The EU's proposed Chat Control regulation would require messaging providers to scan your messages for illegal content before encryption, on your device. Proponents say it doesn't break end-to-end encryption. Every cryptographer who has studied the proposal disagrees. Here's why, and what it would actually require in practice. What End-to-End Encryption Actually Guarantees End-to-end encryption means messages are encrypted on the sender's device and can only be decrypted by the intended recipient(s). No intermediate server can read the plaintext. The encryption and decryption happen only at the endpoints: your device and theirs. This guarantee depends on exactly one thing: the plaintext is only ever visible on devices that hold the private decryption key. The moment plaintext is made available to any additional process — even one running locally on your device — that guarantee is weakened, because that additional process can send its findings to a third party.…