If you’ve been shopping around for different online comms platforms, you’ve probably heard this phrase a lot. End-to-End Encryption (E2EE)- it sounds obscure and technical, but it should be perfectly straightforward. If an online communications channel such as video, text or audio chat is truly E2EE, then it means that the contents of your conversation cannot be seen, read or heard by anyone except you and the person you are talking to. Seems simple, right?
The problem is that companies often try to stretch or distort this definition, claiming that their product offers E2EE when in fact it provides nothing of the sort. It might be that one part of a company’s product is E2EE, while another is not – in these situations it’s in their interest to muddy the waters, so that consumers believe they are receiving a higher level of privacy than is actually the case. Zoom has a particular unfortunate record in this regard – they have been investigated by the US Federal Trade Commission and sued by their own shareholders for allegedly lying about E2EE in its products.
At Kuva, when we say that our entire service is E2EE, we want our customers to know exactly what we mean.
First, let’s clear up the technical side. E2EE is a way of making sure that video, audio and text messages sent over the internet cannot be read by any third party. As the messages leave your computer, they are translated into a secret code. There is only one key that can decrypt this code, and it belongs to the intended recipient of your message. Only when the message arrives at their computer or phone is its meaning revealed. This means that if some third-party were somehow to intercept the message en route, they would be unable to access its contents.
If any third-party has access to the private key, that isn’t true E2EE. If the data is decrypted at any point in-between you and the person you are talking to, that isn’t true E2EE.
Kuva’s approach to end-to-end encryption is simple. Only you and the person you are talking to have the keys to decode your conversation. There are no intermediate servers that can decrypt and read your messages, and no back doors. Neither Kuva itself, not any third-party, will ever have access to the contents of your communications.
One reason that many providers don’t offer true E2EE for video (aside from the fact that they want to harvest your data) is that it makes some features harder to deliver (as we’ll explore in a separate post). In these cases, providers generally make the decision to sacrifice user privacy in exchange for building a more feature-rich product. Kuva, however, will never do anything that compromises our ability to safeguard our customer’s personal data, so we only include those features which can be delivered in line with our privacy-first ethos. As we progress along our development road-map, you’ll find we’re able to offer more and more functions whilst still maintaining our best-in-class privacy guarantee, so keep an eye on our website for further news.