End-to-end encryption (E2EE) ensures that your data is encrypted (kept secret) until it reaches an intended recipient. Whether you̵
In other words, if, for example, a chat app offers end-to-end encryption, only you and the person you’re chatting with can read the content of your messages. In this scenario, even the company running the chat app cannot see what you are saying.
Basics of Encryption
First, let’s start with the basics of coding. Encryption is a way of encrypting (encrypting) data so that it cannot be read by everyone. Only the people who can decode (decode) the information can see its contents. If someone doesn’t have the decryption key, then he can’t decrypt the data and view the information.
(This, of course, is how it should work. Some encryption systems have security flaws and other weaknesses.)
Your devices are constantly using different forms of encryption. For example, when you visit your internet banking website (or a website that uses HTTPS, which most websites are today), the communication between you and that website is encrypted so that your network operator, ISP and someone else view your traffic. cannot see your bank password and financial details.
Wi-Fi also uses encryption. That’s why your neighbors won’t be able to see everything you do on your Wi-Fi network – assuming you’re using a modern Wi-Fi security standard that isn’t cracked anyway.
Encryption is also used to keep your data secure. Modern devices such as iPhones, Android phones, iPads, Macs, Chromebooks and Linux systems (but not all Windows PCs) store their data in encrypted form on your local devices. It will be decrypted after you log in with your PIN or password.
RELATED: Why does Microsoft charge $ 100 for encryption when everyone gives it away?
Encryption “on the way” and “at rest”: who has the keys?
So encryption is everywhere, which is great. But when it comes to communicating privately or storing data securely, the question is: who has the keys?
For example, let’s think about your Google account. Is your Google data (your Gmail emails, Google Calendar events, Google Drive files, search history and other data) secured with encryption?
Well yes. In some respects.
Google uses encryption to protect data during transmission. For example, when you open your Gmail account, Google connects via secure HTTPS. This ensures that no one else can sniff around communications between your device and Google’s servers. Your internet service provider, network operator, people within range of your Wi-Fi network, and other devices between you and Google’s servers cannot see the content of your emails or intercept your Google account password.
Google also uses encryption to protect data “at rest”. Before the data is stored on disk on Google’s servers, it is encrypted. Even if someone commits a robbery, sneaks into Google’s data center and steals some hard drives, they won’t be able to read the data on those drives.
Encryption during transmission and at rest are of course important. They are good for security and privacy. It’s much better than sending and storing the data unencrypted!
But here’s the question: who has the key that can decrypt this data? The answer is Google. Google has the keys.
Why it matters who has the keys
Since Google owns the keys, it means that Google can see your data – emails, documents, files, calendar events, and everything else.
If a rogue Google employee wanted to view your data – and yes, it happened – encryption wouldn’t stop them.
If a hacker were to somehow compromise Google’s systems and private keys (albeit a tall order), they could read anyone’s data.
If Google were to hand over data to a government, Google could access and hand over your data.
Other systems can of course protect your data. Google says it has implemented better protection against rogue technicians accessing data. Clearly, Google is very serious about securing its systems from hackers. Google has even pushed back on data requests in Hong Kong, for example.
So yes, those systems can protect your data. But that’s not true encryption protect your data from Google. It’s simply Google’s policy to protect your data.
How end-to-end encryption works
Now let’s talk about chat apps. For example: Facebook Messenger. When you contact someone on Facebook Messenger, the messages are encrypted in transit between you and Facebook and between Facebook and the other person. The saved message log is encrypted at rest by Facebook before it is stored on Facebook’s servers.
But Facebook has a key. Facebook itself can see the content of your messages.
The solution is end-to-end encryption. With end-to-end encryption, the provider in the middle – who you replace Google or Facebook in these examples – can’t see the content of your messages. They don’t have a key that unlocks your private information. Only you and the person you are communicating with have the key to access that data.
Your messages are truly private and only you and the people you talk to can see them, not the company in the middle.
Why it matters
End-to-end encryption offers much more privacy. For example, if you are on a call using an end-to-end encrypted chat service such as Signal, you know that only you and the person you are speaking to can see the content of your communication.
However, when you have a conversation through a messaging app that is not end-to-end encrypted, such as Facebook Messenger, you know that the company in the middle of the conversation can see the content of your communication.
It’s not all about chat apps. For example, e-mail can be end-to-end encrypted, but requires PGP encryption to be configured or a service that has it built in, such as ProtonMail. Very few people use end-to-end encrypted email.
End-to-end encryption gives you confidence in communicating and storing sensitive information, be it financial details, medical conditions, business documents, litigation or just intimate personal conversations that you don’t want anyone else to access has to.
End-to-end encryption is not just about communication
Traditionally, end-to-end encryption has been a term used to describe secure communication between different people. However, the term is often applied to other services where only you own the key that can decrypt your data.
Password managers such as 1Password, BitWarden, LastPass and Dashlane, for example, are end-to-end encrypted. The company can’t rummage through your password vault – your passwords are protected with a secret that only you know.
In a way, this is arguably “end-to-end” encryption, except you are on both sides. No one else – not even the company that makes the password manager – has a key that they can use to decrypt your private information. You can use the password manager without giving the password manager employees access to all of your online banking passwords.
Another good example, if a file storage service is end-to-end encrypted, it means that the file storage provider cannot see the contents of your files. If you want to store or sync sensitive files with a cloud service, such as tax returns with your social security number and other sensitive details, encrypted file storage services are a safer way to do that than simply dump them in a traditional cloud. storage service such as Dropbox, Google Drive or Microsoft OneDrive.
One drawback: don’t forget your password!
There is one major drawback to end-to-end encryption for the average person: if you lose your decryption key, you will lose access to your data. Some services may offer recovery keys that you can store, but if you forget your password and lose these recovery keys, you will no longer be able to decrypt your data.
That’s a big reason companies like Apple may not want them to encrypt iCloud backups end-to-end. Since Apple has the encryption key, it allows you to reset your password and regain access to your data. This is due to the fact that Apple has the encryption key and can technically do anything with your data. If Apple didn’t have the encryption key for you, you wouldn’t be able to recover your data.
Imagine that every time someone forgets a password for one of their accounts, their data in that account would be erased and become inaccessible. Have you forgotten your Gmail password? Google would have to erase all of your Gmail files to give you your account back. That’s what would happen if end-to-end encryption was used everywhere.
Examples of services that are end-to-end encrypted
Here are some basic communication services that provide end-to-end encryption. This is not an exhaustive list, it is just a brief introduction.
For chat apps, Signal provides end-to-end encryption for everyone by default. Apple iMessage offers end-to-end encryption, but Apple will get a copy of your messages with the default iCloud backup settings. WhatsApp says that every conversation is end-to-end encrypted, but it does share a lot of data with Facebook. Some other apps offer end-to-end encryption as an optional feature that you must enable manually, including Telegram and Facebook Messenger.
You can use PGP for end-to-end encrypted email, but it’s complicated to set up. Thunderbird now has integrated PGP support. There are encrypted email services such as ProtonMail and Tutanota that store your emails encrypted on their servers and make it possible to send encrypted emails more easily. For example, if a ProtonMail user emails another ProtonMail user, the message is automatically sent encrypted so that no one else can see the content. However, if a ProtonMail user sends an email to someone using a different service, they must set up PGP to use encryption. (Note that encrypted email doesn’t encrypt everything: although the message body is encrypted, subject lines, for example, aren’t.)
RELATED: What is signal and why is everyone using it?
End-to-end encryption is important. If you want to have a private conversation or send sensitive information, don’t you want to make sure that only you and the person you’re talking to can see your messages?