When we talk about encryption and backdoors in messaging services in the West, the conversation tends to be fairly theoretical. Sure, we’d prefer more privacy over less privacy. Yeah, it’s a good idea to make sure that the government can’t read all of our message, even if we’re not doing anything “wrong.”

But increasingly across the world, the need for solidly encrypted messengers is becoming much more than an interesting idea to talk about and debate. Most recently, the Turkish government took advantage of the weak security of an obscure messaging app called ByLock to gather information about and make arrests of people who were involved in last year’s attempted coup.

The attempted coup occurred in July 2016 and was not only unsuccessful, but resulted in the deaths of 290 people. It’s still not entirely clear who was behind the coup, but Turkish president Recep Tayyip Erdogan blames a religious group led by a Pennsylvania-based cleric named Fethullah Gulen. Many observers believe that Erdogan is using the coup as an excuse to purge the country of his enemies. To date, there have been more than 50,000 people jailed without due process, including 150 journalists and 6,000 university employees.

And while the coup attempt occurred more than a year ago, recent arrests include human rights defenders and digital security trainers, a famous soccer player, and 35 members of the media — including nine journalists. The digital security trainers in particular raise concern, as they are not Turkish nationals and had traveled to the country help human rights activists learn more about encryption. They were detained on the charge of "committing crimes in the name of a terrorist organization without being a member."

By the time the group was allegedly planning the coup, they weren’t using ByLock anymore. In fact, they’d switched to WhatsApp —which is more secure. However, the damage was already done. That’s because while ByLock generated a private key for each registered device, those keys were kept on a central server along with passwords that were stored in unencrypted text. As a result, all it took to access the messages was breaking in to the server and gaining access to those keys and passwords.

The Turkish government used ByLock to identify almost 40,000 undercover members of the Gülenist operation. That included 600 ranking military members. Because the government blames the Gülenists for the failed coup, they used that data to single out people they claim were involved, despite the fact that the planning itself wasn’t done on ByLock.

Additionally, the Turkish media published transcripts from WhatsApp chat groups that directly revealed military officers planning troop movements. The transcripts show that even encrypted apps are prone to security breeches — because people are not always secure.

“With thousands of people in a single WhatsApp chat, it only takes one person to get captured while their phone is unlocked to discover every planned detail,” Dan Guido, head of New York-based information security firm Trail of Bits, told The Guardian.

There are multiple lessons here for anyone who is concerned about online privacy and security. First of all, not all encryption is created equal. Just because an app or service says they’re protecting users’ security and identity, doesn’t mean they’re necessarily doing it well. Second, when we’re talking about laws protecting encryption — like the laws currently up for debate in the EU — we’re talking about laws that could protect dissidents everywhere. The real life consequences of poor encryption or backdoors are serious. They’re potentially life-threatening.