Encryption protects data that travels on the Internet from eavesdroppers or attackers.
After reading this article you will be able to:
Related Content
Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!
Copy article link
Data privacy is the ability to control who can see your personal information. On the Internet, encryption is what makes data privacy possible. Without encryption, Internet browsing information is potentially shared with third parties as information passes between networks. What's more, users do not have the chance to agree to this information sharing.
With encryption, Internet browsing information is only shared between those who have the encryption key. The only two parties who should have access to the key are the user (or actually the user's device) and the website they are visiting. What the website does with the user's browsing information is a separate and important privacy question, but encryption still protects data "in transit" — as it crosses the Internet from users to websites and back.
As users browse the Internet, their devices send requests out to various web servers, and those web servers send responses in reply. Both requests and responses travel across several different networks, all of which can view the contents of the requests and responses unless the data within is encrypted. In the course of their normal activities, users regularly share personal and sensitive information on the Internet, often without realizing it, making encryption all the more important.
Encryption conceals data by scrambling it, so that anyone who tries to view it sees only random information. Encrypted data can only be unscrambled through the process of decryption.
Encryption is essential for protecting users' online activities. People are able to go online to shop, look up ailments, and search for a life partner because encryption prevents an eavesdropper from seeing what they are doing.
Encryption works by using a key: a string of characters used within an encryption algorithm for altering data so that it appears random. Like a physical key, an encryption key locks (encrypts) data so that only the right key can unlock (decrypt) it.
To understand how encryption enables privacy, consider this example. Suppose Alice and Bob are in class together and Alice wants to pass a note to Bob. However, Chuck sits in between Alice and Bob, and she wants to keep her message private from Chuck. Fortunately, she and Bob have worked out a system for sending secret messages by replacing letters in the following way:
A=Z B=A C=B D=C
And so on. In this case, the key is "1" and the encryption algorithm is "letter - 1": each letter is moved back one position to the previous letter in the alphabet. By using this system, Alice's message of "HELLO BOB" is changed to "GDKKN ANA." All Chuck can see as he passes Alice's note from her to Bob is this nonsense combination of letters. Bob, however, knows the key Alice has used, knows to move each letter one position forward, and is able to change the message back to "HELLO BOB."
In this scenario, Alice encrypted her message to Bob, and Bob was able to decrypt and read it. This kept Alice's message private from Chuck.
Alice used a very simple encryption cipher, but modern-day encryption algorithms are much more complex. Today's encryption methods are able to stand up to intensive analysis by those who wish to decode messages. This prevents intermediary networks, Internet service providers, and any potential snoopers from being able to read requests and responses on the Internet.
In addition, many modern-day encryption methods rely on using two keys instead of one, a technique called "public key encryption." Learn more about public key encryption.
The Internet, as originally constructed, allowed anyone to see the traffic passing through networks in plaintext. Over the last several decades, encryption protocols have been introduced to help keep user activities private.
Transport Layer Security (TLS) is the most widely used protocol for online encryption. TLS is sometimes called Secure Sockets Layer (SSL), but this name refers to an older version of the protocol that is now out of date.
A website that uses TLS to encrypt data in transit, protecting user privacy, is said to use HTTPS: the secure version of the HTTP protocol. For this reason, websites with encryption have https:// at the front of their URL, not http://. However, many modern browsers instead show a lock in the URL bar to indicate that the website is secure, rather than showing the full URL. Users should look for either this lock or for "https" to make sure the website they are visiting protects their privacy.
Users who are concerned about privacy can use DNS over HTTPS for their DNS queries. DNS over HTTPS encrypts DNS queries so that no one can spy on which websites users are visiting. Support for DNS over HTTPS in browsers is growing.
As part of Cloudflare's commitment to data privacy, Cloudflare continues to research encryption methods and privacy-enhancing technologies. Learn about Cloudflare's latest efforts on our blog.
In addition, Cloudflare was the first vendor to offer free TLS encryption to websites. Cloudflare has the ability to enforce encrypted connections for users visiting web properties protected by Cloudflare. And Cloudflare has long supported both DNS over HTTPS and DNS over TLS for DNS resolution.