ThinkableWhat is this?

End-to-end encryption

The Lock That Even the Locksmith Can't Open

Every message you send through a well-designed encrypted app is unreadable to the company that built it — and that is not a bug, it is the entire point.

The Idea

Most security on the internet works like a bank vault: the institution holds the key, and you trust them to keep strangers out. End-to-end encryption (E2EE) does something structurally different. It ensures that only the two people at the ends of a conversation — sender and recipient — ever hold the keys. The service in the middle transmits a sealed box it cannot open. The mechanism relies on a beautiful piece of mathematics called public-key cryptography. Each user has two keys: a public one, which anyone can use to encrypt a message to you, and a private one, which only your device holds and which is the only thing capable of decrypting it. Your private key never leaves your phone. The server never sees it. Even if the company is hacked, subpoenaed, or compelled by a government, they have nothing useful to hand over — just a stream of ciphertext that is computationally infeasible to crack. What makes this genuinely surprising is how recent this capability is in everyday life. For most of human history, private communication required physical proximity or trusting a courier. The idea that two people on opposite sides of the planet could exchange a message that no intermediary can read — not the carrier, not the state, not the platform — is one of the quietly radical things the internet has made routine. Most people use it every day without registering how strange and powerful that is.

In the World

In 2016, the FBI found itself in a standoff with Apple over the locked iPhone of a gunman involved in a mass shooting in San Bernardino, California. Investigators wanted Apple to create a modified version of iOS that would let them brute-force the device's passcode. Apple refused, and Tim Cook published an open letter explaining why: if Apple built that capability once, the tool would exist forever, available to every government that could demand it. The case was quietly dropped after the FBI paid a third-party firm to access the device through a different vulnerability. But the episode crystallised the central tension in E2EE: law enforcement calls it 'going dark' — the idea that encryption is creating spaces where criminals can operate beyond reach. Cryptographers and civil liberties groups call the proposed solution — a 'backdoor' accessible only to authorised parties — a mathematical impossibility. A key that only good actors can use does not exist. Any deliberate weakness in an encryption system is a weakness, full stop, available to whoever finds it first. Signal, the messaging app whose encryption protocol now underpins WhatsApp, iMessage, and others, was built specifically on this principle. Its founder, Moxie Marlinspike, designed it so that Signal the company is structurally incapable of reading your messages — not merely unwilling, but technically unable. That distinction is the whole architecture.

Why It Matters

The debate around E2EE is often framed as privacy versus security, but that framing concedes too much. Encryption is itself security — for journalists protecting sources, for dissidents in authoritarian states, for abuse survivors communicating with support networks, for ordinary people who simply prefer their conversations not to be a commodity. Understanding the basic architecture changes how you evaluate the apps you use. 'Encrypted' on a company's website means almost nothing without knowing whether it is end-to-end or only in transit — the difference between the platform being unable to read your messages and merely choosing not to. Many services encrypt data in transit but store decryptable copies on their servers, meaning a legal request, a breach, or a policy change could expose everything. The question 'who holds the key?' is one of the most important things you can ask about any digital service that handles your private information. The answer tells you whose interests the system is actually designed to serve.

A Question to Ponder

If a service cannot read your messages even when legally required to, does that make it more trustworthy — or does it shift responsibility for harm in ways that should make us uncomfortable?

Get a new one of these every morning.

Start learning with Thinkable
One topic like this, every day.Start free