Peer-to-Peer & End-to-End Encrypted Conversations — Are they really private?

The need for private conversations to remain private nowadays is a topic that is always up for debate, but people are still entitled to privacy regardless of what it is. We need privacy is our lives to help us feel safe, and protect personal information such as PIN numbers, passwords and credit card information. This is the kind of information that can be passed between two people not via word of mouth but electronically via mobile phones and messaging apps like WhatsApp or Facebook Messenger.

These kinds of messaging apps claim to use a process named peer-to-peer encryption which is a system of communication where the only people who can read the messages sent back and forth to each other, are the two people engaging in the conversation. Many companies like to shout and beat their chests about how much their communication apps are heavily encrypted, to the point where they through claims out that no eavesdropper, not even the company that operates the messaging app can read the messages. However, this raises a vital question of “If these apps are so heavily encrypted, and not even the company can read the messages sent on them, then who has the key?”

Most of the time, the company itself is actually the one who holds the key to decrypt the messages, and if this is the case, then so does the cyber hacker who breaks through the security. Not to mention any government who is putting pressure on the company to release private conversations.

To combat this rising issue of privacy, some communication apps are now adopting a method known as end-to-end encryption. This is the notion that messages that are sent are encrypted in such a way that only the recipient of the message can decrypt and read it, and not anyone who gets in the way. To look at it another way, only the endpoint computers that hold the necessary cryptographic keys, and the company’s server acts as an illiterate messenger merely passing on messages that it can’t even read.

This is where something called public-key encryption comes into play, which is a program that is installed onto your computer that mathematically generates a pair of keys. One of them is the private key (secret key), which is used for decrypting messages that have been sent to you. The other one is called the public key and this is used for encrypting messages that are sent to you, which has been designed in such a way that only the corresponding private key can decrypt the messages. This key can ultimately be shared with anyone who wants to encrypt a message that they intend to send to you.

Going back to end-to-end encryption, it might seem like it is technologically robust, but the truth is it still isn’t immune from people snooping on your private conversations. Rather than trying to break the encryption, which would require a lot of time and energy, a clever hacker may simply try and pretend that he or she is in fact the intended recipient of the message. An attempt like this is a way so that messages are encrypted to their public key, instead of the original recipient. Once the hacker has decrypted the message, they can then encrypt it to the original recipients actual public key and send it on without being detected. This sort of technique used by hackers is known as man-in-the-middle attack and in an attempt to prevent this from happening, some end-to-end encryption services have come with a plan of generating unique one time strings of characters that are based on the two users’ public keys. How this would work would be the two people communicating would read out the passphrase to each other and if the passphrase matches, then there is no one in the middle, intercepting their messages.

Considering this issues, all Peer-to-Peer cryptocurrency exchange platforms must integrate End-to-End encryption, so that only users should have access to their private conversation while exchanging cryptocurrencies to fiat money.

Simpledex.org exchange platform releasing beta version of the app in March. Beta version includes end-to-end encryption of messages between buyers and sellers with other main features.