[{"data":1,"prerenderedAt":113},["ShallowReactive",2],{"\u002Fno-end-encryption":3},{"id":4,"title":5,"body":6,"date":93,"description":94,"extension":95,"meta":96,"navigation":109,"path":110,"published":109,"seo":111,"stem":12,"__hash__":112},"content\u002Fno-end-encryption.md","No-End Encryption",{"type":7,"value":8,"toc":85},"minimark",[9,13,17,22,25,28,31,34,37,41,44,47,50,54,57,60,63,66,69,73,76,79,82],[10,11,5],"h1",{"id":12},"no-end-encryption",[14,15,16],"p",{},"End-to-end encryption is one of the most repeated phrases in software security. It also describes something that does not exist in the way most people picture it.",[18,19,21],"h2",{"id":20},"there-is-only-one-end","There Is Only One End",[14,23,24],{},"The mental model most people carry for E2EE looks like this: a message leaves your device, travels encrypted through servers that cannot read it, and arrives decrypted only at the other person's device. Two ends. A sealed tunnel between them.",[14,26,27],{},"That picture is wrong in a specific way.",[14,29,30],{},"When two devices communicate using end-to-end encryption, they both run the same algorithm. They both know the same math before the conversation starts. The protocol is agreed upon in advance — baked into the software, published in a spec, the same on both sides. There is no secret discovery happening mid-conversation. Both devices already know how they are going to talk.",[14,32,33],{},"Which means, in any meaningful sense, there is only one endpoint: you. You just run the same code on two machines.",[14,35,36],{},"The \"other end\" is not a separate entity with independent cryptographic identity. It is another instance of the same process, executing the same operations you are executing, producing outputs that your operations are designed to accept. The end-to-end framing implies two distinct poles in a system. What actually exists is one algorithm running in two places simultaneously.",[18,38,40],{"id":39},"the-name-problem","The Name Problem",[14,42,43],{},"\"End-to-end encryption\" is a useful shorthand for a specific property: the servers in the middle cannot read the content. That is the property the name was invented to communicate. It is a meaningful property and worth caring about.",[14,45,46],{},"The confusion enters when people treat the name as a description of the underlying structure rather than a property of the system. The name suggests geometry — two ends, a channel between them. The reality is algebra — two devices executing the same function with the same keys.",[14,48,49],{},"When someone says \"end-to-end encrypted,\" they typically mean: only the participants can read the messages. Fine. But that claim rests on a set of assumptions that the name does not make visible: who controls the key generation, whether the algorithm is open to inspection, and — most importantly — how you decided who the other participant is.",[18,51,53],{"id":52},"the-verification-problem-cannot-be-solved-from-inside-the-system","The Verification Problem Cannot Be Solved From Inside the System",[14,55,56],{},"Here is the actual hard part, stated plainly.",[14,58,59],{},"If you meet a stranger and they say \"my name is Paul,\" and only the two of you exist in the world, you can either accept that name or invent your own name for them. There is no way to validate the claim. Validation requires something outside the interaction — a third party who knew Paul before, a document, a prior relationship. If nothing exists outside the two of you, the name is just a label you agreed to use.",[14,61,62],{},"The same logic applies to encryption keys. When you receive a public key that is supposed to belong to a specific person, you face exactly this problem. The key says \"I belong to Alice.\" Inside the system — inside the encrypted channel itself — there is no mechanism to confirm that claim. Confirmation requires something outside: a certificate authority, a trusted third party, a key fingerprint verified over a separate channel, or a social relationship that predates the cryptographic one.",[14,64,65],{},"This is not a failure of E2EE. It is the boundary condition of any two-party closed system. Validation and trust always come from outside, or they are assumptions baked in as hypotheses at the foundation of the system.",[14,67,68],{},"True E2EE — the version worth the name — is the system where you encrypt and only you decrypt. Nobody else. Not the server, not the provider, not the protocol designer. Just you. Everything else is a version of that idea with additional parties added and additional trust assumptions made, whether or not those assumptions are stated clearly.",[18,70,72],{"id":71},"what-this-changes","What This Changes",[14,74,75],{},"Nothing about the math breaks. The cryptographic operations in Signal, in WhatsApp, in iMessage are real and the security properties they provide are real. The encryption is genuine.",[14,77,78],{},"What this perspective changes is where you look when evaluating a system. The question is not \"does it use end-to-end encryption?\" The question is: \"who decided what the other end is, and how?\"",[14,80,81],{},"If the answer is \"the app vendor decided, at install time, using a server they control,\" then the property you care about — only the participants can read the messages — depends entirely on trusting that vendor. The encryption is real. The trust model is a choice someone made for you.",[14,83,84],{},"The name conceals this. Calling it \"end-to-end\" suggests the ends are self-evident and user-controlled. They are not always. They are always a product of decisions made at the layer below the encryption.",{"title":86,"searchDepth":87,"depth":87,"links":88},"",2,[89,90,91,92],{"id":20,"depth":87,"text":21},{"id":39,"depth":87,"text":40},{"id":52,"depth":87,"text":53},{"id":71,"depth":87,"text":72},"2022-10-10","End-to-end encryption is not a mathematical property. It is a naming convention for a protocol where two devices run the same algorithm. There is no second end — only you.","md",{"sitemap":97,"schemaOrg":100},{"lastmod":93,"changefreq":98,"priority":99},"monthly",0.6,[101],{"@type":102,"headline":5,"description":103,"author":104,"datePublished":93,"keywords":108},"Article","End-to-end encryption is not a mathematical property. It is a naming convention for a protocol where two devices run the same algorithm.",{"@type":105,"name":106,"url":107},"Person","Luca","https:\u002F\u002Flucacicada.me","end to end encryption, e2ee, encryption explained, no-end encryption",true,"\u002Fno-end-encryption",{"title":5,"description":94},"Ysd_k_t7aY4oxwbBgHm7vZ4-DnAP3CxLnkXaKTKj2H8",1779966719810]