In the last few years phones and apps have been touting themselves as better than other phones/services because their messaging has end-to-end encryption, or some other variant of secure messaging. Why do we care?
Edit: Thanks for the answers, everyone!
In: 140
Many services use a server-client encryption system. With this, when you send a message, it will be encrypted until it reaches the server, where it is decrypted, then encrypted again before being sent on to the recipient. In this way, somebody who intercepts the message in transit cannot read the message, such as a hacker, but the service provider can. The service provider can also provide those contents to other parties, such as advertisers or the government.
End-to-end encryption means only the sender and receiver(s) are able to see the contents of the message. Since the message remains encrypted all the way, the service provider is not able to provide the message to other parties. This includes advertisers and the government.
Even if the government compels the service provider to provide the messages, all the government gets is the encrypted message, which is difficult for them to understand – they need to hack the encryption, which is very time consuming.
Naturally, the government doesn’t like that very much, and service providers want to be able to read your messages to use them to make more money, meaning that end-to-end encryption gets a lot of push back. Many service providers will also use arguments regarding features such as historical autocomplete as reasons they need to read the messages, whether they are real reasons or not.
End-to-end encryption is impossible with broadcast messaging. That is, services such as Reddit, where you post a message that is public, cannot use end-to-end encryption for their main operation. They can only use server-client encryption for those postings. Direct messages on such platforms could be designed to work with end-to-end encryption, but rarely as it would require some more specialized systems.
Multi-cast systems, where you send one message to multiple people, like a group text message, can be designed to use end-to-end encryption. In such a case, your computer would need to automatically send multiple versions of the message to each person in the communication.
One drawback of end-to-end encryption is that it is effectively impossible to recover messages if you lose your decryption key (likely a password), and that key needs to be stored only on your device (or encrypted with a different key) or it defeats the purpose of end-to-end encryption. Basically, you need to make sure to keep a secured backup of your device(s) and transfer the keys around if you change devices. This also means you cannot pop onto a public computer (eg, at a library) and read your messages, unless you also know your key.
Latest Answers