What is end-to-end encryption?
In end-to-end encrypted aka asymmetrically encrypted chats, both you and your correspondent have a public and a private key, which can be used to securely send messages to each other, without having to share sensitive information with a third party. Both parties exchange and/or publish their public keys, which are used for encrypting the messages to each other. The recipient of the message can then decrypt the message using their associated private key.
This means that while the public key can be publicized everywhere, the private key should at all times remain confidential.
How about regular encryption?
In “regular” messaging clients such as Facebook Messenger, you exchange symmetric keys with the server. Thus, while the message is undecipherable in transit, the server can and does decrypt the message before encrypting it again and sending it off to your correspondent. This means that the operator of said server can listen in on your communications, and potentially share them with others.
If end-to-end encryption is so good, why don’t all messaging services use it?
Unfortunately, using asymmetric encryption requires your client device to have access to the private key in order to decrypt messages sent to you. This is why WhatsApp (which uses end-to-end encryption by default) requires your phone to be online when using WhatsApp Web. In this case, your web browser sends the message to your phone and asks the phone to securely send it on its way. Telegram among many other messaging clients have their secret chats invisible on devices other than the one where the secret chat was initiated – your phone.
But WhatsApp is owned by Facebook… They really can’t see my messages?
WhatsApp is indeed owned by Facebook, and the fact that WhatsApp uses end-to-end encryption in all messages means that Facebook can’t see these messages, unless they obtain the private key from your device. However, if they don’t fetch that private key, any messages sent back and forth between you and your correspondents is retrieved by Facebook’s servers as if it was random noise, undecipherable to them.
Basically, end-to-end encrypted messages are a very secure way of communicating, and I believe that it should be implemented in all major instant messaging services, either optionally or by default. The fact that most instant messaging services can still see our messages is a bad thing, and this should really change. But we’re definitely heading in the right direction.
I hope that you enjoyed reading this article. Stay curious!