Understanding End-to-End Encryption

End-to-end encryption (E2EE) means that messages are encrypted on the sender's device and can only be decrypted on the recipient's device. The service provider in the middle — whether it is Signal's servers, Apple's iMessage relay, or WhatsApp's infrastructure — transports ciphertext that it cannot read. Even if the provider is hacked, compelled by a court order, or run by a malicious actor, the message content remains confidential.

How E2EE Differs from Transport Encryption

Most internet communication uses transport encryption (TLS/HTTPS), which encrypts data between your device and the server. The server decrypts the message, processes it, and may re-encrypt it before forwarding. This means the service provider can read your messages. E2EE adds a second layer: even after TLS is stripped by the server, the message payload remains encrypted with keys the server does not possess.

• Transport encryption (TLS): You -> [encrypted] -> Server (decrypts, reads) -> [encrypted] -> Recipient
• End-to-end encryption: You -> [E2EE encrypted inside TLS] -> Server (cannot read E2EE layer) -> [E2EE encrypted inside TLS] -> Recipient

The Signal Protocol: How Modern E2EE Works

The Signal Protocol, developed by Moxie Marlinspike and Trevor Perrin, is the gold standard for modern E2EE. It is used by Signal, WhatsApp, Google Messages (RCS), and Facebook Messenger. The protocol combines several cryptographic primitives to achieve a powerful set of security properties.

• Key agreement (X3DH) — establishes a shared secret between two parties who have never communicated, even if one is offline.
• Double Ratchet — continuously rotates encryption keys with every message, so compromising one key reveals only a single message, not the entire history.
• Forward secrecy — past messages cannot be decrypted even if your long-term identity key is later compromised.
• Post-compromise security — if an attacker gains temporary access to your keys, security is automatically restored as the ratchet advances.

What E2EE Protects (and What It Does Not)

E2EE protects the content of your messages from the service provider, network observers, hackers who breach the server, and legal demands served on the provider. However, it does not protect everything.

• Metadata — who you communicate with, when, how often, and the size of messages may still be visible to the server. Metadata alone can reveal a great deal about your life.
• Endpoint compromise — if the recipient's device is compromised by malware, the attacker reads decrypted messages directly. E2EE only protects data in transit and at rest on the server.
• Screenshots and forwarding — the recipient can always screenshot, copy, or forward your decrypted messages.
• Backup leaks — if messages are backed up to iCloud or Google Drive without additional encryption, the backup is a point of exposure.

Verifying E2EE: Safety Numbers

To ensure no one is intercepting your communication (a man-in-the-middle attack), you should verify "safety numbers" or "security codes" with your contacts. In Signal, tap a contact's name, then "View Safety Number." Compare the displayed number with your contact in person or via a separate trusted channel. If the numbers match, you can be confident that no third party has inserted themselves between your devices.