End-to-End Encryption (E2EE) vs Client-to-Server Encryption is not the same and many messaging services incorrectly claim to do E2EE

Only messaging services which enable full E2EE from one end-user all the way through to the destination end-user have true E2EE. Too many services in fact just have transport layer encryption (TLS) between end users and the server in the middle, which means all your communications could be intercepted at either end or from the server in the middle.

Sales people often market E2EE meaning that their server forms one end of the communications, full knowing that end users will be duped into thinking the encryption is through to their end destination.

With true E2EE there is no way to intercept or alter the message from the server side, and no way to recover any message at the server end without your private encryption key. So always ask yourself why a service provider can reset your password or access to your data on their servers or their cloud (they’re essentially using a back door). This is also why Telegram’s default messaging (not secret chats) are insecure, and why Zoom or Skype can hook in phone calls into many video conferences.

You either have security or you don’t have, there is no 80% secure. Security is not always convenient because convenience introduces vulnerabilities.

See End-to-End Encryption vs. Client-to-Server Encryption | Wickr

#technology #security #privacy #E2EE #instantmessaging

Image/photo

Describing a communication tool as “secure” generally implies that it protects all communication through encryption and authentication. While encryption is crucial, how it is used makes all the difference in the world.