Start for free
Andrew Milich / 2.27.2021Home / guides

Demystifying end-to-end encryption

Privacy-first software should feel as effortless as any other piece of software
End-to-end encrypted messaging, document, and email products
We at Skiff want to make privacy effortless for everyone. That’s why we’re so excited to be sharing this post about end-to-end encryption (E2EE) and our product.

Keep your work private with end-to-end encryption

End-to-end encryption helps people communicate without revealing the contents of their messages to anyone in between, including the service provider. Skiff uses E2EE not only for messaging, but also for all writing, collaboration, and communication on our platform, including documents, comments, titles, messages, and more. Encryption keys are only known to our users, and not to us.

End-to-end encryption: Beyond messaging

Today, many products we use for remote work and collaboration - including messaging, note-taking, and video conferencing - take only superficial measures when it comes to protecting your data and privacy. Recently, however, E2EE has become the expected standard for messaging: From iMessage and WhatsApp, to Signal and Telegram, billions of people are using end-to-end encrypted messengers (we certainly hope you are!). These messaging products end-to-end encrypt all communications by default, keeping content and personal data private from service providers.Yet, there are so many other services beyond messaging apps that could benefit from the high level or privacy and security provided by E2EE. The reason Amazon, Microsoft, Google, and Apple have not been able to make the full switch is that privacy - and particularly end-to-end encryption - must be built into products from the ground-up. It requires designing authentication algorithms, distributing public keys and private keys to users, and intentionally designing software that collects less personal information and metadata. When products are built without these technical requirements in mind, it's hard for a product to pivot and distribute encryption keys to every user, stop collecting individuals' personal information, and start to encrypt all communications and data on the platform.

Skiff: Privacy-first from the start

Skiff is building E2EE as a core design principle for all parts of online work. A lot of the work you do online can be become sensitive at the drop of a dime, and you shouldn’t have to be constantly adapting to different products. In years past, using end-to-end encryption required keeping track of personal encryption keys (such as PGP keys) or pasting messages into encryption platforms or complex command line tools. Today, privacy can and must be built-in from the start as the basis of every product we use.Below, we have a simplified diagram illustrating the workings of a collaboration platform that, like most of today’s dominant providers, does not use E2EE. The diagram illustrates how changes made to a shared document by one user (“Bob”) are made available to a second user (“Alice”).
Bob, pictured on the far left, makes an edit on the document. Bob sends the edits in plaintext to the service provider's server (Note: The data may be encrypted over the network connection from Bob to the server using HTTPS). After Bob logs in, the server receives his edit and merges it into the document. Now, Alice - another collaborator on the document - is sent a copy of the new version of the document with Bob’s changes. In this process, the technology provider has access to everything Bob writes and the entire document. In some cases, this data is fed in to providers' monetization or prediction algorithms.

Collaborating with end-to-end encryption

In this second diagram, we share Skiff's version. Bob makes an edit, and - before sending it to the provider - encrypts it with a symmetric encryption key shared only between him and Alice (and never shared with Skiff). Alice then receives Bob's encrypted edit, performs validation and decryption, and subsequently merges it into the document.
In the Skiff E2EE case, however, Alice and Bob's document is kept private to the intended recipients and never exposed to any central technology provider. In this way, data ownership is decentralized and private to the two editors Alice and Bob, as it should be. The first case requires that Alice and Bob trust that service provider's databases, endpoints, and servers are protected from data breaches, misuse, and cyberattacks. In the second (E2EE) case, Skiff case adds a layer of encryption to their private information that is unbreakable by the technology provider. The Skiff model is how all consumer technology should be built - even if you're not protecting sensitive healthcare or financial data (and you just prefer privacy).The Skiff model doesn't just keep Alice and Bob's diary for their eyes only. It is fundamentally designed, from the ground up, to authenticate and protect personal and sensitive information. Once systems are designed, built, and scaled, it is difficult to increase privacy and extremely challenging to simply add end-to-end encryption. At Skiff, we've spent years building modern privacy and cybersecurity as the cornerstone of products that look and feel like those we love to use today. For more details, check out our white paper here.

Today... and the future of privacy-first

Today, our product builds E2EE into document collaboration and group communication. Tomorrow, we see it as the foundation of an ecosystem of privacy-first software built to be usable, beautifully designed, and secure from the ground-up. If you’re interested in taking our product for a test run, sign up for our waitlist at http://skiff.org/beta.

Related articles

Signal messenger, private secure and encrypted messaging and communication
Jason GinsbergThe migration to encrypted messaging and the futureMore and more people are taking steps to protect their online information
Password lock and secure end-to-end encrypted documents and files
Jason GinsbergLocking down your documentsLearn how Skiff's security features protect your most sensitive information
Notion logo with red security warning badge in the corner.
Skiff TeamIs Notion end-to-end encrypted?Is Notion end-to-end encrypted? Are your notes, wikis, and documents safe and secure?
Image of text with real time collaboration on a document with half blurred.
Jason GinsbergWhat is end-to-end encryption, and is it secure?End-to-end encryption has become an absolute necessity for messaging and communication today. How does it work?
Multiple cursors collaborating on an encrypted document.
Sunny LiHow does encrypted collaboration work in real-time?Collaborating in real-time requires complex algorithms. How can it be done end-to-end encrypted and completely privately?
Email client to server diagram with SMTP protocol.
Arpeet KaleHow does an email server work?You may use email every day. How does email securely send mail around the world?
Text in envelope with picture split down the middle with right side blurred.
Andrew MilichWhat is encrypted email, and is it secure?Encrypted emails are a necessity for privacy and cybersecurity. Learn everything you need to know about using encrypted email providers and other good email security practices.
Gmail vs Skiff encrypted private email header
Skiff TeamIs Gmail Encrypted?Gmail is not end-to-end encrypted. Can it be trusted?

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required
Skiff Logo
Twitter iconDiscord iconGitHub iconLinkedIn iconYouTube icon
© 2023. All rights reserved.
ProductsMailPagesDriveCalendarPricingDownloadRoadmap
ResourcesBlogHelpAbout usChangelogFor startupsFree online notepadVideos
Top ResourcesAnonymous emailEnd-to-end encryption emailSecure documentsCloud storage guideCloud data protectionHave I been hacked?
DeveloperGitHubLibrariesSkiff Crypto docsSkiff UI docsWhitepaperReport an issueStatus
LearnEmail securityCloud storage
LegalPrivacy policyTerms of serviceAcceptable use policyTransparency