Communicating With Others
Telecommunication networks and the internet have made communicating with people easier than ever, but have also made surveillance more prevalent. Without taking extra steps to protect your privacy, every phone call, text message, email, instant message, video and audio chat, and social media message could be vulnerable to eavesdroppers.
Often the most privacy-protective way to communicate with others is in person, without computers or phones being involved at all. Because this isn’t always possible, the next best thing is to use end-to-end encryption .
How Does End-to-End Encryption Work? anchor link
End-to-end encryption ensures that information is turned into a secret message by its original sender (the first “end”), and decoded only by its final recipient (the second “end”). This means that no one can “listen in” and eavesdrop on your activity, including Wi-Fi cafe snoops, your internet service provider, or even the app you are using. This is a core characteristic of good encryption : even the people who design and deploy it cannot themselves break it.
Many of the tools that have guides on the SSD site—including Tor, Signal, and WhatsApp—use end-to-end encryption. You can use end-to-end encryption for any kind of communication—including voice and video calls, messaging and chat, file transfers, and email.
Not to be confused with end-to-end encryption is transport-layer encryption . While end-to-end encryption protects messages, for example, all the way from you to your recipient, transport-layer encryption only protects them as they travel from your device to the app’s servers and from the app’s servers to your recipient’s device. In the middle, your messaging service provider—or the website you are browsing, or the app you are using—can see unencrypted copies of your messages, but it is protected from others spying on the network.
Under the hood, end-to-end encryption works like this: When two people want to communicate via end-to-end encryption (for example, Akiko and Boris) they must each generate pieces of data , called keys. These keys can be used to turn data that anyone can read into data that can only be read by someone who has a matching key . Before Akiko sends a message to Boris, she encrypts it to Boris's key so that only Boris can decrypt it. Then she sends this encrypted message across the internet. If anyone is eavesdropping on Akiko and Boris—even if they have access to the service that Akiko is using to send this message (such as her email account)—they will only see the encrypted data and will be unable to read the message. When Boris receives it, he must use his key to decrypt it into a readable message.
Learn more about encryption in What Should I Know About Encryption?, Key Concepts in Encryption, and A Deep Dive on End-to-End Encryption.
Phone Calls and Text Messages Versus Encrypted Internet Messages anchor link
When you make a call from a landline or a mobile phone, your call is not end-to-end encrypted. When you send a text message (also known as SMS) on a phone, the text is not encrypted at all. Both allow governments or anyone else with power over the phone company to read your messages or record your calls. If your security plan includes government interception, you may prefer to use encrypted alternatives that operate over the internet. Most of these encrypted alternatives also offer video.
Signal and WhatsApp are two of the most popular services that offer end-to-end encrypted texting and voice and video calls.
Some examples of services that do not offer end-to-end encryption by default include WeChat, Slack, Discord, Snapchat, and QQ.
And then there are also some services, like Telegram, which only offer end-to-end encryption if you deliberately turn it on, while others, like iMessage, only offer end-to-end encryption when everyone in the conversation use a particular device (in the case of iMessage, everyone in the chat needs to be using an iPhone).
How Much Can You Trust Your Messaging Service? anchor link
End-to-end encryption can defend you against surveillance by governments, hackers, and the messaging service itself. But all of those groups might be able to make secret changes in the software you use so that even if it claims to use end-to-end encryption, it is really sending your data unencrypted or with weakened encryption.
Many groups, including EFF, spend time watching well-known providers—like Signal or WhatsApp (which is owned by Meta)—to make sure they really are providing the end-to-end encryption they promise.
There are many other chat services that may claim to use end-to-end encryption, but if they are not open-source or do not use established encryption protocols, like the Signal protocol, and are not popular enough that security researchers pay attention, they may come with some risk of use.
Some tools shift the security off a third-party company and onto you, like PGP and OTR, but they aren’t used commonly anymore, and tend to take technical expertise to operate securely.
What End-To-End Encryption Does Not Do anchor link
End-to-end encryption only protects the content of your communication, not the fact that you are communicating in the first place. It does not protect your metadata , which includes information like who you are communicating with and when. If you are making a call from a cell phone, information about your location is also metadata. In some apps, even sharing links can leave a digital trail.
Metadata can provide extremely revealing information about you even when the content of your communication remains secret. Ideally, this metadata is only available to the communications provider, but in some instances a third-party, such as a government agency, may request it. Metadata about your phone calls can give away some very intimate and sensitive information, even if the “content” of the communications is protected. For example, the telecommunications provider wouldn't know what you talked about on these calls, but would know:
- You called the suicide prevention hotline from the Golden Gate Bridge.
- You spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour.
- You received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after.
- You called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood's number later that day.
Other Important Features anchor link
End-to-end encryption is great for preventing companies and governments from accessing your messages. But for many people, companies and governments are not the biggest threat , and therefore end-to-end encryption might not be the biggest priority.
For example, if someone is worried about a spouse, parent, or employer with physical access to their device, the ability to send ephemeral, “disappearing” messages might be their deciding factor in choosing a messenger. Someone else might be worried about giving their phone number out, and so the ability to use a non-phone-number “alias” might be important. Many end-to-end encrypted chat apps offer all these features alongside their encryption, but it’s still always a good idea to consider your priorities.
More generally, security and privacy features are not the only variables that matter in choosing a secure communications method. An app with great security features is worthless if none of your friends and contacts use it, and the most popular and widely used apps can vary significantly by country and community. And if only a small group of people in a particular country use an app like Signal, or if a government assumes the app is only used for specific purposes, users could be endangered if their usage becomes known. Poor quality of service or having to pay for an app can also make a messenger unsuitable for some people.
The more clearly you understand what you want and need out of a secure communication method, the easier it will be to navigate the wealth of extensive, conflicting, and sometimes outdated information available.