Encryption is one of the most important parts of how the internet works. Technology is responsible for ensuring that what is sent from a point of origin reaches its destination without being intercepted in the middle of the way in an easily understandable way by figures such as cybercriminals, for example.
In a nutshell, encryption is a technology that allows you to encrypt information so that the parties directly involved in the traffic can decipher it. In practice, the text becomes a code that, in theory, makes interpretation difficult for those who have no direct involvement in communication.
This guarantee is made by means of “keys”, which are virtual codes that serve to create this understanding between the parties involved in the communication. Whoever has the keys can “unlock” the messages; for those who don't have them, a simple “hello” can turn into something like “# U * 1AUXhxo & aA @ * P287xa9z8 (XÇS; \ ç”, for example.
Not all encryption is the same
If so many things can be done over the internet today, it is only due to the existence of encryption. It guarantees that you can enter your credit card number on a website and ensure that if someone is connected to the same network as you, that person will not be able to decipher your bank information and commit countless illegal acts. It is a way for only you and whoever gets paid to know your credit card number.
However, not all encryptions are created equal. And this is very evident when we are talking about messaging apps, especially at this time when the whole world is looking at the WhatsApp, the most popular app, and its worrying relationship with Facebook, known for basing its entire business model on collecting as much data about people as possible.
WhatsApp is based on a cryptography model known as “end-to-end” or, in good Portuguese, “from end to end”. What this means is that the messages are encrypted on the typing user's cell phone and go all the way through the WhatsApp server without being decrypted. Only when they reach their destination do they return to their original state, allowing the other part of the conversation to read the text, listen to the audio or watch the video.
This encryption model is considered ideal for communication applications in terms of security. That's because he, at least in theory, guarantees that not even the company can open the messages to read them improperly. No malicious employee can intercept user photos, for example, because the virtual keys mentioned above exist only on the sender's and recipient's device.
However, it is not always chosen by applications, for a number of reasons. With concern for WhatsApp, people have turned to two main competitors, who have different ideas about cryptography: Telegram and Signal.
Telegram or Signal?
Telegram always appears in the news when WhatsApp experiences a problem. It is the number one alternative to the Facebook application and it sells as the most secure option, with encryption ... but is it really?
It is important to understand that not all communication that circulates through Telegram is actually protected by end-to-end encryption. The company reserves this type of encryption for an application-specific mode, with the feature of secret conversations. When the app is in this mode, messages cannot be accessed on any other device connected to the Telegram account. That is, if you use the same account on your cell phone and computer, it makes no difference: secret messages can only be read by your smartphone.
This means that the rest of the Telegram communication receives another type of encryption, the client-server type. This means that the conversation does not travel completely encrypted to its destination, which is the recipient's device; they leave protected from the sending device, but are decrypted when they arrive at the Telegram server and encrypted again before leaving the server until reaching the end point of the message.
The company has reason to implement encryption in this way. The main one is precisely the diversity of devices on which the user can register his account to use Telegram on the PC, mobile phone, tablet and other devices. As these conversations are synchronized on a cloud server so that they can be accessed on any connected device, encryption is not that simple, but according to Telegram the files are still encrypted in another way while in the cloud. Services that rely on end-to-end encryption store content exclusively on users' devices, not on servers.
In practice, this means that there is a point in the entire trajectory of messages where they lose encryption and become vulnerable, which leaves room for mistrust about how this information is handled, whether it can be intercepted by a malicious employee or a hacker. that somehow gains access to the Telegram servers. The keys mentioned above are in the hands of the application, opening the possibility of misuse. The only way to ensure message security is by using the app's secret chat, which does not maintain cloud backups.
And at this point we come to Signal. The application is considered as the solution for those looking for encryption and security in the traffic of their messages. WhatsApp and Signal use the same encryption protocol, called the Signal Protocol, developed by the app's creator, Matthew Rosenfeld, also known as Moxie Marlinspike.
The protocol ensures that messages cannot be played during traffic between their point of origin and their destination, but it also imposes some functionality restrictions, such as the inability to use a Signal account on multiple devices and a cloud backup.
Worth it? It is up to the user. For many, Telegram can be sufficient in terms of encryption, especially if privacy is not a priority. For those who are more concerned with the security of messages, the Signal protocol offers more guarantees that the content will not be improperly accessed by anyone in the way. The alternative of using Telegram's own secret chats is also a useful solution for those concerned with security.