End-to-end encryption (E2EE) means only the sender and recipient can read a message. The service provider cannot — even under a court order.
Messages are encrypted on your device before transmission and decrypted only on the recipient’s device. The server transmits encrypted data it cannot read.
Signal and Proton Mail between two Proton addresses are end-to-end encrypted. Gmail is not. Google can read your emails.
E2EE protects content. It does not protect metadata.
What it means in practice
End-to-end encryption means the provider cannot read message content — they do not hold the keys. It does not protect metadata (who communicated with whom and when), and it does not protect content that is backed up to an unencrypted cloud service. WhatsApp uses E2EE in transit but its default iCloud/Google Drive backup is not E2EE. Signal’s backups are E2EE. Proton Mail between two Proton addresses is E2EE; Proton Mail to a Gmail address is not.
Related articles
A journalist was arrested because of an email. — How to communicate with confidential sources safely. — Digital privacy guide for NGO workers abroad.