Bonum Certa Men Certa

Guarding Your Privacy With E2EE: Primer

End-to-end encryption deciphered

Lock and Key



Summary: "As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try."

End-to-end encryption (E2EE) is something that's been in the news quite frequently. Lack of education about E2EE is being exploited. Your fundamental human rights are being violated. This article serves to educate the non-technical person about E2EE and how it affects their everyday life.



Let us get a few fundamental things clarified, first. Without these basic things, no proper discussion can happen around E2EE.

"Another important thing to note is that the sender sees the data that will be encrypted in its unencrypted form anyway. Obvious statement but important to remember."What is E2EE? E2EE is a system in which data is encrypted so that only one party can decrypt the data: the intended recipient(s).

Note that we used the word "system" in our definition for E2EE. This is done to keep the scope of this article separate from any specific E2EE software.

Another important thing to note is that the sender sees the data that will be encrypted in its unencrypted form anyway. Obvious statement but important to remember.

Next, let us note articles 12 and 19 of the Universal Declaration of Human Rights (UDHR).

LockArticle 12 UDHR: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

Article 19 UDHR: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."

We'll refer to these as A12UDHR and A19UDHR, from now on.

We've now established some fundamental definitions; we can move on to what all this means in the context of E2EE.

Let's now connect what A12UDHR and A19UDHR have to do with E2EE.

A12UDHR mentions privacy. Our data privacy is a form of privacy. Thus, according to A12UDR, every human being has a fundamental right to data privacy. The only way we can achieve data privacy is via E2EE.

"The only way we can achieve data privacy is via E2EE."A19UDHR mentions the freedom to hold opinions WITHOUT INTERFERENCE and to seek and impart INFORMATION and ideas THROUGH ANY MEDIA (we're paraphrasing here to highlight information relevant to this article). Thus, according to A19UDHR, every human being has a right to exchange INFORMATION THROUGH ANY MEDIA. End-to-end-encrypted data (E2EED) is a form of information; thus A19UDHR gives every human being a right to seek and impart E2EED over any medium they wish.

So, in summary, we've established the following as an inalienable right of every human being:

Every human being has a fundamental right to use E2EE and seek and impart E2EED over any medium they wish (Internet, printed documents, etc.).

Now it's time to consider the technical side.

If you go back to our definition of E2EE, you will see that there are strict requirements about who can decrypt E2EED.

Many platforms (email, social control media, messaging apps, etc.) advertise E2EE. They are pretty much all not E2EE. Why? They have the keys that can decrypt your data. Go back and read the definition of E2EE again.

What are these "keys"? Good question.

Every system of E2EE is basically built on the idea of a pair of keys:

"Many platforms (email, social control media, messaging apps, etc.) advertise E2EE. They are pretty much all not E2EE."Public Key (PKEY): Just a file. A sort of identifier. PKEYs are used in E2EE to encrypt data so that only the intended recipient(s) can decrypt the encrypted data.

Secret Key (SKEY): Just a file. This is the (only) file which can be used to decrypt the encrypted data.

There exists a mathematical relationship between a PKEY and a SKEY which makes it infeasible to decrypt the encrypted data without access to the recipient's SKEY. When used correctly, E2EED is safe even from the quantum computers of today.

You can refer to the end of this article for the technical details.

"You can willingly forfeit your privacy (and many do by accepting "Terms and Conditions" of various platforms and services) but no body has a right to forcibly take away your privacy."The easiest way to decrypt E2EED is to get a hold of the recipient's SKEY or to catch the pre-encrypted data via some sort of back door in the device being used to encrypt the data. The problem is, many organisations already have your SKEY; they keep a copy for themselves, when SKEY has been generated. So, these systems don't actually satisfy our definition of E2EE.

Remember: You have a fundamental right to end-to-end encryption. You have a fundamental right to keep the secret keys used for your end-to-end encryption software private. Nobody has the right to take these secret keys away from you - no company, no government, no individual, no organisation. You can willingly forfeit your privacy (and many do by accepting "Terms and Conditions" of various platforms and services) but no body has a right to forcibly take away your privacy.

"Complain to your local government representative about the attacks on E2EE."There have been repeated attempts (and will continue to be repeated attempts) to outlaw end-to-end encryption. Governments want to spy on citizens; companies want to spy on individuals to profit off their private data; organisations want private data of individuals to make discriminatory decisions about said individuals. All of these actions have negative consequences on individuals: psychological abuse, economic discrimination, racial discrimination, political discrimination, exploitative psychological advertising (the list goes on and on).

So what can you do about this? You can raise awareness, first of all. Complain to your local government representative about the attacks on E2EE. You can educate yourself about which software gives you full control over your secret keys.

"Note that operating systems and devices have constantly had back doors installed into them."Here's a list of software you can look up which gives users control over their secret keys:

1) GnuPG and Kleopatra (GNU/Linux, BSD, OSX)

2) Gpg4win and Kleopatra (Windows)

3) OpenKeychain (Mobile)

There are many books, videos, and tutorials about the tools above. They're a good point to start with.

Note that operating systems and devices have constantly had back doors installed into them. The best way to use E2EE software is to have a separate device for performing all E2EE tasks; said device should never be connected to the Internet. This is too inconvenient for some but is worth considering for those who want added level of security.

A note on hardware security tokens: Don't believe in them. Most of them are likely to have back doors in them which allow extraction of your secret keys. Use an ordinary, general-purpose computer for all E2EE tasks; preferably one that never sees the Internet. Old laptops make great E2EE machines; just turn off the WIFI and don't plug in any Ethernet cable. Devices like the Raspberry Pi are also a good candidate for an affordable system exclusively used for E2EE. You can use these devices with an HDMI cable, keyboard+mouse, and a USB stick to move data to and from the device.

Does all your data need to be E2EED? Of course not. That would be overkill. But data that you think needs to be private should be private. So use E2EE software to protect your privacy, when you see fit. This includes pictures, videos, legal documents, files containing passwords, etc.

"Old laptops make great E2EE machines; just turn off the WIFI and don't plug in any Ethernet cable."Remember: E2EE is a system in which data is encrypted so that ONLY ONE party can decrypt the data: intended recipient(s). Any system which doesn't satisfy this definition is not E2EE; don't let governments, companies, etc. convenience you otherwise.

Technical details



Say J wants to send a file F to M; J wants to encrypt F so that only M can decrypt F. We'll refer to the encrypted form of F as EF.

What would J need to do?

We'll establish a few more definitions (sorry about this but it's necessary to maintain correctness).

J and M both have keys.

E2EE software : S.

Public key of J : JPKEY Secret key of J : JSKEY

Public key of M : MPKEY Secret key of M : MSKEY

(1) J and M both use S to generate their respective key files (JPKEY, JSKEY, MPKEY, MSKEY).

(2) J needs MPKEY in order to encrypt F for M.

(3) M sends J: MPKEY, in advance (this can be done over any media as MPKEY is not required to remain private).

(4) J now has the following: S, JSKEY, MPKEY, F. J can use these to obtain EF.

(5) J sends EF to M.

(6) M now has the following: MSKEY, S, EF.

(7) M can use these to obtain F from EF.

All of the above can be done with only one person. In, that case J = M. This is when you want E2EED that is "for your eyes only".

RSA and EDDSA are considered the most secure systems for E2EE today (2020). The major weak points in any E2EE are: human error, hardware and software backdoors, hardware and software bugs. E2EE is always evolving, so what you read today may not be true tomorrow.

As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try.

Be wary of any body that gives you guarantees.

Recent Techrights' Posts

Brett Wilson LLP Sent Over 5 Kilograms (or Over 12 Pounds) of Legal Papers! Because Writing About Microsoft Abuses is 'Illegal'.
How do you guys sleep at night? On a big pile of Microsoft money?
Extremism as a Weapon Against GNU/Linux (Microsoft Lunduke)
He ought to know the Halloween Documents. Wasn't he a Microsoft employee when these came out?
 
Links 09/07/2025: "Subprime AI Crisis" and "OpenAI May Be in Major Trouble Financially"
Links for the day
Huge Piles of Legal Papers ('Paper DDoS') Do Not Impress Judges and Regulators
they just make judges and regulators even more suspicious of the eagerness to resort to 'paper DDoS'
Lunduke Isn't Even Hiding His Anti-Linux Agenda (From "Linux Sucks" to "Linux is Pedophiles")
just trying to make a lot of trouble
Some People Use Computers to Get Actual Work Done
Tolerance and inclusion must extend to acceptance that some people don't agree with you, might never agree with you, and imposing what allegedly works for you on them is unreasonable
Example of "Old" Things That Still Work
The notion that something being "old" implies it must be discarded is typically advanced by those looking to sell more of something
Some Scheduled Maintenance Later Today
Typically the most vulnerable service during short interruptions is IRC
Computers Are Just a Tool
People don't get married because they love weddings, folks don't join the army because they love war, and most drivers don't drive to work because they love cars
Apple Way Past Its Prime
Apple deserves a decline
The FSF's SysOps Team Recovered From Serious Hardware Issue Within Hours
About half a day ago I noticed that all/most GNU/FSF sites were not reachable and thus reached out to a contact for any details
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 08, 2025
IRC logs for Tuesday, July 08, 2025
Slopwatch: Turning Bugs Into FUD About "Linux", Getting Basic Facts Wrong
all the screenshots are of fake articles; we don't want to link to any
Technical Reasons, Not Politics: With Wayland "it feels a lot like Linux from 20-25 years ago, which is horrendously frustrating, because it feels like we wasted one or two decades of progress and stability"
Lately, quite a few benchmarks were published to show Wayland compares poorly compared to what we had
PCLinuxOS Recovering From Fire
It looks like a nightmare scenario, where even backups onsite get destroyed
Links 09/07/2025: More Heatwaves, Officials Culled in Russia
Links for the day
Gemini Links 09/07/2025: XScreensaver and Resurrection
Links for the day
Links 08/07/2025: "Cyberattack Deals Blow to Russian Firmware" and "Cash Remains King"
Links for the day
FSF40 T-shirt message
by Alex Oliva
Gemini Links 08/07/2025: Creativity, Gotify with NUT Server, and Sudo Bugs
Links for the day
More on "Lunduke is Actually Sending His Audience to Attack People"
"pepe the frogs"
Links 08/07/2025: Sabotage of Networking Infrastructure, Microsoft XBox Game Pass Deemed “Unsustainable”
Links for the day
Dalai Lama Succession as Evidence That Determined, Motivated People Can Reach Their Nineties
And we need to quit talking about their death all the time
Many Lawyers (for Microsoft) and 1,316 Pages to Pick on a Litigant in Person Who Exposed Serious Microsoft Abuses
Answers must be given
Gemini Links 08/07/2025: Ancillary Justice and Small Web July
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 07, 2025
IRC logs for Monday, July 07, 2025
Layoffs and Shutdowns at IBM, Not Just Microsoft
Same as Microsoft
The FSF's (Free Software Foundation, Inc.) 2025 Summer Fundraiser Already Past Halfway Line
This is where GNU/Linux actually started
With Workers Back From a Holiday Weekend, Microsoft Layoffs Carry on, More Waves to Come
Now it's Monday and people are bad to work, even some journalists
Mozilla Had No Good Reason to Outsource Firefox Development to Microsoft
What does Mozilla plan to do when GitHub shuts down?
Mozilla Firefox Did Not Die, It Got Killed
To me it'll always look like Mozilla got killed by its sponsors, especially Google, which had a conflict of interest as a sponsor
You Need Not Wave a Rainbow Flag This Month to Basically Oppose Arseholes Looking to Disrupt and Divide the Community
Don't fall for it
Dan Neidle, Whom Brett Wilson LLP SLAPPed (on Behalf of Corrupt Rich Tax Evaders), Still Fighting the Good Fight
Neidle fights for the poor people
What Miguel de Icaza and Microsoft Lunduke Have in Common
Similar aims, different methods
Wayland Should Start by Dumping Its Very Ugly Logo
Wayland wins the "ugliest logo" award every year
Stop Focusing on Hair Colours, Focus on Corporate Agenda
If someone commits a crime, it does not matter if his or her hair was mostly white or there was no hair or a wig or whatever
Links 07/07/2025: Science, Conflicts, and a Fictional K-pop Group
Links for the day
Gemini Links 07/07/2025: Being a Luddite and Announcement of Gotify
Links for the day
Links 07/07/2025: XBox Effectively 'Dead', DMCA Subpoena Versus Registrar
Links for the day
The 'Corporate Neckbeard' is Not the "Good Guy"
Works for IBM
The Nasty Smear (and Stereotype) of "Neckbeard" or "Greybeard" is Ageism
This is the sort of stuff they might try to volley at critics of Wayland
Why Many of Us Use X Server and Will Continue to Use It For Many Years to Come
Don't make this about politics
Microsoft's Nat Friedman Became Unemployed the Same Time the SLAPPs Against Techrights Started Coming From His Friends (Weeks After We Had Exposed Scandals About Him and the Serial Strangler, His Best Friend, Who Got Arrested a Few Days Later)
Nat Friedman is not "Investor, entrepreneur"
Brett Wilson LLP Uses Threats to Demand Changes to Pages or Removal of Pages Without Even Revealing Which Staff Member Does That (Sometimes People From Another Firm!)
This has been in the public for years
Dan Neidle Said "It Really Then Became a Job of Tormenting" Lawyers Like Brett Wilson LLP (Who Threatened Him for Exposing Crimes, Just Like They Threatened My Wife a Few Months Later)
he and his wife decided to take on the evil people and their evil lawyers
Large Language Models (LLMs) Externalise Their Cost to the Free Software Foundation (FSF)
"The forty-sixth Free Software Bulletin is now available online!"
Weeding Out Extremism in Our Community
To me it seems like Microsoft Lunduke is rapidly becoming like a "hate preacher" who operates online, breeding an extremist ideology or trying to soften its image
Censorship Versus Fact-Checking and Quality Control
It's not censorship but a matter of quality control
Reinforcing the Allegations Some More, Bryan Lunduke Digs His Own Grave
In his latest episodes he merely repeats his own lies, which I debunked using evidence right from his own mouth
Global Warming and Free Software as a Force of Mitigation
we'll need to think about Software Freedom, not just brands like "Linux"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 06, 2025
IRC logs for Sunday, July 06, 2025
Gemini Links 07/07/2025: BaseLibre Numerical System and TUI Rant
Links for the day