Encryption is worthless unless we control the keys

A lot of companies advertise their encryption of data. Encryption is a good practice for privacy and security but it’s worthless sometimes. For example, WhatsApp encrypts messages but it’s worthless as it’s Facebook (WhatsApp’s owner) who creates and manages the keys.

What a secure messenger or any service should do is to let the user create and handle encryption keys. Let me give you another example. Imagine you want to send a letter to a friend and I’m the mail person. You give me your letter and I promise you to hide it. Now, I may hide it from other people but I still have access to it.

Encryption is like that. If you want to hide your letter, you should do it yourself and not trust anyone. As long as other services do the encryption for you or manage your keys, you’re not truly secure and that encryption is worthless.

Published by

Avatar photo

Ali Reza Hayati

Entrepreneur, hacker, cypherpunk.