When you upload something to the cloud or use a piece of software, do you ever find yourself wondering, “who else had access to this?” We trust our software providers and assume our precious files are only shared with the people we’ve chosen, but is this always the case? Sadly, it’s not, which is why it’s important to know about “zero knowledge encryption”. Now, before you go deleting all those Vegas photos in your secret folder, keep reading to learn how you can better understand and manage the security of your information.
What is zero knowledge encryption?
A zero-knowledge solution is so private that not even your service provider or customer support agent can access your information. It’s like a personal storage unit that you and only you have the key to open your unit. The owner of the building sees a bunch of locked units and that’s it. They know nothing and will continue to know nothing unless you share information with them directly. If you take one thing from this blog, let it be this: with zero knowledge encryption, private means private.
Zero-knowledge solutions are unique in a world where a lot of applications and software rely on personal data to be profitable. Certain apps make money off user data like age, gender, relationship status, etc., by selling targeted advertising, or worse, personal info to third parties for who knows what.
Let's relate zero knowledge encryption to something we’re all familiar with: an alarm system. You have a secret passcode to disarm a security system, but is it really secret? Let's say you’re suddenly struck with amnesia and can’t recall your secret code, so you call the security company.
If the security company simply tells you the code, they’re not zero knowledge and your secret code isn’t so secret. When this is the case, you’re trusting every employee of the company to not break into your house. On top of that, you’re trusting the security company is protected from cyber threats. The last thing you need is a computer hacker breaking into your house.
If the security company is zero knowledge, they’ll confirm your identity before allowing you to personally and privately reset your code. Your house and its valuables are much safer this way.
Okay, I get it, but I really trust the people that installed my alarm, so who cares whether they’re zero knowledge? I don’t have a lot of valuable stuff anyways...
Data sales and breaches can and have hurt people
So, you don’t think a zero knowledge software solution is all that important? Here are a few spooky stories that might change your mind:
In 2016, 50 million Uber riders and 7 million drivers had their data breached The tale of Uber’s security breach begins with some nasty hackers who accessed names and phone numbers stored on Uber’s AWS servers. They also grabbed 600,000 license plates from drivers. If your information was stolen, you can bet you’d receive an uptick in spam phone calls. With your license plate number, hackers could find out where you live, make false insurance claims, and file police reports to tie you up in paperwork, too. Terrifying.
Slack had a breach in 2015 and allows corporate espionage
In 2015, hackers got into workplace messaging tool, Slack, and accessed their profile database to pull usernames and passwords. While your digital watercooler talk may not be sensitive information, a hack is a hack and the response should be swift. Instead of addressing it immediately, Slack waited until 2019 to prompt users to reset their passwords. That means hackers could have been lurking your messages – and file attachments – for years!
Image Credits: Getty Images
In the wrong hands, your data can be used against you in some very serious ways. So now that you’re sufficiently scared, let’s figure out what we can do about it.
So how can you check your software is zero knowledge?
The landscape around data privacy is shifting. All over the world people are realizing the importance of protecting your personal and work information. It’s for those same reasons we here at Zebu take a strong stance when it comes to protecting your sensitive information, we believe that everyone has the right to keep their work and personal lives secure and private. To stay safe online make sure to:
• Check if the service encrypts using no knowledge • Look out for red flags in their terms of service • If it’s mentioned that they share ownership, copy, access or share with 3rd parties, avoid them • Follow these steps to see what some specific companies (Facebook, Google, Apple) have on you
You don’t have to go ballistic and delete your account on every platform storing data on you. Besides, that might not guarantee they erase your data anyway (a topic for another time). What’s important is that you know what you're sharing and what a company can do with that information. The rest is up to you! Keep it in mind the next time you sign up for something or are looking at software for your business.