Monday, April 28, 2014

Why the Internet Needs Encryption

The internet was designed to feel like a point to point communication system so when you sign on to Facebook, it feels like you and Facebook are the only two engaged in the conversation.

Because of this encryption on the internet is often a hard topic to discuss with people. It sounds like you're telling them to whisper while talking to someone one on one in their living room.



Think about the internet like Twitter: anything you say can be read by (almost) anyone who's interested. For some things this is fine like when you open up google.com. Everyone gets the same page, so you don't really care if someone reads your message. But when you open up your email you would prefer that not everyone in the world would be able to read the information you're sending on the internet.

Similarly, if you're posting some messages on twitter you don't care if everyone can read them (I.E. "I love Mickey Mouse!" "The weather is great!" "Just ate breakfast" you know, the valuable things we put on twitter).

But other messages you would want to be private. If you wanted to say, "Bob, I'll meet you at Apple bees at 3" you and Bob could agree on a way code the information, say taking the first letter of each word and placing it at the end of the word (this would be a private encryption key). So your message becomes, "obB, 'llI eetm ouy ta ppleA eesb ta 3". Now when you post your message, even though anyone can see the information most of the internet won't understand the content, but Bob can use the pattern to figure out the message and meet you on time.

This is also why the fact that Heartbleed could've leaked private encryption keys. Without the key, decoding the message would be pretty difficult ("Hmm....perhaps I have to read it backwards? '3 at bsee aelpp at yuo mtee Ill' Bbo'? Nope. Maybe I have to add an 'R' to the beginning of every word? 'RobB, R'llI Reetm Rouy Rta RppleA Reesb Rta R3'? Nope, that doesn't make sense either. I give up!" - ok, not that difficult, but you get the picture). With the encryption key, anyone on the internet can just say, "Oh, I take the last letter in the word and move it to the front, and obviously he's meeting Bob at Apple Bees at 3."

So...encryption is a good idea, and you should keep how your encrypted stuff secret.