Even the Strongest “End-to-End” Encryption is Only Half the Battle

ChatMail   |   September 1, 2020

Cybersecurity Requires More than Just End-to-End Encryption

The word “encryption” conjures up the image of a bank vault of protection where telecommunications are fundamentally safe, and rightfully so. With end-to-end encryption, a user’s messages, photos, videos, voice messages, documents are elaborately encoded so an identity thief can’t intercepted them.

Only the intended recipient will be able to read it. But is getting “end-to-end encryption” alone enough to ensure your personal data is secure against a breach? Not exactly.

Other vulnerabilities require protection concerning safe data storage. If an encrypted message is only on the phone itself, it remains as protected as ever. But where are these messages stored, and where do deleted encrypted messages go?

Do they simply vanish, or are they still accessible? Are they even truly deleted? Are there any other data vulnerabilities requiring protection? Please keep reading to learn what makes the patented approach to encryption with ChatMail Secure fundamentally safe, and what makes other platforms claiming to have “end-to-end encryption” susceptible to a data breach.

How Can Deleted Messages Be Restored if They’re Deleted?

In 2014, Facebook purchased WhatsApp, the messaging platform used now by two billion people worldwide. In 2018, Facebook founder Mark Zuckerberg praised the security of “end-to-end encryption” in a congressional hearing.

Zuckerberg used the phrase “end-to-end encryption” as a stand-in for total security. His speech about encryption to lawmakers reflected the messaging in WhatsApp’s security and privacy page: “Privacy and security is in our DNA, which is why we have end-to-end encryption.”

WhatsApp insists that all calls and messages default to this type of encryption — there’s no way to turn it off, even if you wanted. A user can’t help but be totally secure!

End-to-end encryption is an invaluable part of a security solution, but it does not cover every vulnerability. One of the security pitfalls of WhatsApp is characterized by the company as a feature, rather than a potentially major liability.

WhatsApp has an auto-backup feature so users can access content or media they accidentally deleted. Also, if a person gets a new phone but maintains the same number, their WhatsApp messages and media content will be transferred to the new phone once they download the app.

That WhatsApp backs up or stores their messages may be very convenient for a person looking to smoothly transition from old phone to new or worried about lost conversations and photos. However, it’s impossible to restore this content unless it was saved somewhere, violating the spirit of security in end-to-end encryption.

Ultimately, to restore these messages and photos, they must be sent to a third-party location. This means that the user is now relying on their cloud provider hosting and storing the content for security, not on “end-to-end encryption.” So much for the “end-to-end” part.

ChatMail’s Data Centers

ChatMail’s state of the art encryption solutions offer a higher tier of security because we never save or store your data within our servers or on the cloud. The only pieces of information our servers ever store is your username, activation start date, expiry date, and notes and contacts should you choose to back them up with a secure password that you configure.

We wholly own our data center and operate in a democratic country that respects human rights, citizens’ privacy, due process, and encryption laws. If your message storage is outsourced to a third-party data center, you can’t know how seriously they take their maintenance or back-up protocols.

Even though WhatsApp boasts about end-to-end encryption, Facebook can actually access all your chat history and every single attachment. While the messages themselves are encrypted when sent, the database storing your WhatsApp chats doesn’t have any extra encryption protection.

Once again, the ChatMail Secure servers never store your sensitive phone data that must remain confidential, such as messages, group chats, call history, and more. We don’t prioritize anything above security and never take a shortcut.

Protection Beyond End-to-End Encryption

Phone security needs to be looked at holistically. Broadly, pull back and ask: is there any way for hackers or bad actors to obtain data? If so, what’s the point of even offering end-to-end encryption, if the encrypted content can still be stolen or downloaded?

ChatMail Secure’s proprietary design offers the same level of encryption security in every aspect of the phone, so identity thieves can’t access your phone’s content, even if they somehow come to hold the device in their hands. Here are some of the ChatMail features protecting your sensitive data that go beyond end-to-end encryption:

  • Tamper-proofing
  • Scheduled burn functionality
  • Duress passwords
  • Remote wipe and anti-theft protection
  • Notebook lock screen with custom PIN for two-factor security
  • Messages delete even if your phone isn’t connected to data

Ultimately, if your data gets stolen, it’s irrelevant which security gap caused the breach. Once the thieves possess this data, they can leverage it to undermine your business, drain your bank account or for extortion.

Your data will be safe even if the phone gets misplaced or pick-pocketed because ChatMail Secure puts the same effort into every aspect of security that we put into encryption.

Encryption and cybersecurity are a popular topic, and it’s easy to understand why. There have been many high-profile breaches affecting celebrities, multinational companies, and even major political parties.

The fallout from a hack can be debilitating and draining, whether you’re a CEO running a large company or a private citizen. Suffering a data breach causes financial drain and operational setbacks for a business that can be impossible to overcome.

End-to-end encryption is an essential part of security, but it’s not the only thing that matters. The level of protection driving users to demand end-to-end encryption must be applied consistently across every aspect of the phone. Don’t be lulled into a false sense of security by providers who use “end-to-end encryption” as a buzzword, but don’t follow through with world-class security measures such as tamper-proofing, remote wipes, and ensuring the data is never stored on a third-party server.

Articles used for reference: Source 1 , Source 2 , Source 3 and Source 4

Recent Articles