what does end-to-end encryption mean on instagram?
In: 6
So imagine a street, at one end is a blue house and at the other is a red house. You have a locked briefcase with a message inside that you want to send to the red house
The problem you have is that you need to be able to send the data, but it also needs to be retrievable (they need to be able to open the briefcase)
What you do is you fit it with two locks, the first one only the blue house can open and the second only the red one can
So when you send the briefcase, you send it with the blue key, this means that if it is intercepted they can’t fully unlock it because they don’t have the red key
When the briefcase gets to the other house the person uses the blue key that was sent with it to unlock one lock, as well as their own unique key to unlock the other.
Doing that we can ensure that no third party can receive the information while it is being transmitted
End-to-end encryption means messages between the sender (one end) and the recipient (the other end) are encrypted, and cannot be read by anyone in between.
For a messaging platform like Instagram, it means messages/images/whatever between you and another user are encrypted, using keys that, in theory, only the two of you have access to. So even the company providing the service itself are unable to decrypt the messages.
The key word there is “in theory”, because the Instagram app/platform is responsible for creating those keys and transferring them to other users. You have to trust that they are not keeping their own copy of the keys to decrypt your messages.
In more detail, systems like this usually work with a mechanism called asymmetric encryption, specifically Public Key Infrastructure. With PKI, a Public key and Private key are created as a pair of mathematically-linked (asymmetric) keys. The Public key, as its name suggests, is shared freely to other users with which you want to communicate. The Private key is kept on your device. The Public key is used only to *encrypt* messages, which can only be *decrypted* with the corresponding Private key (which only you should have).
Latest Answers