We live in a complicated world. The rapid advancement of electronics and computerized tools is matched only by our reliance on them. These tools bring with them faster and (in theory) more secure methods of communication. One of the problems I often find when speaking with the average person about protecting one’s privacy is their ability to visualize what it is they’re being told. I wish to attempt to bridge the gap between a complicated topic and you, the reader.
When taking the deep dive into concepts such as communication protocols and cryptography, it can be easy to get confused and lost in the maze of terms and specifications thrown around by others. I find that in order to get your footing on the topic, it is important to take a step back and understand communications in a more abstract way. Once someone can do so, they can make connections which they were not able to previously.
One useful way to accomplish this is considering a similar concept that’s been around that is more tangible. I’m certainly not the first person to propose the idea, but I find the analogy of sending a letter to be fitting. In the “old days”, when you wanted to send someone information, you would do it by sending a physical, paper letter. A letter has a few different parts. It has a message, typically on a piece of paper inside an envelope. It also has the envelope itself. The basic function of the message is to contain information intended for a given recipient. The envelope is mainly intended to shield the letter from eyes other than that recipient, as well as contain some necessary information to allow the letter to arrive safely at its destination.
When the letter is (I keep wanting to say was…) originally sent, it was sealed (so that the envelope couldn’t be opened without it becoming obvious that it had been). It was then handed off to a mail carrier who would take it to one or more sorting facilities or distribution centers, until a carrier closer to the addressee would finally deliver it.
What is important to think about in this example (and it’ll make sense why I’m breaking this down shortly), is that sending data electronically has similar points through its journey where it is out of your control. The difference being that a digital packet of data is transferred so quickly that it can seem more like magic than that it is traveling along a specified route.
This route IS understandable, and I’m going to attempt to explain (again, in abstract terms) how it works. When you send some digital information from a computer or other internet connected device, it is packaged up in different ways depending on the method you send it (SMS, Email, Instant Message, etc). Imagine these differences being comparable to mailing a letter versus mailing a postcard for example. In the example above, it was a mail carrier handling your communication – and here it is servers, local networks, firewalls, and ISPs handling and delivering things down the chain.
Each of these stops along the route is a potential point of interception. When we talk about security, we’re talking about the ability of the “envelope” or communication standard’s encryption methods to properly protect the data being sent. When we talk about privacy, we get into such things as trust – a question to ask yourself when analyzing your data’s security is, “can each point in that route one that can be trusted to relay my data without it being compromised or read by an unintended third party?”
If for example, you are sending someone an email using a public Wi-Fi connection, many of these points of interception are higher risk, because the network is not one in which you are in control. Naturally, things in your control you are more apt to trust. One reason I spend so much time researching and discussing tools like a VPN, is because such a tool can help you to send that letter of yours in a proverbial lockbox. That is to say, the method in which you contain and seal your message is much stronger (in theory) than a potential adversary at any of the points of interception ability to break.
Hopefully this helps visualize something that might otherwise be complicated in a more simple way using an example that by itself is easier to understand. This is one of the reasons I so highly stress company ethics and am quick to distrust a company that is inconsistent with their own terms, or participates in questionable partnerships – if you can’t trust a company to be straightforward with company policies and responsible operation, how can you trust them with the points of interception that you’re placing in their care?
(Note that the purpose of all of this is to explain some basics, but I should mention that of course no one tool for security is perfect, and complete trust should never be put into a tool you rely on for privacy and security. A determined and sophisticated adversary will use many methods to attempt to compromise your communications, but as always, layering your security and being smart are a good start.)