Encryption Differences
There is a massive misconception about encryption, and different uses for it. People seem to think that ‘End-to-End’ Encryption means everything is private. This is true for traffic, but not true for the servers using it. End-to-end encryption just means data is encrypted between you and a server. Whoever owns the servers for tech networks can see everything in the plain and store what they want.
Bruce Schneier has done public talks about this for the past 20 years. He clearly states that you have to trust the Companies you use, with your data. We all trust certain Companies with our data. Companies who are shown to not care about data, or have been previously shown to sell data for political corruption (i.e. Facebook, now known as Meta), or just to make money from selling, should never be trusted with your data. That is how I see it. This is not paranoia, it is called knowledge of how systems work, and using your best judgement from what you know. The problem is; most people do not even know how Computers work, let alone how networking and encryption works.
Differences Between End-to-End and Peer-to-Peer Encryption
There is a distinct difference between end-to-end and device-to-device encryption. The only way you get ‘Private’ communications, as in only you and the sender see the data, is by 1) Running your own servers for said services (such as email) with end-to-end encryption or 2) by using device-to-device encryption (phone to phone, computer to computer): This means device to device encryption with no central server.
Companies still use centralized systems that are private to them. Many Companies run their own domain server for VPN and local network. admins of these types of system can read all users emails; which is fair enough in a work setting where you are representing said Company.
If you have a basic knowledge of networking you can check if communications are peer-to-peer or end-to-end (going through a server), by using network stats tools and hardware switches, routers or firewalls. This is because all connections IP data are still viewable by administrators within Companies. Most big Companies have internal AI and human network monitoring this way to track suspicious outgoing and incoming connections (IP data is extremely valuable to network Security within any organisation, as stated in my last post).
When the internet first started there were very few centralized systems. Centralized networks mainly came to being a bigger thing when billionaires (and enemy communications agencies) saw that they could use the internet to control people by buying out social networks (or force bribing) that held centralized data, and had a big chance to spread disinformation. Rupert Murdoch purchased MySpace because of this kind of thinking (the guy who owns 90% of right wing propaganda in the west). We see this today with Elon Musk buying out Twitter, people are now leaving the site in their millions. I am not saying all centralized systems are bad, because they are not, there are great security systems with centralized data, but with anything; if you have bad actors you have people using these systems for bad, or for just making as much as they can from selling private data. Most of the bad on these systems is used for Politics or global disinformation.
Another misconception that I constantly see (within tech communities) is; “you can’t block that domain because…”, you CAN block anything you want to block on your devices or network, they are your private devices.
Scripts that are editable in the Browser
No scripting that can be edited by the user (such as JavaScript) should be used for anything other than styling, api data (that is allowed to be viewed on said page), or media importing. This is something we are seeing a lot from big tech Companies, they are pushing out client side scripts to take stress off of their servers then complaining that people are editing the scripts. The web browser is just that; a browner. A request is sent and a server sends page data back, users can edit anything shown in the browser (and they should) browsers were designed this way purposely to be able to block viruses, malware etc.
The joy of being in tech: you get blamed for everything that goes wrong, even if it is user error and spend a lot of time explaining simple tech concepts to people who think they already know everything. I have had many discussions with people online communities who claim to work in Tech but can not figure out basics. If you want to learn things in a specific field you read books by leading experts within said field.
Posted: January 20th, 2024 under Security.