End-to-end encryption: What it is, how it works, and why you need it

There are two main types of encryption: symmetric and asymmetric. Symmetric encryption uses the same key to encrypt and decrypt the data, while asymmetric encryption uses a pair of keys: one public and one private. The public key can be shared with anyone, but the private key must be kept secret.

What is end-to-end encryption?

Now that you know what encryption is, it’d be simpler to understand what end-to-end encryption (E2EE) means. The gist is that the term encryption is generally used when referring to the privacy of stored data, while end-to-end encryption protects data as it’s transferred between locations – which is crucial wherever there’s a rapid exchange of information, like in WhatsApp.

In an E2EE-enabled app, only the folks on each end – the sender and receiver – can read any exchanged messages. Not even the messaging service provider. This is because messages get encrypted on your device before being sent and only are decrypted when they reach your intended recipient. So you’ve got complete privacy from snoopers, hackers, and even the company whose service you’re using.

How does end-to-end encryption work?

End-to-end encryption relies on an elegant yet complex cryptographic system to protect data in transit. The key element is asymmetric cryptography, which uses pairs of keys – public and private – to secure communications. The public key encrypts data, while the private key decrypts it.

Here’s how it works: Users on an end-to-end encrypted system like WhatsApp each generate their own public-private key pairs. They widely distribute their public keys, which act like open locks anyone can use to send them encrypted messages. But those messages can only be unlocked and read by someone holding the associated private key.

For example, say Alice wants to send Bob a secret message. Alice retrieves Bob’s public key from his profile or a trusted key server. She encrypts her message using this public key and sends the ciphertext to Bob. Bob receives the encrypted message and uses his private key to decrypt it. The private key is closely guarded on his device and known only to him. This creates a secure channel only accessible to the endpoints in the conversation.

Can a third party gain access to a private key?

It’s clear now that end-to-end encryption means only the sender and receiver can read the messages. But what about the private keys? Can they be hacked? The answer is no. This is because the private key is stored only on the user’s device and cannot be shared with anyone else. Meanwhile, the public key is stored on the server, but it cannot be used to decrypt the messages. Therefore, even if a hacker or a service provider breaches the server, they cannot read the messages or access the private key.

What are the benefits and drawbacks of end-to-end encryption?

On the surface, end-to-end encryption seems like an unambiguously good thing – who wouldn’t want their private communications to be secure from prying eyes? But as with most new technologies, the reality is more nuanced.

The core benefit of E2EE is privacy. When done correctly, it prevents anyone except the sender and recipient from accessing the contents of a message. This protects users from hackers, criminals, overreaching governments, and even the companies providing the services. For many, this level of privacy and security is hugely appealing. It enables free and open communication without fear of reprisal.

However, law enforcement and national security agencies argue that the technology hampers their ability to detect dangerous or illegal activities. And they’re not entirely wrong – encryption does make their jobs harder. But many cryptology experts counter that any backdoors or exceptional access created for authorities will inevitably be exploited by others. Strong encryption with no compromises is mathematically the most secure approach.

Another frequent criticism is that E2EE enables criminal or terrorist coordination. But the evidence that encryption has significantly empowered these groups is limited. Bad actors have many other ways to communicate secretly.

There are also some technical drawbacks. E2EE requires more computing resources and makes certain functions like search prohibitively difficult.

On balance, most technologists view end-to-end encryption as a positive development. The boosted privacy and security for billions of communications each day provides utility that far outweighs the downsides. But the technology does require vigilance against potential abuse.

Which apps support E2EE?

Due to its many benefits, end-to-end encryption has gone mainstream in the past few years, with many popular communication apps baking the technology into their products. Signal and WhatsApp use E2EE for all chats by default, meaning that only the sender and the receiver can read the messages. Telegram also offers E2EE for secret chats, but its regular chats are not end-to-end encrypted and use a custom encryption protocol that has been criticised by some experts. Facebook Messenger and Google Messages allow users to opt-in for E2EE, but they do not provide it by default for all conversations.