So far we've been working towards protecting ourselves from attackers, but what about the company
Should it always have full access to the consumer data it houses? In some cases that’s a clear yes.
bank needs to hold your banking information, but should your email system house that same data?
This is where end to end encryption comes into play. End to end means that the data is encrypted
it’s ever sent to the server, and only decrypted after it’s arrived at its destination. Here, the
is only ever holding meaningless scrambled data.
First, lets revisit the data breach scenario above. What if the company never had the customer data
readable state? If the data is breached what’s stolen is all encrypted and useless.
Second, what about the scenario where the company managing the data is really just a third-party
the users who actually do own, and should have access to it? In a perfect world, the company simply
the data, takes the privacy of its users seriously and protects it to the best of their ability. All
often though, this data is looked at as a revenue stream. Customer data can be resold to third
parties for data mining, ad targeting, machine learning training, etc.