Explain It Like I'm Five: Encrypted Messaging

What is end-to-end encryption?

A messaging system where only the users can participate. This means your internet provider, mobile provider, law enforcement and even the company that makes the app you are using can’t read your messages.

How does it work?

The exact method can vary, but the basic idea is that messages are, to use a technical term, “all jumbled up.” Your app will automatically un-jumble (or “decrypt”) them with a key that only people in the conversation have, meaning anyone who intercepts a message or pulls it off of a server can’t read it.

Why is everyone talking about it?

After several years of delays, Facebook launched end-to-end encryption for Messenger on Thursday. Users have been able to encrypt messages by choice since 2016, but it will now be the default.

If it’s been available for so long, why is making it a default setting a big deal?

In addition to bringing more privacy protections to 1 billion Messenger users, developers and cryptographers consider it a minor technical marvel. Meta had to make hundreds of features like emojis, GIFs, and custom themes work in an encrypted system.

But the company also needed to create a system for data recovery and synching messages. If messages are stored in the cloud, systems can have a hard time knowing what a message is or who it belongs to without peeling back a level of security. If data is stored locally on a phone, users can’t recover it if they lose their device, and will miss messages if they switch between a mobile and desktop version of Messenger.

How did it do this?

It created a new system that creates a user-specific data storage area. It can be accessible to multiple devices with a pin, and uses multiple, rotating keys that not only let a user revoke access from an old device when they move to a new one, but ensures Meta itself can’t read any encrypted messages.