Recently, all communication services – from WhatsApp to Zoom – are often said to have implemented end-to-end encryption. But not all users understand what this means. What encryption means, let’s say, is understandable – it means that data turns into something unreadable. And what is end-to-end encryption? What are its pros and cons? Let us try to explain it as simple as possible without going into terms and mathematics.
What is end-to-end encryption and what other options there are
Crossword encryption is when messages are encrypted on your device and decrypted only on the device of your conversation partner (in English it is called end-to-end, which can be translated into Russian as “end-to-end”). That is, all the way from the sender to the receiver the message is encrypted, so no one can read it except your conversation partner.
How else can it happen? It is also possible to transfer data in the open form, that is, when the message is not encrypted at all. This is the most insecure option. For example, data is not encrypted when sending SMS – in theory, anyone can intercept it at all. Fortunately, in practice this requires special equipment, which limits the readership of your messages.
There are also transport encryption – this is when messages are encrypted at the sender, delivered to the server, decrypted there, encrypted again, and delivered to the recipient. Transport encryption protects the information in transit, but allows the content of the messages to be seen by the intermediate link, the server. Maybe this server is responsible for your secrets, or maybe it is not. All you have to do is trust its owners.
At the same time, in many cases it may be much more convenient to use transport encryption instead of end-to-end. The fact is that transport encryption allows the server to provide more diverse services, rather than just transmitting encrypted data from one source to another. For example, to store the history of correspondence, to connect additional participants to the conversation through alternative channels (telephone call to a video conference), to use automatic moderation and so on.
In this case, transport encryption solves an important problem: it eliminates the interception of data on the way from user to server and from server to user (which is the most dangerous part of the way). So, services are not always in a hurry to move to end-to-end encryption: for users convenience and variety of services can be more important than increased data security.
What does end-to-end encryption protect
The main advantage of end-to-end encryption is that no one but the recipient can decrypt the transmitted messages. It is as if you were cleaning them in a box, which is physically impossible to open – neither saw them, nor split them with a sledgehammer, nor crack them with a picklock. And this box can only be opened by the person to whom the message is addressed – no letter carrier or thief who managed to clean up the parcel can do this. In other words, through encryption provides confidentiality of correspondence.
If in the physical world such an invincible box can hardly be created, in the information world it is really possible. Very cool mathematicians are constantly developing new encryption systems and improving the old ones so that they cannot be opened.
From the fact that a message encrypted with end-to-end encryption cannot be decrypted by anyone but the recipient, there is another advantage: nobody can get into the message and change it. Modern ciphers are arranged in such a way that if someone changes the encrypted data, it will turn into garbage during decryption – and it will immediately become clear that something is wrong here. But it will not be possible to make predictable changes to an encrypted message, i.e. to replace one text with another.
This ensures integrity of the correspondence: if you have received a message and are able to decrypt it, you can be sure that it is exactly what you have sent and it has not changed on the way.
That’s why end-to-end encryption doesn’t protect
After somebody paints out all the advantages of end-to-end encryption – about the same as we have done now – it seems to listeners that it solves all the problems of information transfer. However, this is not the case and end-to-end encryption has its limitations.
First of all, even if the use of end-to-end encryption allows to hide the content of a message, the very fact of sending a message to (or receiving from) a specific person is still known. The server will not know what was in that message that you sent to your conversation partner, but it will know exactly what you exchanged messages on that day and at that time. In some cases, the very fact of communicating with certain recipients can draw unwanted attention to you.
Secondly, if someone gets access to the device with which you are communicating, they will be able to read all the messages. They will also be able to write and send messages on your behalf. So you need to protect the device and block access to applications that use end-to-end encryption, at least with a PIN code, so that if you lose or steal a device, your correspondence will not fall into the wrong hands – along with the possibility of pretending to be you.
For the same reason, devices should be
Finally, thirdly: even if you care perfectly about protecting all your devices and know for sure that no one has access to the messages on them, you can hardly be just as sure about the device of your conversation partner. And end-to-end encryption isn’t going to help either.
And yet, despite the limitations, end-to-end encryption is the most secure way to transmit sensitive data, and that’s why more and more different services are switching to it.