DR is now used in Signal, Viber, WhatsApp, and other IM apps. The Double Ratchet algorithm was introduced to solve this issue. If your opponent is offline, the communication process is temporarily impossible. The main drawback of OTR is that after sending a key, you have to wait for confirmation from another end. It is a safe scheme as long as participants check each other’s public key fingerprints regularly and try to resist attacks coming from other vectors (that are constantly growing.) The OTR protocol authenticates the conversation participants and encrypts information traveling between them. You can always claim that the party which intercepted your communication modified the ciphertext. This AES – CTR method provides the so-called “disputable” encryption and the opportunity to deny the text authorship in case it is intercepted. It makes use of the AES symmetric encryption in CTR mode, the Diffie–Hellman key exchange method, and the SHA-1 hash function. Initially, instant messaging applications utilized the Off-the-Record ( OTR) protocol. Convenience is put above privacy and security. It is sad but a lot of mathematically perfect ideas get spoiled once implemented. In Telegram web app, E2EE is used only in secret chats, and it is implemented strangely. In Viber, end-to-end encryption is inactive by default. WhatsApp is practically the same as Signal, except for one critical point: changing the main subscriber’s key does not block sending him messages. To begin with, in each particular messenger, E2EE has its own features and characteristics. Simply put, people usually choose the messenger app with their heart and not their brain. “The vast majority of interviewed participants did not understand the essential concept of end-to-end encryption.” The study called Obstacles to the Adoption of Secure Communication Tools ( PDF) inspired me to write this article. The essence of E2EE often boils down to the fact that keys are stored only on interlocutors’ devices and do not get to the server… but this is not always true. Let’s see how end-to-end (E2EE) is handled by popular instant messaging apps, such as Telegram web app, Signal, Viber, WhatsApp, and others.Į2EE is considered a panacea when dealing with persistent attempts of hackers or government agencies to intercept online correspondence. If you are considering a secure IM add-on for your CS-Cart eCommerce website, read this post to know which messenger app to select.