Your IP: Unknown · Your Status: Unprotected Protected

Blog In Depth

End-to-end encryption explained

Oct 03, 2019 · 4 min read

End-to-end encryption explained

When you chat with your friend or a loved one, the messages you enter travel a long way across the network. A lot can happen along the way. End to end encryption is one way to protect your data, but is it right for everyone?

What is encryption?

Encryption is the encoding of a message so that only the intended addressee can decode it. Encryption software turns your message into an indecipherable sequence called ciphertext. Even if someone gets hold of your message, they won’t be able to access the encrypted data unless they have the key. Military-grade encryption is virtually impossible to crack as it uses 256-bit keys that generate 2^256 possible combinations. There are no supercomputers yet that can crack such a key within a reasonable amount of time.

Types of encryption

Symmetric encryption

Symmetric encryption is when a sender and a receiver use the same private encryption key to decode and encode an encrypted message.

The main drawback is that the key should be shared between the parties. Unless a secure tunnel is established, an interceptor might snatch the key and decipher the message.

Asymmetric encryption

Asymmetric encryption uses a more advanced and safer method to protect your data. In this case, two keys encrypt your message – a public key and a private key. The public key is the same for both sender and receiver, while the private key is unique to each of the parties. It means that even both participants of the communication do not know each other’s private key.

In this case, only a person with both private and public keys can access the message. If a message falls into the wrong hands in transit, an interceptor won’t be able to access it even if they have the public key. Only a person possessing the unique private key can decipher it.

While this type of encryption is more advanced than symmetric encryption, it still leaves both end-points unprotected. If cybercriminals hack any participating device and steal both keys, they can get hold of the data.

What is end to end encryption?

End to end encryption (E2EE) encrypts your message throughout its whole journey between two end-points. It stays encrypted while traveling through intermediate servers and neither the service provider, nor your ISP or any third party can access it.

What is end to end encryption

Without E2EE, your message is encrypted once it reaches a mid-point server that decrypts it. Thus, an entity controlling these servers (e.g. an ISP) might see your messages. However, if you use a VPN, this type of connection is much safer as a VPN service encrypts your traffic and changes your IP. Then your traffic can pass all the mid-points safely and privately.

What is end to end encryption

How to get end to end encryption

You can implement E2EE encryption yourself, but this is a pretty complicated procedure. Otherwise, just make sure software or a service you use has this function and enable it for safer communication. It is especially important if you handle sensitive info such as banking data or personal details.

E2EE plays a significant role in secure instant messaging apps. While there are many secure messaging apps with E2EE, it is not very widespread. Also, some systems like Telegram or FB messenger do not have it enabled by default, so you have to switch it on yourself.

E2EE is also useful for safeguarding your email communication. Make sure to check our tips on how to send encrypted email and see our list of the best anonymous email accounts.

In backup and P2P services, E2E encryption may sometimes be called client-side encryption. However, it only encrypts your data until it reaches a service provider, which stores the files. Zero-knowledge encryption is way safer here as it encrypts your files, so that they can be decrypted only with your account or device. A service provider cannot access them, but if you forget your password or lose your device, you will not be able to access your data as well.

Possible threats

  • E2EE does not protect the endpoints, so someone who hacks either of them can get a public or a private key or simply snatch the data through your app;
  • Some messaging systems might not encrypt their backup data. For example, WhatsApp offers E2EE but does not encrypt the backup messages it stores on Google Drive servers. This means that Google can access your backup log. Always make sure an app implements E2EE across the board;
  • Backdoor attacks. Backdoor attack is a covert bypassing of encryption. It can be done by employing trojans, malware or malicious code. Thus, hackers might intercept your device and access your data.

Despite these potential vulnerabilities, E2EE is still one of the most reliable tools to ensure your privacy and security. We recommend using apps with E2EE whenever possible.

However, you should still not forget the common practices of protecting yourself online such as avoiding suspicious attachments, emails, downloads, constantly updating your antivirus and antimalware software, using a reliable VPN service. While a VPN does not use E2EE technology, it provides safety through secure mid-point servers and encrypted traffic.

To learn more about cybersecurity, subscribe to our monthly blog newsletter below!


Paul Black
Paul Black successVerified author

Paul is a technology and art enthusiast who is always eager to explore the most up-to-date issues in cybersec and internet freedom. He is always in search for new and unexplored angles to share with his readers.


Subscribe to NordVPN blog