Why you should use end-to-end encryption
I recently added end-to-end encryption to my app, Neucards. It's a really important safeguard, so here is a quick explanation of what it is and why you need it.
What is end-to-end encryption?
When you send information to someone else, oftentimes, it is sent in a clear, readable form, meaning you or anyone could look at the information and understand the contents easily. Opportunities for others to peak at your information come when it is sent over a network or stored on a server. End-to-end encryption jumbles your information so that it is no longer understandable before it leaves your device and it can only be un-jumbled by the intended recipient on their device.
How does end-to-end encryption work?
The jumbling and un-jumbling of information is done using encrypt and decrypt functions plus a key. Keys are sometime as simple as a password or they can be incredibly large random numbers. The more difficult a key is to guess or obtain increases the security of your information. An encrypt function takes your clear information and a key to produce a cipher text, which looks like random characters. Similarly, a decrypt function takes a cipher text and the same key to produce the original clear information. Since both the encrypt and decrypt functions use the same key, they are called symmetric encryption.
symmetric encryption
encrypt("secret message", "password")
returns "98fh38f7h238je9h28ry3d"decrypt("98fh38f7h238je9h28ry3d", "password")
returns "secret message"
The problem is that you and someone else must agree on a shared key before you can exchange information securely and sending them the key insecurely defeats the purpose. To escape this conundrum, we will use public/private key pairs that are created to work in concert with each other.
A public key is available to anyone and may be stored on a server to be given to other people freely. The private key is only stored on a person's device and should stay protected. Combining your private key with another person's public key produces a shared key, which can be used to encrypt your information, like in the above example, before sending it to your server or to the other person. Only the other person's private key and your public key can be combined to produce the same shared key, so only they have the ability to decrypt your information. Because this process uses multiple keys, it is called asymmetric encryption.
asymmetric encryption
On your device
encrypt("secret message", theirPublicKey, yourPrivateKey)
returns "sdckjhiuw7t3hwiu8we"On their device
decrypt("sdckjhiuw7t3hwiu8we", yourPublicKey, theirPrivateKey)
returns "secret message"
End-to-end encryption uses public/private key pairs to protect your information from everyone except those you want to have access.
Do I need to adopt end-to-end encryption as a developer?
End-to-end encryption is meant to exchange information from one person to another person privately. Anytime you are dealing with chat messages, contact details, photos, or other potentially sensitive types of information, you should consider adding it. But, be forewarned that this is a very complex feature and you should follow proven examples of how to do it. One of the best groups for this is LibSodium.
Who is doing end-to-end encryption?
WhatsApp by Meta is making a big push and has even made a commercial explaining the concern.
Other major companies doing end-to-end encryption:
\* add on feature not enabled by default
Let me know if you have any questions! If you'd like more details, I'd be happy to do a follow up post.
After 19,314 lines of code, i'm shutting down my project
Need feedback for my product.
We are live on Product Hunt
Don't be a Jerk. Use this Tip Calculator.
Apple and Meta had information stolen by hackers posing as law enforcement. This is why e2ee is important. They can't give away what they don't have,
https://www.bloomberg.com/news/articles/2022-03-30/apple-meta-gave-user-data-to-hackers-who-forged-legal-requests?sref=ylv224K8
Brad, thanks for sharing. I'm building https://blocksurvey.io - end to end encrypted alternative to Google Form. Using TweetNaCl, PGP so far. How would you describe LibSodium and other salt frameworks available? How should the developer make a choice?
For me, it came down to cost and platform availability. LibSodium was an established library with multiple ports to different platforms, but it's documentation and examples were not always the easiest to follow. I made my own wrapper to deal with thing like images and that took a while to get right. The advice I got on encryption was to stick with the crowd, meaning try to find a broadly supported and maintained framework that works for your application.
What library or service do you use for e2e?
I use LibSodium with a wrapper I wrote to handle encoding images as well. It is cross platform which will help when I release a version of Neucards for Android or desktop.
Oh, thanks. I saw you mention LibSodium above but when you called it a "group" I thought it was a discussion group not actual software.
Many tutorials I see on the web for e2ee use services like virgilsecurity.com, seald.io, or tanker.io. Whato do you think of those services?
You are right. I should have been more clear about LibSodium being actual library. I did look at a few of those providers and I'm sure they are great, but, honestly, it came down to cost. I'm bootstrapping and offering a free product, so I needed something free. I should also add Signal Protocol to that list as another free option.
Thanks for sharing this info. I have always liked the idea of e2ee but I've never been able to either justify the costs of using an e2ee service and have been put off by the complexity of implementing e2ee myself. Thanks for sharing libsodium, that sounds like a good solution which I hadn't heard of before. I'm using firebase which does encryption in transit and at rest, which for many users is good enough, but I know some users will really want full e2ee at some point.
You are very welcome. I think as more people become familiar with e2ee and what it does for them, it will become a must have feature. Right now, people either just assume their data is protected or don't care too much about it, so it hasn't been a big driver for me in gaining users, thus far.
Identity theft, spam calls and emails, online scams, email hacking, etc. are all driven by access to people's personal information. It is a commodity literally sold to bad actors all the time.
I think that e2e encryption is a useful tool, but I'm having a hard time understanding its function in Neucards. As far as I can tell you share a contact via a link/QR code, so what are you protecting against with e2e encryption?
What's the security use case here? I understand why it's used for all the examples you gave, as those are predominately for chat/im/etc, but as far as I can understand, Neucards is a contact info sharing app.
Neucards also updates your contact info for everyone who has your card. To do this, it needs to store your contact info on a server so that everyone gets the latest when they sync after having been notified when you change your card's contact information. If that contact info was stored in plain text, then third parties would be able to gather private contact info on thousands of people by just reading my database. With end-to-end encryption, that is no longer possible and your contact info is protected.
Ah okay. Is this a protection in case your server is compromised?
In a sense, but it is also a protection from Neucards. I can't decide to one day sell people's private contact details to some marketer because I literally don't have access. I'm hoping to build trust in the contact space because I think that is sorely lacking. After all, there is a reason people don't post their home address or their private phone number on LinkedIn or Facebook.
That makes perfect sense and it seems like you've thought this through :) Thanks for clarifying!
yes! What a lovely breakdown. Really appreciating this, Brad.
Thank you! I'm happy to spread the word about end-to-end encryption.