Why do we care about end-to-end encryption

1.07K views

In the last few years phones and apps have been touting themselves as better than other phones/services because their messaging has end-to-end encryption, or some other variant of secure messaging. Why do we care?

Edit: Thanks for the answers, everyone!

In: 140

28 Answers

Anonymous 0 Comments

The message doesn’t leave your device without being encrypted. That means that anyone intercepting it in transit needs the decryption key to read the message or needs to crack it (good encryption is for now hard to break, too time consuming to brute force). The message then gets decrypted on the device that receives it.

The thing is that for modern communication devices, some countries may not have the same laws than you have for old school phone lines. That means that a state actor, say the government of your country could just intercept the messages because why the heck not. Other countries/actors will just not care and be like “gather all the data we can, privacy be damned”.

That doesn’t mean that your messages will get intercepted, but state actors have time and again shown that they are not to be trusted. See the Snowden leaks in the US for a good example of the amount of data that the government collects.

End-to-end encryption is a way to prevent this kind of abuse of power.

Anonymous 0 Comments

it means that the encryption/decryption happens at the sender and receiver, it isn’t clear text on some server somewhere in the middle where three-letter agencies or hackers etc. can listen in

Anonymous 0 Comments

If it’s working right, the end-to-end encryption means that the message or data you are transferring can only be understood by you and the recipient.

So, for example, if you were to connect to a compromised router or a hacked wi-if access point or even a fake cell tower, a hacker or criminal (or the police) could see and copy the data you’re sending and receiving, but wouldn’t be able to understand the contents. They might see that you were connecting to a bank website, but wouldn’t be able to get your password. They might see you connect to a messaging service, but wouldn’t be able to read your messages.

Anonymous 0 Comments

Let’s say you have two mailmen in your neighbourhood, delivering mail to all residents of the area.

You have a secret love letter that you wish to send to your crush who lives on the opposite side of town. You don’t want anyone to know of this crush of yours, so you need to trust whomever you’re handing the letter over to, right?

As it so happens, one of the two mailmen is known for opening the mail he gets, reads them, and even likes to gossip about what he finds whenever he’s in the bar, in the grocery store and to all the shop owners at the local shopping mall.

Sometimes he even gets paid by store owners to reveal secrets in the letters he’s been entrusted with, in hopes of getting to know just what brand of cheese and shoes and dildo sizes the people who sent said mail prefer.

This mailman has even gone to the police sometimes with his mail, revealing the most dirty little secrets of the town’s residents.

But there’s also another mailman in town, who is known for never opening any mail, and always delivers all letters untampered with directly to the intended recipient. In fact, this mailman even locks the letters he is delivering in a special box, that the recipient needs a special code for to be able to open.

So when this mailman collects a letter, he instructs the sender to place the letter inside the box and set a secret code on it so that the mailman can’t open it to see what’s inside.

When the mailman has left the sender’s house with the now locked box, and given that the phone lines in this metaphorical town are completely private and safe, the sender then calls up the recipient and tells them the secret code they need to be able to open the box.

When the honest mailman arrives at the recipient’s house, he hands over the box that he can’t open, but that the recipient now can.

The box is opened and the crush can now read your secret love letter knowing that nobody has eavesdropped on it while it was in transit.

Anonymous 0 Comments

Almost all traffic on the modern Internet is encrypted *in some way*. But it matters who has the keys.

As a quick refresher, encryption means that the data is scrambled mathematically, in such a way that only someone who has the key can open it. Ideally, there’s no way to “break in” without either having the key, or trying every possible key until you find the right one.

So with most messaging applications, the data is encrypted when you send it to, say, Facebook. Facebook uses their key to unlock the message, and store it for the recipient. When they log in, Facebook encrypts the message and sends it to the recipient.

With end-to-end encryption, you encrypt the message with a key only the recipient knows, and Facebook holds on to the scrambled, locked message. When they forward it to the recipient, the recipient can then unlock it.

In the case where Facebook has the key to unlock the message, this means that they can read the message. They can use it to target ads to you. Your government can demand that Facebook give them a copy of the message. Facebook can be hacked and the hackers can take the message.

In the case where only the recipient has the key, only the recipient can unlock the message.

Anonymous 0 Comments

Many services use a server-client encryption system. With this, when you send a message, it will be encrypted until it reaches the server, where it is decrypted, then encrypted again before being sent on to the recipient. In this way, somebody who intercepts the message in transit cannot read the message, such as a hacker, but the service provider can. The service provider can also provide those contents to other parties, such as advertisers or the government.

End-to-end encryption means only the sender and receiver(s) are able to see the contents of the message. Since the message remains encrypted all the way, the service provider is not able to provide the message to other parties. This includes advertisers and the government.

Even if the government compels the service provider to provide the messages, all the government gets is the encrypted message, which is difficult for them to understand – they need to hack the encryption, which is very time consuming.

Naturally, the government doesn’t like that very much, and service providers want to be able to read your messages to use them to make more money, meaning that end-to-end encryption gets a lot of push back. Many service providers will also use arguments regarding features such as historical autocomplete as reasons they need to read the messages, whether they are real reasons or not.

End-to-end encryption is impossible with broadcast messaging. That is, services such as Reddit, where you post a message that is public, cannot use end-to-end encryption for their main operation. They can only use server-client encryption for those postings. Direct messages on such platforms could be designed to work with end-to-end encryption, but rarely as it would require some more specialized systems.

Multi-cast systems, where you send one message to multiple people, like a group text message, can be designed to use end-to-end encryption. In such a case, your computer would need to automatically send multiple versions of the message to each person in the communication.

One drawback of end-to-end encryption is that it is effectively impossible to recover messages if you lose your decryption key (likely a password), and that key needs to be stored only on your device (or encrypted with a different key) or it defeats the purpose of end-to-end encryption. Basically, you need to make sure to keep a secured backup of your device(s) and transfer the keys around if you change devices. This also means you cannot pop onto a public computer (eg, at a library) and read your messages, unless you also know your key.

Anonymous 0 Comments

I am reading your question as “why do we care if we have privacy”. I have heard some people say they have nothing to hide, so they don’t mind if the government or general public can see their online communication. The problem with completely open communication is that in the future, the government may be more authoritarian than it is now. Any communications and data they receive is stored. In the future, you may be punished for views or political beliefs you hold now. Drunk text to a friend? Might be brought up at your next interview for the job you have always wanted.

Anonymous 0 Comments

Because the government might not see you as a law abiding citizen in the future.

Also having very personal data in hands of independent parties isnt the best

Anonymous 0 Comments

It means your conversation is private.

A potential situation: a conversation (unencrypted and recorded) now is fine/legal but because the government knows now you’re trusting it will never care in the future or make a crime what you spoke about. Likely, maybe not, but why not encrypt.

Of you could be a journalist or activist in a location where that’s bad for your health.

Anonymous 0 Comments

> or some other variant of secure messaging

I will explain this part specifically

End-to-end encryption is touted in particular because it forgoes the need to trust the middleman, which can’t be said about “secure messaging” that does not do end-to-end encryption.

The middleman in this case is the service provider, such as WhatsApp, which is affiliated with Facebook.

Actually, most forms of “secure messaging” are able to prevent man-in-the-middle attacks, e.g. government or creeps listening to network packets. They encrypt from Sender to Provider, and Provider to Receiver. At the very least you need to trust the Provider

End-to-end encryption is encrypting from Sender to Receiver, so even the Provider has no means of reading what is sent.

Why might you not trust the Provider? In most countries the government can subpoena the Provider company for user data under certain circumstances. And that’s the best case since it’s a legal process. In many other countries, like dictatorships, the government can force the Provider to hand over data, or even already have a copy of all the Provider’s data, such as in China. Or you might not trust the Provider just because it’s affiliated with Facebook.

This is where end-to-end encryption helps.