What is E2EE?

An illustration of wireless devices connected to a router
(Image credit: Getty Images)

The world of online security involves a lot of potentially intimidating jargon and acronyms, but one of the most important ones to know is E2EE – which stands for End-to-End Encryption).

This is especially important when it comes to messaging apps and communication services like Telegram, Discord, WhatsApp, and even Facebook Messenger, as it's what these services use to protect your messages and ensure that any nosy third parties can’t see what you're talking about.

With E2EE, any messages you send are encrypted on your device and only decrypted once they reach your recipient's device. EE2E is the cornerstone of secure messaging over the internet, and in this article, I'll take a closer look into how it works, what the advantages are, and why some governments are looking to ban and weaken its protection.

What is E2EE?

Let's dig into the core ideas behind E2EE. We'll talk about what encryption is, why it matters, and what exactly "end-to-end" means for you when you're using the internet.

Encryption lies at the heart of everything that you do online, whether you realize it or not. Without it, the internet as we know it today couldn't function.

Without encryption, anyone could see your banking transactions, read your messages, or steal your personal data. By encrypting all this data, it is made unreadable to unauthorized parties.

"End-to-end" is a reference to the start and end destinations of the data.

E2EE is a method of encryption where data is encrypted at every point along its journey from one device to another.

"End-to-end" is a reference to the start and end destinations of the data. If you're sending a Whatsapp message, for example, the starting destination would be your device, and the end destination is the recipient's device.

“End-to-End" means that your data is protected during transmission as well as while it's on a server. Nobody else, not even the company that owns the messaging product you're using, can see the contents of the message because only the recipient has the right key to decrypt it.

How does E2EE work?

Now we know what E2EE is and why it's important, it's time to take a look at just how it works. Don’t worry, we won't get into the nuts and bolts, but it's important to have a basic understanding of how it works so you know what to look for when choosing a product or service.

Here's how the process plays out (in a nutshell):

  • E2EE works by using cryptographic keys. These are made up of a public and a private key. Public keys can be shared, but private keys must be kept private as these are what will be used to decrypt the message.
  • These keys are kept at the endpoints. When we talk about an "endpoint", this can be anything from a server in a data center to a desktop PC or even your mobile phone.
  • The public key is used to encrypt messages. Once that key has been shared anyone can use it.
  • Once a message has been encrypted, it's scrambled into random numbers, letters, and symbols. This protects it as it travels through servers belonging to third parties, like your ISP or social media platform, where it may be targeted by snoopers or criminals.
  • What this all means is that once an encrypted message has been sent, only the person with the matching private key can decrypt and open it at the other end.

What is E2EE used for?

As mentioned before, the internet as we know it today would be a very different place without end-to-end encryption, but there are some places where it’s more vital than others.

E2EE’s primary use is to enhance security. This makes it key for industries such as finance, communications, and healthcare. Keeping data safe is absolutely paramount here, and any data breach carries the risk of hefty financial and reputational damage to the company.

Protect that password

A padlock resting on a keyboard.

(Image credit: Passwork)

Looking for a password manager you can trust with your (digital) life? Check out our lineup of today's best password managers.

E2EE is important for data storage uses as well, as it ensures that data kept on devices at rest is kept secure, even if they are not being actively used.

Password managers such as 1Password and Bitwarden use E2EE to protect the information you share with them – like your credit card and login details.

When sharing files online, E2EE ensures that your important personal or professional files are kept safe, preventing leaks of sensitive data should they be intercepted or downloaded by someone who shouldn't have access.

What are the advantages of E2EE?

We’ve talked about what E2EE is and what it does, as well as a little about the things it's good for, but now we’ll look more closely at those specific benefits before we talk about some of the conversations and controversies you might have seen about this technology in the news.

  • Compliance: E2EE ensures that companies are able to safely comply with data protection laws like GDPR, and avoid the weighty legal problems and hefty fines that result from leaking or losing customer data.
  • Privacy: E2EE prevents third-party snooping, giving users better control over who receives their communications. Messages encrypted in this way can’t be read by anyone, not even the service provider itself.
  • Defeating hackers: E2EE ensures that hackers can't gain unauthorized access to your data while it's in transit – and even if they did manage to somehow extract or download anything, they still wouldn't be able to read it without also having the private key.
  • Preventing tampering: E2EE ensures the security and integrity of data throughout its journey from endpoint to endpoint. If a message is intercepted in transit, for example, by someone using a compromised Wi-Fi point, the recipient won't be able to decrypt it as they won't have the necessary matching private key. This is also why we strongly recommend using one of the best VPNs when connecting to any public Wi-Fi point.
  • Freedom of speech: E2EE prevents government overreach and allows democracy and freedom of expression to thrive by ensuring that everyone from regular citizens to activists, reporters, and political dissidents living under strict regimes can communicate and express themselves in safety.

Controversy about E2EE

Even though E2EE is accepted by IT professionals as being a necessity for protecting user data online, there are some governments, and government agencies, that are unhappy about the level of security it offers.

They argue that not being able to access communications makes it easier for criminals and terrorists to plan and coordinate, unimpeded by government oversight, threats of law enforcement, or security agencies intercepting their communications.

Some governments are even trying to put legislation in place, like the UK’s Online Safety Bill which became law in 2023, and Sri Lanka’s Online Safety Bill which threatens to compromise E2EE.

Others even insist that any new encryption that is developed should have a backdoor installed in it by default, ensuring that enforcement agencies and government bodies will always be able to access everyone's messages and communications.

Some governments are even trying to put legislation in place which threatens to compromise E2EE

The problem with putting any sort of intentional weakness into encryption is that you are opening that up to abuse by more than just government agencies who might want to set their net far too wide and profile innocent people.

You're giving malicious actors a foot in the door to subvert and break that encryption. There are also concerns that any changes to E2EE will simply make it easier for already repressive states around the world to probe even further into the actions and habits of their citizens. 

While E2EE might, on the face of it, make it more difficult for government agencies to snoop on criminals there are plenty of other ways to expose their activities. There are companies around the world, such as UK-based Darktrace and Searchlight Cyber, who specialize in hunting down criminals of all stripes, are they're highly successful in finding ways to expose them that don’t put ordinary citizens at risk through compromised security.

Disclaimer

We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Shaun Rockwood
VPN Expert

After graduating from Stirling University with a qualification in Education, Shaun accidentally fell into the technology sector in the late 1990's and has stayed there ever since, working for companies such as PSINet, IBM and ProPrivacy in a variety of roles from Systems Administration to Technical Writer. Being around since the birth of the modern internet, he's seen the way that technology has expanded to become an integral part of everyday life, and how people's understanding and ability to retain any kind of privacy has lagged behind.

Shaun is a strong believer in the rights of the individual to have their personal data protected and their privacy respected – a belief made all the stronger in an age of surveillance from both governmental bodies and private companies all around the world.

He spends his spare time cooking, riding his motorbike and spending far too many hours in Star Trek Online hunting Klingons and Borg.