Privacy Solutions For The Web

Private Transactions may be the single most significant technology of this century. The world's experiences with encryption and codebreaking, especially during wars, have pushed development of this field to heights that everyone on the internet is now enjoying. With newer cyphers that set technological barriers to codebreaking, privacy is becoming commonplace.

Why Privacy? Adolf Hitler would be able to explain quite thoroughly why privacy is essential. The third riech was taken down in World War II because their encryption was broken. Privacy is important for those times when people are interested in eavesdropping. It's also important even if you think nobody wants to eavesdrop. Why? So that encrypted connections are considered routine. By hiding all information, an attacker has less information about that data you really need to be hidden.

Real World Encryption: The classic example of the Internet is product sales. How is privacy attained? Three steps:

1. Private Browser/Server connection: The fact that Joe Blow ordered three widgets is hidden. Joe's credit card number is hidden.

2. On-Disk Transaction Encryption: By encrypting transaction information, it becomes decodeable only by those who need access.

3. Encrypted Email: With email encryption, you can deliver private notification messages without user's immediate involvement.

Encrypted Communication: Standards such as RSA (a general encryption technology), SSL (encryption most often used for secure web browsers), and PGP (often used for email privacy), share the same basic ideas of creating a cypher that's many many times easier to create than it is to hack. They all provide in different ways for the idea of encrypted communication.

Different Needs, Different Solutions: Any web hosting provider can deliver SSL to its hosting customers and to their web visitors. However, SSL does not always guarantee privacy from end to end of a business transaction. Other encryption technologies have their place for ensuring that unauthorized parties will be unable to pry into private information.

Transport-layer Security: SSL web servers are a key part of every web hosting solution. This layer of encryption prevents a wiretap at the phone company from listening in on the web connection your visitor makes with your web site. It also prevents AOL and other ISP's from being able to observing the transaction information and credit card numbers that are transmitted through secure web connections.

Hack-proof Data Storage: When information from a business transaction is stored on a server, it is often stored in clear text. But if transaction information is encrypted, then an attacker who gains physical access may have nothing more useful than they had when they started. Instead of seeing huge lists of credit card numbers, such an attacker would see huge lists of apparent garbage.

Different sets of information may be encoded with different keys for different purposes. For instance, Order Status information may be encrypted with the Order Processing key. Addressing information could be encrypted for the Shipping Department or fulfillment house, and a copy of everything could be encrypted with a set of Backup Transaction keys. This provides information within your organization on a need-to-know basis. Updated order status can be encrypted to the customer's key, and emailed to her. She'll love surprising him when the package shows up!

Transport-layer Security Revisited: SSL can be useful not just for your clients visiting your web site, but also for you visiting your own web site. By hiding administrative information from prying eyes, you minimize the knowledge provided to the theoretical eavesdropper. Any new order status information can be transmitted with an SSL connection, for instance. And web-based email can now be safe from prying eyes as well.

Encryption Wrapup: By encrypting information, you're doing the electronic due diligence of ensuring that your business information is not available except according to your design.

In the next section, we discuss the idea of Authenticity. Paired with encryption, or detached from it, it helps you prove the origin and integrity of a piece of information.