End-to-end encryption works. The math is solid, the implementations in Signal and iMessage are well-audited, and a message traveling between two phones is, for practical purposes, unreadable to anyone intercepting it in transit. That part of the story is true and worth defending.
The problem is that most people have extrapolated from that truth to a much bigger claim: that encrypted messaging makes their communications private. It does not. Encryption protects one segment of a message’s life. The segments before and after that window are exposed in ways that matter enormously, and the tech industry has done a remarkably poor job of explaining where the protection actually stops.
The Math Works. The Endpoints Don’t.
When you hit send on Signal, your message is encrypted on your device using your recipient’s public key. It travels as ciphertext through Signal’s servers, which cannot read it. It arrives on your recipient’s device and decrypts locally. This is end-to-end encryption working exactly as advertised.
Now consider everything adjacent to that transaction. The message sits in plaintext on your phone before you send it and on your recipient’s phone after they receive it. If either device has a stalkerware app installed, an unpatched OS vulnerability, or a malicious MDM profile, the plaintext is exposed before encryption or after decryption. The cryptographic tunnel was perfect. The stations at each end were not.
This is not a theoretical attack surface. The NSO Group’s Pegasus spyware, documented extensively through the Citizen Lab’s investigations, specifically targeted endpoints rather than encrypted transit. It didn’t crack Signal. It didn’t need to. It read messages directly off the screen.
Metadata Is a Different Kind of Exposure
Even when message content is protected, metadata frequently is not. Who you message, how often, at what hours, from what locations — this information can be as revealing as the content itself. Signal has worked harder than most on metadata protection, including sealed sender and private contact discovery. Most other “encrypted” messaging apps have not.
WhatsApp, owned by Meta, encrypts message content end-to-end. It also collects substantial metadata that flows to Meta’s advertising infrastructure. The content of your conversation about a health diagnosis is private. The fact that you had it, with whom, and for how long is not. For most threat models, that distinction is meaningful. For some, it is decisive.
The legal system has long understood that metadata surveillance is easier to justify and harder to challenge than content surveillance. Phone records, not recordings, built many of the most significant federal prosecutions of the past three decades. Encrypted messaging shifted the battlefield without eliminating it.
Encryption Doesn’t Protect You From Your Recipient
This point is so obvious that it gets overlooked. End-to-end encryption means the message is decrypted at the endpoint. The endpoint is another human being who can screenshot, forward, print, or read your message aloud into a recording device. Nothing about the cryptographic protocol prevents this.
This is not a criticism of encryption. It is a description of reality. The legal exposure from leaked private messages in professional and legal contexts has increased as people have placed more trust in “encrypted” platforms and communicated things they would not have written in email five years ago. The confidentiality expectation has outrun the technical guarantee.
The Counterargument
A reasonable pushback is that perfect should not be the enemy of good. Encryption in transit prevents mass surveillance of the kind that was routine before it became widespread. The Snowden disclosures showed bulk collection of communication data at scale. Widespread adoption of end-to-end encryption made that kind of collection far less useful for content intelligence. That is a genuine and important improvement in the state of the world.
Fair enough. But that argument is about population-level privacy, not individual privacy. If you are a journalist protecting a source, an abuse survivor communicating with a lawyer, or a whistleblower deciding what to document, the population-level improvement does not help you if your specific endpoint is compromised, your metadata is collected, or your recipient is untrustworthy. The people for whom privacy matters most are often in exactly those specific, high-stakes situations.
The good version of the counterargument is: encryption is one control in a set of controls, and it is a crucial one. The problem is that it is rarely sold that way. It is sold as a solution.
What Actually Protects You
Honest communication about encrypted messaging means acknowledging that protection is layered and incomplete. Encrypted transit is necessary but not sufficient. You also need device hygiene, operating system updates, careful selection of recipients, and an accurate threat model for your actual situation.
The Signal Foundation has been notably more honest about this than most. Their security documentation is clear that physical device access defeats their protections and that disappearing messages exist partly to limit endpoint exposure. That transparency is what good security communication looks like, and the rest of the industry should copy it rather than leaning on the word “encrypted” as a marketing claim that implies more than it delivers.
End-to-end encryption is one of the most important privacy technologies deployed at scale. It is also, in the way it is commonly understood, a form of misdirection. The message is safe in the middle. Pay more attention to the ends.
