What does end-to-end encryption mean

1.00K viewsOtherTechnology

My Facebook messenger wants to end-to-encrypt my messages but I don’t know what that means. I tried googling but still don’t get it, I’m not that great with technology. Someone please eli5

In: Technology

22 Answers

Anonymous 0 Comments

There are lots of steps that occur when you send a message, it doesn’t just go straight from your device to the person you’re talking with’s device. It stops at the companies servers along the way. This is how you can get the message on several devices, each device downloads them from the companies servers.

Before end-to-end encryption came about the messages would be encrypted by your device, sent to the server and decrypted using a key that only you and the server knew to stop anyone intercepting them en route. They would then be reencrypted by the server and sent to the device the person you are talking to using a key that only they and the server knew. Their device would decrypt the message and show it to them.

The servers would store a copy of this message, encrypted using the key they use to send the message on, or perhaps using a different key only known to the server. But if LEA (law enforcement agencies) ever needed to get the messages, they could get a warrant and demand the company hand over the messages, decrypted. The companies had to comply.

Then end-to-end encryption was implemented. Now when you start a chat with someone the server introduces you to each other and the very first thing your device does is agree a new private key with the other device, and they do this directly without anything going to the servers. Now only your device and the device you are communicating with know the keys to decrypt messages.

Your device encrypts the message using this private key, sends it to the server and the server stores a copy as before, but no matter what they can’t decrypt the message and read the contents as they don’t have the key. They just forward the message on to the other person’s device and it gets decrypted there.

LEA can get a warrant and the companies will had over the encrypted messages, but because they’re encrypted they’re just gibberish. No matter what court order is made, because the company doesn’t have access to the private key needed to decrypt the messages they cannot give LEA what they want.

You are viewing 1 out of 22 answers, click here to view all answers.