Privacy glossary

Encryption

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

What is encryption?

Encryption is a cryptography term that means a message or data is indecipherable to outside observers. In Web browsing, this can mean data is unreadable as it moves across the internet. If the data is also only readable by the site or app you want to view, it would be “end-to-end” (E2E) encrypted.

Note that E2E encryption has very specific technical requirements, and most services that claim to offer it actually don’t. Also note that in some cases the parties on the website you’re viewing can see your message content (e.g. Facebook can see what you post in the WhatsApp client).

When you use the Internet, you’re sending and receiving a lot of important data: passwords, banking information, private messages and photos, and so on. Encryption mathematically combines your data with a small chunk of secret data called a key (which is often, though not always, randomly-generated), in turn resulting in an unintelligible version of the data called “ciphertext.” A person or device with the key can then decrypt the ciphertext, mathematically combining it with the key to get the original data back. Anyone who doesn’t have the key can’t get the original data back.

Why is encryption used?

Encryption is essential for Web privacy because the data you send and receive over the Internet has to pass through a long series of servers (the specialized computers that websites and apps live on). Many different entities control those servers, including administrators of the network you’re connected to, your Internet service provider (ISP), and various Internet infrastructure companies that you’ve likely never heard of.

Without encryption, all those entities could read or even manipulate your data if they wanted to. With encryption, they can’t read your data even as it passes through their systems. They just see unintelligible nonsense. Only the entity that the data is actually destined for, such as the server of a website you’re visiting, has the right key to decrypt it.

Encryption is just one part of a broader field called cryptography, which offers techniques for things like detecting when data is tampered with, and proving one’s identity over the Internet.

Is my data encrypted?

Most of what you send and receive while browsing the Web—passwords, private messages, emails, and so on—is encrypted as it moves between your device and the website you’re accessing. You can tell whether your connection is encrypted by looking in your Web browser’s address bar: if the URL begins with “https://” (as opposed to “http://”), then your traffic is encrypted.

It’s important to understand, though, that the fact that your traffic with a website is encrypted doesn’t necessarily mean anything about the website’s other data privacy or security practices. Even if your data is private as it moves across the Internet to the website, the website could then store it insecurely, or share it with other companies against your will. It could even be a phishing website.

Does WiFi use encryption?

When you join a Wi-Fi network, if the network’s name has a lock icon next to it when you join it, then your data is encrypted between your device and the wireless access point. That means that other people on the network can’t read your data. However, the administrators of the access point may still be able to read your data, if it isn’t encrypted another way. Just because you had to enter a password to join the network doesn’t mean your Wi-Fi traffic is private.

Do VPNs provide encryption?

If you’re on a public Wi-Fi network, or any network or ISP that you don’t trust, the best practice for privacy is to use a VPN, such as Brave VPN. Your data will be encrypted as it moves between you and the VPN provider, so it gets past the untrusted network or ISP securely.

If you use a VPN, it’s important to use a trustworthy provider, because the provider can read your traffic. There are unscrupulous VPN providers that sell information about your activity to third parties. Free providers are especially likely to do this.

What is full disk encryption?

Another important application of encryption, separate from Internet usage, is full-disk encryption. This is a feature of major operating systems, such as Windows and macOS, that encrypts your computer’s hard drive so it can only be decrypted with your password.

Without full-disk encryption, someone who stole your computer could read the contents of the hard drive by removing it from the computer; full-disk encryption prevents that. You enable full-disk encryption in your system settings; on Windows it’s called BitLocker, and on macOS it’s called FileVault.

What is end-to-end encryption?

Most person-to-person communication on the Internet, like email and text messaging, does not go directly from one person to the other. Instead, it goes through an intermediary, like an email server, or a messaging app’s server.

Even if the messages are encrypted as they move across the Internet, they may be decrypted while on the intermediary’s servers. End-to-end encryption (E2EE) is an improvement on that situation: it means the messages are encrypted all the way from the sender to the recipient, and the intermediary doesn’t have the keys to decrypt them. 

E2EE is important for privacy, because malicious employees of the server operator could read them. It’s also possible that governments or law enforcement agencies could take advantage of an intermediary’s access to decrypted message content. They can compel the server operator to give them access to your messages. These concerns are true not only of email, but of text messaging (SMS), and even some messaging and videoconferencing apps.

With an E2EE messaging app, the app’s server still handles relaying the encrypted messages between people, but it does not have the keys to decrypt them. Thus, it’s impossible for the vendor to read the contents of your messages, whether maliciously or on behalf of law enforcement.

E2EE is relatively new as a consumer technology. Over the past several years, various app developers have been adding it to their products. Brave Talk supports E2EE in most situations. Another notable E2EE product is the popular messaging app Signal.

However, it’s important to note that even products that support E2EE may not enable it by default, or may not support it in all situations. Unfortunately, there has even been one high-profile case of a company making false claims about their product’s E2EE support.

Ready for a better Internet?

Brave’s easy-to-use browser blocks ads by default, making the Web faster, safer, and less cluttered for people all over the world.