There are worms under your skin.

I sit here, avoiding my U.S. History assignment, wondering how to actually start writing this post.

Basically, you're being watched. Like all the time.

Everything you do on the internet can be traced and sniffed out. Because of this, we (the human race) have developed security standards and protocols. I'm sure you've heard of HTTPS, right? HTTPS is a secure version of the HTTP protocol. It uses TLS/SSL to encrypt the data you send before reaching the server, where only the server can decrypt the data. This is why you should always use HTTPS when submitting passwords.

But how come only the server can decrypt the data? HTTPS uses something called Public-Key Cryptography, or Asymmetric Cryptography. It is a kind of cryptography that uses 2 different keys (Public and Secret) to encrypt, decrypt, sign, and verify. TLS/SSL is a form of public-key cryptography that was created for the web, but there are many many other standards and algorithms.

For example, since ANYONE can read the emails you send, a standard called Pretty Good Privacy (PGP) was created to encrypt your mail in a PEM-inspired, ASCII-encoded, email-compatible format. People were encouraged to provide their Public Key (used to encrypt mail for that person) on their website or similar publicly accessible page.

You may then encrypt your mail for them using their public key, and optionally sign the message (creating a unique digital signature for this message, only producible using YOUR Secret Key) to prove that you had created the message.

People can use YOUR public key to verify a signed message that you made. Once the email is sent, the recipient can only decrypt the message using their secret key.

Cryptocurrencies use public-key cryptography too. Bitcoin uses the ECDSA algorithm for their keys, and Arweave uses 512-bit RSA keys. Transactions get signed with the secret key to prove that you made the transaction, and get verified against your public key/address by miners/stakers/whatever.

But wait, what is RSA or ECDSA? Why does it matter?

Those are both key algorithms/cryptosystems. RSA functions by manipulating lots of prime numbers (which is why there are varying key-sizes), and ECDSA functions by using an esoteric branch of mathematics based on elliptic curves.

Very hip and swag explanation of how EC and RSA work

All this cryptography is pretty cool and all, but it's a little hard to use. Thats why we have apps like Signal and Matrix. The only information that signal keeps on you is 1. the last time you logged on and 2. when your account was created. Everything else is encrypted.

Matrix is a *decentralized* instant messaging protocol. Rooms have the option to enable encryption, which will obscure messages for anyone that does not have the proper decryption keys. Those keys never get stored on your homeserver. If you join an encrypted room, all previous messages will remain encrypted. Get Matrix.

I've been writing this post over the course of today and my train of thought has somewhat vanished. I've written what I wanted to write, and I suppose that's it. What's the big take-away? Use cryptography. People can and will read your shit, and even if you have "nothing to hide" you don't want to suck big brother's cock. It's just not pleasant to have people watching you.

<= Go back