Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
End-to-end encryption
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== E2EE and privacy == In many non-E2EE messaging systems, including [[email]] and many chat networks, messages pass through intermediaries and are stored by a third party service provider,<ref>{{Cite web|title=Cryptography Concepts β Fundamentals β E3Kit {{!}} Virgil Security|url=https://developer.virgilsecurity.com/docs/e3kit/fundamentals/cryptography/#end-to-end-encryption|access-date=2020-10-30|website=developer.virgilsecurity.com}}</ref> from which they are retrieved by the recipient. Even if the messages are encrypted, they are only [[Transport Layer Security|encrypted 'in transit']], and are thus accessible by the service provider.<ref>{{Cite web|last=Mundhenk|first=Ben Rothke and David|date=2009-09-10|title=End-to-End Encryption: The PCI Security Holy Grail|url=https://www.csoonline.com/article/2124346/end-to-end-encryption--the-pci-security-holy-grail.html|access-date=2020-11-04|website=CSO Online|language=en}}</ref> Server-side [[disk encryption]] is also distinct from E2EE because it does not prevent the service provider from viewing the information, as they have the encryption keys and can simply decrypt it. The lack of end-to-end encryption can allow service providers to easily provide search and other features, or to scan for illegal and unacceptable content. However, it also means that content can be read by anyone who has access to the data stored by the service provider, by design or via a [[backdoor (computing)|backdoor]]. This can be a concern in many cases where privacy is important, such as in governmental and [[military communications]], [[financial transaction]]s, and when sensitive information such as [[Medical privacy|health]] and [[Biometrics|biometric data]] are sent. If this content were shared without E2EE, a malicious actor or adversarial government could obtain it through [[Data breach|unauthorized access]] or [[subpoenas]] targeted at the service provider.<ref name=":0">{{Cite web |last=Weinstein |first=Gary |title=Encryption: The Necessary Tool For U.S. National Security And The Intelligence Community |url=https://www.forbes.com/sites/digital-assets/2023/05/07/encryption-the-necessary-tool-for-us-national-security-and-the-intelligence-community/ |access-date=2024-07-26 |website=Forbes |language=en}}</ref> E2EE alone does not guarantee [[privacy]] or [[Data security|security]].<ref>{{Cite web |last=Meehan |first=Tom |date=2021-11-29 |title=End-to-End Encryption Doesn't Guarantee Internet Privacy |url=https://losspreventionmedia.com/end-to-end-encryption-doesnt-guarantee-internet-privacy/ |access-date=2022-11-05 |website=Loss Prevention Media |language=en-US}}</ref> For example, data may be held unencrypted [[Endpoint security|on the user's own device]], or be accessible via their own app, if their login is compromised.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)