End-to-end encryption (sometimes written E2E) is a method of secure data exchange whereby information is encoded and decoded only on end devices. This approach guarantees the confidentiality of transmitted data and almost nullifies the risk of its being intercepted or processed on an intermediate server.
How end-to-end encryption works
Most often, end-to-end encryption is implemented through a combination of symmetric and asymmetric algorithms or the Diffie–Hellman protocol. In the case of only symmetric encryption, key transfer takes place over a different channel than the actual communication.
Various e-mail clients, messaging apps, videoconferencing systems, and other programs use end-to-end encryption. In most such apps, key exchange and data encryption/decryption happens automatically, invisible to the user.
Pros and cons of end-to-end encryption
End-to-end encryption ensures that no outside party, including the creators of the service, can gain access to transmitted data, because it is not decrypted on the server or anywhere else in transit.
However, this method of protection can be inconvenient for that very reason. In particular, end-to-end encryption makes it impossible to store chat history on the server or use automatic moderation.
When end-to-end encryption won’t protect your data
Despite being a highly secure method of data protection, in some cases end-to-end encryption is ineffective. The primary causes of data leakage when using end-to-end encryption are:
- Backdoors in data exchange apps. Unscrupulous developers can add hidden capabilities to their apps to intercept keys or copy data before it is encrypted. In such cases, end-to-end encryption is of little help.
- Data theft from user devices. If the recipient’s phone or computer is hacked, cybercriminals can steal data (both sent and received) from it, because it is decrypted on the device. For this same reason, an attacker who gains physical access to a user’s device can read messages on it.
Also bear in mind that end-to-end encryption does nothing to hide the fact that messages are being exchanged. Your ISP or messenger service cannot read your end-to-end encrypted correspondence, but they do know that you sent something to a particular recipient.