Why am I writing this?
Firstly, after a lot of data breaches and privacy issues, especially with humongous companies like Facebook, more and more people are beginning to worry about their data. Since we are living in the information age, it is very important to have some basic information security education: to know how your data is handled, measures to protect it and in what ways it could be stolen or misused.
Secondly, in the moments when they feel insecure, people start criticizing companies for handling their data in a bad way. However, sometimes there are just no ways to make it better technically. For example, some users think that people at Apple view their naked photos (it's machine learning) or that Grammarly is a keylogger (it won't work if it wasn't). Such issues should serve as a reminder for us, people who build digital products and services, that we should operate in the most ethical way possible and keep improving the technologies we use to maintain security of our users' data.
How the Internet works
A lot of misunderstanding comes from not realizing how technologies work, what makes them secure and what doesn't. I didn't fully realize it myself just about two months ago — before I built my first web app on Glitch.
Let's look at the process of you using a social network. Specifically, using private messages. From the level that you see it from, it looks like this: you send a message, “Hi!” Your friend receives it, reads it, and types a reply, “Hi there!” Then they hit the Enter button on the keyboard and the message is sent to you. You receive and read it. Simple, right?
Now imagine calling your grandma using a telephone. You pick the phone, dial the number, talk to her, wait while she is talking to you, then hang up when you are done saying how you love her and other cute things. It's done very simply from the technological point of view.
There are not many components in the system, so let's break it down. Firstly, we have two people: you and your grandma. You both have telephones. The telephone is a simple device, it contains only two main components: a microphone and a speaker. Then there is a wire that connects you two and transmits the signal. Also, each of you has a phone number — a unique combination of numbers that belongs to you and to nobody else.
Surprisingly enough, on the inside, internet doesn't look very different. But instead of simply letting two people connect, it creates a huge chain of small calls between them. A lot of tiny workers call each other, ask questions and get responses.
When you hear a programmer is debugging their code, they are actually trying to find the broken telephone and fix it.
When you type a text message, the first call is made between your keyboard and the computer. The keyboard tells the computer what keys you pressed and the computer displays the result on the screen. (Sadly, keyboard doesn't get any responses from the computer. 😥 ) The second call happens when you press the Enter key: a special function collects all the text that you wrote and calls the server. It tells the server who this message is for, and the server proceeds to the next call.
You can think that a server is just as a powerful computer that makes one specific website work. It receives calls from the users' browsers and provides answers to their requests. Usually a response is a webpage that the browser asked to load.
Who does the server call? It calls the database! And asks it to save the message. When the message is saved in the database, finally it's time to call the recipient's browser and tell it a new message. The message is received, the page gets updated and your friend sees what you wrote.
What a journey! The whole process could be broken down into much more calls, but we don't need to get in there for this guide.
Security on the web
Now with the basic understanding and that phone call metaphor let's talk about security and privacy. How do you make sure that nobody sees your message besides you and your friend? Unfortunately, in the current state of technologies, you just can't guarantee that! Yes, there is always a risk involved — just because there are so many intermediaries who call each other, — but there are a lot of ways to minimize it.
First things first, let's understand the risks that may exist in a basic phone call to your grandma. Things may get quite paranoid here.
Dialing the number — first risk. Nobody can guarantee that the buttons on your phone weren't swapped out while you were sleeping, and even if the screen on the phone displays the numbers you dial, nobody can guarantee that they are right. So you may call someone else accidentally.
Second risk: grandma's phone number. Did someone steal her phone number and set it as theirs so when you call her you actually call them? Not likely, but possible. Moving on — you probably called your grandma just fine and now you are talking to her finally.
However, here is the third risk: microphone. Maybe your phone contains a second microphone that sends your voice somewhere else? Or does your phone have a microphone at all? There is a chance that your grandma won't be able to hear you. Obviously, her microphone and speaker are under the same risks too!
That opens the way to another, forth danger: cable. Are you sure that your cable is connected and is transferring your voice? Are you sure it's transferring it to your grandma? Are you sure nobody is sitting in the middle and decoding the signals that you are sending? And are you sure that nobody is connected to your cable too and is talking to your grandmother together with you?
And the last, probably the most underestimated risk: your grandma. There are two general risks associated with her. Are you sure that the person you are talking to is your grandma? How can you prove it? What if it's just a voice-simulating neural network that tricks you into telling you how much you love her? Or even a bigger issue, a problem that all of the security comes down to: do you trust your grandma? The things you tell her will stay with her. Do you know if she discusses the things you talked about with anyone else? Are you sure that she will keep your secrets? Even if all of the previous connections were secure, all of these measures would be in vain just because your grandmother is not a trustworthy interlocutor. (Grandma is not the best example here, better think about the company or an individual who created the product you are using.)