Encryption means information is transformed in some way such that it cannot be read or changed by unauthorised parties. Typically some kind of secret key is required to read the original information. Modern cryptography uses fancy maths to achieve this.

But “encryption” is kind of an ambiguous thing. Like a lot of services say they use “military-grade encryption!” but the claim is kind of meaningless. What really matters is *what* data is encrypted, *where* and by *whom*.

In a typical computer messaging service, you have the Sender, the Recipient, and in the middle a Server operated by the service provider (eg. WhatsApp/Meta). The Server is needed because directly communicating between two end user devices over the internet is actually pretty hard. The Recipient device may be switched off or out of service range and unable to receive messages, there may be NAT, firewalls or other barriers to establishing connections etc. So the Server handles all messages, temporarily storing messages for retry later, sending out push notifications etc.

In between these 3 parties, you have additional parties involved. The cafe who provides the WiFi; the ISPs who provide the internet connections; other companies or governments who operate the internet infrastructure between ISPs; hackers or rogue employees who gain access to systems and networks; governments who force companies to provide access etc.

So at the very least you want to ensure that the connection between the user (Sender or Recipient) and Server are encrypted to prevent any malicious parties snooping on your messages. A common encryption mechanism uses a pair of keys: a Public key that can be used to encrypt messages, and a Private key that can decrypt them.

End-to-end encryption is a specific type of encryption that takes it a step further; the message content is encrypted on the Sender device (one end), and only decrypted on the Recipient device (the other end). The Server only has enough unencrypted information to route the messages to the correct users/devices, it doesn’t need to decrypt the message content. In theory, only the Recipient has the decryption key, so the messaging service provider cannot decrypt it even if they wanted to (or were forced to).

The problem is, end-to-end encryption does not enforce this. You use an app like WhatsApp to generation the keys. There isn’t anything that prevents WhatsApp sending a copy of the Private (decryption) key to themselves and reading your messages when they want to. You’re trusting them to do what they claim. Then we get to the last part: *what* is encrypted. It’s only the contents of the message. Metadata like how many messages you send, their size, to whom & when, are all accessible to WhatsApp. So end-to-end encryption sounds good in theory, but it you need to understand is limitations.

Encryption means information is transformed in some way such that it cannot be read or changed by unauthorised parties. Typically some kind of secret key is required to read the original information. Modern cryptography uses fancy maths to achieve this.

But “encryption” is kind of an ambiguous thing. Like a lot of services say they use “military-grade encryption!” but the claim is kind of meaningless. What really matters is *what* data is encrypted, *where* and by *whom*.

In a typical computer messaging service, you have the Sender, the Recipient, and in the middle a Server operated by the service provider (eg. WhatsApp/Meta). The Server is needed because directly communicating between two end user devices over the internet is actually pretty hard. The Recipient device may be switched off or out of service range and unable to receive messages, there may be NAT, firewalls or other barriers to establishing connections etc. So the Server handles all messages, temporarily storing messages for retry later, sending out push notifications etc.

In between these 3 parties, you have additional parties involved. The cafe who provides the WiFi; the ISPs who provide the internet connections; other companies or governments who operate the internet infrastructure between ISPs; hackers or rogue employees who gain access to systems and networks; governments who force companies to provide access etc.

So at the very least you want to ensure that the connection between the user (Sender or Recipient) and Server are encrypted to prevent any malicious parties snooping on your messages. A common encryption mechanism uses a pair of keys: a Public key that can be used to encrypt messages, and a Private key that can decrypt them.

End-to-end encryption is a specific type of encryption that takes it a step further; the message content is encrypted on the Sender device (one end), and only decrypted on the Recipient device (the other end). The Server only has enough unencrypted information to route the messages to the correct users/devices, it doesn’t need to decrypt the message content. In theory, only the Recipient has the decryption key, so the messaging service provider cannot decrypt it even if they wanted to (or were forced to).

The problem is, end-to-end encryption does not enforce this. You use an app like WhatsApp to generation the keys. There isn’t anything that prevents WhatsApp sending a copy of the Private (decryption) key to themselves and reading your messages when they want to. You’re trusting them to do what they claim. Then we get to the last part: *what* is encrypted. It’s only the contents of the message. Metadata like how many messages you send, their size, to whom & when, are all accessible to WhatsApp. So end-to-end encryption sounds good in theory, but it you need to understand is limitations.

It basically means that only the sender and the intended recipient can actually read the message. This is in contrast to the usual encryption that is only used to secure message from the senderreceiver tofrom the server.

It is important though that there are a lot of companies that don’t use Cryptographic terms correctly. Though at least for the large direct messengers (e. G. WhatsApp) they usually do use the term end to end encryption correctly.

It basically means that only the sender and the intended recipient can actually read the message. This is in contrast to the usual encryption that is only used to secure message from the senderreceiver tofrom the server.

It is important though that there are a lot of companies that don’t use Cryptographic terms correctly. Though at least for the large direct messengers (e. G. WhatsApp) they usually do use the term end to end encryption correctly.

It basically means that only the sender and the intended recipient can actually read the message. This is in contrast to the usual encryption that is only used to secure message from the senderreceiver tofrom the server.

It is important though that there are a lot of companies that don’t use Cryptographic terms correctly. Though at least for the large direct messengers (e. G. WhatsApp) they usually do use the term end to end encryption correctly.

End to end encryption is a way of making sure only the intended recipient of a message can read the message, even if that message has to be passed between many different places to reach where it’s going. This is necessary to protect your data on the internet because every bit of communication that happens, from loading websites to posting on social media to filling out online forms, all happens through the public medium of the internet.

If you’re curious how it actually works, imagine you’re sitting in school and you want to pass a note to your friend three seats away. You don’t want anyone in between to read the note, so before class you agreed on a special algorithm to use to scramble and unscramble the messages. Before you send a message, you’ll scramble it, and when you receive a message, you’ll unscramble it.

This works for a while, but eventually you realize: if anyone ever figures out your secret algorithm, they’ll be able to read all your messages. So, you come up with an even better algorithm. This one takes a password, and combines it with your message as it scrambles it such that anyone who gets the message also needs the password to unscramble it. Then you simply agree on a different password to use every day before class.

This works for a while, but eventually, it’s getting to gossip season and people are really trying to steal your messages and find out your juicy secrets. You decide that it’s too dangerous to share passwords before class because someone might overhear. So, you come up with an even crazier algorithm. This one requires two different passwords, one to scramble and one to unscramble. When you want to send a message, you now have to first pass a note to your friend saying you’d like to send a message. Then, they will come up with a scramble password and an unscramble password. They reply to you with the scrambling password. You then use the scrambling password to scramble your real message and you send it back to your friend. Finally, they use their unscrambling password to unscramble the message. This system is perfectly secure because you need the unscrambling password to read the message, and that password is never shared with anyone, so only your friend knows it.

End to end encryption is a way of making sure only the intended recipient of a message can read the message, even if that message has to be passed between many different places to reach where it’s going. This is necessary to protect your data on the internet because every bit of communication that happens, from loading websites to posting on social media to filling out online forms, all happens through the public medium of the internet.

If you’re curious how it actually works, imagine you’re sitting in school and you want to pass a note to your friend three seats away. You don’t want anyone in between to read the note, so before class you agreed on a special algorithm to use to scramble and unscramble the messages. Before you send a message, you’ll scramble it, and when you receive a message, you’ll unscramble it.

This works for a while, but eventually you realize: if anyone ever figures out your secret algorithm, they’ll be able to read all your messages. So, you come up with an even better algorithm. This one takes a password, and combines it with your message as it scrambles it such that anyone who gets the message also needs the password to unscramble it. Then you simply agree on a different password to use every day before class.

This works for a while, but eventually, it’s getting to gossip season and people are really trying to steal your messages and find out your juicy secrets. You decide that it’s too dangerous to share passwords before class because someone might overhear. So, you come up with an even crazier algorithm. This one requires two different passwords, one to scramble and one to unscramble. When you want to send a message, you now have to first pass a note to your friend saying you’d like to send a message. Then, they will come up with a scramble password and an unscramble password. They reply to you with the scrambling password. You then use the scrambling password to scramble your real message and you send it back to your friend. Finally, they use their unscrambling password to unscramble the message. This system is perfectly secure because you need the unscrambling password to read the message, and that password is never shared with anyone, so only your friend knows it.

End to end encryption is a way of making sure only the intended recipient of a message can read the message, even if that message has to be passed between many different places to reach where it’s going. This is necessary to protect your data on the internet because every bit of communication that happens, from loading websites to posting on social media to filling out online forms, all happens through the public medium of the internet.

If you’re curious how it actually works, imagine you’re sitting in school and you want to pass a note to your friend three seats away. You don’t want anyone in between to read the note, so before class you agreed on a special algorithm to use to scramble and unscramble the messages. Before you send a message, you’ll scramble it, and when you receive a message, you’ll unscramble it.

This works for a while, but eventually you realize: if anyone ever figures out your secret algorithm, they’ll be able to read all your messages. So, you come up with an even better algorithm. This one takes a password, and combines it with your message as it scrambles it such that anyone who gets the message also needs the password to unscramble it. Then you simply agree on a different password to use every day before class.

This works for a while, but eventually, it’s getting to gossip season and people are really trying to steal your messages and find out your juicy secrets. You decide that it’s too dangerous to share passwords before class because someone might overhear. So, you come up with an even crazier algorithm. This one requires two different passwords, one to scramble and one to unscramble. When you want to send a message, you now have to first pass a note to your friend saying you’d like to send a message. Then, they will come up with a scramble password and an unscramble password. They reply to you with the scrambling password. You then use the scrambling password to scramble your real message and you send it back to your friend. Finally, they use their unscrambling password to unscramble the message. This system is perfectly secure because you need the unscrambling password to read the message, and that password is never shared with anyone, so only your friend knows it.

Any even remotely competently written software will encrypt data when it’s sent over the Internet.

A chat app that is not end to end encrypted (E2EE) will encrypt the connection between the app and the server. The server will decrypt the message, then encrypt it again for the recipient, and as a result, it will be able to read it.

If the chat app is end to end encrypted, your phone will first encrypt the message so that only the recipient’s phone can read it. Then it will send it to the server (the connection to the server will typically still be encrypted one more time). Now the server can see that you’re sending a message and to whom, but it can’t see the content.

The hard part is doing it right and making sure you’re actually encrypting it to the right recipient. Encryption is usually done with public key encryption systems. A recipient generates two keys, public and private, and gives the public key to everyone. You can use the public key to encrypt a message so it can only be read using the corresponding private key.

But how do you know which public key belongs to the recipient? Usually, you ask the server. The server could instead send you its own public key (pretending that it’s the public key of the recipient). Your phone would now encrypt the message using that key. The server could decrypt it, read it, then encrypt it with the recipient’s key.

For this reason, apps like Signal let you verify your contact’s “safety number” which is the fingerprint of both your and their public keys (if you look closely, one half of your safety number is the same for all your contacts – that’s your public key fingerprint!)

By checking this, e.g. if you meet in person, you can be sure that the attack I described above (“man-in-the-middle”) is not happening. Some e2ee apps don’t do this. This still means the server has to actively mess with the data rather than just reading it, but it’s far from perfect.

Even e2ee is no guarantee: for example, a malicious server could send you a software update that just uploads your message history.

WhatsApp and signal use the same encryption, but a) WhatsApp doesn’t warn you by default when your contact’s key changes (because people lose their phones/reinstall all the time and it confuses people), b) WhatApp pushes really aggressively to back up your chats to the cloud, and once either you **or your contact** do that, the (already decrypted) messages are backed up to apple/google… (there is some other encryption involved but if someone gets the data from Apple/Google, and a key from Facebook, they can read those backups).

Any even remotely competently written software will encrypt data when it’s sent over the Internet.

A chat app that is not end to end encrypted (E2EE) will encrypt the connection between the app and the server. The server will decrypt the message, then encrypt it again for the recipient, and as a result, it will be able to read it.

If the chat app is end to end encrypted, your phone will first encrypt the message so that only the recipient’s phone can read it. Then it will send it to the server (the connection to the server will typically still be encrypted one more time). Now the server can see that you’re sending a message and to whom, but it can’t see the content.

The hard part is doing it right and making sure you’re actually encrypting it to the right recipient. Encryption is usually done with public key encryption systems. A recipient generates two keys, public and private, and gives the public key to everyone. You can use the public key to encrypt a message so it can only be read using the corresponding private key.

But how do you know which public key belongs to the recipient? Usually, you ask the server. The server could instead send you its own public key (pretending that it’s the public key of the recipient). Your phone would now encrypt the message using that key. The server could decrypt it, read it, then encrypt it with the recipient’s key.

For this reason, apps like Signal let you verify your contact’s “safety number” which is the fingerprint of both your and their public keys (if you look closely, one half of your safety number is the same for all your contacts – that’s your public key fingerprint!)

By checking this, e.g. if you meet in person, you can be sure that the attack I described above (“man-in-the-middle”) is not happening. Some e2ee apps don’t do this. This still means the server has to actively mess with the data rather than just reading it, but it’s far from perfect.

Even e2ee is no guarantee: for example, a malicious server could send you a software update that just uploads your message history.

WhatsApp and signal use the same encryption, but a) WhatsApp doesn’t warn you by default when your contact’s key changes (because people lose their phones/reinstall all the time and it confuses people), b) WhatApp pushes really aggressively to back up your chats to the cloud, and once either you **or your contact** do that, the (already decrypted) messages are backed up to apple/google… (there is some other encryption involved but if someone gets the data from Apple/Google, and a key from Facebook, they can read those backups).