What Is End-to-End Encryption? Explained Simply
— Written by Brendan G., Founder & Developer
End-to-end encryption is the technology behind WhatsApp's "messages are end-to-end encrypted," Signal's locked padlock, and the reason ProtonMail can claim it can't read your emails. This guide explains what it actually means, how it works under the hood, and — crucially — why most popular cloud services, messaging apps, and file sharing tools don't actually use it.
The One-Sentence Definition
End-to-end encryption (E2EE) means that data is encrypted on the sender's device and can only be decrypted on the recipient's device — no server, company, intermediary, or eavesdropper in between can read it.
The "end to end" refers to the two ends of a communication: the person sending and the person receiving. Everything in between — including the company's own servers — sees only an encrypted, unreadable blob.
The Postal Analogy: Why Most Encryption Isn't End-to-End
Here's the clearest way to understand the difference between the types of encryption:
No encryption is like sending a postcard. Anyone who handles it can read it — the postal worker, anyone at sorting facilities, the recipient's neighbors.
Encryption in transit (TLS/HTTPS) is like putting the postcard in a sealed tube while it travels. Your local post office can read it, the destination post office can read it, but random people can't intercept it in transit. The company handling the tube can open it at any time. This is what Gmail, Dropbox, WeTransfer, and most cloud services use.
End-to-end encryption is like putting the postcard inside a locked box that only the recipient has the key to open. You hand the locked box to the postal service. They carry it, store it, maybe even open the outer packaging — but the inner locked box is sealed. The postal service cannot read the message. No post office can. Only the recipient's unique key can open the inner box.
That's end-to-end encryption. Your device holds the keys. The server holds locked boxes it cannot open.
How End-to-End Encryption Actually Works
The technical mechanism behind E2EE is based on asymmetric cryptography (public-key cryptography). Here's how it works in practice:
- Each user has two mathematically linked keys: a public key (shareable with anyone) and a private key (known only to them, never leaves their device).
- When Alice wants to send a message to Bob, she encrypts it using Bob's public key. Only Bob's private key can decrypt the result.
- The encrypted message travels to the server. The server stores and relays the ciphertext. The server never sees the plaintext.
- Bob receives the encrypted message and uses his private key to decrypt it. The message appears in plaintext only on Bob's device.
In practice, most E2EE systems also use a session key (symmetric encryption like AES-256) for efficiency, with the asymmetric key exchange used only to establish that session key. But the result is the same: the server handles only ciphertext it cannot decrypt.
For file sharing specifically — like how FileShot works — the process is slightly different because there isn't necessarily a "recipient key pair." Instead:
- A random 256-bit symmetric key is generated in the browser.
- The file is encrypted with that key using AES-256-GCM.
- The key is placed in the URL fragment:
fileshot.io/d/abc#key=XYZ - The fragment is never sent to the server — browsers intentionally omit the
#fragmentfrom HTTP requests. - The encrypted file is stored on the server. Whoever has the full URL can fetch and decrypt the file. The server cannot.
This is a form of zero-knowledge end-to-end encryption, and it's exactly how FileShot protects every file you upload.
Experience E2E encrypted file sharing
Upload a file — encrypted before it leaves your browser →AES-256-GCM. No account. Server sees only ciphertext.
Which Apps Actually Use End-to-End Encryption?
The term "encrypted" is used loosely. Here's the honest breakdown:
| App / Service | Encrypted? | Server Can Read? | Notes |
|---|---|---|---|
| Signal | E2EE (Signal Protocol) | No | Gold standard for messaging E2EE |
| E2EE (Signal Protocol) | No (message content) | But collects metadata (who, when, how often) | |
| iMessage | E2EE (Apple to Apple) | No | Falls back to unencrypted SMS to Android |
| Gmail | TLS only | Yes | Google reads emails for spam, services |
| Slack | TLS only | Yes | Workspace admins can read all messages |
| Dropbox | Encrypted at rest (server holds keys) | Yes | Dropbox scans files for malware, CSAM |
| Google Drive | Encrypted at rest (Google holds keys) | Yes | Google can be compelled to produce files |
| ProtonMail | E2EE (Proton to Proton) | No | Non-Proton recipients get password-protected delivery |
| FileShot | Zero-knowledge E2EE (AES-256-GCM) | No | Key never sent to server. Files up to 10 GB free. |
Why Does It Matter if the Server Can Read Your Files?
You might think: "I trust Google / Dropbox / WeTransfer. Why does it matter if they can read my files?"
There are several scenarios where it matters:
- Data breaches. If the cloud service is breached, all your unencrypted files may be exposed. Dropbox was breached in 2012 exposing 68 million passwords. If files were client-side encrypted, a breach would expose only useless ciphertext.
- Legal compulsion. US companies can be served with National Security Letters requiring them to hand over data and prohibiting them from telling you. If the company holds keys, your files go with that request. If they don't hold keys, there's nothing to hand over.
- Insider threats. Employees at cloud providers have access to file contents in some cases. Rogue employees, impersonators, or social engineering attacks can expose files.
- Policy changes. The service terms can change. A company acquired by another might suddenly have different policies about scanning your content.
- Jurisdictional risk. If you store legal, medical, financial, or commercially sensitive documents on a cloud service, the laws of the server's jurisdiction apply — not yours.
End-to-End Encryption vs. Zero-Knowledge: What's the Difference?
These terms are related but distinct:
End-to-end encryption means the provider cannot read content while it travels or is stored. It focuses on the transmission and storage model.
Zero-knowledge means the provider has no knowledge of your data — including no knowledge derived from analytics, metadata processing, or key management. A zero-knowledge system goes further than E2EE: it means the provider cannot assist in decrypting even if legally compelled, because the key was never created on or transmitted to their systems.
FileShot's model is zero-knowledge: the encryption key is generated in the browser, used to encrypt the file in the browser, embedded in the URL fragment (which browsers never transmit to servers), and the server receives only ciphertext. There is no way for FileShot to decrypt your files — not through engineering effort, not through legal compulsion, not through a breach. The mathematical structure makes it impossible.
Is End-to-End Encryption Unbreakable?
The encryption algorithms used in E2EE — AES-256, ChaCha20, X25519 — are not practically breakable with any known technique or computational power on Earth. To brute-force a 256-bit AES key would require more energy than the sun will produce in its lifetime. The math is settled.
However, E2EE can be bypassed in other ways:
- Compromised endpoints. If your device or the recipient's device has malware, the attacker can see the plaintext before or after decryption. The encryption is fine — the endpoint is the problem.
- Implementation bugs. A correctly designed algorithm can be badly implemented, creating side-channel vulnerabilities. This is why open-source, audited implementations matter.
- Key management flaws. If the encryption key is ever transmitted to or generated on the server in error, the zero-knowledge property is broken. This is why independent security reviews of E2EE services are important.
- Social engineering. Tricking a person into revealing their key or password is not breaking the encryption — it's bypassing it entirely.
The bottom line: strong E2EE protects you from the service provider, data breaches, and network interception. It does not protect against attacks on your own device.
Why Don't All Apps Use End-to-End Encryption?
If E2EE is so secure, why don't all apps use it? Several reasons:
- Features that require server access. Spam filtering, virus scanning, content search, deduplication, AI features — all require the server to read content. If files are E2EE, the server cannot scan them. Google Drive's search, Dropbox's malware detection, and Gmail's spam filter all require reading your content.
- Data monetization. Many free services monetize user data. E2EE makes this impossible.
- Complexity and cost. Key management for large user bases is technically complex. If a user loses their key, their data is permanently unrecoverable — most consumer services choose convenience over security here.
- Regulatory pressure. Some governments push against E2EE, arguing it enables criminal use of communications. UK Online Safety Act, EU CSAM scanning proposals, and others have targeted E2EE services.
FileShot accepts these trade-offs deliberately. Server-side features like AI-powered search are not possible. The server cannot verify file integrity or scan for malware. These are the costs of zero-knowledge encryption — and for privacy-first users sharing sensitive files, they're the right costs to accept.
Try genuine zero-knowledge E2E encrypted file sharing
AES-256-GCM. Key generated in your browser. Server receives only ciphertext. No account required.
Share a file securely →Frequently Asked Questions
What is end-to-end encryption in simple terms?
It means a message or file is locked on the sender's device and can only be unlocked on the recipient's device. Nobody in between — not the internet provider, not the company running the servers, not the company's own employees — can read it. The "end to end" describes the two ends of the communication: the sender and the receiver.
What does end-to-end encrypted mean on WhatsApp or iMessage?
When WhatsApp says messages are end-to-end encrypted, it means only you and the person you're messaging can read them. WhatsApp's servers deliver the encrypted messages but cannot decrypt them. WhatsApp does collect metadata (who contacts who, how often), but not the message content. iMessage is end-to-end encrypted between Apple devices; it falls back to unencrypted SMS when messaging Android users.
Is Gmail end-to-end encrypted?
No. Gmail uses TLS to protect email in transit and encrypts stored messages at rest — but Google holds the decryption keys. Google can read your emails. They use access to content for spam filtering, phishing detection, and service improvements. For end-to-end encrypted email, use ProtonMail or Tutanota. Even then, emails to non-E2E email services leave the E2E system.
What is the difference between encryption in transit and end-to-end encryption?
Encryption in transit (TLS) protects data while it travels between your device and a server. The server can read it when it arrives. End-to-end encryption protects content so that the server can never read it — not in transit, not at rest. The server receives and stores a sealed, encrypted object it cannot open. Only the person with the key (at the other "end") can open it.
Can end-to-end encryption be broken?
The mathematical backbone — AES-256, X25519 — cannot be broken by brute force with any conceivable computing technology. However, E2EE can be bypassed if the recipient's device is compromised, if the implementation has bugs, or through social engineering. The encryption algorithm is not the weak link — endpoints and key management are. This is why the source code of E2EE implementations should be audited and open for inspection.