The nature of our digital communications today is such that you rarely communicate directly with your peers. It may seem that you and your friends are exchanging messages privately when, in reality, they're being recorded and stored in a central server.
You might not want your messages read by the server that's responsible for passing them between you and the receiver. In that case, end-to-end encryption (or more simply, E2EE) may be the solution for you. Let’s take a look at E2EE meaning and how does end to end encryption work.
End to End Encryption Meaning
End-to-end encryption (E2EE) is a mETHod for encrypting communications between receiver and sender such that they’re the only parties that can decrypt the data. Its origins could be traced back to the 1990s, when Phil Zimmerman released Pretty Good Privacy (better known as PGP).
Before we get into why you might want to use E2EE and how it works, let’s look at how unencrypted messages work.
How Do Unencrypted Messages Work?
Let's talk about how a regular smartphone messaging platform might operate. You install the application and create an account, which allows you to communicate with others that have done the same. You write a message and enter your friend's username, then post it to a central server. The server sees that you've addressed the message to your friend, so it passes it along to the destination.
You might know this as a client-server model. The client (your phone) isn't doing much – instead, the server takes care of all the heavy lifting. But that also means that the service provider acts as a middleman between you and the receiver.
Most of the time, the data between Person A <> Server and Server <> Person B is encrypted. An example of this is Transport Layer Security (TLS), which is used extensively to secure connections between clients and servers.
TLS and similar security solutions prevent anyone from intercepting the message when it's moving from client to server. While these measures may prevent outsiders from accessing the data, the server can still read it. This is where encryption comes in. If data from A has been encrypted with a cryptographic key belonging to B, the server is unable to read or access it.
Without E2EE mETHods, the server can store the information in a database alongside millions of others. As large-scale data breaches have proven time and time again, this can have disastrous implications for end-users.
How Does End to End Encryption Work?
End-to-end encryption (E2EE) ensures that nobody – not even the server that connects you with others – can access your communications. The communications in question could be anything from plain text and emails to files and video calls.
Data is encrypted in applications like Whatsapp, Signal, or Google Duo (supposedly) so that only senders and intended recipients can decrypt them. In end-to-end encryption schemes, you might kick that process off with somETHing called a key exchange.
Pros of End-to-End Encryption
In a setup without any of the previously-mentioned vulnerabilities, E2EE is indisputably a highly valuable resource for increased confidentiality and security. Like onion routing, it's a technology evangelized by privacy activists worldwide. It's also easily incorporated into applications that resemble the ones we're used to, meaning the tech is accessible to anyone capable of using a mobile phone.
To view E2EE as a mechanism useful only for criminals and whistleblowers would be a mistake. Even the most seemingly secure companies have proven to be susceptible to cyberattacks, exposing unencrypted user information to malicious parties. Access to user data like sensitive communications or identity documents can have catastrophic impacts on individuals' lives.
If a company whose users rely on E2EE is breached, hackers can't extract any meaningful information about the content of messages (provided their encryption implementation is robust). At best, they might get ahold of metadata. This is still concerning from a privacy standpoint, but it's an improvement on access to the encrypted message.
Cons of End-to-End Encryption
There's really only one downside to end-to-end encryption – and whETHer it's even a downside depends entirely on your perspective. To some, the very value proposition of E2EE is problematic, precisely because no one can access your messages without the corresponding key.
Opponents argue that criminals can use E2EE, safe in the knowledge that governments and tech companies can't decrypt their communications. They believe that law-abiding individuals should not need to keep their messages and phone calls secret. This is a sentiment echoed by many politicians who support legislation that would backdoor systems to allow them access to communications. Of course, this would defeat the purpose of end-to-end encryption.
It's worth noting that applications that use E2EE are not 100% secure. Messages are obfuscated when relayed from one device to another, but they're visible on the endpoints – i.e., the laptops or smartphones at each end. This is not a drawback of end-to-end encryption, per se, but it’s worth keeping in mind.
E2EE guarantees that nobody can read your data while it's in transit. But other threats still exist:
- Your device could be stolen: if you don't have a PIN code or if the attacker bypasses it, they can gain access to your messages.
- Your device could be compromised: your machine could have malware that spies on the information before and after you send it.
Closing Thoughts
In addition to the applications mentioned earlier, there are a growing number of freely-available E2EE tools. Apple's iMessage and Google's Duo come bundled with iOS and Android operating systems, and more privacy- and security-conscious software continues to roll out.
Although you have learnt how does end to end encryption work, let's reiterate that it isn't a magical barrier against all forms of cyberattack. With relatively little effort, however, you can actively use it to massively reduce the risk you expose yourself to online. Alongside Tor, VPNs, and cryptocurrencies, E2EE messengers can be a valuable addition to your digital privacy arsenal.
