End-to-end encryption (E2EE) in Matrix: what it protects and what it does not

How end-to-end encryption works

With end-to-end encryption the message content is encrypted on the sender’s device and decrypted only on the participants’ devices. The server passes along already-encrypted data and does not see the original text.

This means the text of the correspondence and the attachments are closed off from the server and intermediaries along the way. For work discussions with sensitive content this is a serious level of protection.

What E2EE does not hide

Encryption closes off the content but does not make communication fully invisible. Some service information stays available for the system to function.

So E2EE should be seen as protection of the content, not as a promise that nothing at all can be learned about the fact of communication.

• Metadata about the fact and time of communication is not fully hidden by encryption.
• It is visible which participants are in a room.
• The size and timing of sent messages remain observable.
• Security depends on how well the participants’ own devices are protected.

Device verification

For encryption to truly protect against an impersonated counterpart, participants cross-check each other’s devices. Verification confirms that the person on the other end is who they claim to be.

Without verification there remains a risk that an unverified device enters the correspondence. So the cross-check procedure should be built in as part of the work rules, not left up to each person.

Where this matters for business

For industries with sensitive discussions, E2EE reduces the risk of correspondence content being exposed on the server and intermediary side. This is appropriate for legal, financial, and product teams.

At the same time, do not promise employees “complete protection from leaks”: security is the sum of encryption, device verification, access rights, and the team’s own discipline.