The Electronic Frontier Foundation (EFF) has launched a new campaign, Encrypt It Already, urging major tech companies to implement and improve end-to-end encryption (E2EE) across their products and services.
The initiative calls out firms like Apple, Google, Meta, and others for delaying or weakening privacy protections, and outlines specific, achievable demands to fix long-standing encryption gaps.
The new campaign follows in the footsteps of EFF’s 2019 Fix It Already campaign, which successfully pressured companies to resolve long-neglected security and privacy issues. The initiative is organized into three categories of industry demands, namely delivering on promised features, enabling privacy defaults, and launching entirely new protections.
Keeping promises
EFF highlights three key commitments that companies have publicly made but have yet to deliver:
Meta (Facebook Messenger) still does not support E2EE in group chats, despite completing the rollout of E2EE for one-on-one conversations in 2023. While group encryption was promised, it remains in limited testing, leaving group chats exposed to potential corporate or governmental access.
Apple and Google have both pledged to support end-to-end encryption for RCS (Rich Communication Services), the modern successor to SMS. Although Apple joined the RCS standard in 2024 and Google is already testing encryption under the RCS Universal Profile 3.0, fully interoperable, cross-platform encryption remains absent.
Bluesky, the decentralized social media platform, has repeatedly promised E2EE for its direct messaging system as part of its protocol (atproto), but the feature is still missing. Despite acknowledging the need for privacy-focused communications, the platform has yet to deliver the promised infrastructure.
Privacy by default
EFF argues that features offering end-to-end encryption should be enabled by default to avoid misleading users.
Telegram supports E2EE in “Secret Chats,” but these must be manually activated and are device-specific. The app’s default chats remain server-accessible, contradicting its widespread perception as a secure messaging platform.
WhatsApp offers encrypted backups, but they are not enabled by default. This creates a significant loophole: even if messages are encrypted in transit, they could be exposed in unencrypted backups unless users manually change the setting.
Ring, Amazon’s video doorbell and security camera company, does support encrypted video storage, but the option is buried behind a 16-step process that disables over a dozen other features. The default setting leaves sensitive home surveillance data potentially accessible to Amazon and law enforcement.
Ring, in particular, has resumed close cooperation with police departments, including support for real-time livestreaming. Enabling encryption by default could significantly limit law enforcement’s access to consumer video feeds without owner consent.
Launching new protections
EFF is also demanding the introduction of new encryption-focused features that other platforms have already proven feasible.
Google Authenticator still lacks end-to-end-encrypted backups, two years after launching cloud backup support in 2023. This puts users’ two-factor authentication tokens at risk if their Google account is compromised.
Android backup data remains ambiguously protected. Unlike Apple’s Advanced Data Protection, which gives users control of their iCloud encryption keys, Google offers no equivalent option. Its documentation vaguely references encryption tied to device screen locks, but lacks transparency into which data is protected.
Apple and Google AI integrations, such as Apple Intelligence and Google Gemini, raise concerns about how operating system-level AI might interact with secure messaging apps. EFF is calling for a new per-app AI permission setting that lets users block AI systems from accessing sensitive app data, similar to location or microphone permissions.
EFF emphasizes that launching end-to-end encryption isn’t enough; it must be done transparently and responsibly. The organization urges companies to:
- Publish user-friendly blog posts and technical white papers explaining their encryption implementations.
- Provide clear documentation on what is and isn’t encrypted, including user-facing settings and controls.
- Embrace data minimization principles to reduce metadata collection whenever possible.
EFF stresses that meaningful encryption implementation requires both secure code and informed users. Confusion around what is protected undermines privacy, even in technically secure systems.
EFF encourages users to take action by enabling E2EE features wherever they’re available and advocating for broader adoption. The campaign’s website offers ready-to-share social media messages and links to feature request pages for Apple, Bluesky, Facebook, and others. For Telegram and Ring, users can upvote existing requests to amplify EFF’s demands.
Leave a Reply