Good afternoon! Don't judge too harshly, this is my first article on this resource...
End-to-end encryption is not a magic barrier against all forms of cyberattacks. However, with relatively little effort, you can actively use it to greatly reduce the risk you pose to yourself online.
Introductio:
The nature of our digital communications today is such that you rarely communicate directly with your colleagues. It may seem that you and your friends exchange messages privately, when in fact they are recorded and stored on a central server.
Perhaps you don't want your messages to be read by the server responsible for passing them between you and the recipient. In this case, the solution for you may be end-to-end encryption (or, more simply, E2EE).
End-to-end encryption is a method of encrypting communication between the receiver and the sender so that they are the only parties who can decrypt the data. Its origins can be traced back to the 1990s, when Phil Zimmerman released Pretty Good Privacy (better known as PGP).
Before we tell you why you might want to use E2EE and how it works, let's look at how unencrypted messages work.
How do unencrypted messages work?
Let's talk about how a typical smartphone messaging platform can work. You install the app and create an account that allows you to communicate with others who have done the same thing. You write a message and enter your friend's username and then send it to a central server. The server sees that you have addressed the message to your friend and passes it on to the recipient.
- Users A and B are communicating. They must send data through the server (S) to contact each other.
You may have heard of it as a client-server model. The client (your phone) doesn't do much -- instead, the server takes care of all the hard work. But it also means that the service provider acts as an intermediary between you and the recipient.
In most cases, the data between A <> S and S <> B in the scheme is encrypted. An example of this is Transport Layer Security (TLS), which is widely used to protect connections between clients and servers.
TLS and similar security solutions prevent anyone from intercepting a message as it moves from client to server. Although these measures can prevent outsiders from accessing the data, the server can still read it. This is where encryption comes in. If the data from A has been encrypted with a cryptographic key belonging to B, the server cannot read or access it.
Without E2EE methods, the server can store information in a database along with millions of others. As large-scale data leaks appear over and over again, this can have catastrophic consequences for end users.
How does end-to-end encryption work?
End-to-end encryption ensures that no one - not even the server that connects you to others - can access your messages. It can be anything from plain text and emails to files and video calls.
To be continued...
Stay tuned.
