End-to-end encryption secures messages before they’re sent and decrypts them only after arriving at a recipient’s device.
This is different from encryption-in-transit, when messages may be decrypted at the server before going to a final destination.
There are several messaging apps that use end-to-end encryption, including Signal, Telegram, and WhatsApp.
Visit Insider’s Tech Reference library for more stories.
There’s more interest in secure and private online communication than ever. One tool used by many modern communication services is end-to-end encryption.
End-to-end encryption, explainedWhat makes end-to-end encryption unique is that whatever you’re sending is encrypted on your device and travels in encrypted form all the way to its destination. It’s only decrypted there so it can be read by the recipient.
The best way to understand end-to-end encryption is in contrast to a more traditional system called encryption-in-transit. Typically, if a service uses encryption, it will be encrypted on your device and sent to the server. There, it is decrypted for processing, then re-encrypted and sent on to its final destination. The data is encrypted anytime it’s in transit, but decrypted when it’s “at rest.” This protects the information through the most critical part of the trip — in transit — when it’s often most vulnerable to hackers, interception, and theft.
In contrast, end-to-end encryption is the act of applying encryption to the data on your device and not decrypting it until it reaches the destination. Even the service that is sending the data can’t see the content of your message when it passes through the server.
This is important because end-to-end encryption can give you the confidence that your communication is safe from prying eyes. In addition to simple two-way text chats, you might want to ensure that financial transactions and business communication use end-to-end encryption.
Advantages of end-to-end encryptionEnd-to-end encryption has some obvious advantages over “cleartext” (when messages or data are sent without any encryption at all) and encryption-in-transit. It’s protected every step of the way, for one example.
When an app uses encryption-in-transit, that means the service you’re using owns the key to encrypt and decrypt the message at the server. That provides a point of vulnerability and a vector for hackers or malicious actors to intercept your information before it travels to its destination.
Gmail is an example of a service that uses encryption-in-transit, which means that Google can access the content of your messages with access to the encryption key.
Gareth Fuller – PA Images/Getty Images
Disadvantages of end-to-end encryptionBut end-to-end encryption isn’t the perfect solution to every kind of communication need. If an app’s communication is fully encrypted, that can prevent the app from offering additional features like contextual services based on the content of the message, or the ability to automatically generate calendar invites, message history, and other additional features. Simply put, the data is a black box to everyone except the sender and receiver, which might not always be desirable.
The security that end-to-end privacy offers might be limited if a third party gets physical access to the device at either end of the transmission — not only can they read existing messages, but also send new ones. That’s why it’s critical to use passwords, passcodes or biometrics to protect access to your device.
While end-to-end encryption can prevent anyone (including, in general, the government and law enforcement) from reading the content of your messages, it doesn’t hide or encrypt the metadata. That means it’s possible to determine who you sent messages to, and when, even if the content is encrypted.
Apps that use end-to-end encryptionIf you’re looking to get started with end-to-end encryption, here are some apps and services that offer it:
Signal
Signal is an app journalists frequently use for a secure exchange of information, enabled by E2EE.
Thomas Trutschel/Getty Images
TelegramThreemaViber WhatsAppFacebook Messenger’s “Secret Conversations”You can get end-to-end encryption with email, as well. Here are a few apps that feature end-to-end encryption, though be forewarned that configuring the encryption is not straightforward, relies on a fairly deep understanding of how public and private keys work, and often requires both users using the same mail app to get the benefits of end-to-end encryption. Bottom line: Using encrypted email requires a substantial investment, much more so than messaging apps.
ProtonMailTutanota