End-to-end encryption ensures that data is encrypted and kept confidential until it reaches the intended recipient. Whether you are talking about end-to-end encrypted messages and calls, email, file storage, or anything else that is exchanged between two parties over the Internet, this ensures that no person, company or government can intercept or see your private data.
In other words, if your chat app offers end-to-end encryption, only you and the person you're talking to will be able to read the contents of your messages. In this case, even the chat app operator isn't able to see what it's saying. But how does that happen? Follow us to read the article.
What is encryption?
First, let's start with encryption, which is a method of maintaining data confidentiality so that it cannot be read intelligibly by the public. Only people who can decrypt the data can see its content. If a person does not have a key to decrypt this data, he will not be able to decipher it and view the information it contains.
Your devices use different forms of encryption all the time. For example, when you access the Internet banking website - or any website that uses the HTTPS protocol like Technical Galaxy, which is used by most websites these days - the communications between you and this website are encrypted so that the network operator and service provider cannot The Internet and anyone else connected with you on the same Wi-Fi network can see your bank password, financial details, the pages you browse, and more.
Encryption is also used to secure your data. Modern devices such as iPhones, Androids, iPads, Macs, Chromebooks and Linux systems (although Microsoft has BitLocker in Windows 10, but not manufacturers add it to their computers under the operating system license used) allow them to store their data on your local devices in an encrypted form. It is decrypted after logging in with a PIN or password.
How does end-to-end encryption work?
Works encryption by a party to encode messages in a way can not be decoded only by the sender and the intended receiver. End-to-end encryption occurs on both ends of the communication. The message is encrypted on the sender's device, sent to the recipient's device in an unreadable format, and then decrypted in the recipient's device by the decryption key.
With end-to-end encryption, no one in between - whether it's a company like Google, Facebook, or an internet provider - will be able to see the contents of your messages. They do not have a key that unlocks your private data. Only you and the person you are communicating with hold the key to accessing that data.
Decryption keys .. Whoever owns them enters the castle
As we've seen encryption is ubiquitous, and that's cool. But when you talk about communicating privately or storing data securely, the question is: Who owns the keys?
For example, let's think of your Google account. Is Google data - such as Gmail emails, Google Drive files, search history, and other data - protected with encryption?
Yes, in some cases. Google uses encryption to secure data "in transit". This ensures that no one can intrude on the ongoing communications between your device and Google's servers. Your Internet service provider, network operator, people within range of the Wi-Fi network, and any other devices between you and Google's servers cannot see the contents of your emails or intercept your Google Account password.
Google also uses encryption to secure "inactive" data. The data is encrypted before being saved to disk in Google's servers. Even if someone robbery and sneak into a Google data center - like Cache movies - and steal some data from hard drives, they will not be able to read the data on those drives, because they are encrypted.
But here's the question: Who owns the key that can decrypt this data? The answer is Google itself.
Why does it matter who holds the keys?
Since Google owns the keys, this means it can see your data such as emails, documents, files, and everything else. And if a hacker somehow breaks into Google's systems and their keys, they'll be able to read the data of all users of Google services. If Google is required to hand over some data to a government, Google will be able to access and hand over your data.
But on the other hand, Google is very serious about protecting its data, as it constantly updates its systems and puts many obstacles to prevent hackers from entering its databases, in addition to that, in August 2020, Google refused to hand over its users' data to the government in Hong Kong .
So yes, these systems may protect your data. But this is not encryption that protects your data from Google itself.
This is all not just about Google. Even Apple, much loved for its privacy stances, doesn't encrypt iCloud backups end-to-end. Apple holds the keys that enable it to decrypt this data.
How is end-to-end encryption different from other forms of encryption?
One of the most popular forms of encryption, known as transport layer encryption, relies on a third party to encrypt messages as they travel across the web.
For example: Facebook Messenger. When you call someone on Facebook Messenger, messages are encrypted in transit between you and Facebook on one side, and between Facebook and the other person on the other. And the message history stored in inactive mode is encrypted by Facebook before it is stored on Facebook's servers. But Facebook has the key. Facebook itself can see the contents of your messages.
With this type of encryption, governments and law enforcement agencies can access encrypted messages by formally requesting tech companies such as Facebook and Google via a note requiring them to access that information. It will not be necessary for the sender and recipient to know this, and those claims that companies have received from state governments are disclosed in periodic transparency reports.
End-to-end encryption ensures that no one can eavesdrop on the message’s contents while it is being transmitted. It forces spies or intruders to go directly to the sender or recipient to read the content of the encrypted message. Or they must directly hack the sender or recipient's device, which is difficult to implement and makes mass surveillance even more difficult.
Why is end-to-end encryption important to everyone?
End-to-end encryption provides more privacy. For example, when you conduct a conversation via an end-to-end encrypted chat service like Signal, you know that only you and the person you are talking to can view the contents of your messages.
However, when you conduct a conversation via an unencrypted end-to-end messaging app - such as Facebook Messenger - you know that the company sitting in the middle of the conversation can see the contents of your messages, so don't be surprised when a Facebook ad appears related to a word you mentioned in your conversation with your friend a few days ago. minutes.
It's not just about chat apps. For example, email can be end-to-end encrypted, but it requires implementing PGP encryption or one of its derivative protocols such as OpenPGP , so very few people use end-to-end encrypted email.
Full encryption gives you confidence when exchanging and storing sensitive information, whether it's financial details, medical conditions, business documents, legal procedures, or just personal conversations that you don't want anyone else to have access to.
The fields of end-to-end encryption are broader than communications
End-to-end encryption was a term used to describe secure communications between various people. However, the term is also commonly applied to other services. For example, password management services like 1Password and LastPass are end-to-end encrypted. The company cannot see your password store. That is, this company does not have a key that allows them to decrypt your private data.
Another example: If a file storage service is end-to-end encrypted, this means that the provider of that service cannot see the contents of your files. If you want to store or sync sensitive files, encrypted file storage services are the most secure way to do so, like Dropbox or Microsoft OneDrive.
The downsides of end-to-end encryption
There is a big downside to end-to-end encryption that if you lose the decryption key, you will lose access to your data. Some services may offer recovery keys, but if you forget your password and lose these recovery keys, you will no longer be able to decrypt your data.
This is one of the main reasons companies like Apple don't want iCloud backups to be end-to-end encrypted. Since Apple maintains the encryption key, it can allow you to reset your password and give you access to your data again. If Apple does not keep the encryption key on your behalf, it will not be able to recover your data.
For example, if you forgot your Gmail password? Google will have to delete all of your Gmail messages in order to get your account back. This is what would happen if end-to-end encryption was used everywhere, and you lost the decryption key.
End-to-end encryption breach
Yes, end-to-end encryption can actually be broken. But it is not easy and the technology required to do this is usually only available from government agencies and state-backed organized crime groups. But defeating powerful defenses requires only an understanding of their weaknesses: an apparent weakness in end-to-end encryption is that it has two ends. Often the endpoints (smartphone, PC, or other device) are insecure and can be hacked in countless different ways, so the content of messages can be viewed before and after it is encrypted by hacking users' devices and installing spyware.
Examples of end-to-end encrypted chat apps
Some of the basic communication services that provide end-to-end encryption. For example Signal provides end-to-end encryption by default. Apple iMessage also provides end-to-end encryption, but Apple gets a copy of your messages with default iCloud backup settings. WhatsApp says that all of its conversations are end-to-end encrypted, but it shares a lot of data with Facebook, so some are looking for alternatives to WhatsApp . Some other apps offer end-to-end encryption as an optional feature that you have to manually enable such as Telegram and Facebook Messenger in Secret Chat.
End-to-end encryption is important. If you are going to have a private chat or send sensitive information, or if you want to make sure that only you and the person you are talking to can see the messages.
read also : What are cookies...Do they pose a threat to our devices?
Comments
Post a Comment