./ notes.txt / secret messages

june 3, 2019 | 4 min read

have you wondered how your private messages are sent on the internet?

encryption is how messages are secured using a key and math.

keys

in most cases, a key is a giant number.
a number big enough,
comparing to hiding a grain of sand at the beach.
after looking for millions of years, there would still be a >99.999% chance you still wouldn't have found it

this key is only known to you and the other party

encrypting

next, your messages are sealed with that key
by using a math equation that is easy to do in one direction, but nearly impossible to do in reverse

http

sometimes, there's no key used.
in that case, messages could be read by others
if you ever notice a website has http:// at the top (instead of https://), it's possible others could see that message while it's being sent


robots

most websites and apps: banks, messaging apps, Netflix, are encrypting your communication

on the other side, a robot (the website or server) unlocks your message and deals with it accordingly.
e.g. on YouTube, the robot reads your search query and sends you back some videos

peeking

when sending a private message,
the robot forwards your message along to the recipient. but the robot could take a peek at your message.

some robots will pass the message along, not opening it.
some robots might scan the message to make sure it's not spam.

but, an opened message could also be stored insecurely without encryption,
or read & copied by spying parties

end-to-end

another method is called end-to-end encryption

with this, only you and the final message recipient have the key,
to the robots eyes, it's passing along random numbers between two people


apps

many messaging apps are not end-to-end encrypted by default,
and instead could be reading your messages for ads targeting, enforcement of rules/laws, or otherwise

here's what I could find among the top messaging apps
where an app has different messaging modes with different encryption, I've specified
top messaging apps (2019) encryption:

+ end-to-end encrypted:
= client-server encrypted
- unencrypted
with the exception of SMS text messages, all popular messaging apps uses some form of encryption

client-server encryption is when a message may be opened by the server
while end-to-end encryption, if done properly, ensures that can't be done

why

modern technology gives us a perfect tool to whisper to someone else
so why doesn't every app use end-to-end encryption?

there are a handful of convenient features which may require some knowledge of your messages:
depending on the app, trading perfect secrecy for these features may be worth the trade off
however, messaging is a relatively simple concept, and differences in features are minor between apps.

take a moment to think about your choice