Many people say they are worried about who can see their online footprint. However, a new study from Proton, the company behind one of the best secure messaging and VPN services, suggests that reality does not satisfy these concerns and the gap appears to be widening.
While most Brits say they care about their online privacy and value end-to-end encryption, they continue to rely on popular apps that don’t actually offer it.
The study showed that even among users who are actively concerned about privacy, many overestimate how secure consumer services really are. Experts warn that it’s more important than ever to understand which apps are actually protecting your data.
What the study says about data protection in the UK
Proton research found that almost three quarters (73%) of Britons believe end-to-end encryption (E2EE) is important when choosing digital services. However, they often overestimate the security of the applications they use every day.
More than half of respondents (57%) described Gmail as “very” or “somewhat” private, although 27% incorrectly believe it offers end-to-end encryption.
Additionally, 19% of UK users incorrectly assume that Microsoft Outlook offers E2EE. This confusion also extends beyond email clients: some respondents believe that Google Drive encrypts files end-to-end.
The main concern here is scale. Huge amounts of messages, documents and sensitive personal data flow through these platforms every day. While many of these platforms may use encryption in transit or at rest, providers still retain technical access, despite what many UK users think they are getting.
Why end-to-end encryption still confuses people
A key reason for this problem is that end-to-end encryption (E2EE) is largely misunderstood. Simply put, E2EE means that only the sender and recipient of a message can read its content, not the app provider, advertisers, or third parties.
However, encryption alone does not guarantee complete data protection.
WhatsApp is a perfect example. Most UK users correctly recognize that E2EE is in use, but few realize that the provider still collects some surrounding metadata. This data can be as revealing as the content of the message.
Even when messages are end-to-end encrypted, “sufficiently private” apps like WhatsApp collect large amounts of metadata: who you communicate with, when, from where, and how often. Over time, companies use this information to gain insight into your habits and relationships.
Proton warns that users can also reuse this data in unexpected ways in large Big Tech ecosystems, such as for AI development and analysis. E2EE protects the content of messages, but not the surrounding data. The main risks remain in this distinction.
Proton notes that “privacy laundering” is a key factor in this case. Years of privacy-focused marketing have created a false sense of trust among users, exposing them to long-term tracking and profiling despite their trust in the privacy their apps provide.
How to protect your privacy online
Protecting your privacy doesn’t mean giving up the apps you use every day overnight. However, this requires more informed decisions.
Proton recommends first finding out which apps actually use end-to-end encryption and prioritizing them for sensitive communications.
“In the age of AI, what was once considered private, like your emails, photos and memories, can silently be used as training data for tech giants unless end-to-end encryption is used,” said Anant Vijay Singh, product manager at Proton Mail.
It’s also worth reevaluating everyday tools like email, cloud storage, and messaging apps, where “encrypted” doesn’t necessarily mean private. “Fortunately, it’s easier than ever to replace your most-used apps with privacy-focused alternatives,” said Vijay Singh.
For everyday browsing, we also recommend using a secure VPN service, especially if you connect to public Wi-Fi. A virtual private network (VPN) adds an extra layer of encryption to your online activities while also spoofing your IP address for added security.
