Bonum Certa Men Certa

Guarding Your Privacy With E2EE: Primer

End-to-end encryption deciphered

Lock and Key



Summary: "As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try."

End-to-end encryption (E2EE) is something that's been in the news quite frequently. Lack of education about E2EE is being exploited. Your fundamental human rights are being violated. This article serves to educate the non-technical person about E2EE and how it affects their everyday life.



Let us get a few fundamental things clarified, first. Without these basic things, no proper discussion can happen around E2EE.

"Another important thing to note is that the sender sees the data that will be encrypted in its unencrypted form anyway. Obvious statement but important to remember."What is E2EE? E2EE is a system in which data is encrypted so that only one party can decrypt the data: the intended recipient(s).

Note that we used the word "system" in our definition for E2EE. This is done to keep the scope of this article separate from any specific E2EE software.

Another important thing to note is that the sender sees the data that will be encrypted in its unencrypted form anyway. Obvious statement but important to remember.

Next, let us note articles 12 and 19 of the Universal Declaration of Human Rights (UDHR).

LockArticle 12 UDHR: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

Article 19 UDHR: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."

We'll refer to these as A12UDHR and A19UDHR, from now on.

We've now established some fundamental definitions; we can move on to what all this means in the context of E2EE.

Let's now connect what A12UDHR and A19UDHR have to do with E2EE.

A12UDHR mentions privacy. Our data privacy is a form of privacy. Thus, according to A12UDR, every human being has a fundamental right to data privacy. The only way we can achieve data privacy is via E2EE.

"The only way we can achieve data privacy is via E2EE."A19UDHR mentions the freedom to hold opinions WITHOUT INTERFERENCE and to seek and impart INFORMATION and ideas THROUGH ANY MEDIA (we're paraphrasing here to highlight information relevant to this article). Thus, according to A19UDHR, every human being has a right to exchange INFORMATION THROUGH ANY MEDIA. End-to-end-encrypted data (E2EED) is a form of information; thus A19UDHR gives every human being a right to seek and impart E2EED over any medium they wish.

So, in summary, we've established the following as an inalienable right of every human being:

Every human being has a fundamental right to use E2EE and seek and impart E2EED over any medium they wish (Internet, printed documents, etc.).

Now it's time to consider the technical side.

If you go back to our definition of E2EE, you will see that there are strict requirements about who can decrypt E2EED.

Many platforms (email, social control media, messaging apps, etc.) advertise E2EE. They are pretty much all not E2EE. Why? They have the keys that can decrypt your data. Go back and read the definition of E2EE again.

What are these "keys"? Good question.

Every system of E2EE is basically built on the idea of a pair of keys:

"Many platforms (email, social control media, messaging apps, etc.) advertise E2EE. They are pretty much all not E2EE."Public Key (PKEY): Just a file. A sort of identifier. PKEYs are used in E2EE to encrypt data so that only the intended recipient(s) can decrypt the encrypted data.

Secret Key (SKEY): Just a file. This is the (only) file which can be used to decrypt the encrypted data.

There exists a mathematical relationship between a PKEY and a SKEY which makes it infeasible to decrypt the encrypted data without access to the recipient's SKEY. When used correctly, E2EED is safe even from the quantum computers of today.

You can refer to the end of this article for the technical details.

"You can willingly forfeit your privacy (and many do by accepting "Terms and Conditions" of various platforms and services) but no body has a right to forcibly take away your privacy."The easiest way to decrypt E2EED is to get a hold of the recipient's SKEY or to catch the pre-encrypted data via some sort of back door in the device being used to encrypt the data. The problem is, many organisations already have your SKEY; they keep a copy for themselves, when SKEY has been generated. So, these systems don't actually satisfy our definition of E2EE.

Remember: You have a fundamental right to end-to-end encryption. You have a fundamental right to keep the secret keys used for your end-to-end encryption software private. Nobody has the right to take these secret keys away from you - no company, no government, no individual, no organisation. You can willingly forfeit your privacy (and many do by accepting "Terms and Conditions" of various platforms and services) but no body has a right to forcibly take away your privacy.

"Complain to your local government representative about the attacks on E2EE."There have been repeated attempts (and will continue to be repeated attempts) to outlaw end-to-end encryption. Governments want to spy on citizens; companies want to spy on individuals to profit off their private data; organisations want private data of individuals to make discriminatory decisions about said individuals. All of these actions have negative consequences on individuals: psychological abuse, economic discrimination, racial discrimination, political discrimination, exploitative psychological advertising (the list goes on and on).

So what can you do about this? You can raise awareness, first of all. Complain to your local government representative about the attacks on E2EE. You can educate yourself about which software gives you full control over your secret keys.

"Note that operating systems and devices have constantly had back doors installed into them."Here's a list of software you can look up which gives users control over their secret keys:

1) GnuPG and Kleopatra (GNU/Linux, BSD, OSX)

2) Gpg4win and Kleopatra (Windows)

3) OpenKeychain (Mobile)

There are many books, videos, and tutorials about the tools above. They're a good point to start with.

Note that operating systems and devices have constantly had back doors installed into them. The best way to use E2EE software is to have a separate device for performing all E2EE tasks; said device should never be connected to the Internet. This is too inconvenient for some but is worth considering for those who want added level of security.

A note on hardware security tokens: Don't believe in them. Most of them are likely to have back doors in them which allow extraction of your secret keys. Use an ordinary, general-purpose computer for all E2EE tasks; preferably one that never sees the Internet. Old laptops make great E2EE machines; just turn off the WIFI and don't plug in any Ethernet cable. Devices like the Raspberry Pi are also a good candidate for an affordable system exclusively used for E2EE. You can use these devices with an HDMI cable, keyboard+mouse, and a USB stick to move data to and from the device.

Does all your data need to be E2EED? Of course not. That would be overkill. But data that you think needs to be private should be private. So use E2EE software to protect your privacy, when you see fit. This includes pictures, videos, legal documents, files containing passwords, etc.

"Old laptops make great E2EE machines; just turn off the WIFI and don't plug in any Ethernet cable."Remember: E2EE is a system in which data is encrypted so that ONLY ONE party can decrypt the data: intended recipient(s). Any system which doesn't satisfy this definition is not E2EE; don't let governments, companies, etc. convenience you otherwise.

Technical details



Say J wants to send a file F to M; J wants to encrypt F so that only M can decrypt F. We'll refer to the encrypted form of F as EF.

What would J need to do?

We'll establish a few more definitions (sorry about this but it's necessary to maintain correctness).

J and M both have keys.

E2EE software : S.

Public key of J : JPKEY Secret key of J : JSKEY

Public key of M : MPKEY Secret key of M : MSKEY

(1) J and M both use S to generate their respective key files (JPKEY, JSKEY, MPKEY, MSKEY).

(2) J needs MPKEY in order to encrypt F for M.

(3) M sends J: MPKEY, in advance (this can be done over any media as MPKEY is not required to remain private).

(4) J now has the following: S, JSKEY, MPKEY, F. J can use these to obtain EF.

(5) J sends EF to M.

(6) M now has the following: MSKEY, S, EF.

(7) M can use these to obtain F from EF.

All of the above can be done with only one person. In, that case J = M. This is when you want E2EED that is "for your eyes only".

RSA and EDDSA are considered the most secure systems for E2EE today (2020). The major weak points in any E2EE are: human error, hardware and software backdoors, hardware and software bugs. E2EE is always evolving, so what you read today may not be true tomorrow.

As with all security, there is assumed risk no matter how careful you are. There are no security guarantees but that doesn't mean you shouldn't try.

Be wary of any body that gives you guarantees.

Recent Techrights' Posts

Techrights is Officially an Adult
this site's eighteenth anniversary
Technology: rights or responsibilities? - Part IX
By Dr. Andy Farnell
Many Geeks' Achilles Heel: They Don't Take Computer Breaks
Life can get longer if you stay healthy
In Asia, Microsoft's Bing Became Smaller Than Yandex and It Shrinks Every Month
How long before Microsoft pulls the plug on Bing?
 
Links 04/12/2024: Social Control Media Thoughts, Enrons of 2024, and More
Links for the day
Gemini Links 04/12/2024: Soviet Esotericism, Mikrotik is Awesome, and More
Links for the day
[Meme] Silicon Valley's "Successful Businessmen"
Debt is not a currency
Visualising About 0.7 Trillion Dollars of Debt in Supposedly "Successful" Tech Companies
If they're doing so well, how come they borrow so much money (which some would struggle to pay back or never manage to pay back)?
Single-Digit Microsoft: Windows Finally Falls Below 10% in Angola
it's only a matter of time before Windows is down to 5%
Coming Up With Topics to Cover and Issues to Comment on
Socialising is a big part of it
[Meme] Far From What Was Originally Intended
Makes site about RMS; Deletes his own 'site'
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 03, 2024
IRC logs for Tuesday, December 03, 2024
Illuminating Microsoft's Dirty Tactics
Criticising illegal things that Microsoft does can be classified as "Microsoft bashing" or "hatred"
Proof That Drew DeVault Vanished From Mastodon After the RMS Attack Site Was Linked to Him (and People Pointed Out DeVault's Fascination With Animated CP, Drawings of Naked Kids)
We assume he just wanted to vanish from Mastodon
Maybe Bill Gates is Getting Demented Like His Late Father (He Says Things That Are True But He's Not Supposed to Say in Public)
It happened in a podcast with Reid Hoffman
We've Clearly Struck a Nerve
Microsofters and Microsoft proxies have meanwhile lost their temper
The Userbase of GNU/Linux is Growing, Investments in the FSF Grow Too (in Spite of Microsofters Inciting and Slandering It)
The FSF's expenses are close to 2 million dollars a year
Links 03/12/2024: Pat Gelsinger's Firing Spun as 'Retirement', US Exports Land Mines
Links for the day
Links 03/12/2024: GrapheneOS, Raspberry Pi 4, and More
Links for the day
Links 03/12/2024: Googlebombing "Windows 12", Games Preservation, and Public Domain Game Jam
Links for the day
It's FOSS? No, It's SPAM.
Another sellout
Steven J. Vaughan-Nichols (SJVN) 'Works' for Linux Foundation (LF) on SPAM Campaigns, Just Like Spamnil's TFiR (Swapnil Bhartiya)
How can he publish something like this under his name?
Microsoft's Debt Ratio is Awful
It owes almost 150% of what it can give
Microsoft Has Already Laid Off Tens of Thousands of Workers, "Headcount" is Misleading Spin From Microsoft-Funded Sites
Expect Microsoft to suck up to Trump, looking for more bailouts (those typically manifest themselves in the form of "defence" contracts)
South America: GNU/Linux Grew to 8.15% Venezuela, Steadily Over 3% Overall
holding steady above 3%
Clownflare (Cloudflare) Debt Grows, Losses Continue
debt of nearly $400,000 per employee
Gemini Links 03/12/2024: December Adventure and Social Justice Gone Wild
Links for the day
Microsoft Windows Falls to 12.5% in Cuba, Android Soaring
Windows isn't even doing too well on desktops/laptops
[Meme] GAGAM: Google, Apple, Gulag, Amazon, Microsoft, and the Rest
The Web has never been more dangerous and hostile
ChromeOS Isn't Freedom, But It's Killing Microsoft's Ability to Profit From Windows
ChromeOS has shot up to 22% in Sweden
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 02, 2024
IRC logs for Monday, December 02, 2024
The L Word (Not Linux)
Championing Software Freedom is "dangerous"
Did IBM Layoffs Stop? Ask Dr. Krishna, The 'Genius' of IBM...
Trust AK to solve all the problems of IBM by creating bigger problems
It's Easy to Snyk in Marketing SPAM (and FUD) Into BetaNews
The latest marketing piece (disguised as information, not shameless self-promotion)
[Meme] Sportwashing vs Code of Censorship (CoC)
Expectation of censorship (censor for me... or else!)
GNU/Linux at 4% in Algeria
So it more than doubled since last year
With 4 Weeks to Go (Before the End of 2024) the FSF Has Already Raised Close to 100,000 Dollars
The FSF must be doing something right
"Linux on the Desktop" (Less Than a Third of Web-connected Computers Still a Desktop or Laptop)
It's like we're chasing a goal that's 2 or 3 decades in the past
[Meme] The Failure of Microsoft Rebranding Campaigns
market share down, costs soared, back to basics
2 Years Have Passed Since ChatGPT Vapourware and Bing Gained Nothing, Yandex is About to Overtake Microsoft in Search
A cause for concern at Microsoft?
GNU/Linux Rises to 4% in Ireland, ChromeOS Grows and Android Takes Windows' Lunch
Windows down to 22%
[Meme] Meanwhile at Intel (Where the CEO Got the Boot)
Well, if taxpayers pay to save Intel, then Intel should be publicly owned (by those taxpayers)
A Cult of Fake Security
It's almost as if there's a coordinated effort to weed out and drive away people who are passionate about security for the users, as opposed to the financial security of companies like Google and Microsoft
Why Your Web Site Should Also Support HTTP (Without 'Secure')
sites which force everybody to use HTTPS have an inherent accessibility problem
Gemini Links 02/12/2024: Long Hair and Spirituality, Technology and Nature
Links for the day
Windows Not Even a 'Thing' Anymore... in North America (Where It Originally Came From)?
StatCounter shows Windows isn't even listed as a leading platform in any country in North America
Links 02/12/2024: Obesity Crisis to Worsen, Syrian Coups Rebound
Links for the day
Months After Mass Layoffs at Microsoft Nigeria Windows "Market Share" Collapses (Now Measured at 5%)
Of course the winner is Android (new all-time high of 77.3%)
Microsoft Windows is Technically at 0% in Some Countries
It's not an important platform to target anymore
Windows Measured at 5.7% 'Market Share' in Philippines, GNU/Linux Rose to 5%
It was 3.62% last month
South America Has Made It (Android Majority Everywhere) and in North America New Records for GNU/Linux Usage
Windows monopoly rents cannot be salvaged
Windows Down to Only One in Six Internet- or Web-Connected Devices in Asia
it's not looking good for Microsoft
Microsoft Windows Market Share in the United Kingdom Has Fallen to About 20%
Microsoft knows the true numbers, but it would rather not tell
statCounter: GNU/Linux Up to 4.6%, Windows Down Sharply This Month (Almost 22% Worldwide)
Let's see it the figures stay stable throughout the month
Figures of Note: Tesla's Debt Has More Than Doubled in Two Years and It's a Symptom of a Fake Economic Order
Cash infusions by taxpayers can create "billionaires" who aren't "job creators" (see what happened to Twitter) and bring no benefits to these taxpayers, only poverty
Linux Foundation Let Linux.com Rot for Two Months and Now It Posts Ridiculous Spam
Mindless shopping site
Links 02/12/2024: Journalists Arrested, Tesla Factories Destroying the Planet and Public Health
Links for the day
Gemini Links 02/12/2024: Adventures With Bevy, Google Very Evil, Jumping Into Gemini
Links for the day
BetaNews is Still a Shrine of Microsoft, and Casually Also an LLM Slop Factory
Fake articles, anti-Linux FUD, and Microsoft propaganda make a sound "business model"?
[Meme] Cyber Monday is Not a Thing; There's No Such Thing (It's a Corporate SPAM Campaign Plaguing the Web)
Enough with these fake 'holidays' that billionaires (business oligarchs) keep inventing to make more money at other people's expense (debt)
Software Freedom Conservancy (SFC) and Linux Foundation: Same Mentality of Revisionism and Plunder
Lie about history and then 'cash in'
[Meme] Software Freedom Conservancy (SFC) Begs You for Donations
How does one even spend 20,000 dollars per month???
Why Software Freedom Conservancy Does Not Deserve Money (Karen Sandler is Already a Millionaire and Her Organisation Attacks Free Software Leaders)
These people speak for "Big Money" interests, not for freedom
On the internet [sic] (Lowercase), They Spread Misinformation About the Internet
Hugh Grant remembers what happened before he was born
Richard Stallman Was Getting Honorary Doctorates Almost Every Year Until 'Cancel Culture' Stepped in, Distracting From Jeffrey Epstein's Ties to Bill Gates
This finally ended... earlier this year (October)
Self-Deprecating Attacks on RMS
Drew DeVault seems to have deleted all of his social control media accounts
When Bills Are Rising, Whereas the Demand Isn't (OpenAI is Insolvent)
Latest month on record shows traffic fell about 3 times lower than earlier this year
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 01, 2024
IRC logs for Sunday, December 01, 2024
Links 02/12/2024: Climate, Sportwashing, and Software Patents
Links for the day
Gemini Links 02/12/2024: Words and Apologies, Being Rude, and Geminauts 0.1.0 Release
Links for the day