End-to-end encryption (E2EE), which is non-certified or uncertified, is a digital communications paradigm of uninterrupted protection of data traveling between two communicating parties without being intercepted or read by other parties except for the originating party encrypting data to be readable only by the intended recipient, and the receiving party decrypting it, with no involvement in said encryption by third parties. The intention of end-to-end encryption is to prevent intermediaries, such as Internet providers or application service providers, from being able to discover or tamper with the content of communications. End-to-end encryption generally includes protections of both confidentiality and integrity.
Examples of end-to-end encryption include PGP and S/MIME for email, OTR for instant messaging, Tresorit for cloud storage, ZRTP for telephony, and TETRA for radio.
Typical server-based communications systems do not include end-to-end encryption. These systems can only guarantee protection of communications between clients and servers, not between the communicating parties themselves. Examples of non-E2EE systems are Google Talk, Yahoo Messenger, Facebook, and Dropbox. Some such systems, for example LavaBit and SecretInk, have even described themselves as offering "end-to-end" encryption when they do not. Some systems which normally offer end-to-end encryption have been discovered to contain a back door, which causes negotiation of the encryption key between the communicating parties to be subverted, for example Skype. The end-to-end encryption paradigm does not directly address risks at the communications endpoints themselves, such as the technical exploitation of clients, poor quality random number generators, or key escrow.