The way modern encryption works is that the receiver has a private key (say two very large numbers) and they send out a public key (say the product of those two numbers). You can encrypt the message with the public key, but to decrypt it you need the private key. This works because it’s trivial to multiply two large numbers together, but it’s enormously expensive to factor the product of two large primes (until quantum computers come into their own).

If Alice wants to send a message to Bob, Bob can send her his public key. Alice can then encrypt whatever she wants to say to Bob and send it back. Alice may have to send her message through lots of people, but they can’t read it without Bob’s private key. This is end-to-end encryption – nobody along the way can read it.

Of course, maybe facetergram is sitting between Alice and Bob, and the message goes through them. Facetergram may say “hey, use my public key”, then Alice sends a message to facetergram, then facetergram decrypts it, then re-encrypts it with Bob’s public key and sends it off. In this world, Alice doesn’t need to know Bob’s key (convenient!), but facetergram can now read Alice’s message if they want to. This is not end-to-end, since the message gets read in the middle.

Incidentally, this is why I think a lot of the law enforcement efforts are colossally stupid. If I’m a criminal, I’ll just call up Bob and say “hey, Bob, what’s your public key?” Then nobody in the middle can read the message. The software to do this isn’t hard – I had to do it for a single homework assignment as an undergraduate. Letting facetergram decrypt your messages is an enormous security hole (what happens if they get hacked?), but if I’m a criminal I’d send messages in a way that they couldn’t read. So, only legitimate users (or really dumb criminals) can have their messages read, at the price of potentially disastrous leaks.

Thank you for the replies.

Assuming the companies do what they claim, then is messaging through WhatsApp the same as Signal?

Thank you for the replies.

Assuming the companies do what they claim, then is messaging through WhatsApp the same as Signal?

End to End encryption means that the transmission service can’t read the content of the message.

The way it works goes a little something like this:

Modern encryption algorithms work on two types of “keys”, Public and Privet, for this though you can think of them as a “Lock” and a “Key”, if I hand you a lock you don’t need any special equipment to put in on a box, but once you do that you can’t open it.

The nice part about this, is that you can make an arbitrarily large number of locks for anyone who asks for them, they can be reused by the people you send them to, and no matter how many you make it will still be (until a quantum computer gets big enough) just as secure.

The goal of its development being “anyone can close this, only I can open it”

The step by step of using one of these apps goes as follows:

* A and B start chatting on an app with E2E encryption
* The first step is that each of their devices create a set of Locks and Keys and send the Locks to the other
* A decided to sends the following message to B “Lets meet tonight for dinner”
* A’s app takes B’s Lock and encrypts the message and makes it look like this: `b’gAAAAABkJKWTY1u2sPwSGTUD0N69P8G5HrKJwRJmM0OnX9l4KJLpCmVOlNxLxPbExPw7XIQJRIhT5CC2gEpuReUq8A5bJlFph_QNmncg7tuJJItifUEMG-g=’` (actual encrypted version of text, I used Python’s Cryptography module)
* App then sends that over the internet to B’s device
* B’s device can then use B’s Key to take the gobbledegook and turn it back into the original text of “Lets meet tonight for dinner”

The big deal about if being “End to End Encrypted” is that anyone who was trying to listen into the conversation by intercepting and copying the messages will only have the encrypted versions which are indistinguishable from noise.

The current method for encryption involves 3 numbers: 2 very large primes and their product, the primes are the privet “unlocking” key and the product is the public “locking” one, this works because it is incredibly time consuming with modern computers to go from the product to the prime factors. Quantum computers are changing this but people are implementing new methods of encryption which will still hold up into the future.

Now there are some problems that can come up which I will quickly run through:

* Not all encryptions are the same, if they are using a weaker algorithm or shorter keys then it can be broken
* Some algorithms can be set up with a pre-defined 3rd key that will always work to decrypt every message, in this case the company can read everything anyway and if the key gets out then all the encryption is meaningless
* Current development of quantum computers means that in the not to distant future it will be possible to break the RSA encryption algorithm which has been widely used for decades and there are actors in the space who are simply gathering encrypted data and sitting on it until they can get their hands on the tools to break it open, as it doesn’t go bad.

End to End encryption means that the transmission service can’t read the content of the message.

The way it works goes a little something like this:

Modern encryption algorithms work on two types of “keys”, Public and Privet, for this though you can think of them as a “Lock” and a “Key”, if I hand you a lock you don’t need any special equipment to put in on a box, but once you do that you can’t open it.

The nice part about this, is that you can make an arbitrarily large number of locks for anyone who asks for them, they can be reused by the people you send them to, and no matter how many you make it will still be (until a quantum computer gets big enough) just as secure.

The goal of its development being “anyone can close this, only I can open it”

The step by step of using one of these apps goes as follows:

* A and B start chatting on an app with E2E encryption
* The first step is that each of their devices create a set of Locks and Keys and send the Locks to the other
* A decided to sends the following message to B “Lets meet tonight for dinner”
* A’s app takes B’s Lock and encrypts the message and makes it look like this: `b’gAAAAABkJKWTY1u2sPwSGTUD0N69P8G5HrKJwRJmM0OnX9l4KJLpCmVOlNxLxPbExPw7XIQJRIhT5CC2gEpuReUq8A5bJlFph_QNmncg7tuJJItifUEMG-g=’` (actual encrypted version of text, I used Python’s Cryptography module)
* App then sends that over the internet to B’s device
* B’s device can then use B’s Key to take the gobbledegook and turn it back into the original text of “Lets meet tonight for dinner”

The big deal about if being “End to End Encrypted” is that anyone who was trying to listen into the conversation by intercepting and copying the messages will only have the encrypted versions which are indistinguishable from noise.

The current method for encryption involves 3 numbers: 2 very large primes and their product, the primes are the privet “unlocking” key and the product is the public “locking” one, this works because it is incredibly time consuming with modern computers to go from the product to the prime factors. Quantum computers are changing this but people are implementing new methods of encryption which will still hold up into the future.

Now there are some problems that can come up which I will quickly run through:

* Not all encryptions are the same, if they are using a weaker algorithm or shorter keys then it can be broken
* Some algorithms can be set up with a pre-defined 3rd key that will always work to decrypt every message, in this case the company can read everything anyway and if the key gets out then all the encryption is meaningless
* Current development of quantum computers means that in the not to distant future it will be possible to break the RSA encryption algorithm which has been widely used for decades and there are actors in the space who are simply gathering encrypted data and sitting on it until they can get their hands on the tools to break it open, as it doesn’t go bad.

End to End encryption means that the transmission service can’t read the content of the message.

The way it works goes a little something like this:

Modern encryption algorithms work on two types of “keys”, Public and Privet, for this though you can think of them as a “Lock” and a “Key”, if I hand you a lock you don’t need any special equipment to put in on a box, but once you do that you can’t open it.

The nice part about this, is that you can make an arbitrarily large number of locks for anyone who asks for them, they can be reused by the people you send them to, and no matter how many you make it will still be (until a quantum computer gets big enough) just as secure.

The goal of its development being “anyone can close this, only I can open it”

The step by step of using one of these apps goes as follows:

* A and B start chatting on an app with E2E encryption
* The first step is that each of their devices create a set of Locks and Keys and send the Locks to the other
* A decided to sends the following message to B “Lets meet tonight for dinner”
* A’s app takes B’s Lock and encrypts the message and makes it look like this: `b’gAAAAABkJKWTY1u2sPwSGTUD0N69P8G5HrKJwRJmM0OnX9l4KJLpCmVOlNxLxPbExPw7XIQJRIhT5CC2gEpuReUq8A5bJlFph_QNmncg7tuJJItifUEMG-g=’` (actual encrypted version of text, I used Python’s Cryptography module)
* App then sends that over the internet to B’s device
* B’s device can then use B’s Key to take the gobbledegook and turn it back into the original text of “Lets meet tonight for dinner”

The big deal about if being “End to End Encrypted” is that anyone who was trying to listen into the conversation by intercepting and copying the messages will only have the encrypted versions which are indistinguishable from noise.

The current method for encryption involves 3 numbers: 2 very large primes and their product, the primes are the privet “unlocking” key and the product is the public “locking” one, this works because it is incredibly time consuming with modern computers to go from the product to the prime factors. Quantum computers are changing this but people are implementing new methods of encryption which will still hold up into the future.

Now there are some problems that can come up which I will quickly run through:

* Not all encryptions are the same, if they are using a weaker algorithm or shorter keys then it can be broken
* Some algorithms can be set up with a pre-defined 3rd key that will always work to decrypt every message, in this case the company can read everything anyway and if the key gets out then all the encryption is meaningless
* Current development of quantum computers means that in the not to distant future it will be possible to break the RSA encryption algorithm which has been widely used for decades and there are actors in the space who are simply gathering encrypted data and sitting on it until they can get their hands on the tools to break it open, as it doesn’t go bad.

In short it means that only you and the person you’re talking to are able to read the message.

It goes directly from you to them without passing through any servers or anything in-between which can read the messages.

In short it means that only you and the person you’re talking to are able to read the message.

It goes directly from you to them without passing through any servers or anything in-between which can read the messages.

In short it means that only you and the person you’re talking to are able to read the message.

It goes directly from you to them without passing through any servers or anything in-between which can read the messages.

Encryption means information is transformed in some way such that it cannot be read or changed by unauthorised parties. Typically some kind of secret key is required to read the original information. Modern cryptography uses fancy maths to achieve this.

But “encryption” is kind of an ambiguous thing. Like a lot of services say they use “military-grade encryption!” but the claim is kind of meaningless. What really matters is *what* data is encrypted, *where* and by *whom*.

In a typical computer messaging service, you have the Sender, the Recipient, and in the middle a Server operated by the service provider (eg. WhatsApp/Meta). The Server is needed because directly communicating between two end user devices over the internet is actually pretty hard. The Recipient device may be switched off or out of service range and unable to receive messages, there may be NAT, firewalls or other barriers to establishing connections etc. So the Server handles all messages, temporarily storing messages for retry later, sending out push notifications etc.

In between these 3 parties, you have additional parties involved. The cafe who provides the WiFi; the ISPs who provide the internet connections; other companies or governments who operate the internet infrastructure between ISPs; hackers or rogue employees who gain access to systems and networks; governments who force companies to provide access etc.

So at the very least you want to ensure that the connection between the user (Sender or Recipient) and Server are encrypted to prevent any malicious parties snooping on your messages. A common encryption mechanism uses a pair of keys: a Public key that can be used to encrypt messages, and a Private key that can decrypt them.

End-to-end encryption is a specific type of encryption that takes it a step further; the message content is encrypted on the Sender device (one end), and only decrypted on the Recipient device (the other end). The Server only has enough unencrypted information to route the messages to the correct users/devices, it doesn’t need to decrypt the message content. In theory, only the Recipient has the decryption key, so the messaging service provider cannot decrypt it even if they wanted to (or were forced to).

The problem is, end-to-end encryption does not enforce this. You use an app like WhatsApp to generation the keys. There isn’t anything that prevents WhatsApp sending a copy of the Private (decryption) key to themselves and reading your messages when they want to. You’re trusting them to do what they claim. Then we get to the last part: *what* is encrypted. It’s only the contents of the message. Metadata like how many messages you send, their size, to whom & when, are all accessible to WhatsApp. So end-to-end encryption sounds good in theory, but it you need to understand is limitations.