Bonum Certa Men Certa

Guarding Your Privacy With E2EE: Primer

End-to-end encryption deciphered

Lock and Key



Summary: "As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try."

End-to-end encryption (E2EE) is something that's been in the news quite frequently. Lack of education about E2EE is being exploited. Your fundamental human rights are being violated. This article serves to educate the non-technical person about E2EE and how it affects their everyday life.



Let us get a few fundamental things clarified, first. Without these basic things, no proper discussion can happen around E2EE.

"Another important thing to note is that the sender sees the data that will be encrypted in its unencrypted form anyway. Obvious statement but important to remember."What is E2EE? E2EE is a system in which data is encrypted so that only one party can decrypt the data: the intended recipient(s).

Note that we used the word "system" in our definition for E2EE. This is done to keep the scope of this article separate from any specific E2EE software.

Another important thing to note is that the sender sees the data that will be encrypted in its unencrypted form anyway. Obvious statement but important to remember.

Next, let us note articles 12 and 19 of the Universal Declaration of Human Rights (UDHR).

LockArticle 12 UDHR: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

Article 19 UDHR: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."

We'll refer to these as A12UDHR and A19UDHR, from now on.

We've now established some fundamental definitions; we can move on to what all this means in the context of E2EE.

Let's now connect what A12UDHR and A19UDHR have to do with E2EE.

A12UDHR mentions privacy. Our data privacy is a form of privacy. Thus, according to A12UDR, every human being has a fundamental right to data privacy. The only way we can achieve data privacy is via E2EE.

"The only way we can achieve data privacy is via E2EE."A19UDHR mentions the freedom to hold opinions WITHOUT INTERFERENCE and to seek and impart INFORMATION and ideas THROUGH ANY MEDIA (we're paraphrasing here to highlight information relevant to this article). Thus, according to A19UDHR, every human being has a right to exchange INFORMATION THROUGH ANY MEDIA. End-to-end-encrypted data (E2EED) is a form of information; thus A19UDHR gives every human being a right to seek and impart E2EED over any medium they wish.

So, in summary, we've established the following as an inalienable right of every human being:

Every human being has a fundamental right to use E2EE and seek and impart E2EED over any medium they wish (Internet, printed documents, etc.).

Now it's time to consider the technical side.

If you go back to our definition of E2EE, you will see that there are strict requirements about who can decrypt E2EED.

Many platforms (email, social control media, messaging apps, etc.) advertise E2EE. They are pretty much all not E2EE. Why? They have the keys that can decrypt your data. Go back and read the definition of E2EE again.

What are these "keys"? Good question.

Every system of E2EE is basically built on the idea of a pair of keys:

"Many platforms (email, social control media, messaging apps, etc.) advertise E2EE. They are pretty much all not E2EE."Public Key (PKEY): Just a file. A sort of identifier. PKEYs are used in E2EE to encrypt data so that only the intended recipient(s) can decrypt the encrypted data.

Secret Key (SKEY): Just a file. This is the (only) file which can be used to decrypt the encrypted data.

There exists a mathematical relationship between a PKEY and a SKEY which makes it infeasible to decrypt the encrypted data without access to the recipient's SKEY. When used correctly, E2EED is safe even from the quantum computers of today.

You can refer to the end of this article for the technical details.

"You can willingly forfeit your privacy (and many do by accepting "Terms and Conditions" of various platforms and services) but no body has a right to forcibly take away your privacy."The easiest way to decrypt E2EED is to get a hold of the recipient's SKEY or to catch the pre-encrypted data via some sort of back door in the device being used to encrypt the data. The problem is, many organisations already have your SKEY; they keep a copy for themselves, when SKEY has been generated. So, these systems don't actually satisfy our definition of E2EE.

Remember: You have a fundamental right to end-to-end encryption. You have a fundamental right to keep the secret keys used for your end-to-end encryption software private. Nobody has the right to take these secret keys away from you - no company, no government, no individual, no organisation. You can willingly forfeit your privacy (and many do by accepting "Terms and Conditions" of various platforms and services) but no body has a right to forcibly take away your privacy.

"Complain to your local government representative about the attacks on E2EE."There have been repeated attempts (and will continue to be repeated attempts) to outlaw end-to-end encryption. Governments want to spy on citizens; companies want to spy on individuals to profit off their private data; organisations want private data of individuals to make discriminatory decisions about said individuals. All of these actions have negative consequences on individuals: psychological abuse, economic discrimination, racial discrimination, political discrimination, exploitative psychological advertising (the list goes on and on).

So what can you do about this? You can raise awareness, first of all. Complain to your local government representative about the attacks on E2EE. You can educate yourself about which software gives you full control over your secret keys.

"Note that operating systems and devices have constantly had back doors installed into them."Here's a list of software you can look up which gives users control over their secret keys:

1) GnuPG and Kleopatra (GNU/Linux, BSD, OSX)

2) Gpg4win and Kleopatra (Windows)

3) OpenKeychain (Mobile)

There are many books, videos, and tutorials about the tools above. They're a good point to start with.

Note that operating systems and devices have constantly had back doors installed into them. The best way to use E2EE software is to have a separate device for performing all E2EE tasks; said device should never be connected to the Internet. This is too inconvenient for some but is worth considering for those who want added level of security.

A note on hardware security tokens: Don't believe in them. Most of them are likely to have back doors in them which allow extraction of your secret keys. Use an ordinary, general-purpose computer for all E2EE tasks; preferably one that never sees the Internet. Old laptops make great E2EE machines; just turn off the WIFI and don't plug in any Ethernet cable. Devices like the Raspberry Pi are also a good candidate for an affordable system exclusively used for E2EE. You can use these devices with an HDMI cable, keyboard+mouse, and a USB stick to move data to and from the device.

Does all your data need to be E2EED? Of course not. That would be overkill. But data that you think needs to be private should be private. So use E2EE software to protect your privacy, when you see fit. This includes pictures, videos, legal documents, files containing passwords, etc.

"Old laptops make great E2EE machines; just turn off the WIFI and don't plug in any Ethernet cable."Remember: E2EE is a system in which data is encrypted so that ONLY ONE party can decrypt the data: intended recipient(s). Any system which doesn't satisfy this definition is not E2EE; don't let governments, companies, etc. convenience you otherwise.

Technical details



Say J wants to send a file F to M; J wants to encrypt F so that only M can decrypt F. We'll refer to the encrypted form of F as EF.

What would J need to do?

We'll establish a few more definitions (sorry about this but it's necessary to maintain correctness).

J and M both have keys.

E2EE software : S.

Public key of J : JPKEY Secret key of J : JSKEY

Public key of M : MPKEY Secret key of M : MSKEY

(1) J and M both use S to generate their respective key files (JPKEY, JSKEY, MPKEY, MSKEY).

(2) J needs MPKEY in order to encrypt F for M.

(3) M sends J: MPKEY, in advance (this can be done over any media as MPKEY is not required to remain private).

(4) J now has the following: S, JSKEY, MPKEY, F. J can use these to obtain EF.

(5) J sends EF to M.

(6) M now has the following: MSKEY, S, EF.

(7) M can use these to obtain F from EF.

All of the above can be done with only one person. In, that case J = M. This is when you want E2EED that is "for your eyes only".

RSA and EDDSA are considered the most secure systems for E2EE today (2020). The major weak points in any E2EE are: human error, hardware and software backdoors, hardware and software bugs. E2EE is always evolving, so what you read today may not be true tomorrow.

As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try.

Be wary of any body that gives you guarantees.

Recent Techrights' Posts

An Update About Soylent News, With Jan Rinok "Back in the Saddle"
Burnout or "near burnout" a possibility when having to curate abuse
Rejecting 'Snoop-Phones' and Turning "Old" Phones (or Tablets) Into Freedom-Respecting Appliances
Paul Fernhout (pdfernhout.net) wrote back to Akira Urushibatathis this past weekend
 
A radical proposal to keep your personal data safe, by Richard Stallman
"The surveillance imposed on us today is worse than in the Soviet Union. We need laws to stop this data being collected in the first place"
Next Week We Launch Search at Techrights
We're planning to launch it some time next week. Maybe Tuesday, maybe Thursday.
Talk by Richard Stallman Will be Live-streamed in Less Than 10 Hours
Happy hacking
"No Kings" in the Software World (GAFAM Should Not Exist, Either)
"No Kings" is a good slogan. Let's start by ridding ourselves of masters, not only those who reside in DC or visit DC
Every Morning
Bugs/edge cases combined with automation can spell disaster
Insane, Deliberately Dishonest, or Just Another Bigot?
very intellectually-dishonest human being
A Lot of Techrights is Built on Perl
Perl also runs the sister site
The Register MS Selling Slop for Microsoft (Vapourware, Ponzi Scheme, False Claims)
What will be left of The Register MS if it keeps repeating falsehoods and looking to profit from Ponzi schemes?
analytics.usa.gov Says Less Than 14% of Web Requests (to Government Sites) Come From Vista 11
Vista 11 was released more than 4 years ago!
People Who Attempt to Take Down Correct Information Need a Doctor a Day
“Journalism is printing something that someone does not want printed. Everything else is public relations.” ― George Orwell
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, October 20, 2025
IRC logs for Monday, October 20, 2025
Vista 11 is Sinking While Microsoft is PIPing (Mass Layoffs But Silent Layoffs)
We're witnessing a shift in platform dominance
Richard Stallman is Having a Good Week Already (Stallman Was Right About 'Clown Computing')
That alone is worth bringing up in his talk
When Prominent GNU/Linux Distros Are Run by Spies
What has Microsoft Canonical become?
More Publishers and Companies Nowadays Say "GNU/Linux", Not "Linux"
It's not to see InstallAware saying GNU/Linux this week
Google News is Now Promoting a Parasitic Slopfarm Called "findarticles.com", Where Plagiarism of "Linux" Articles is Rampant
Does Google even care about the slop epidemic? Google itself is a vendor of slop now (and it calls it "Gemini")
Gemini Links 20/10/2025: Pumpkin Carving, "Hey Hi", and Other Buzzwords
Links for the day
Slopwatch: Google News Promoting Fear, Uncertainty, Doubt (FUD)
What is the value of Google News if so many results in it are fake 'articles?
Our Uptime This Year Was Better Than AWS (Also a Lot Cheaper)
We never used "the cloud"
Amazon Web Shenanigans
An ongoing, experimental endeavour
Death of Elias Diem: FSFE mailing list archives hidden
Reprinted with permission from Daniel Pocock
Links 20/10/2025: Louvre Museum Reveals Weakness, About 7 Million Protest US Turning Into Oligarchy/Monarchy
Links for the day
They Should Have Listened to Techrights Over a Month Earlier (Xubuntu Site Compromised)
we reported this issue about 40 days earlier and nobody did anything about it
Richard Stallman to Give Another Talk Today in Bavaria (Bavarian Academy of Science)
Tomorrow at 6 PM he speaks in Munich
Apple is the Company of Dictators and Worse
Apple is just another greedy corporation in search of sweatshops and even pedophiles (especially the high-profile ones)
Counting Unhatched Eggs Is Not Counting Chickens
Everything here will persist as normal
Barry Kauler Explains That Puppy Linux and EasyOS Exclude Systemd to Keep Things Simple
Barry Kauler's Puppy Linux is in the community's hands. He now focuses on EasyOS and more.
The "Infinite Bread"
The biblical story of Jesus feeding the 5,000 has software parallels
Half a Year After Brian Fagioli Got Kicked Out of BetaNews for Slop He's Still Doing LLM Slop and Slop Images Targeting 'Linux' (Plagiarising Original Works)
If the Web gets polluted or flooded by slopfarms such as these, and Slashdot then sends traffic so these slopfarms (Slashdot probably doesn't do this intentionally), then real writers with real knowledge of GNU/Linux will lose the spark for publishing
In Many Cases and in Many Different Ways, Technology Became Less Durable and Less Reliable Over Time
The "modern" things are more complex. And complexity is a foe or reliability and repair-ability.
Microsoft's LinkedIn is Losing Money, Traffic, and Hope; Now It Wants to Sell Its Users' Lifeblood (and Data)
Let this be a reminder of what social control media really is about
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, October 19, 2025
IRC logs for Sunday, October 19, 2025
Campaign of FUD Against Framework Laptops and GNU/Linux (Using Microsoft's Attack on Linux, 'Secure Boot')
Ritual Defamation Cult has turned its attention over to Framework
Microsoft Lunduke: Freedom of Speech Means Spreading What I Have to Say and Banning People I Disagree With
4Chan is one he aims for and he is siccing 4Chan trolls at people he doesn't like
Liberation From 'The Feed'
They rank things based on the editor's choice/ideology (he or she knows the sponsors, hence the masters)
Microsoft's Killing of Vista 10 Seems to Have Resulted in More Articles About GNU/Linux (But Also FUD)
We not only saw a rise in traffic, we also saw a remarkable rise in the number of articles
Today (a Day Before Richard Stallman Talk at TUM) There's a Patent Propaganda Event at TUM
Perhaps an opportunity for Dr. Stallman to rebut this "invention to patent" nonsense/fantasy (conflating monopolies with innovation)
OpenSource or "Open Source" as a Brand is Dying, Let's Get Back to Talking About Software Freedom
Those of us who actually want to reform the industry and put users in control of their systems/devices will recognise that "Open Source" was selling a lie or got-co-opted by liars
19 Years in Numbers: Techrights' Anniversary Countdown and Retrospective
In 2019 we began improving our workflows and, accordingly/predictably, we became a lot more productive
Slop Turns People Off (LLMs Lack Intelligence, They're Just Plagiarism Powerhouses That Fail to Deliver Any Real, Measurable Value)
"More" (or "MOAR") isn't always better
IBM Red Hat Has Re-calibrated or Adjusted to Bubble Economics, False Promises, and Slop/Plagiarism
This won't end well
Fake Numbers, Fake Claims, Fake Economy, and Media Grifters That Prop Up Fraud
Grifters like The Register MS won't be looked upon kindly after the bubble implodes
For Some, the GNU Web Site is Not Accessible This Week
They seem to have gone into some kind of lock-down mode
Richard Stallman Back at the "Rudolf-Diesel" Hörsal "MW 2001" in About 40 Hours
He spoke there before; there's a very high seating capacity there
Symptoms of Upcoming Microsoft Layoffs in XBox
A crashing franchise
Psychiatrist confession: Germanwings crash & Debian toxic culture recognized before suicides
Reprinted with permission from Daniel Pocock
Gemini Links 19/10/2025: Scentjacking 101, Slop Hype Boosters, and Steam Next Fest
Links for the day
Slopwatch: The Serial Slopper, LinuxSecurity, and Google News
Let's hope slopfarms die as soon as possible
Links 19/10/2025: Cambodia Scam Centres, Slop Hurting Wikipedia Traffic
Links for the day
As Economies Crumble Free as in Beer Will Matter, Not Just Free as in Freedom/Libre (Libertad)
French regions choosing to embrace Software Freedom
25 Years Ago, an Explanation of How Reducing Free Software to 'Apps' Would Interfere With Freedom Goals
there's nothing unreasonable about it
A List of 63 Known Gemini Clients (Software to Browse Geminispace Content With Gemini Protocol)
Not counting browser plugins for Web browsers
Gemini Links 19/10/2025: "Firma Odin Is Transforming" and Bot Attacks While "AFK"
Links for the day
US Government: 6.1% of Site Visitors Use GNU/Linux
GNU/Linux has a considerable share and it is growing
LLM Slop Could Not Rise to Prominence Without Media Complicity and Artificial Hype
Inane garbage disguised as "journalism"
Why the FSF No Longer Recommends Debian, as Explained by Richard Stallman This Month
some weeks ago
All the Latest Half Dozen Articles by Mehedi Hasan (UbuntuPIT) Only Admit at the End That He's Using LLM Slop
Disclosure is OK, but the practice of using slop is not
The 'Modern' Web of Fake Security and Easy Censorship of Whole Domains
Each year it gets worse
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, October 18, 2025
IRC logs for Saturday, October 18, 2025