Bonum Certa Men Certa

Guarding Your Privacy With E2EE: Primer

End-to-end encryption deciphered

Lock and Key



Summary: "As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try."

End-to-end encryption (E2EE) is something that's been in the news quite frequently. Lack of education about E2EE is being exploited. Your fundamental human rights are being violated. This article serves to educate the non-technical person about E2EE and how it affects their everyday life.



Let us get a few fundamental things clarified, first. Without these basic things, no proper discussion can happen around E2EE.

"Another important thing to note is that the sender sees the data that will be encrypted in its unencrypted form anyway. Obvious statement but important to remember."What is E2EE? E2EE is a system in which data is encrypted so that only one party can decrypt the data: the intended recipient(s).

Note that we used the word "system" in our definition for E2EE. This is done to keep the scope of this article separate from any specific E2EE software.

Another important thing to note is that the sender sees the data that will be encrypted in its unencrypted form anyway. Obvious statement but important to remember.

Next, let us note articles 12 and 19 of the Universal Declaration of Human Rights (UDHR).

LockArticle 12 UDHR: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

Article 19 UDHR: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."

We'll refer to these as A12UDHR and A19UDHR, from now on.

We've now established some fundamental definitions; we can move on to what all this means in the context of E2EE.

Let's now connect what A12UDHR and A19UDHR have to do with E2EE.

A12UDHR mentions privacy. Our data privacy is a form of privacy. Thus, according to A12UDR, every human being has a fundamental right to data privacy. The only way we can achieve data privacy is via E2EE.

"The only way we can achieve data privacy is via E2EE."A19UDHR mentions the freedom to hold opinions WITHOUT INTERFERENCE and to seek and impart INFORMATION and ideas THROUGH ANY MEDIA (we're paraphrasing here to highlight information relevant to this article). Thus, according to A19UDHR, every human being has a right to exchange INFORMATION THROUGH ANY MEDIA. End-to-end-encrypted data (E2EED) is a form of information; thus A19UDHR gives every human being a right to seek and impart E2EED over any medium they wish.

So, in summary, we've established the following as an inalienable right of every human being:

Every human being has a fundamental right to use E2EE and seek and impart E2EED over any medium they wish (Internet, printed documents, etc.).

Now it's time to consider the technical side.

If you go back to our definition of E2EE, you will see that there are strict requirements about who can decrypt E2EED.

Many platforms (email, social control media, messaging apps, etc.) advertise E2EE. They are pretty much all not E2EE. Why? They have the keys that can decrypt your data. Go back and read the definition of E2EE again.

What are these "keys"? Good question.

Every system of E2EE is basically built on the idea of a pair of keys:

"Many platforms (email, social control media, messaging apps, etc.) advertise E2EE. They are pretty much all not E2EE."Public Key (PKEY): Just a file. A sort of identifier. PKEYs are used in E2EE to encrypt data so that only the intended recipient(s) can decrypt the encrypted data.

Secret Key (SKEY): Just a file. This is the (only) file which can be used to decrypt the encrypted data.

There exists a mathematical relationship between a PKEY and a SKEY which makes it infeasible to decrypt the encrypted data without access to the recipient's SKEY. When used correctly, E2EED is safe even from the quantum computers of today.

You can refer to the end of this article for the technical details.

"You can willingly forfeit your privacy (and many do by accepting "Terms and Conditions" of various platforms and services) but no body has a right to forcibly take away your privacy."The easiest way to decrypt E2EED is to get a hold of the recipient's SKEY or to catch the pre-encrypted data via some sort of back door in the device being used to encrypt the data. The problem is, many organisations already have your SKEY; they keep a copy for themselves, when SKEY has been generated. So, these systems don't actually satisfy our definition of E2EE.

Remember: You have a fundamental right to end-to-end encryption. You have a fundamental right to keep the secret keys used for your end-to-end encryption software private. Nobody has the right to take these secret keys away from you - no company, no government, no individual, no organisation. You can willingly forfeit your privacy (and many do by accepting "Terms and Conditions" of various platforms and services) but no body has a right to forcibly take away your privacy.

"Complain to your local government representative about the attacks on E2EE."There have been repeated attempts (and will continue to be repeated attempts) to outlaw end-to-end encryption. Governments want to spy on citizens; companies want to spy on individuals to profit off their private data; organisations want private data of individuals to make discriminatory decisions about said individuals. All of these actions have negative consequences on individuals: psychological abuse, economic discrimination, racial discrimination, political discrimination, exploitative psychological advertising (the list goes on and on).

So what can you do about this? You can raise awareness, first of all. Complain to your local government representative about the attacks on E2EE. You can educate yourself about which software gives you full control over your secret keys.

"Note that operating systems and devices have constantly had back doors installed into them."Here's a list of software you can look up which gives users control over their secret keys:

1) GnuPG and Kleopatra (GNU/Linux, BSD, OSX)

2) Gpg4win and Kleopatra (Windows)

3) OpenKeychain (Mobile)

There are many books, videos, and tutorials about the tools above. They're a good point to start with.

Note that operating systems and devices have constantly had back doors installed into them. The best way to use E2EE software is to have a separate device for performing all E2EE tasks; said device should never be connected to the Internet. This is too inconvenient for some but is worth considering for those who want added level of security.

A note on hardware security tokens: Don't believe in them. Most of them are likely to have back doors in them which allow extraction of your secret keys. Use an ordinary, general-purpose computer for all E2EE tasks; preferably one that never sees the Internet. Old laptops make great E2EE machines; just turn off the WIFI and don't plug in any Ethernet cable. Devices like the Raspberry Pi are also a good candidate for an affordable system exclusively used for E2EE. You can use these devices with an HDMI cable, keyboard+mouse, and a USB stick to move data to and from the device.

Does all your data need to be E2EED? Of course not. That would be overkill. But data that you think needs to be private should be private. So use E2EE software to protect your privacy, when you see fit. This includes pictures, videos, legal documents, files containing passwords, etc.

"Old laptops make great E2EE machines; just turn off the WIFI and don't plug in any Ethernet cable."Remember: E2EE is a system in which data is encrypted so that ONLY ONE party can decrypt the data: intended recipient(s). Any system which doesn't satisfy this definition is not E2EE; don't let governments, companies, etc. convenience you otherwise.

Technical details



Say J wants to send a file F to M; J wants to encrypt F so that only M can decrypt F. We'll refer to the encrypted form of F as EF.

What would J need to do?

We'll establish a few more definitions (sorry about this but it's necessary to maintain correctness).

J and M both have keys.

E2EE software : S.

Public key of J : JPKEY Secret key of J : JSKEY

Public key of M : MPKEY Secret key of M : MSKEY

(1) J and M both use S to generate their respective key files (JPKEY, JSKEY, MPKEY, MSKEY).

(2) J needs MPKEY in order to encrypt F for M.

(3) M sends J: MPKEY, in advance (this can be done over any media as MPKEY is not required to remain private).

(4) J now has the following: S, JSKEY, MPKEY, F. J can use these to obtain EF.

(5) J sends EF to M.

(6) M now has the following: MSKEY, S, EF.

(7) M can use these to obtain F from EF.

All of the above can be done with only one person. In, that case J = M. This is when you want E2EED that is "for your eyes only".

RSA and EDDSA are considered the most secure systems for E2EE today (2020). The major weak points in any E2EE are: human error, hardware and software backdoors, hardware and software bugs. E2EE is always evolving, so what you read today may not be true tomorrow.

As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try.

Be wary of any body that gives you guarantees.

Recent Techrights' Posts

Nobody is "Replaced by AI", It's Just a Smokescreen for Jobs Being Eliminated by Lack of Money (Too Much Debt) and Offshoring
It's also why many make the jokes about the "I" in "AI" being "India" or "Indians"
The US Government is Now in the Business (Literally!) of Saving Microsoft and Intel
This means that President TACO/Cheeto now has greater financial incentive to also prop up Microsoft and Windows
 
The UEFI Restricted Boot 'Time Bomb' is About to Go Off in a Few Weeks
Garrett was the first person to face sanctions (like muting) in our IRC channels because of his abuse; worse yet, he hijacked other people's names and then locked them out of their own accounts
Should Currys PCWorld Start Voiding Warranties of Users of Vista 11?
If a person's laptop has a mechanical issue, should this person replace GNU/Linux with Vista 11 for the repair shop? Only to damage the SSD?
Newer is Not Always Better, and It's Possible That 'Peak' is the Past
People creating their own platforms means progress, whereas centralisation (like moving from blogs to social control media) is the opposite of progress
LLM Hype is Sowing Destruction: It Contributes to DDoS Attacks and Makes the Web Less Accessible (JavaScript "R U Human?" Tests)
If it was googlebot, it would be possible to argue that you'd at least then get referral traffic from Google Search. With LLMs, all you get is plagiarised.
Links 24/08/2025: New York Times Talks About Hey Hi (AI) Bubble
Links for the day
Gemini Links 24/08/2025: Upgrading Debian and Mobile-indifferent Design
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, August 23, 2025
IRC logs for Saturday, August 23, 2025
Richard Stallman's Talk in Buenos Aires Scheduled for 16 November 2025 (a Month After FSF Turns 40)
they've just updated their site and Stallman is listed first
Men Who Abuse Women Should Never Spend Over 3 Years of the UK High Court's Time
This demonstrates that we need a reform in the UK
Slopwatch: Linux Journal, WebProNews, LinuxSecurity, and the Serial Slopper
The bubble needs to burst, but even then the Web will be left with residues of these slopfarms
Links 23/08/2025: Science, War, and Important Win for the British Media Against SLAPPers Who Abuse Women
Links for the day
Gemini Links 23/08/2025: BaseLibre Numerical System and Back to Oldschool
Links for the day
"Deserved Victory" for "Women That Suffered"
"GNM defended its reporting as being both true and in the public interest and in a judgment on Friday"
Links 23/08/2025: onmicrosoft.com as Spam Cannon, The Cheeto-Intel Deal Is Official
Links for the day
Wired Complained About LLM Slop Only Days Before It Got Caught Doing That Itself
Never throw stones in a glass house
IBM "Value" Down 14.16% in a Month, Red Hat Layoffs Allegedly Discussed 12 Days Ago
"IBM is a dinosaur. Dinosaurs get extinct when the don't keep up."
We're Seeing More Countries Where Windows Isn't Even in Second Place Anymore (Third or Worse)
In a way, Microsoft can barely even hold onto second place anymore
Microsoft Workers on Canonical's Payroll
If you want something that's sort of like Ubuntu but is not controlled by Canonical, then look into Linux Mint, Debian, or LMDE
GNU/Linux Climbs to 4% in Sierra Leone
Sierra Leone isn't a very rich country (to say the least), but it's better off than some of its neighbours
The SLAPPS Run Out of Oxygen Because They're Abuse of Process
At the end of the day we plan to publish over 1,000 articles explaining what happened
The Register MS Gets Paid by the Employer of the Previous Editor in Chief to Promote the "AI" Ponzi Scheme, Which Does Considerable Damage to the Web and to Online Journalists
The Register MS can 'badmouth' slop all it wants; it gets paid to inflate this bubble. It's actively participating in it.
Soon It'll be Autumn, Time to Repair Things
Where they don't charge an arm and a leg
Doing Our Best to Cover Software Patents When the Mainstream Media Does Not
Even the FSF has its limits
Gemini Links 23/08/2025: August Questions and Network Solutions
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, August 22, 2025
IRC logs for Friday, August 22, 2025
Microsoft Has Issues in Guyana
It's not just Guyana
About 25% of the "Linux" News/Results in Google News Today Are LLM Slop, Almost 20% From the Same Rogue Operators of Slopfarms
Google, which tries to market itself as an LLM giant, apparently fails to understand what's wrong with it
Harassing People on Holiday
There are "no-go areas"; but that assumes all laws firms have ethical standards
The Great, Undeniable Value of Paper Trail, Not Purely Digital Systems
Suppose you have nothing but bits on someone else's computer and "word of mouth"...
The Company Behind Ars Technica, Reddit and Wired Caught Publishing LLM Slop (It Also Admits It Now)
Condé Nast busted
Links 22/08/2025: Lagrange 1.18.8, Wired Magazine and Business Insider Caught Resorting to LLM Slop
Links for the day
This Saturday It's Gonna be 3.5 Years* Since Russia Invaded Ukraine. No Microsoft Protests Against Microsoft Having Provided Russia With Services.
Companies do not have consistent policies and enforcement of "corporate values" is somewhat of an egg salad
Slopwatch: Sites Gone Rogue, Google Promoting Lies, and DDoS Attacks by Plagiarism Giants
Charlatans and frauds engage in a war against artistic industries, mislabeling plagiarism as "AI"
Links 22/08/2025: Cisco Layoffs, LA Times Says "AI Hype is Fading Fast"
Links for the day
Gemini Links 22/08/2025: K for Kentucky and Caddy Versus LLM Slopbots
Links for the day
The "End Software Patents" Initiative of the FSF Explains "WHY [to] ABOLISH SOFTWARE PATENTS"
We hope to cover patent-related issues more and more as the big anniversary of the FSF approaches
Freenode Sniffing
The grown-ups left the building
The Only Thing Worse Than Misinformation is Misinformation Sold to Everyone as "Intelligence"
Misplaced trust is worse than none at all
The Register MS Now Openly Admits LLM Hype Does Damage, But It's Also Being Paid to Participate in the LLM Hype (With Paid 'Articles' and 'Webcasts' for Paying Advertisers)
The Register MS gets paid to do this
End of the Smartphone Era? No.
Maybe the media should focus on producing accurate, factual news
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, August 21, 2025
IRC logs for Thursday, August 21, 2025
Enshittification of Airports, Airlines, and Airplanes
If people are willing to tolerate standard declines and enshittification (nowadays sold as "pivot to AI" or "replaced by AI" or "AI layoffs") they will pay for it some other way
Latest Is Not Greatest: The Case of "Foldable" Tech
don't be shamed into abandoning old things just because the "fashion industry" of Apple and Samsung tells you to
Airlines and Their Tricks That Only Work in the 'Digital Age'
People sceptical of the direction technology has taken are not "Luddites"
Open Source Initiative (OSI), Which Became a Propaganda Front of Microsoft and "Hey Hi" (Hype, Misnomer), Wants You to Forget These Scandals
A lot of these issues won't be set aside until there's a resolution