End-to-end encryptionEnd-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from seeing the plaintext data because they do not have access to the private key needed to decrypt the conversation.In many messaging systems, including email and many chat networks, messages pass through intermediaries and are stored by a third party, from which they are retrieved by the recipient. Even if the messages are encrypted, they are typically only encrypted 'in transit', and then either stored in decrypted form by the third party or if they are encrypted, the key is stored in the same database, making unauthorized access possible. Even with a strong combination of at rest and in transit encryption, there are always gaps along the way which leave the message data exposed in plaintext.Storage providers justify this weak security in order to provide search and other features, or to scan for illegal and unacceptable content, but it also means they can be read and misused by anyone who has access to the stored messages on the third party system, whether this is by design or via a backdoor). This can be seen as a concern in many cases where privacy is very important, such industries with strict regulatory compliance obligations, users living under repressive governments, whistleblowing, mass surveillance, businesses whose reputation depends on its ability to protect third party data, negotiations and communications that are important enough to have a risk of targeted 'hacking', and where sensitive subjects such as health information about minors are involved.End-to-end encryption is intended to prevent data being read or secretly modified by anyone other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipient retrieves the encrypted data and decrypts it themselves.