in the past, a developer who was there before me built his own encoding scheme. It would take the raw binary data contained in a message and map specific bytes sequences to certain characters. It was totally made up, and the comment he left on the code was: // Obfuscation technique. Base53 encoding for security While it may confuse an attacker for a couple minutes, this offers more potential bugs in terms of needless complexity than it does security benefits. With free and easy to use encryption libraries available in all major programming languages, there is no excuse to try to bake your own these days. obfuscation ECC, RSA, AES-256, or another secure algorithm should have been used in the situation above. Ironically, it also probably would have taken less time to implement. Security can be hard. However, take the time to use best-practices. It will save you so much time and headaches in the long run. Good luck, and stay safe out there! By Lane Wagner @wagslane Previously published at https://qvault.io/2019/08/14/stop-with-the-obfuscation-encoding-and-encryption-are-not-the-same/