TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources СLOUD SECURITY ENDPOINT SECURITY MOBILE SECURITY REMOTE WORKFORCE Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. 'Encrypt It Already' Campaign Pushes Big Tech to Prioritize E2E Encryption The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption (E2E) by default across their services, as privacy concerns mount amid increased AI use. Arielle Waldman, Features Writer, Dark Reading February 6, 2026 6 Min Read SOURCE: BACKYARD PRODUCTIONS VIA ALAMY STOCK PHOTO A new encryption initiative from the Electronic Frontier Foundation (EFF) urges large technology and communications companies to follow through on previously made data and privacy protection promises and finally implement end-to-end encryption (E2EE) features for user data and communications. Called Encrypt It Already, the campaign focuses on three elements: releasing features the companies have already promised, turning on existing E2EE features by default, and launching data protection capabilities that other companies already have. Examples include Bluesky finally launching E2EE for its direct messages, Ring enabling E2EE on its cameras by default, and Google offering E2EE for Android backup data. E2EE "is the best way to protect our conversations and data," the EFF wrote in a blog post. Users of popular and emerging social media and communication apps — such as Facebook, Bluesky, Telegram, and Signal — expect their conversations and data to remain private. Concerns arise when service providers have access to that data, and they increase when they share it with third parties, including law enforcement and government agencies, without users' knowledge. E2EE effectively shuts out third parties from sharing the information because they can't even see what is being communicated. LOADING... Related:When the Cloud Rains on Everyone's IoT Parade Some Broken Promises While big companies should always strive for higher privacy and security standards, the initiative isn't intended to cast blame or shame any organization. Instead, Encrypt It Already aims to "empower people" to control their privacy and data, Thorin Klosowski, a security and privacy activist at EFF, tells Dark Reading. It often feels like E2EE keeps getting put on the back burner in favor of shinier features, he adds. When social media app Bluesky launched direct messages in 2024, it said it would take time to implement E2EE because there was a lot of work to do around usability, security, and privacy. As of January 2025, Bluesky had not yet begun work, according to the latest update available. Dark Reading contacted Bluesky, but the company did not respond in time. LOADING... Apple is another example. The tech giant adopted the Rich Communication Services (RCS) messaging protocol in 2024, which was necessary to make communications between iOS and Android devices more secure. However, full E2EE encryption between the two is still pending and requires cooperation and work from both Apple and Google. In 2023, Meta launched E2EE by default to protect users' one-on-one Facebook Messenger conversations. At the same time, the tech giant stated it was "still in the testing phase for group messaging and other products like Instagram Direct Messages." While progress has been made, the feature remains optional. Related:How Gray-Zone Hosting Companies Protect Data the US Wants Erased "We want to hold companies accountable for saying things publicly about features that are incoming and remind them that we remember, and users remember," Klosowski says. "We still want those things. We are asking for what, in my mind, is basic stuff." Demands to Turn on E2EE By Default Pushing companies to implement E2EE features by default is a major component of Encrypt It Already. Offering E2EE is essential, but it's more secure for it to be something users have automatically, rather than having to go look for it and turn it on. Companies prefer to default to opt-out due to usability, as it requires less action for the user. However, it also shifts the onus of security and privacy responsibilities onto the individual to know and act securely. Most users don't change default settings, reveals Klosowski; the initiative serves as a reminder that these features exist and people should be opting in. EFF focused on big companies for the Encrypt It Already campaign because they are either already offering E2EE but not defaulting to it or have said they plan to do so but haven't yet. Implementing E2EE and following through on promises will take time, but the nonprofit's goal is to start the conversation. Related:8-Minute Access: AI Accelerates Breach of AWS Environment "It would be great if they get turned on by default, but, candidly, I don't know if we expect it from all the companies that we targeted," Klosowski says, noting that EFF has already reached out to the companies mentioned in the post. "I do sympathize with the companies because it will take work and time." AI Ups the Ante on Privacy Concerns Time may not be on companies' sides with all the security and privacy concerns that the artificial intelligence (AI) boom has already introduced. It is more vital than ever that more platforms offer encrypted communications and keep them safe from snooping AI agents, says Namrata Maheshwari, senior policy counsel and encryption policy lead at Access Now. Agents gain highly sensitive access but have less human oversight. The Encrypt it Already initiative makes concrete demands to achieve this goal, reflecting the asks of civil society and privacy companies, emphasizing that companies must come through. "We are in a pivotal movement," as so much is done and lives are lived online, Maheshwari adds. "The privacy of end-to-end encrypted platforms is under threat by the surge in AI assistants, which seek to discriminate access to everything we do online," she says. "Convenience must exist alongside privacy, not instead of it." When Is it Time to Celebrate? Discussions about enabling E2EE for communication and data storage are complicated. On the one hand, users fundamentally deserve privacy. But what happens when that user is accused of a felony, such as possessing or disseminating child sexual abuse material? While law enforcement may sometimes have a good reason for wanting to access people's communications, the potential for abuse is too high. Companies that implement E2EE for data and communications cannot access user information — even if they want to or are compelled to do so. In 2024, following criticism, Ring removed the Request for Assistance tool in its Neighbors app, which connects local residents; it said fire and police departments could no longer use the feature to request and receive video. That changed last year when Ring announced a partnership with Axon, which would allow agencies to contact users directly to request their camera footage through a new tool called Community Requests. When Amazon Ring changed its stance on law enforcement requests to access its cameras, it highlighted the importance of encryption to address privacy concerns, EFF's Klosowski explains. EFF urged Ring to enable E2EE for its cameras by default, noting that it "takes 16 steps" to turn it on currently. Keeping it off leaves users more vulnerable regarding who can access their footage — turning it on puts the user in charge. The nonprofit foundation also hopes to see Google adopt advanced data protection — a E2EE feature that puts the user in control. Apple already does it, which shows that it is possible, Klosowski notes. Changes may be forthcoming and necessary since AI will compound privacy concerns. AI often comes with a tradeoff — usability versus security, Klosowski says. On the plus side, many of the companies EFF called on are "highly likely" to enable these features within the year, says Klosowski. "We will celebrate it when it does," he adds. About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection. More Insights Industry Reports The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps 2025 Threat Report Access More Research Webinars Ransomware and the Supply Chain: A Fireside Chat with the CISOs Who Literally Wrote the Book on Third-Party Risk The Hidden AI Attack Surface: How GenAI Tools Expand Data Exposure Risk Beyond the Model: The Expanded Attack Surface of AI Agents AI-Powered Threat Hunting: Staying Ahead of Evolving Attack Patterns AI-Powered Cloud Security Posture Management More Webinars You May Also Like СLOUD SECURITY Windows-Hijacking Neptune RAT Scurries Into Telegram, YouTube by Elizabeth Montalbano, Contributing Writer APR 08, 2025 СLOUD SECURITY Google Gemini Flaw Turns Calendar Invites Into Attack Vector by Elizabeth Montalbano, Contributing Writer JAN 20, 2026 СLOUD SECURITY Can Cybersecurity Weather the Current Economic Chaos? by Robert Lemos, Contributing Writer APR 21, 2025 CYBERATTACKS &