You've heard end-to-end encryption pitched as the gold standard for private communication. WhatsApp has it. Signal has it. Telegram has it (for secret chats, at least). So we're all sorted, right?
Not quite. End-to-end encryption protects the content of your messages while they're in transit. That matters. But it doesn't address everything — and for certain threat models, the gaps it leaves are exactly what you need to worry about.
What E2E Encryption Actually Protects
When a messaging app says "end-to-end encrypted," it means the message is encrypted on your device before it leaves, and only decrypted on the recipient's device. The server in the middle only sees ciphertext — it can't read the content.
That's genuinely useful. It protects against the platform reading your messages. It protects against a network-level attacker intercepting traffic in transit. These are real threats worth defending against.
But here's what it doesn't protect:
- Metadata — who you talked to, when, how often, for how long. Most platforms log this even when messages are encrypted.
- Your identity — most apps require a phone number. Your account ties directly back to a real SIM, registered to a real name, purchased somewhere that has CCTV.
- The server knowing you exist — government requests go to the platform, not the encryption. The platform can hand over your account, your contacts, your message timestamps, your IP history.
- Future decryption — some implementations use long-term keys. If those keys are ever compromised — by a data breach, a legal order, or a vulnerability — previously recorded encrypted traffic could potentially be decrypted retroactively.
The metadata problem: In 2021, Signal confirmed it had almost no data to hand over in response to a US government subpoena — just account creation date and last connection date. But most other platforms keep far more. Phone numbers, IP addresses, contact graphs, message timestamps. None of that is protected by E2E encryption.
What OTR Was Built to Solve
Off The Record (OTR) messaging is a cryptographic protocol originally developed by Ian Goldberg and Nikita Borisov in 2004. It was designed specifically for conversations where the goal isn't just privacy — it's deniability and forward secrecy.
OTR provides four core guarantees that go beyond standard E2E encryption:
1. Perfect Forward Secrecy
OTR generates a fresh encryption key for every session — sometimes for every message. Once the session ends, those keys are deleted. Even if an attacker records every encrypted packet you ever send, and even if they later obtain your long-term private key, they cannot decrypt past conversations. The keys that encrypted them no longer exist.
2. Deniability
Unlike PGP-signed messages (which prove who sent them), OTR messages are designed so that after the fact, anyone could have produced them. There's no cryptographic proof linking a message to you specifically. You can plausibly deny having sent any particular message — and that denial has mathematical weight behind it.
3. No Long-Term Identity Keys
OTR sessions don't require you to register an account or tie yourself to a phone number. Keys are ephemeral. Sessions are temporary. When the conversation ends, both sides can close it and nothing persistent remains on any server.
4. Authenticated Encryption
OTR still authenticates messages to prevent impersonation during the session, while maintaining deniability outside of it. You know who you're talking to in the moment, but neither party can later prove to a third party what was said.
How It Compares
| Feature | Signal | OTR | |
|---|---|---|---|
| Content encrypted in transit | ✓ | ✓ | ✓ |
| Phone number required | Yes | Yes | No |
| Metadata logging | Extensive | Minimal | None |
| Perfect forward secrecy | Partial | Yes | Yes |
| Cryptographic deniability | No | No | Yes |
| Server knows you exist | Yes | Yes | No |
When Does Any of This Actually Matter?
For most conversations most of the time — catching up with friends, coordinating plans, sending memes — standard E2E encryption is fine. Nobody is targeting you specifically, and even if they were, the content protection is solid.
But there are situations where the metadata and identity exposure are the real risk:
- Journalists communicating with sources who face serious retaliation if identified
- Activists and organisers in countries with surveillance infrastructure pointed at dissent
- Whistleblowers who need to communicate without leaving a record that can be subpoenaed
- Anyone who needs a conversation to genuinely disappear — not just be "encrypted"
- People who simply believe they shouldn't have to hand their contact graph to a corporation to have a private conversation
That last one is underrated. The argument that "I have nothing to hide" misses the point. Privacy isn't about guilt. It's about who gets to decide what information about you exists and who can access it. Demanding a phone number to send a message is a structural choice. It doesn't have to be that way.
Our Encrypted Chat Tool
Our encrypted chat is built on these principles. No accounts. No phone numbers. No logs. Keys are generated fresh per session using X25519 Diffie-Hellman and discarded when the session closes. The relay server is a blind postbox — it passes encrypted packets without seeing their contents and keeps no records of who connected or when.
For those who want an extra layer, it's also available as a Tor hidden service — meaning even the IP addresses of participants are not visible to the relay.
🔒 Start an Encrypted Session
No accounts. No phone numbers. Keys deleted when you close the session.
Open Encrypted Chat →The Short Version
End-to-end encryption protects your message content. OTR protects your message content, your identity, your metadata, and your ability to deny the conversation ever happened. Those are different threat models, and knowing the difference lets you choose the right tool for what you actually need.