End-to-End encryption (E2EE) now required

All accounts need to enable end-to-end encryption

Posted by Cam on September 11, 2024

End-to-End Encryption (E2EE) is Now Required

Back in 2020, Truple released end-to-end encryption (E2EE), enabling you to add an extra layer of security to protect your data. Since then, most of our customers have chosen to enable this feature. Since that time we’ve indicated that E2EE would eventually become mandatory, and that time has come. Truple is now requiring end-to-end encryption (E2EE) to be enabled for each account.

To continue using Truple, please enable E2EE for your account as soon as possible.

Why is E2EE Required?

E2EE adds a crucial layer of security to protect your sensitive data. Here are the key reasons why we are making this a requirement:

  1. Protecting Your Data in Case of a Security Breach
    While we work tirelessly to prevent unauthorized access to our systems, the possibility of a data breach can never be fully eliminated. E2EE adds additional protection in case our databases were compromised. If attackers obtained copies of your accountability data, as long as it is encrypted with E2EE, they would be unable to read it without your E2EE passcode. E2EE puts you in control of your data!

  2. Ensuring Data Integrity
    E2EE provides verifiable proof that your data hasn’t been tampered with. For example, we had a recent incident where a customer claimed that an image had been inserted into their screenshot. This wasn’t the case, and we were able to prove it. With E2EE, we can guarantee the integrity of the screenshot, as the encryption keys stay on the monitored device, preventing any possibility of manipulation.

  3. Reducing Liability for Truple
    By encrypting your data, we also reduce our liability. With E2EE, only you and those you share your E2EE passcode with have access to the encryption keys, making it impossible for Truple or anyone else to view or modify your data.

However, none of these protections take effect until you enable E2EE for your account.

What to Expect Once E2EE is Enabled

Enabling E2EE is simple, but it does come with some changes to how you interact with Truple:

  1. Create an E2EE Passcode
    When you enable E2EE, you’ll need to create an E2EE passcode. This passcode is essential for decrypting your accountability reports.

  2. Share the Passcode with Report Recipients (aka Accountability Partners)
    If you have report recipients (aka accountability partners) who receive your reports, you will need to share the E2EE passcode with them. This allows them to decrypt and view your reports.

  3. Occasional Passcode Prompts
    When you access your accountability reports, you’ll occasionally be prompted to enter the E2EE passcode. If you don’t enter it, you’ll receive a decryption error and won’t be able to view the report.

    We highly recommend storing your E2EE passcode in a secure location, such as a password manager, to avoid losing access to your reports. Alternatively, writing it down on a piece of paper and keeping that paper secure is another approach (just be aware, your data is only as secure as the paper with the E2EE passcode written on it).

What Happens If I Don’t Enable E2EE?

Starting November 2024, we will begin charging a $5 monthly fee to accounts not in compliance with our mandatory E2EE policy. This fee is non-refundable, so we strongly encourage you to enable E2EE before this date to avoid unnecessary charges.

Please, take a few minutes to set up E2EE and ensure your data remains secure. You can do so from the accounts page.

I’m a Report Recipient, Do I Need to Enable E2EE?

No, report recipients (aka accountability partners) do not need to enable E2EE. Only the subscribed account holder needs to enable it.

If you have any questions or need assistance enabling E2EE, feel free to reach out at support@truple.io. We’re here to help.

Thank you for your continued trust in Truple.

Never miss a blog post. Subscribe now!