In an opinion piece “Is Encryption Here To Stay,” one major news outlet expressed quite an optimistic view of the state of encryption in today’s digital world.

“Before we know it, everything will be encrypted. It mostly already is.”

The piece mentions a number of encrypted services, naming Dropbox, Telegram, BBM as some of the benchmark examples of encrypted services alongside Apple’s unrivaled iOS. In the meantime, the FBI have hacked into Apple’s encryption. What the FBI know now, the hackers know tomorrow, or all the other way around.

False Sense of Security

As governments push for backdoors in encryption, people and businesses are moving towards services that offer military-grade encryption and zero-knowledge policy.

At the same time, the mainstream media push the same old services and apps that miraculously turned on encryption as a sucker punch against government’s surveillance and the hackers.

“Before we know it, everything will be encrypted. It mostly already is.”

Except for, it’s not. There is nothing worse than no encryption, but for a poor encryption, or good encryption with backdoors, or good encryption offered by the wrong service provider that holds the keys. A pitch like that of TechRadar’s may instill a false sense of security among the users of Dropbox, or iOS for that matter. Whereas they should not feel safe entrusting their private data to services that have been caught in bed with the surveillance agencies just three years ago.

Now, all they do is try to hush that annoying buzz that questioned their practices when the details of PRISM became public after Snowden’s disclosures.

Whitewashing The Past

In a Conversation on Privacy, Glenn Greenwald mentioned the FBI vs Apple case, and urged the audience to not fall for the false pitch. It’s not about Apple having a strong stance on user privacy. It’s about a corporation losing profit, and trying to maintain the customer loyalty. Apple did and does provide the law enforcement with the private data of its customers. The public riff-raff was mostly PR. The said iPhone got hacked by the FBI.

The WhatsApp encryption — PR. Dropbox encryption — PR. Guess why? Because the provider has the keys. Because the provider keeps the metadata. Because the software is closed-source, proprietary. Nobody knows if the backdoors are there. Praise Moxie Marlinspike as you will, but he might not be aware of what Facebook does behind the closed doors, nor is he responsible for it.

Yes, Everyone Wants Privacy and Encryption

There are many points that article gets right. The one about corporate data and how poor or no encryption affects the businesses alongside nationwide critical infrastructures. Not to mention the smart cities infrastructures. Corporate data without encryption leaves all the secrets up for the grabs of hackers, competitors, foreign spy agencies. Companies and their clients suffer the consequences.

Yet, governments try to mandate tech companies should build in backdoors for the surveillance agencies to have the access whenever they need. No, it does not work that way. A backdoor is a backdoor, and anyone knowing about it will try to break in. Many will succeed. Hackers are getting more organized and sophisticated. Business is merely trying to catch up with the changed digital landscape that looks more like war trenches.

General users are trying to catch up. They are becoming increasingly aware of the poor attitude of tech giants to their privacy. Even if it’s impossible to move all your communications to secure, encrypted services, it is possible to diversify your communication channels. And that’s what is happening now. The subject is mostly ostracized in the mainstream media, or Google search results. Tech giants do their share of work to hush the conversation on privacy. Users do their share by applying self-censorship to stay below the surveillance radar.

Doing Privacy — Question Everything

It does not mean that the increasing number of users and businesses all lover the world aren’t talking about privacy. It does not mean businesses and users aren’t DOING privacy. FortKnoxster became a reality because there is a huge demand for a secure, encrypted collaboration platform.

Users, as much as businesses, learn how to distinguish propaganda and false dichotomy (encryption endangers national security) from a serious conversation on privacy, or encryption. Such conversations almost always touch on how the media manipulate the facts to distract, misinform or fool the audience.

It’s no longer enough to say “we provide end-to-end encryption.” People want to know where your servers are, and laws of which country apply to you. They want to know if you hold their encryption keys. They want to be sure a provider’s employees won’t be able to read their private emails.

In a recent study, egnyte.com surveyed 2000 IT professionals only in the UK. 42% admitted they have never been trained in data protection. 10% admitted to sharing confidential client data with people outside their company, while another 10% admitted to working on confidential company files whilst connected to public Wi-Fi. It’s human nature, and no wonder users are turning to zero-knowledge providers.

How About Zero-knowledge?

The IT professionals shared the insight on conditions of anonymity, of course, but human factor has always been a problem in cybersecurity. The only solution to the question of trust to service providers right now is the zero-knowledge policy. How many tech giants operate on a zero-knowledge policy? How many of them are ready to give up the profiling and reselling of personal data business?

Doing Privacy vs Talking Privacy

More important than zero-knowledge, however, is the end-to-end encryption done right. No waffling about it, but doing it — by making your code open-source, by not keeping encryption keys, by keeping your servers away from the Orwellian states, by publishing warrant canaries. It’s not just about turning on encryption, it’s about making it work to protect the customer.

Companies turn on encryption for their products and waive it as a flag from the pages of the most prominent news outlets, “we have a strong stance on user privacy.” And that’s what Tech Radar’s article is trying to do. Mix in a couple of legitimate arguments, and add a couple of false ones. An unsuspecting reader accepts it all as true. Manipulation by media at its best. Re-visit “Wag the Dog” (1997).

Where names like Dropbox or FaceTime stand in line with privacy and encryption, we should know a falsehood is being enforced upon the reader.

“Before we know it, everything will be encrypted. It mostly already is.”

No, it’s not. Saying it is, is turning a blind eye to the problem of healthcare providers neglecting cybersecurity. It’s ignoring Google reading users’ emails and web searches. It’s ignoring Windows 10 blatant anti-privacy practices. It’s ignoring social networks mining user data. It’s ignoring advertisers, audio beacons, IoT and the whole Internet business model built on surveillance.

Please also join our Telegram group and visit our Facebook page and Twitter page for more inspiration.