What Is End-to-End Encryption, and Why Does It Matter? – How-To Geek

Titima Ongkantong/Shutterstock.com

End-to-end encryption (E2EE) ensures that your data is encrypted (kept secret) until it reaches an intended recipient. Whether youre talking about end-to-end encrypted messaging, email, file storage, or anything else, this ensures that no one in the middle can see your private data.

In other words: If a chat app offers end-to-end encryption, for example, only you and the person youre chatting with will be able to read the contents of your messages. In this scenario, not even the company operating the chat app can see what youre saying.

First, lets start with the basics of encryption. Encryption is a way of scrambling (encrypting) data so that it cant be read by everyone. Only the people who can unscramble (decrypt) the information can see its contents. If someone doesnt have the decryption key, they wont be able to unscramble the data and view the information.

(This is how its supposed to work, of course. Some encryption systems have security flaws and other weaknesses.)

Your devices are using various forms of encryption all the time. For example, when you access your online banking websiteor any website using HTTPS, which is most websites these daysthe communications between you and that website are encrypted so that your network operator, internet service provider, and anyone else snooping on your traffic cant see your banking password and financial details.

Wi-Fi uses encryption, too. Thats why your neighbors cant see everything youre doing on your Wi-Fi networkassuming that you use a modern Wi-Fi security standard that hasnt been cracked, anyway.

Encryption is also used to secure your data. Modern devices like iPhones, Android phones, iPads, Macs, Chromebooks, and Linux systems (but not all Windows PCs) store their data on your local devices in encrypted form. Its decrypted after you sign in with your PIN or password.

RELATED: Why Does Microsoft Charge $100 for Encryption When Everyone Else Gives It Away?

So encryption is everywhere, and thats great. But when youre talking about communicating privately or storing data securely, the question is: Who holds the keys?

For example, lets think about your Google account. Is your Google datayour Gmail emails, Google Calendar events, Google Drive files, search history, and other datasecured with encryption?

Well, yes. In some ways.

Google uses encryption to secure data in transit. When you access your Gmail account, for example, Google connects via secure HTTPS. This ensures that no one else can snoop on the communication going on between your device and Googles servers. Your internet service provider, network operator, people within range of your Wi-Fi network, and any other devices between you and Googles servers cant see the contents of your emails or intercept your Google account password.

Google also uses encryption to secure data at rest. Before the data is saved to disk on Googles servers, it is encrypted. Even if someone pulls off a heist, sneaking into Googles data center and stealing some hard drives, they wouldnt be able to read the data on those drives.

Both encryption in transit and at rest are important, of course. Theyre good for security and privacy. Its much better than sending and storing the data unencrypted!

But heres the question: Who holds the key that can decrypt this data? The answer is Google. Google holds the keys.

Since Google holds the keys, thismeans that Google is capable of seeing your dataemails, documents, files, calendar events, and everything else.

If a rogue Google employee wanted to snoop on your dataand yes, its happenedencryption wouldnt stop them.

If a hacker somehow compromised Googles systems and private keys (admittedly a tall order), they would be able to read everyones data.

If Google was required to turn over data to a government, Google would be able to access your data and hand it over.

Other systems may protect your data, of course. Google says that it has implemented better protections against rogue engineers accessing data. Google is clearly very serious about keeping its systems secure from hackers. Google has even been pushing back on data requests in Hong Kong, for example.

So yes, those systems may protect your data. But thats notencryption protecting your data from Google. Its just Googles policies protecting your data.

Dont get the impression that this is all about Google. Its notnot at all. Even Apple, so beloved for its privacy stances, does not end-to-end encrypt iCloud backups. In other words: Apple keeps keys that it can use to decrypt everything you upload in an iCloud backup.

Now, lets talk chat apps. For example: Facebook Messenger. When you contact someone on Facebook Messenger, the messages are encrypted in transit between you and Facebook, and between Facebook and the other person. The stored message log is encrypted at rest by Facebook before its stored on Facebooks servers.

But Facebook has a key. Facebook itself can see the contents of your messages.

The solution is end-to-end encryption. With end-to-end encryption, the provider in the middlewhoever you replace Google or Facebook with, in these exampleswill not be able to see the contents of your messages. They do not hold a key that unlocks your private data. Only you and the person youre communicating with hold the key to access that data.

Your messages are truly private, and only you and the people youre talking to can see themnot the company in the middle.

End-to-end encryption offers much more privacy. For example, when you have a conversation over an end-to-end encrypted chat service like Signal, you know that only you and the person youre talking to can view the contents of your communications.

However, when you have a conversation over a messaging app that isnt end-to-end encryptedlike Facebook Messengeryou know that the company sitting in the middle of the conversation can see the contents of your communications.

Its not just about chat apps. For example, email can be end-to-end encrypted, but it requires configuring PGP encryption or using a service with that built in, like ProtonMail. Very few people use end-to-end encrypted email.

End-to-end encryption gives you confidence when communicating about and storing sensitive information, whether its financial details, medical conditions, business documents, legal proceedings, or just intimate personal conversations you dont want anyone else having access to.

End-to-end encryption was traditionally a term used to describe secure communications between different people. However, the term is also commonly applied to other services where only you hold the key that can decrypt your data.

For example, password managers like 1Password, BitWarden, LastPass, and Dashlane are end-to-end encrypted. The company cant rummage through your password vaultyour passwords are secured with a secret only you know.

In a sense, this is arguably end-to-end encryptionexcept that youre on both ends. No one elsenot even the company that makes the password managerholds a key that lets them decrypt your private data. You can use the password manager without giving the password manager companys employees access to all your online banking passwords.

Another good example: If a file storage service is end-to-end encrypted, that means that the file storage provider cant see the contents of your files. If you want to store or sync sensitive files with a cloud servicefor example, tax returns that have your social security number and other sensitive detailsencrypted file storage services are a more secure way to do that than just dumping them in a traditional cloud storage service like Dropbox, Google Drive, or Microsoft OneDrive.

Theres one big downside with end-to-end encryption for the average person: If you lose your decryption key, you lose access to your data. Some services may offer recovery keys that you can store, but if you forget your password and lose those recovery keys, you can no longer decrypt your data.

Thats one big reason that companies like Apple, for example, might not want to end-to-end encrypt iCloud backups. Since Apple holds the encryption key, it can let you reset your password and give you access to your data again. This is a consequence of the fact that Apple holds the encryption key and can, from a technical perspective, do whatever it likes with your data. If Apple didnt hold the encryption key for you, you wouldnt be able to recover your data.

Imagine if, every time someone forgets a password to one of their accounts, their data in that account would be wiped out and become inaccessible. Forget your Gmail password? Google would have to erase all your Gmails to give you your account back. Thats what would happen if end-to-end encryption was used everywhere.

Here are some basic communication services that offer end-to-end encryption. This isnt an exhaustive listits just a short introduction.

For chat apps, Signal offers end-to-end encryption for everyone by default. Apple iMessage offers end-to-end encryption, but Apple gets a copy of your messages with the default iCloud backup settings. WhatsApp says that every conversation is end-to-end encrypted, but it does share a lot of data with Facebook. Some other apps offer end-to-end encryption as an optional feature that you have to enable manually, including Telegram and Facebook Messenger.

For end-to-end encrypted email, you can use PGPhowever, its complicated to set up. Thunderbird now has integrated PGP support. There are encrypted email services like ProtonMail and Tutanota that store your emails on their servers with encryption and make it possible to more easily send encrypted emails. For example, if one ProtonMail user emails another ProtonMail user, the message is automatically sent encrypted so that no one else can see its contents. However, if a ProtonMail user emails someone using a different service, theyll need to set up PGP to use encryption. (Note that encrypted email doesnt encrypt everything: While the message body is encrypted, for example, subject lines arent.)

RELATED: What Is Signal, and Why Is Everyone Using It?

End-to-end encryption is important. If youre going to have a private conversation or send sensitive information, dont you want to make sure that only you and the person youre talking to can see your messages?

Originally posted here:
What Is End-to-End Encryption, and Why Does It Matter? - How-To Geek

Related Posts
This entry was posted in $1$s. Bookmark the permalink.