End-to-end encryption (E2E) means that messages are encrypted on the sender's device and can only be decrypted by the intended recipient. No one in the middle — not the platform, not the ISP, not a government intercepting traffic — can read the content. The Signal Protocol, developed by Moxie Marlinspike and released in 2013, is the gold standard of E2E encryption and is used by Signal, WhatsApp, Facebook Messenger's Secret Conversations, and Google Messages. It is genuinely excellent at protecting message content.
What E2E Encryption Does Not Protect
The common mistake is assuming that "encrypted" means "private." E2E encryption protects content in transit. It does not protect metadata — and metadata is enormously revealing. Even with E2E encryption, your messaging app may still disclose: who you are communicating with, how often and at what times, the size and type of files shared, your device identifiers, your IP address and approximate location, and your account creation and last-seen status.
Signal is often cited as the privacy benchmark. In 2022, Signal received a US federal grand jury subpoena. The only data it could provide was: a user's phone number, the date the account was created, and the date the account last connected to Signal's servers. That is all Signal stores. By contrast, WhatsApp — despite using the same Signal Protocol for message content — can be compelled to provide contact lists, profile photos, about information, and IP address logs.
The Backup Problem
Perhaps the most significant gap in E2E encryption is cloud backup. When WhatsApp or iMessage messages are backed up to Google Drive or iCloud, they may leave the encrypted environment. Until 2021, Google Drive backups of WhatsApp messages were stored in plain text. Law enforcement regularly requests message history from cloud backup providers rather than the messaging app, because cloud providers are legally separate entities subject to different warrants.
The Most Private Architecture
True privacy requires not just encrypting data in transit but never storing it at rest. A platform that transmits messages via encrypted WebSocket connections and never writes them to any database provides protections that E2E encryption alone cannot: there are no backups to request, no server-side copies to subpoena, and no metadata logs to analyze. The content of the conversation and its very existence as a stored fact both vanish simultaneously when the session ends.