What is an encrypted message?
Encryption is the process of scrambling information to make sure only it’s only seen by people you want to see it. Encrypting messages like texts or emails is a secure way to communicate so only you and the recipient can see the content. In this answer, I explain what end-to-end encryption is and how it is used.
What are encrypted messages?
Encrypted messages are messages which prevent unauthorized people from viewing them. Encryption is important because it can protect sensitive information shared on the internet and without it, many processes, such as banking or shopping, could not take place. For example, logging into your bank account requires you to enter a password. Or you buying a pair of shoes online requires you to enter your address and credit card information. What happens to the information you enter?
In these situations, your passwords, credit card details, and other personal information are sent to the vendor through the internet infrastructure operated by various companies, including your internet service provider.[1] When in transit, the companies and organizations that operate the infrastructure of the internet have access to the encrypted data but can’t view the original data due to the encryption.
End-to-end encryption (E2EE) is process that uses algorithms - a set of rules - to scramble the data, making it indecipherable to anyone other than the sender and recipient.[2] When you send a message like an email or text (E2EE or not), it travels through various intermediaries including the different companies and infrastructure that make up the internet.
Specifically, the message goes from your phone to the servers of the messaging app developer, then to the recipient's phone. In non-E2EE, your phone encrypts the message, the server decrypts it (thus can see its contents), then re-encrypts it and sends it to the recipient's phone, where it's decrypted again. In E2EE, your phone encrypts the message, and the server simply sends it onward to the recipient. The server is not capable of decrypting it.
Where is E2EE used?
Standard text messages that are sent through your cell phone carrier aren’t E2EE and while they may be encrypted between your phone and carrier, they are vulnerable to attacks.[3] You may have heard of Whatsapp, a messaging app advertised as secure thanks to E2EE. But they’re not alone. There are many different alternatives such as Telegram, Facebook Messenger, and Signal.[4] If you have an iPhone, iMessage includes E2EE, however this only applies to texts to other people on iMessage. If you send text messages to others it is sent as an SMS message (“short message service”), indicated by a green bubble.[5]
Email security depends on the application used and the level of subscription. For example, enterprise or company email services usually have more security features than free email services. While messages and attachments are generally protected by built-in security features, to protect attachments from being forwarded or viewed by users other than the recipient, you typically need to go through a few extra steps. Although Gmail is currently introducing E2EE for emails, it is limited only to users on specific plans. Outlook on the other hand offers E2EE and in order to activate it, you can follow the instructions.[6] Another way to encrypt your attached files is to use built-in encryption methods within services such as Microsoft Word, Excel or Apple Preview.
Despite additional security features, email does contain inherent vulnerabilities and is not completely safe from external viewers. For completely secure file sharing and messaging, a service like Signal may be better for you.
Does Wi-Fi use encryption and what is a VPN?
Password-protected wifi requires a password so that unauthorized people can’t connect to the network. An encrypted network means that the traffic - emails, text, etc - is encrypted while it travels from your machine to another machine. You can tell if a wifi network is encrypted by a little lock symbol. While the information you send and receive can still be interpreted by system administrators, depending on the layers of encryption, they are generally safe from being seen by other users. On the other hand, if you are connected to open wifi networks, which are typically not password protected, the information that you send is more vulnerable.[7]
Two ways that you can protect your data in this situation is to stick to sites with the “https://” prefix (as opposed to “http://”). This “s” indicates that your data is encrypted. In Google Chrome, encryption is also indicated by a lock directly to the left of the website URL. Another way is to use a virtual private network (VPN). VPNs have built-in security features such as encryption that protect your data even on public wifi networks. These are becoming increasingly popular and we’ll answer questions about them in a later post!
With increasing regulation around data privacy and security, there has been an increase in the transparency and availability of tools to protect yourself. Now that you know more about E2EE and how you can protect your data and messages, you can find a solution that works for you!
Thanks to Cassia Artanegara, Will Monge, and Jessica Traynor
Footnotes
[1] https://www.ibm.com/topics/end-to-end-encryption
[2] https://brave.com/glossary/encryption/
[3] https://www.howtogeek.com/709373/why-sms-text-messages-arent-private-or-secure/
[4] https://www.nytimes.com/wirecutter/guides/online-security-secure-messaging-apps/
[5] https://www.businessinsider.com/guides/tech/why-are-my-iphone-messages-green
What do you want to know about data, privacy, or technology?
Data Curious is a public resource supported by Good Research LLC in collaboration with the Center for Digital Civil Society at University of San Diego.
To contact us, send us an email at hello@datacurious.org.