End-to-End Encryption: What It Is and Why You Need It
By Pavlu, April 22, 2021
What Is End-to-End Encryption and What Are the Alternatives?
End-to-end encryption means that messages are encrypted on your device and can only be decrypted on your recipient’s device. In English, this is called “end-to-end,” which literally means “from one end to the other.” This ensures that the message travels the entire path from sender to recipient in encrypted form, so no one except your recipient can read it.
What are the other options? Data can also be transmitted in plain text, meaning the message isn’t encrypted at all. This is the least secure option. For example, SMS messages are not encrypted during transmission—anyone with the right equipment could theoretically intercept them. Fortunately, in practice, this requires special equipment, which limits who can actually read your messages.
There’s also transport encryption, where messages are encrypted by the sender, delivered to a server, decrypted there, re-encrypted, and then delivered to the recipient. Transport encryption protects information during transmission, but allows the server (an intermediary) to see the contents of your messages. Maybe the server’s owners are trustworthy, maybe not—you have to rely on them.
In many cases, transport encryption can be more convenient than end-to-end encryption. That’s because it allows the server to offer more services than just relaying encrypted data between users. For example, it can store chat history, add participants to a conversation via alternative channels (like connecting a phone call to a video conference), enable automatic moderation, and more.
At the same time, transport encryption solves an important problem: it prevents data from being intercepted between the user and the server, and between the server and the user (the most vulnerable part of the journey). That’s why many services are in no rush to switch to end-to-end encryption—users often value convenience and a variety of features over maximum data security.
What Does End-to-End Encryption Protect Against?
The main advantage of end-to-end encryption is that no one except the recipient can decrypt the messages being sent. It’s like putting your message in a box that’s physically impossible to open—no one can saw it open, smash it, or pick the lock. Only the intended recipient can open the box, and no mail carrier or thief who intercepts the package can do anything with it. In other words, end-to-end encryption ensures the confidentiality of your conversations.
While it’s nearly impossible to create such an unbreakable box in the physical world, it’s actually possible in the digital world. Brilliant mathematicians are constantly developing new encryption systems and improving old ones to make them unbreakable.
Because only the recipient can decrypt a message protected by end-to-end encryption, there’s another benefit: no one can tamper with the message and change it. Modern encryption works so that if someone alters the encrypted data, it will turn into gibberish when decrypted—making it obvious that something’s wrong. It’s impossible to make predictable changes to an encrypted message, so you can’t swap out one text for another.
This ensures the integrity of your conversations: if you receive a message and can decrypt it, you can be sure that this is exactly what was sent to you and that it hasn’t been altered along the way.
What End-to-End Encryption Does Not Protect Against
After hearing about all the benefits of end-to-end encryption, it might seem like it solves every problem with information transfer. However, that’s not the case—end-to-end encryption has its limitations.
- First, while end-to-end encryption hides the content of your messages from outsiders, the fact that you sent (or received) a message to a particular person is still visible. The server won’t know what was in the message, but it will know that you exchanged messages with someone at a specific date and time. In some cases, just the fact that you’re communicating with certain people can attract unwanted attention.
- Second, if someone gains access to the device you use for communication, they can read all your messages. They can also send messages as if they were you. That’s why you should protect your devices and lock access to apps that use end-to-end encryption—at least with a PIN code—so that if your device is lost or stolen, your conversations and your identity don’t fall into the wrong hands.
- Third, even if you’re meticulous about protecting your own devices and are sure no one else can access your messages, you can’t be as certain about your recipient’s device. End-to-end encryption can’t help with that.
Despite these limitations, end-to-end encryption remains the most secure way to transmit confidential data, which is why more and more services are adopting it. And that’s a good thing.