About Data Protection. Thoughts Out Loud About Data Security

I’ve returned to my idea that I wrote about earlier — about encoded data that can be stored anywhere, even on Google Drive or some file-sharing service, without the risk that someone could steal the file and read it. The thing is any file can first be converted to text encoded in Base64, and then that text can be encrypted using a proper algorithm. You can use a crypto algorithm like AES-256-GCM, is considered a reliable standard and is used in many serious systems.

Image: AI generated, Sora

And you might think: “Who even needs this? People already do it this way.” Like hell they do. As soon as you start digging deeper, it becomes clear that half of the world doesn’t use proper encryption at all, and the other half only pretends to. How many times have we seen headlines in the news like: “Data breach of 40 million customers of company X: emails, phone numbers, passports, addresses — all in plain text”? And the funniest part is that everyone reacts to it like, “Well, things happen.” No, they don’t just happen — it means someone simply didn’t do their job.

And it would be one thing if this happened to random stores or shady startups. But no, leaks happen to banks, government institutions, medical organizations. And every time the explanation is the same: “Security systems were hacked.” Yet no one says that the data was stored without encryption at all or using primitive protection methods.

Someone might argue: “Well, you can restrict access, use strong passwords, two-factor authentication, firewalls, cameras in server rooms — and everything will be fine.” Sure, you can. But all that protection only works until someone on the inside decides to leak everything. An insider is almost always the biggest risk. And no passwords will help here if the person already has access to the database.

That’s where encryption makes sense. If the data is encrypted, then even if it’s taken from the server — whether on a flash drive or via remote access — without the key it’s just garbage. And you don’t need to hire an army of cyber-security guards; you just need to implement a proper storage scheme: salt, key, AES.

But why don’t most companies and organizations do this? The answer is very down-to-earth: they don’t give a damn. Or more precisely, they think it’s an unnecessary expense. To implement encryption, you need to rebuild application architecture, change processes, train staff, test everything — and that costs money. And until shit hits the fan, nobody moves. “It works as it is” — the favorite phrase of everyone who doesn’t want to change anything.

There’s another reason — human stupidity. Sorry for being blunt, but many people genuinely think Base64 is already encryption. It is not encryption, it’s just a way to represent a binary file as text. That’s it. But the internet is full of “experts” who believe otherwise.

So the idea of storing encrypted data in text form is completely workable and logical. And... maybe I really am reinventing the wheel. LOL.

The world has long reached the point where data is the new oil. It’s being sold, stolen, used, manipulated. And if you don’t protect your data, then it’s no longer yours.