Transport-Layer Encryption vs End-to-End Encryption - GIF
During the course of a digital security training, participants often learn that they should encrypt their information in transit, like emails, chats, messages, and cloud storage. Learners come away from a training with an appreciation for encryption. However, they may not come away learning that there are different ways of using encryption.
It’s also important for learners to be able to distinguish what the encryption they are using to protect their information does and does not protect against. One way to clarify this conversation is to point out two different types of encryption for their information in transit: transport-layer encryption, and end-to-end encryption.
HTTPS and VPNs are examples are of transport-layer encryption, which is a way of encrypting data in transit.
In a digital security workshop, learners gain exposure to HTTPS (they perhaps learn: “I should use HTTPS instead of HTTP because it’s encrypted!”). In some cases, they may also learn about VPNs (“I should encrypt my connections because I don’t want eavesdroppers on my network spying on what I’m looking at online.”).
When someone is using transport-layer encryption, they are putting trust in the company providing that service. For example, using HTTPS for their email means that they are trusting their email service provider to keep their user data safe from everyone, except for people who work for the company. Using a VPN might mean that they are putting trust in the VPN service itself and all the VPN company’s hosted servers. For some participants, this is enough.
However, what about participants with a unique set of risks, with unique threat models? What about if your participants don’t trust their service provider? Perhaps they cannot trust their service provider, and are worried about companies retaining their data. Perhaps they are worried about legal threats, and about their companies being compelled to give up their user data.
This is where end-to-end encryption is useful. End-to-end encryption is a way of using encryption that ensures that information is turned into a secret message by its original sender (the first “end”), and decoded only by its final recipient (the second “end”).
We created a GIF demo to illustrate the difference between transport-layer encryption and end-to-end encryption.
The client we use in this demo is Tor Messenger, which we no longer recommend (its development was ended in 2018), but you can still use this GIF for explaining how end-to-end encryption can be helpful in preventing a third-party service from seeing the content of the chat.
Two Google users are able to obscure their conversation from the company providing the chat service by using end-to-end encryption.
The facilitator can explain that an eavesdropper has to have access to the company service in order to see the messages. Even though the chat is using a form of encryption by being on HTTPS, this doesn’t mean that it is encrypted directly between the two people.
Though this can sound like a limited circle of people who can access these chat messages, it is not as limited as people might think. The company’s chat logs are accessible to many people, such as employees of the company or any malicious agents who have hacked into the company’s servers, and are also open to legal threats, such as by government officials requesting the data of certain users.
Suggested questions to explore with learners:
What is visible to someone on the same wireless network as the conversing users? Are they able to see the content of the conversation, given that it’s on HTTPS?
What is visible to employees of the company service, given that it’s on HTTPS?
What kind of metadata and data are visible to employees of the company service when transport-layer encryption is used? What kind of metadata and data are visible to employees of the company service when end-to-end encryption is used?
What are some examples where you might want to use end-to-end encrypted chat instead of just transport-layer encrypted chat?
What is end-to-end encryption?
This GIF can also be used to spur a discussion among learners for evaluating whether they trust popular consumer products that use just transport-layer encryption.
Facilitators should emphasize a harm reduction framework with this point: in some cases, participants’ most secure option is to use popular consumer products (such as Google, Slack, Dropbox, Facebook, Twitter, and so on) that offer transport-layer encryption, as these companies can have large security and legal defense teams which may prioritize protecting their customers’ data.
It is important to consider the threat model of your participants to see what services they already use, what they are comfortable adopting, and whether their concerns align with legal considerations in their context.
To learn more about which companies have your back against government data requests, the digital security trainer may want to read about EFF’s Who Has Your Back? project.
To evaluate whether these services might be a good match for your participants’ unique security concerns, the trainer may also want to look into what two-factor authentication services are offered per service, and what tools participants are comfortable with.