The Electronic Frontier Foundation is turning up the heat on Silicon Valley with a fresh campaign that carries an old truth in plain language: Encrypt it already. The initiative calls on Apple, Google, Meta, and other platforms to make strong end-to-end encryption the default—not an obscure toggle buried in settings—so that private messages, files, and calls are truly private by design.
Reviving the spirit of its 2019 Fix It Already push, the digital rights group names specific gaps: encrypted group chats that still lag on popular services, cross-platform RCS messaging that loses security at the iPhone–Android boundary, and newer social platforms whose DMs remain exposed unless users jump through hoops. Alongside the critique, EFF is arming the public with templates, toolkits, and feature-request playbooks to pressure companies in the open.
- Why Encryption Is Still Not the Default Setting
- What EFF Is Demanding From Major Tech Platforms
- Technical Paths To Default, Scalable Encryption Are Clear
- Policy Pressure and Platform Incentives For Encryption
- What Better Encryption Defaults Would Look Like in Practice
- The Bottom Line On Making Encryption the Default
Why Encryption Is Still Not the Default Setting
End-to-end encryption (E2EE) protects content so only senders and recipients can decrypt it—not platform operators, not advertisers, not data brokers, and not government agencies. Apps like Signal and WhatsApp use it by default for one-to-one and group chats, proving it’s both practical and scalable. Apple’s Advanced Data Protection extends E2EE to iCloud backups, Photos, and more, but it’s opt-in rather than automatic.
Elsewhere, the picture is patchy. Messenger only recently made E2EE the default for personal chats, Instagram DMs still rely on optional encryption, and Telegram keeps regular chats server-accessible while reserving E2EE for Secret Chats and excluding groups. Video doorbells and home cameras illustrate another fault line: Amazon’s Ring offers optional E2EE for videos, but it’s not the out-of-the-box setting. Each of these exceptions turns privacy into homework.
Messaging between platforms is a sore spot. Google’s RCS adds encryption between Android users, but cross-platform exchanges with iMessage remain unencrypted, leaving a glaring security seam. The result is a confusing quilt, where protections depend on who you talk to and which apps you use—precisely what EFF wants Big Tech to fix.
What EFF Is Demanding From Major Tech Platforms
The campaign’s core message is straightforward: ship strong encryption by default, explain it clearly, and minimize data collection. EFF urges companies to roll out E2EE as the baseline, not a feature for power users; make privacy controls obvious and usable; and stop gathering metadata and other signals that can reveal sensitive patterns even when content is encrypted.
To accelerate change, EFF is providing ready-made messages for social media, guidance for filing public feature requests, and calls to upvote encryption demands on developer forums across services like Telegram and Ring. The strategy is classic public-interest pressure: make the gap visible, mobilize users, and keep tally.
Technical Paths To Default, Scalable Encryption Are Clear
From a standards perspective, the route to default security is not a mystery. The Messaging Layer Security protocol, recently standardized by the IETF, is designed for efficient, large-scale group E2EE with rapid key changes. Pair that with audited implementations of the Signal Protocol for one-to-one chats and robust backups protected by user-held keys, and the building blocks are there for mainstream platforms to close their gaps.
Even future-proofing is underway. Cryptographers and standards bodies like NIST are advancing post-quantum algorithms to help safeguard data against next-generation threats. Companies that invest now in end-to-end architectures gain a head start on those inevitable upgrades—and avoid the trap of retrofitting security onto legacy, server-readable systems later.
Policy Pressure and Platform Incentives For Encryption
Governments continue to float “lawful access” or scanning mandates that could weaken encryption, from proposals in the EU to debates in the UK and elsewhere. Privacy advocates counter that backdoors are simply vulnerabilities by another name, endangering journalists, activists, businesses, and everyday users alike. The GDPR principle of privacy by default reinforces the case that strong protection should not be optional.
Beyond civil liberties, there’s a bottom line: stronger defaults reduce breach risk and data handling exposure. IBM’s annual Cost of a Data Breach report consistently finds that data incidents run into the millions on average when systems are compromised. If platforms cannot access user content, they cannot lose it—and they limit the regulatory and reputational fallout that follows high-profile leaks.
What Better Encryption Defaults Would Look Like in Practice
For messaging, default E2EE across one-to-one and group chats, seamless encrypted backups, and verifiable security indicators are the baseline. For cross-platform interoperability, secure RCS with true end-to-end protections on both sides would neutralize today’s weakest link. For social platforms, private DMs should be encrypted from the start, with safety features that work without reading message content.
On devices and in the cloud, user-controlled keys for backups, photos, and notes should be normal, not “advanced.” Clear language matters too: explain what is protected, what is not, and which metadata is generated—without burying crucial details in legalese.
The Bottom Line On Making Encryption the Default
EFF’s Encrypt It Already campaign lands at a moment when the technology, the standards, and the public expectation have aligned. The asks are not exotic. They are overdue. Big Tech can make private the default experience—and users now have new tools to hold them to it.
