End-to-End encryption What it is and why it matters
End-to-end (E2EE) encryption ensures that your data is encrypted until it reaches the intended recipient. Encrypted end-to-end messages, emails, file storage or anything else, this ensures that no one can see your personal data.
In other words: If a chat application offers end-to-end encryption, only you and the person you are chatting with will be able to read the contents of your messages. In this scenario, not even the company that manages the chat application can see what you are saying.
Basics of encryption
First, let's start with the basics of encryption. Encryption is a way of securing your data so that it cannot be read by everyone. Only people who can decrypt the information can see their content. If someone does not have the decryption key, they will not be able to see the data.
Your devices are constantly using different forms of encryption. For example, when you visit your bank or any site using HTTPS, the communications between you and that site are encrypted so that your network administrator, ISP, and anyone else who monitors your traffic does not see your password. you and your financial information.
Wi-Fi also uses encryption. That's why your neighbors can not see everything you do on your network, unless of course you use a modern Wi-Fi security standard that has not been compromised.
Encryption is also used to protect your data. Modern devices such as iPhones, Android phones, iPad, Macs, Chromebooks, and Linux systems (but not all Windows computers) store their data on your local devices in encrypted form. It is decrypted after logging in with your PIN or password.
"In Transit" and "at Rest" encryption: Who holds the keys?
That way encryption is everywhere. But when it comes to privately communicating or storing data securely, the question is:
Who holds the keys?
For example, consider your Google Account. Is your data, Gmail emails, Google Calendar events, Google Drive files, search history, and other data secure with encryption?
In a way it is…
Google uses encryption to protect data in transit. When you access your Gmail account, for example, Google logs in via HTTPS.
This ensures that no one else can monitor the communication between your device and Google servers.
Your ISP and people within your Wi-Fi network, as well as any other devices between you and Google's servers, may not be able to view the contents of your email messages or steal your password of your account.
Google also uses encryption to protect your data "at rest". Before your data is stored on Google servers, it is encrypted. Even if someone hacked Google itself or stole its hard drives, they could not read the data.
So here is the question: Who has the key who can decrypt this data?
The answer is Google. Google has the keys.
Because it matters who has the keys
Since Google has the keys, this means that Google has the ability to view your data such as emails, documents, files, calendar events and anything else.
If a Google employee wants to see your data, encryption will not stop them.
If a hacker somehow broke into the systems and obtained Google's private keys, he could read everyone's data.
If Google had to give the data to a government, it could access your data and give it to you.
Google, of course, states that it has implemented the best technical protections against employees who have access to data.
And Apple seems to be protecting privacy, as it completely encrypts iCloud backups with End-to-end. But Apple also has the keys that can be used to decrypt all data.
How End-to-End encryption works
Now, let's talk about chat apps. For example: Facebook Messenger. When you communicate with someone in Facebook Messenger, messages are encrypted when you transfer between you and Facebook and between Facebook and the other person. The saved message log is encrypted in "in transit" mode by Facebook before being stored on the company's servers.
But Facebook has a key. Facebook itself can see the contents of your messages.
The solution is End-to-end encryption. With End-to-end encryption, any provider will not be able to see the content of your messages. It does not have a key that unlocks your personal data. Only you and the person you are communicating with hold the key to access this data.
Your messages are really private and only you and the people you are talking to can see them and no one else.
Because it matters
End-to-end encryption offers much more privacy. For example, when you have a conversation through an encrypted chat service, such as Signal, you know that only you and the person you are talking to can see the content of your communications.
However, when you have a conversation through a non-encrypted messaging application, such as Facebook Messenger, you know that the company in the middle of the conversation can see the content of your communications.
It's not just about chat apps. For example, e-mail may be end-to-end encrypted, but requires a PGP encryption configuration or the use of a built-in service such as ProtonMail. Very few users use End-to-end encrypted emails.
End-to-end encryption gives you confidence in communicating and storing sensitive information, whether it's financial details, business documents, legal proceedings or simple personal conversations that you do not want anyone else to access.
End-to-end encryption is not just about communications
End-to-end encryption is traditionally a term used to describe secure communications between different people. However, the term also applies to other services where only you hold the key that can decrypt your data.
For example, password managers such as 1Password, BitWarden, LastPass and Dashlane are end-to-end encrypted.
Another good example:
If a file storage service is encrypted End-to-end, this means that the file storage provider cannot see the contents of your files.
If you want to store or synchronize sensitive files with a cloud service, for example, social security number tax returns and other sensitive details, encrypted file storage services are a safer way to do this than to throw them away. traditional cloud storage service such as Dropbox, Google Drive or Microsoft OneDrive.
Do not forget your password!
There is a big downside to End-to-end encryption: If you lose the decryption key, you lose access to your data.
Some services may offer recovery keys that you can save, but if you forget your password and lose those recovery keys, you can no longer decrypt your data.
This is a big reason why companies like Apple, for example, do not want end-to-end backups to be encrypted. As long as Apple retains the encryption key, it can allow you to reset your password and give you access to your data again. If Apple did not hold the decryption key, you would not be able to recover your data.
Examples of services that are encrypted End-to-end
Here are some basic communication services that offer End-to-end encryption.
For chat applications, Signal offers end-to-end encryption for everyone by default. Apple iMessage offers End-to-end encryption, but Apple keeps a copy of your messages with the default iCloud backup settings. WhatsApp reports that every conversation is encrypted End-to-end, but shares a lot of data with Facebook. Some other applications offer End-to-end encryption as an option that you must enable manually, such as Telegram and Facebook Messenger.
For End-to-end encrypted emails, you can use PGP, however, it is difficult to configure. Thunderbird now has built-in PGP support.
There are encrypted email services like ProtonMail and Tutanota that store your emails on their servers with encryption and make it easier to send encrypted emails.
For example, if a ProtonMail user sends an email to another ProtonMail user, the message is automatically sent encrypted so that no one else can see its contents. However, if a ProtonMail user sends an email to someone using a different service, they will need to configure PGP.