Today when we talk about data encryption- [Encryption: to change electronic information or signals into a secret code (= system of letters, numbers, or symbols) that people cannot understand or use on normal equipment] - most people think it is normal and simple but it is not always the case; in today’s usage the encryption is used for governmental and commercial purposes but, depending on the country you are in, it is possible that the encryption is not well accepted and it is also possible that the developers have not allowed the encryption of the information they save on their systems (yes that it’s sad but true). We have decided to create these guidelines to shed light on the large and complex encryption work we have created exclusively for MYETV. It is a work carried out and updated over the years and very complex because it takes into account- [Account: an Account contains the personal information that is assigned to those who register and access with email and password] - the privacy, data integrity and security of the same; in our terms of service and in the privacy policy there is a point called “ENCRYPTION AND CRYPTOGRAPHY- [Cryptography: the practice of creating and understanding codes that keep information secret] - ” which explains the techniques used with the relative patents and why they were used. It would be enough to read those two points to understand what we are talking about; in this post we will focus on how encryption on MYETV works. As of today the encryption on MYETV is divided into several parts:
- DNS Over HTTPS (DOH) and DNS Over TLS (DOT): DNS over TLS, or DoT, is a standard for encrypting DNS queries to keep them secure and private at network- [Network of Contents: is the channel in which owners can post their content and the audience can see the contents posted by the owners] - level. DoT uses the same security protocol, TLS, that HTTPS websites use to encrypt and authenticate communications. DNS over HTTPS, or DoH, is an alternative to DoT. With DoH, DNS queries and responses are encrypted, but they are sent via the HTTP or HTTP/2 protocols instead of directly over UDP. Like DoT, DoH ensures that attackers can’t forge or alter DNS traffic. DOH and DOT are widely used in our datacenters.
- DNSSEC: it helps protect all the platform- [Platform: the set of the main domain and all the subdomain of a particular website; also the computer architecture and equipment using a particular operating system] - against cache poisoning and answer forgery at domain level. “DNS Security Extensions,” commonly known as DNSSEC, provide a way to authenticate DNS response data. Before you connect to a website, your browser has to retrieve the IP address of the site using DNS. However, it is possible for an attacker to intercept your DNS queries and provide false information that would cause your browser to connect to a fake website where you could potentially provide personal information (for example, what you think is a bank website). DNSSEC provides a level of additional security where the web browser can check to make sure the DNS information is correct and was not modified. Thus, even if a website is fortified by strong firewalls, an end user’s data and technology will be at risk if a site’s DNS architecture isn’t sufficiently protected with the usage of DNSSEC.
- Encryption in data transmission: this type of encryption takes place at the network level (SSL / https) and guarantees that the information passed cannot be modified or intercepted by anyone else. It is always possible to verify this type of encryption through your browser.
- Email encryption and authentication: messages and updates are an important part of our platform, so our email communications must always be secure and reliable; for this reason the MYETV platform sends emails using a clearly recognizable template and with technology capable of avoiding spam; we use SPF, DKIM and DMARC as authenticatio nand encryption for emails, to have more informations read here: https://blog.myetv.tv/emails-info/
- The encryption on the login- [Login: an act of logging in to a computer, database, website or system] - information: this type of encryption uses a heavy “one way” hash for the password, which cannot in any case be decrypted, and heavy encryption relating to the username and email (thanks to the AES encryption patent).
- Encryption on entered data (texts): it was also decided to use encryption for all content- [Contents: every content intended as text, images, audio or video] - texts (for example titles and descriptions) and user information (for example name and surname and so on) thanks to the AES encryption and decryption patent; this type of encryption guarantees the integrity of the data, rather than the security of the same.
- The encryption used to access- [Access the simple access to a website as a visitor] - information: this type of encryption consists in “tokenizing” some data (for example today’s date and time) and then decrypting them every time a content is requested; this type of encryption is not physical, ie it does not act directly on the saved data, and is usually used to guarantee authentic access to information via HTTP.
- The encryption of private messages: this type of encryption is similar to that used for texts and allows two people to exchange authentic and secure instant text messages, also guaranteeing the integrity of the information sent.
- File encryption: this type of encryption is used in rare cases and only for technical purposes and uses AES encryption patents
It is necessary to know that we do not apply any type of encryption on shared contents- [Contents: every content intended as text, images, audio or video] - (eg videos and images) for security reasons; without using encryption, these shared files are not freely accessible via HTTP and to be viewed online you need a “token” or a set of codes that ensure that the request comes from a trusted source (this is why images cannot be viewed by external website). Only images saved by biometric authentication use a heavy type of encryption and are used exclusively for accessing the platform via biometric authentication.
We have also taken care of disabling encryption for countries where it is not accepted and can only be used for government or military purposes but in this way an account created in one of these places cannot be used where encryption is allowed, and viceversa. Encryption allows us, first of all, to guarantee data integrity means guaranteeing that any data / text cannot be modified in any way during its transmission; an encrypted data stored in our systems can never be modified during its life, if an unauthorized modification occurs (without the same encryption process) the same data becomes unusable.
Encryption has always been important to us and an integral part of our platform to make everyone more sure that their personal data can never be seen or modified by third parties with software- [Program/Software: the instructions that control what a computer does; computer programs] - other than those used. Some of the ciphers we use are exclusive to our platform and since we don’t use public APIs these ciphers become even more powerful; as already mentioned above, not all websites use encryption to protect their data, as there is no standard guideline on how to do it, in our opinion this makes these websites unsafe even if they use SSL. Whenever a text is saved on an online medium, it must be encrypted at least to guarantee its integrity over the years.
We have always made sure that every data that is passed on our platform is safe and protected with the latest technologies and we are committed to ensuring that this data can be saved and readed in complete safety by anyone; we also make sure that this type of encryption is not illegal in the country you are in, thanks to geoip.
Thank you for reading this, folks. We are always working to create and update any technology we use.
