Data Privacy and Encoding

A junior developer's first mistake often looks like this: "I encoded the password in Base64 before saving it to the database, so it's secure."
It is not.
Understanding the difference between Encoding, Encryption, Hashing, and Obfuscation is the first step in data privacy.

The Definitions

1. Encoding (Base64, Hex):
- Purpose: Data Usability. Transform data to be safe for transmission (e.g., binary to text).
- Key: None. Publicly known algorithm.
- Reversible: Yes, instantly.

2. Encryption (AES, RSA):
- Purpose: Data Confidentiality. Hide data from unauthorized eyes.
- Key: Requires a secret key to lock and unlock.
- Reversible: Yes, but only with the key.

3. Hashing (SHA-256, Bcrypt):
- Purpose: Data Integrity & Verification.
- Key: None (usually).
- Reversible: No. It is a one-way street.

The "Security through Obscurity" Fallacy

Encoding is just obscurity. It hides the meaning from a casual glance, but not from a determined attacker. If you Base64 encode an API key in your frontend code, anyone can hit F12, copy the string, decode it, and steal your key.

Compliance Reality (GDPR, HIPAA)

Regulations mandate "appropriate technical measures".
- Storing passwords? You must use Hashing (Argon2 or Bcrypt).
- Storing medical records? You must use Encryption (AES-256) at rest.
- Sending a file attachment? You use Encoding (Base64) to transmit it, but it does not count as a security measure.

Never confuse the medium with the message protection. Encode for transport; Encrypt for privacy.