End-to-end encryption and private messaging

End-to-end encryption (E2EE) is a privacy-oriented technology, alleviating the common fears about government and other third-party surveillance. For some, this systematic and private transmission of data is the holy grail. However, the dilemma between privacy and physical security is an on-and-off battle. Indeed, end-to-end encryption shelters users and guarantees that only the communicating entities can read the exchanged messages. However, considering the full spectrum of privacy, E2EE is not always welcome.

What is end-to-end encryption?

End-to-end encryption is a process of encrypting messages at both ends and ensuring that only communicating parties can read each other’s interaction. Nowadays, most of our socializing has shifted to virtual space. Instead of relying on face-to-face conversations, we fully engage in chats through instant messaging apps. So, end-to-end encryption refers to the technology that encrypts data until it reaches the final destination. No in-between locations have the key to decipher such messages. As a result, it shields your communications from prying eyes, including specific service providers and the ISPs.

How does end-to-end encryption work?

End-to-end encryption scrambles messages to prevent external sources from reading them. Exchanged information is only available in plaintext to the sender and the recipient. At its core, this process includes the encryption of messages on the sender’s device. Then, the intended recipient’s device uses a special key to decrypt the information.

During the standard transport layer encryption, a specific entity encrypts messages but retains access to the plaintext versions. Hence, if criminals use certain messaging tools, their owners can hand over the requested transcripts of conversations. Thus, not all are ready to give a standing ovation to end-to-end encryption integration.

Law enforcement agencies continue to highlight the price of the complete privacy security advocates dream of achieving. According to them, end-to-end encryption makes it impossible to surveil felons and prevent crime. Hence, while the security advocates steer the wheel towards total internet privacy, investigators wonder whether this won’t create an ideal environment for criminals. In the US, the EARN IT Act is the current threat to digital privacy. If passed, end-to-end encryption would no longer be possible if services wish to meet the new demands.

This data transmission technique is a typical component of popular messaging apps. While some require users to start separate chats to activate end-to-end encryption, others offer it as the standard way of communication. For instance, WhatsApp empowers all chats with end-to-end encryption automatically. However, to get the same level of privacy on Facebook Messenger, you need to start a secret conversation. So, you might need to check the exact approach used on your preferred messaging app.

The drawbacks of end-to-end encryption

End-to-end encryption indeed is an art of cryptography that many people choose for their communications. While E2EE applies an impressive amount of protection for the transmitted messages, endpoint security is another subject. Inboxes and accounts remain vulnerable to vicious attacks. So, while intrusive entities have no way of reading messages during the exchange, they can break into your inboxes to get direct access.

Steps to secure your accounts

  • Change passwords regularly. It might be inconvenient to remember a new combination. However, you should never use the same password for too long. Luckily, there are handy password managers that can store all your combinations.
  • Two-factor authentication for all your accounts. 2FA goes beyond passwords and usernames, which might seem like overkill. However, this additional step guarantees that outside parties won’t be able to hijack your account. Even if they manage to steal your credentials, service providers will deny access without proper verification.
  • Limited opportunities to use E2EE. If you could, you would activate end-to-end encryption for all your online transactions and data exchanges. However, while this option is available to some extent, it is not as widespread as you would expect.
  • No encryption for backup data. Usually, the backup data does not receive the same treatment. While service providers encrypt it, end-to-end encryption is not a typical guest during these processes. While the demand for such option spikes, the service providers are hesitant to meet it. For instance, WhatsApp does not encrypt the backup messages retained on the Google Drive servers. Hence, Google can get the first-row seat to your messages. Pay attention to whether services apply encryption consistently, without leaving any exploitable flaws.
  • Use a VPN to encrypt all web traffic. Do not settle for encryption of your messages: choose to become invisible online. A VPN is a privacy-oriented tool that encrypts and encapsulates all your data transmissions and traffic. With this tool by your side, you won’t have to worry about third-party entities intercepting your connection. Not even your ISP provider will have access to your browsing history or exchanged messages.

John C.

John C.

Tags: encryption security