Every day, we send, store and share huge amounts of information online: messages, documents, passwords, payment details and personal data. Encryption helps keep that information safe by making it unreadable to anyone who should not have access to it.
But encryption is not always straightforward. This article explains the basics of encryption, how it is used in communication and storage, which platforms offer stronger protection by default, and what you can do yourself to handle sensitive information more securely.
Not interested in the technical explanation? Skip ahead to Platforms or Our tips.
What is encryption?
Encryption turns readable information into unreadable information. Because data can be intercepted or altered while in transit, encryption is used to secure communication and storage.
Related terms
Types of encryption
Symmetric encryption
With symmetric encryption, the sender and recipient use the same secret key. It is fast and efficient for large amounts of data, but the key must first be exchanged securely.
- AES (Advanced Encryption Standard) is used in, among other things, banking apps, ZIP, BitLocker, WPA2/WPA3 and TLS.
Asymmetric encryption
With asymmetric encryption, each user has two keys:
- a public key (which anyone may know)
- a private key (only for the owner)
This type of encryption is used in, among other things, digital signatures, itsme and TLS.
Homomorphic encryption
Homomorphic encryption (HE) allows calculations to be performed on encrypted data without first decrypting it. At present, this is mainly used in specialised applications because it requires a lot of computing power.
Encryption during communication
End-to-End Encryption (E2EE)
With end-to-end encryption, only the sender and recipient can read the content of messages. Even the service provider normally cannot decrypt the content. It is important to know that E2EE usually protects only the content of messages. Metadata, such as the time and location of sending, often remains visible. For example:
- Emiel sends Eline a message on Monday 29/06 at 11:15:
“Have you checked that Make scenario?”
The content of the question is encrypted, but the identity of the sender and recipient, as well as the time at which the message was sent, are still visible.
Point-to-Point Encryption (P2PE)
With point-to-point encryption, data is encrypted between two specific points in a network. The data is protected while it is being transported between two systems, but it can be decrypted on intermediate servers for further processing. For that reason, P2PE generally offers less protection than E2EE.
Attacks on cryptographic systems
Brute-force attack
An attacker systematically tries all possible keys or passwords. Strong passwords and multi-factor authentication (MFA) can help protect against this.
Man-in-the-middle attack
An attacker positions themselves between two communicating parties. TLS certificates are designed, among other things, to prevent this type of attack.
Platforms
Although end-to-end encryption significantly improves privacy, some platforms deliberately choose not to encrypt all communication end to end. Some possible reasons include:
- Server functionality: with E2EE, the server cannot perform certain functions, such as spam detection, search functions and AI functionality.
- Moderation and safety: to monitor and protect against hate speech.
- Technical complexity: E2EE involves quite a lot of work.
- Ease of use: cloud backups and synchronisation across multiple devices are more difficult.
- Legal obligations: with E2EE, a platform cannot decrypt the content of messages in response to, for example, a court order.
Below, we show which platforms offer E2EE by default.
Platform | E2EE | Text | Audio/video | Notes |
Proton Drive | ✅ | |||
Dropbox | ❌ | |||
Google Drive | ❌ | |||
OneDrive | ❌ | |||
WeTransfer | ❌ | |||
Obsidian | ✅* | *with Obsidian Sync and E2EE enabled | ||
Airtable | ❌ | |||
Confluence | ❌ | |||
Monday | ❌ | |||
Notion | ❌ | |||
iMessage | ✅ | ✅ | ||
Signal | ✅ | ✅ | ||
Threema | ✅ | ✅ | ||
WhatsApp | ✅ | ✅ | ||
Wire | ✅ | ✅ | ||
Discord | ❌ | ✅ | ||
Telegram | ✅* | ✅** | *for secret chats
**for one-to-one calls | |
Microsoft Teams | ❌ | ✅* | *for certain one-to-one calls | |
Slack | ❌ | ❌ | ||
Proton Mail | ✅ | |||
Gmail | ❌ | |||
iCloud Mail | ❌ | |||
Outlook (Microsoft 365) | ❌ |
Google Drive
iCloud
WeTransfer
Our tips
- Always use HTTPS.
- Pay attention to certificate warnings.
- Use a password manager and use unique passwords.
- Never share passwords via the same channel as the encrypted file.
- Encrypt files using encryption tools (Cryptomator, VeraCrypt, 7-ZIP) or password protection.
- Enable multi-factor authentication (MFA).
- Update software regularly using updates to protect against known vulnerabilities.
- Carefully check the recipient before sending sensitive information.
- Limit access rights according to the least privilege principle, also known as the principle of minimal privileges (see also Access in Information Architecture).
- Make regular encrypted backups and test whether you can restore them.
Conclusion
Encryption is an essential building block of digital security, but it is not a silver bullet. Information security depends just as much on correct configurations, strong passwords, regular software updates and the user’s behaviour. Signalgate is a good example of how the way software is used can create a problem.
A good security strategy combines encryption with thoughtful use, secure procedures and a healthy awareness of the risks.