End-to-end encryption is a system of encryption that allows parties to communicate in a way that severely limits the potential for third-parties to eavesdrop on or tamper with the messages. Third-parties may include government agencies and companies that provide internet, telecommunications, and online services.
- End-to-end encryption helps people communicate securely by emails, voice calls, instant messages, and video chats. It also secures communication between devices for sharing and syncing files.
- End-to-end encryption is most commonly used for digital communications, but it can also be used on paper.
The big picture: There are many systems of encryption. End-to-end encryption is considered an improvement upon another system called point-to-point encryption, which is a standard for transmitting credit card data.
- When parties communicate with each other, their data is usually transmitted through a third-party service provider, which acts as a messenger (e.g., Gmail).
- Point-to-point encryption encrypts data when it is in transit to and from the messenger, but the messenger can still read the message.
- End-to-end encryption encrypts the data both before it’s given to the messenger, and also during transmission. Different mechanisms may be used to encrypt the data before transmission and during transmission. Transmission encryption is usually layered on top of the existing pre-transmission encryption.
- End-to-end encryption works by encrypting the data before the third-party receives it and by preventing the third-party from obtaining the decryption keys. The encryption is performed locally on the communicating parties’ devices rather than on the third-party’s web servers.
- Using end-to-end encrypted communications is like sending a physical letter written in a language that nobody else can read or translate except the intended recipient. Postal service employees can read the to and from addresses and estimate when the letter was sent, but they aren’t able to read the letter contents.
Why it matters: End-to-end encryption helps ensure the confidentiality and authenticity of communications. It protects users’ privacy and allows them to communicate with greater honesty and freedom.
Pros and cons: End-to-end encryption protects user privacy by preventing unwarranted or unwanted surveillance by governments and service providers, but it also prevents law enforcement from obtaining communication records when they have justified warrants for doing so.
Limitations: End-to-end encryption protects the content of communications, but does not necessarily protect metadata about the communications, such as who contacted whom and at what time.
- End-to-end encryption protects data when the service providers has a data breach, but it does not always protect data when a user’s device, account, or password is stolen because they can be used to obtain decryption keys.
- Service providers that claim to provide end-to-end encrypted services may nonetheless introduce secret methods of bypassing the encryption. These methods are known as backdoors and can be created willingly or unwillingly. Thus, users are still required to place some trust in the service providers.
The bottom line: End-to-end encryption is the new standard for service providers aiming to provide the highest levels of consumer data protection because even they are meant to be unable to decrypt their users’ data, but it does not replace lower standards, such as point-to-point encryption, which are acceptable for other uses.
Examples of applications with end-to-end encryption:
- Standard Notes for syncing notes
- ProtonMail for email
- Signal for instant messaging
- NextCloud for cloud storage
- Firefox Send for sharing files