Is End-To-End Encryption Dangerous? How This Technology Works

End-to-end encryption secures messages, banking info, and more, so why is it controversial and are you already using it?
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

End-to-end encryption (E2EE) scrambles the data in your messages and videos so they can’t be read or accessed by anyone but the intended recipient. Banking, video conferencing, and messaging apps all use this technology.

While it has many advantages, E2EE use has led to some controversies. The CEO of the messaging app Telegraph was arrested in France for failing to hand over encrypted messages to law enforcement agencies for potential illegal activity.

Additionally, there’s the potential for malware or other security issues to find their way into your messages. Using the best virtual private network (VPN) along with antivirus software and ad and tracker blockers can keep your data secure when coupled with E2EE.

So what is this technology, how does it work, and are you already using it?

In this article
What is end-to-end encryption?
How does encryption work?
How is E2EE different from other encryption?
Benefits of end-to-end encryption
Drawbacks of end-to-end encryption
Other ways to keep yourself secure online
FAQs
Bottom line

What is end-to-end encryption?

End-to-end encryption (E2EE) encrypts data at one endpoint before it is sent to another endpoint, where the intended recipient will decrypt it. If the data is intercepted at any point between endpoints, the interceptor will be unable to decrypt it and won’t see what it contains.

E2EE is used for messaging on apps like WhatsApp, Signal, Telegram, and more. You can create a secure message thread that not even the app or its employees can decrypt. Whether the group chat needs to be top secret or you want a secure way to message clients, messaging apps with E2EE will help increase your data security.

Third-party messaging apps aren’t the only place you encounter end-to-end encryption. FaceTime, Zoom, and even your text messages utilize E2EE to ensure your private conversations stay that way.

Just like you wouldn’t want someone looking in your window at night, you don’t want someone reading your private messages. Enabling E2EE whenever possible keeps digital peeping Toms at bay.

How does encryption work?

E2EE, like other forms of encryption, includes several steps to encrypt and decode messages. Here are the steps to how a regular message goes through the end-to-end encryption process:

  1. The program, app, or system you’re using generates sets of encryption keys. There are two public and two private keys generated. The public keys are assigned to the sender and the receiver and each has a private key.
  2. The message is encrypted with the recipient’s public key at the sender’s device endpoint. The message is then sent. Anyone trying to intercept the message won’t be able to see anything relating to the message — including your internet service provider (ISP).
  3. The recipient gets the message and their private key decrypts it.

How is E2EE different from other encryption?

End-to-end encryption, with its use of public and private keys, is known as asymmetric encryption. Asymmetric encryption creates two sets of keys, one to encrypt and one to decrypt, while symmetric encryption uses the same key to encrypt and decrypt. Besides securing digital communications, asymmetric encryption is also used in banking and crypto trading.

There are some differences between E2EE and other asymmetric encryption types. TLS, or Transport Layer Security, is another type of asymmetric encryption. The biggest difference is that TLS allows the message to be decrypted at the server and then re-encrypted. This means whoever runs the server has access to the unencrypted message before it’s sent to the recipient, which has the potential to compromise the data being sent.

Symmetric and asymmetric encryption

Symmetric encryption is more commonly used, and is found in VPNs, some file-sharing apps, and email. Both encryption types are secure, but symmetrical encryption is faster due to the smaller number of keys that need to be produced. However, asymmetric encryption is preferable in some instances due to the lack of key sharing, as each recipient has their own private key.

There are benefits and drawbacks to each type of encryption and different use cases as well. You may not be aware, but you use both types of encryption regularly, so knowing the difference between them and the use cases can help you understand the layers of security protecting your data.

Symmetric Asymmetrical
Benefits Faster due to fewer keys used in decryption Multiple keys make it more difficult to hack
Downsides Potential for a hacker to find the single key decryption Slower due to the use of a private key
Use cases VPNs, file sharing, email Digital communications, banking, crypto trading

Benefits of end-to-end encryption

Some of E2EE’s benefits make it a necessary addition to certain platforms. Messaging and communication deserve to stay private, but there are other great aspects as well. Below are some of the benefits:

  • Stronger privacy
  • Messages aren’t tracked/sold to advertisers
  • Protection against tampering
  • Compliance with data confidentiality
  • Reduced exposure to unauthorized entities
  • Good for online communication
  • Reduces the need for data removal services

Drawbacks of end-to-end encryption

E2EE also has some definite drawbacks. Not only does it have the potential to bolster illegal activity, but it can also create a false sense of security. Below, we’ve listed some drawbacks:

  • Slower decryption — since E2EE generates both a public and private key for each user, it’s slower at decryption than other methods.
  • Not intended for large data transfers — symmetric encryption is better suited for larger data transfers.
  • Ability to hide from law enforcement agencies — E2EE can be used by cybercriminals to hide illegal activities
  • False sense of security — having E2EE may make users believe they’re safer than they actually are, so they take risks with their security

What doesn’t end-to-end encryption protect against?

Unfortunately, E2EE isn’t a catch-all security measure. There are instances where it won’t protect you. Some issues can be avoided with other security tools and proper use, while some may be unavoidable, like when Zoom lied about using end-to-end encryption in 2020.

  • False claims by service providers
  • Poor endpoint security
  • Decryption key theft
  • Exposed metadata (who the sender and receiver are)
  • Backdoor decryption hacks

Other ways to keep yourself secure online

Since E2EE isn’t infallible, it’s a good idea to have additional security measures in place as extra layers of defense. Antivirus is always a must, and the best antivirus can protect you in real time from hackers. Still, other services also provide layers of data security and protection.

Ad and tracker blockers will hide your activity while browsing, which usually doesn’t have any kind of encryption. They’ll also stop data collectors from creating aggregated profiles of you online.

Considering that stores like Kroger have announced the implementation of electronic price tags with facial recognition that can change prices based on what they think you’ll pay[1], we believe ad and tracker blocking is becoming increasingly necessary.

We love a good VPN to go with E2EE. Since VPNs also encrypt data, using one levels up your protection. Not all VPNs are made equal, so premium services with independent third-party testing are necessary to ensure the quality of the connection.

VPNs you can use alongside end-to-end encryption

A VPN is a great way to ensure your data is kept private, even once it’s decrypted at the endpoints. A verified premium service provider ensures no data leaks, logs, or sales of your information. Our three suggestions are some of our favorites and will all work well with additional E2EE.

  • NordVPN: NordVPN uses AES-256-bit encryption, so it’s no stranger to strict security. Its additional features, like Threat Protection, can stop ads, trackers, and malware, and give you more peace of mind.

    Get NordVPN | Read NordVPN Review

  • Surfshark: Surfshark, using AES-256-GCM encryption, has strict company rules about which employees can access data, and it keeps no logs so it can’t see what you’re doing. Its zero-trust login process means that even logging into your Surfshark account is safe.

    Get Surfshark | Read Surfshark Review

  • CyberGhost: CyberGhost is another service provider that uses AES-256-bit encryption, which adds to your security by encrypting all of your device’s traffic. Since it’s compatible with smart TVs, routers, gaming consoles, and more, you’ll have privacy in every aspect of your digital life.

    Get CyberGhost | Read CyberGhost Review

FAQs


+

Should I turn end-to-end encryption on?

Yes, you should always turn end-to-end encryption on whenever possible. While hackers and cybercriminals are a genuine concern, trackers and data brokers are also following your online movements and creating aggregated files of information about you.

Keep your data secure and encrypted to reduce your overall online footprint.


+

Why do I need end-to-end encryption?

You need end-to-end encryption to secure video calls, messages, bank account info, and more. You close your curtains at night so creeps can’t look in your windows, so you should use E2EE to close your digital curtains.

You deserve data security no matter how mundane your online activities are, and encryption keeps you private.


+

How do I know if my texts are encrypted?

Check with the texting or messaging app you use. Apple and Android users enjoy E2EE, and so do popular encrypted messaging apps like Signal, WhatsApp, and Telegram. A quick internet search will tell you if your messaging app uses E2EE.


+

Can end-to-end encryption be hacked?

Yes, there is a potential for end-to-end encryption to be hacked. If a hacker gains access to the device where the message was sent or received or acquires the decryption key, that person can then decrypt or even simply view private messages.

Antivirus software can stop hackers from stealing decryption keys from devices, while two-factor authentication and biometric authentication (like Face ID) can provide device security.

Bottom line

End-to-end encryption is necessary for keeping messages, video conferencing, texts, bank logins, and other information private and secure. Messaging apps like Telegram, WhatsApp, and Signal provide users with this level of security, while most banking and video apps do as well.

Unfortunately, it isn’t impregnable and can lead to increased illegal activity. It’s also slower and not recommended for large data transfers. While nothing is perfect, everyday internet use can be secured with E2EE technology. This keeps you safer online and keeps your privacy intact.

Make sure you’re pairing your end-to-end encryption technology with other security software like antivirus, ad and tracker blockers, and the best VPNs available to catch any flaws. With all of these tools in your toolbox, your data security will be a lot stronger.

Unlimited Device Protection and Large Server Network
4.4
Editorial Rating
Learn More
On Surfshark's website
VPN
Surfshark
Starting at $1.99/mo + 4 months extra
  • All-in-one VPN app with 24/7 protection thanks to 3,200+ RAM-only servers in over 100 countries
  • Real-time malware defense, webcam protection, alternative ID creation, ad blocking, and more
  • One subscription covers unlimited devices for your entire household with access to 24/7 support

Author Details
Mary is a seasoned cybersecurity writer with over seven years of experience. With a B.S. in Liberal Arts from Clarion University and an M.F.A. in Creative Writing from Point Park University, she educates audiences on scams, antivirus software, and more. Her passion lies in educating audiences on helpful ways to protect their data.

Citations

[1] Kroger comes under fire for use of electronic shelf labels