End-to-End Encryption is the Only Real Security

By Kimberlee Morrison 

security

Encryption has become a topic of concern over the last few years. This is partly a result of revelations from Edward Snowden, which exposed the reality of government accessing and storing data we thought was private. The only solution may be end-to-end encryption, but plenty of services are still vulnerable.

Dr. Abe Baggili, assistant professor of computer science at the University of New Haven, identified more than 20 apps that may be storing sensitive data, sending messages and leaving multimedia unencrypted on company servers. This list of apps includes Instagram, OkCupid, Grindr, Kik, Whisper and Vine.

“A lot of these apps don’t encrypt the data, like pictures, text messages or audio,” Baggili told VentureBeat. He added that “these developers are sloppy and don’t take security seriously.”

The research also noted that some of these apps behave in ways that are very unsecured, which may be caused by poor design rather than deliberate oversights.

“One app, TextPlus, takes screenshots and stores them on your phone. If someone gets access to your phone, they can see what messages were sent,” Baggili told VentureBeat.

Creating effective encryption requires deliberate thought — there are lots of services starting from the ground up with good technology and practices. Those that recognize the problems of lax encryption are starting to modernize their systems, as Reddit started to do this week.

“When using HTTPS on Reddit, your connection will be fully encrypted. Anyone watching your connection (such as WiFi hotspot providers) will be unable to see the plain-text contents of what your browser is communicating with Reddit,” according to the company blog. The post also notes that Reddit has been operating for more than nine years without any encryption.

However, this “sitewide encryption” isn’t exactly bulletproof. The post acknowledges that older browsers or third-party apps may not respect the encryption. Emil Protalinski, a technology journalist for The Next Web, points out that users must opt in for this encryption.

Without robust encryption or at least two-step verification, apps and networks will fall behind the pack. As data leaks out or is outright stolen from services thought to be secure, users may reduce their use of those services — or stop using them entirely. Then again, users may be content to find alternative outlets for expressing their clandestine thoughts and desires online.

Advertisement
Advertisement