I think I have a brief and clear answer.
Most computer systems have a server that sits between the people talking to each other. The server orchestrates how things should work. It is easier if the server is allowed to read or change the messages, but that is not the most secure design. End-to-end encryption means the server passes encrypted messages that it cannot read between either end of the two people talking.
Imagine you sent a letter to your friend. But instead of putting the letter in an envelope, you just taped it flat.
Every person who saw that letter could read it. Your next door neighbor, your mail person, all of the mail people in between your house and theirs, the recipient’s mail person, the recipient’s next door neighbor, the recipient’s house mates, and so on.
Sending a text message is similar, except it goes through a bunch of computers instead. Computers that you may or may not know what they’re actually doing.
It starts on your phone, then it goes to whatever WiFi you’re connected to, then the server of the company that made the app (where it could be read by the employees of that company for whatever reason), it might bounce between a few servers until it lands on the server the recipient has access to, then through whatever WiFi they’re on, then it’s on the recipient’s phone.
Every one of those stops is a point where someone could read that message. Those someone’s could be IT people doing work on the server, they could be employees looking for a reason to get even with their company, it could be some kid who’s hacked a server and is looking to “dox” someone, it could be a hacker who’s set up a fake WiFi access point to steal data, it could be a government agent. And you don’t want any of those people to have access to it.
The only people that should be able to read the message are you (and potentially anyone you show it to on your phone), and the recipient. The only way to allow that in computer-land is to put it in an “envelope” of sorts. And that envelope is called end-to-end encryption. It’s an envelope that only you and the recipient can open. Anyone who sees the message in between you two only sees a string of gibberish characters. Which is essentially meaningless to them.
The right to choose with whom one shares information is an inate right mankind has enjoyed since time immemorial. Just because the medium through which information is exchanged has evolved does not mean modern humans should not enjoy this same right to privacy. End to end encryption is necessary for the private exchange of ideas to continue in the modern world.
Think of it in physical mail terms: Unencrypted traffic would be like sending your hand written mail without an envelope. So your letter goes into the local mailbox. That mailman brings it to your own USPS station. That gets picked up and delivered to a regional node. Then it gets delivered to the regional node of your destination. Than it goes to the local USPS location, and then to your destination. It goes through many hops and changes hands among many different drivers and sorters along the way. Each hop could theoretically see it. Someone could intercept it and steal it and read the contents, etc.
End-to-End encryption is like sending your mail, in an envelope, written in a secret code, so that even if it gets intercepted, it’s gibberish. Only your friend on the receiving end has the decoder to turn it back into readable English.
End to end encryption works like this: you give everyone in the world a way to lock messages they send to you, and you have a way to lock messages you send to them. When locked only the intended recipient can unlock te message and read it.
Something important to remember about messages sent over the internet is that anyone can potentially see and read them without you knowing (as apposed to an envelope which you can usually tell was opened) so you need other ways to be sure that other people haven’t intercepted your messages.
I only went through the top five, but they are all wrong. I have some experience in this. Maybe even a patent or two.
Proper encryption is difficult and generally requires a really complex way of exchanging keys with one another. So, setting up these key pairs (actually quads) between each party you talk to is computationally difficult.
It’s WAY easier to set up a secure link between you and a central server (e.g. imesssge) and another secure link from the central server to your friend. Third parties, even governments, can’t read the messages even if they can intercept them (and they can) because they are encrypted between you and the server and your friend and the server.
BUT, in this system, the messages ARE legible to that central server because the keys were just between you and the server. A government COULD (and does) force the owner of that central server to reveal the contents of the messages.
When using end-to-end encryption, however, the keys are exchanged end point to end point and the central server is just a relay – it can’t read the contents. So even if a government compels the owner of that central server, they (presumably) can’t provide the contents of the conversation even if they wanted to.
But the key exchange complexity to do this reliably increases exponentially, which is why most systems still use the central server relay method.
Imagine every letter, every email, and every conversation you have could be listened to by countless unknown people, government’s, organisations etc. It would erode the privacy and freedoms of everyone.
So end-to-end encryption is a way to try and prevent this, by building it into the products we use, we reduce the chance of all our conversations being sold or used against us.
Imagine you’re sending a super secret message to your buddy. You don’t want anyone else to read it, right? End-to-end encryption is like putting that message in a super special lockbox that only your buddy has the key to. So even if someone tries to sneak a peek, they can’t figure out what’s inside. That’s why we’re all excited about it for our messages – it’s like a secret code that keeps our stuff safe!
You care because you don’t want either of the following things:
1) Your messages to be surveilled.
2) Your messages to be altered.
If your messages *aren’t* encrypted end-to-end, it means that there is a point in the middle of the transaction when this is possible. I’m a network engineer who worked for a nationwide ISP for a decade, and one of my jobs was to execute tap-and-trace orders from law enforcement organizations who contacted my team’s legal department. Our lawyers would read and approve the court order, they’d call me, and then with the officer and the lawyer on the phone, I would activate the span to send a copy of the traffic from the target over to the law-enforcement traffic capture device (a computer with specialized software to record network data, similar to [Wireshark](https://www.wireshark.org/)).
This was many years back, before SSL/HTTPS was ubiquitous, so simply reading traffic off the wire was very simple. However, now transport encryption is virtually universal, so tapping ISP traffic, while still useful for watching for activity, is far less of a complete solution.
So, if the NSA or FBI wants to read your Skype messages, what do they do? Well, they know your traffic is going to Skype servers, because they can see your IP headers, but they can’t read the payload. No problem, they know your source IP address, and the time at which you sent the messages, so they’ll go to Microsoft (who owns and operates Skype), and present them with a court-order, asking them to send them the plaintext traffic their servers receive from you, and anyone talking to you.
This is where end-to-end encryption comes in. Now even your messaging service doesn’t know what you sent, only the source and destination IP address of the message packets. In order to decrypt the traffic, they have to obtain the encryption keys off your phone, or that of your interlocutor, in order to read the messages you sent.
And before you say, “I have NordVPN”, I’d just like to point out to you the story of [Crytpo AG](https://en.wikipedia.org/wiki/Crypto_AG), the CIA/BND front which sold “security and encryption services” to other governments for 70 years.
Latest Answers