Viewing a single comment thread. View all comments

PckMan t1_je6fve5 wrote

Typical communication is unencrypted. This means that the data, the contents of the message, could be read by anyone who has access to them at any point in their journey to the recipient. Maybe your internet connection is compromised and someone can see all the data that comes and goes from your connection. Maybe it's the servers of the service that are compromised or maybe your Internet Service Provider is compromised. Your data passes through all those different networks and servers so it is theoretically possible that someone with access to them could read your messages.

End to end encryption is what it says on the label, it's encrypted. When two users have a chat with each other, an encryption key is generated that only their devices have. This encryption key is used to encrypt and then decrypt the data on either end. Without it the encrypted data makes no sense to anyone who may have access to them and is next to impossible to decrypt without the encryption key. This means that even if for example someone has access to my messenger account, and he has it open on a computer, he still won't be able to see my end to end encrypted chat that I have with someone through my phone, since only my phone and their phone have the encryption keys. That's why it's called end to end. A channel of communication may still be encrypted but not necessarily end to end.

End to end encryption offers significant security and privacy benefits but it's not unbeatable. If someone up to no good wants access to your data there's always ways they can get it. The weakest points are obviously the devices themselves. If malicious software that gathers your data is installed without your knowledge on your device it can simply read the decrypted messages and bypass the need to decrypt entirely. If someone has access to the encrypted data they may still be able to decrypt it if the method of encryption is weak or if they have the ability to brute force it with a suitable system. Lastly there's the question of whether the providers of those services themselves are honest about their encryption. What's App or Messenger may say their messages are end to end encrypted but that doesn't necessarily mean that's the case, in which case it poses a huge vulnerability.

2