End-To-End Encryption
End-to-End Encryption for XMPP Instant Messaging
Certain actors, be they governments, intrusive corporations, or just individuals with access, will not be deterred by laws that are meant to protect your privacy. Outsiders have access to your communications in a ways that are hidden from you and from the legal authorities designated to protect you.
There are three ways in which an outsider can access your instant messages:
As you communicate over the internet, your packets pass through many routers that are controlled by the companies that maintain the internet. When you send messages to the e2e.ee server, your packets are encrypted using Transport Layer Security (TLS). An outsider with access would be able to see that you are communicating with the e2e.ee server, but he could only read the communication if he had strong enough decrypting power. Splitters exist that provide outsiders continuous copies of internet traffic for review. TLS encryption is likely not an obstacle to governement actors.
Messages sent through the e2e.ee server are decrypted on the server, removing TLS encryption, and then encrypted again with TLS and sent to the recipient. Messages are stored in an archive on the server that is used to synchronize chat history on multiple devices. Here is an example of an archived message:
<message
type='chat'
to='gruñón@e2e.ee'
id='purplee37d5ec5'
from='pickernoodle@e2e.ee/3WqkL6_h'>
<body>Hey gruñón! We need to keep this a secret! Do not mention it to anyone!</body>
</message>
If the participants use End‑to‑End Encryption, only the metadata of each message is in plain text as seen in this example:
<message
type='chat'
to='pickernoodle@e2e.ee'
id='purple9312d747'
from='gruñón@e2e.ee/pidgin'>
<body>?OTR:AAMDVhx5UEYhGKsBAAAAAgAAAAMAAADAx4ifhy/Tuj5HH6UG/y
U3TtV+xvPAMX0IYpPI/NZUOBX7rbqD2zkzqzX7TnLGBts316/k
PIHVQ8cAJ0R5CNeL4GkqjPFhX8A84V8b5l9Jl8H5V0XKKozG+2
xUbSaRDxrFVZwjdySWd/jIImdY7aTMiqMPlFakn4g06USKwmSq
dl+JLp4H//b/3lKofE86ZHASbnk2GfEaSonqT3hDe1h5VGiegO
HJ2YkNID0wsiGAhArVCxgN5W4j9fwSsuYkR4xHAAAAAAAAAAEA
AAABnnYoyUp4ODVsPvRDOJJXFDdW0GTsAAAAFC0mENFfAElR7R
+TUfR3n3pAV/U1.</body>
</message>
Messages exist in decrypted states on the participant’s devices. If an interested outsider gains access to one of the devices, physically or remotely, encryption will not prevent him from snooping.
Simply by using e2e.ee you have a heightened level of privacy because, unlike other services, neither your email address nor your mobile phone number has an association with your account.
Here are some additional steps you can take to increase your privacy even more depending on your needs:
Topics covered on this page:
End-to-End Encryption for XMPP Instant Messaging
Anonymize your instant messaging traffic over the Tor Network.