TL;DR: On January 29, the Electronic Frontier Foundation launched Encrypt It Already, a campaign calling out Apple, Google, Meta, Telegram, Bluesky, and Amazon Ring for leaving massive gaps in their encryption. Meta promised encrypted group chats years ago, still waiting. Telegram markets itself as secure but defaults to unencrypted conversations. Ring makes you click through 16 steps and disable 12 features to turn on encryption. The EFF built a website where you can pressure each company directly. Here's what they're demanding, who's falling short, and what you can do about it right now.
The Companies Know How to Encrypt Your Data. They Just Won't.
End-to-end encryption isn't some experimental technology. Signal has had it by default for a decade. WhatsApp turned it on for one-on-one chats in 2016. The math works. The code exists. The infrastructure is proven.
So why are six of the biggest tech companies in the world still leaving your messages, backups, authenticator tokens, and home security footage exposed to anyone with a subpoena, a badge, or a breach?
The EFF's answer: because nobody's making them. Until now [1].
Encrypt It Already is the successor to the EFF's 2019 "Fix It Already" campaign. The demands fall into three categories: keep your promises, turn on what you've already built, and build what you should have built years ago.
Meta: Three Years of Broken Promises on Group Chats
Meta completed end-to-end encryption rollout for one-on-one Facebook Messenger conversations in December 2023. They announced group chat encryption would follow.
It's February 2026. Group chats on Messenger are still unencrypted [2].
That means every group conversation (family chats, friend groups, community organizing threads) is readable by Meta. And by extension, readable by anyone who asks Meta nicely enough or serves them with a court order.
This isn't a technical limitation. WhatsApp (also owned by Meta) has had encrypted group chats since 2016. Meta knows how to do this. They've chosen not to.
Telegram: The Security Theater Champion
Telegram has 950 million monthly users. Many of them chose the app because they believe it's secure.
It isn't.
Telegram's default chats are not end-to-end encrypted. They use client-server encryption, which means Telegram's servers can read every message in every default conversation. The company stores your messages on their infrastructure, and they have the keys [3].
End-to-end encrypted "Secret Chats" exist, but you have to manually activate them for each conversation. They're device-specific: start a secret chat on your phone and you can't see it on your laptop. They don't work for group chats at all.
The EFF's demand is simple: make end-to-end encryption the default for direct messages. Signal does it. WhatsApp does it. There's no reason Telegram can't except that their business model depends on server-side access to your data. Signal has said it will leave entire markets rather than weaken its encryption.
Apple and Google: RCS Encryption Is Still Missing
Apple finally adopted the RCS messaging standard in 2024, replacing those green-bubble SMS texts with something more modern. Google has been testing end-to-end encryption for RCS under the Universal Profile 3.0 specification.
But cross-platform encrypted RCS messages between iPhone and Android users? Still doesn't exist [2].
When an iPhone user texts an Android user, those messages travel without end-to-end encryption. Both companies have publicly committed to fixing this. Neither has delivered.
The EFF is also calling on both companies to create per-app AI permission settings, letting you block Apple Intelligence and Google Gemini from accessing your secure messaging apps. Right now, if you enable on-device AI features, there's no granular way to say "read my emails but stay out of my Signal conversations." The EFF wants permission controls modeled on existing location and microphone settings [1].
Google's Authenticator Problem
Google Authenticator added cloud backup support in 2023. Convenient: if you lose your phone, you don't lose all your two-factor codes.
One problem: those backups aren't end-to-end encrypted [2].
Your two-factor authentication tokens (the keys that protect your most sensitive accounts) are sitting on Google's servers readable by Google. If your Google account gets compromised, an attacker gets your 2FA codes too. That defeats the entire point of two-factor authentication.
Apple's Keychain encrypts this data end-to-end. Google could do the same. They haven't.
Android backup data has a similar problem. Apple offers Advanced Data Protection, giving users control over their iCloud encryption keys. Google's documentation vaguely references encryption "tied to screen locks" without clear documentation on what's actually protected and what isn't [3].
Amazon Ring: 16 Steps to Privacy
Ring cameras can do end-to-end encryption. The feature exists. Ring just makes it absurdly difficult to use.
Enabling encryption requires navigating a 16-step process that disables at least 12 features including motion detection alerts, shared user access, and various smart home integrations. Ring essentially punishes you for choosing privacy [2].
This matters more than ever. Ring recently resumed close cooperation with law enforcement, including support for real-time livestreaming. If your Ring footage isn't encrypted end-to-end, it's available to Ring, to Amazon, and potentially to police departments who ask for it, all without a warrant in many jurisdictions [3].
The EFF's demand: enable encryption by default and stop making users choose between security features and privacy.
Bluesky: The New Platform, Same Old Gap
Bluesky has repeatedly promised end-to-end encrypted direct messages through its AT Protocol. The feature hasn't materialized [1].
For a platform that attracted millions of users explicitly seeking an alternative to surveillance-heavy social media, the inability to send a private message is a significant gap. Every Bluesky DM is currently accessible to the platform.
Why This Matters Now
The timing isn't accidental. The EFF launched this campaign in the same month that:
- The UK government ordered Apple to build an encryption backdoor under the Investigatory Powers Act
- Sweden proposed legislation requiring messaging platforms to provide law enforcement access to encrypted communications
- The EU's Chat Control proposal continued advancing, which would mandate client-side scanning of encrypted messages
- ICE demonstrated exactly why encryption matters by purchasing spyware capable of reading encrypted messages
Governments worldwide are trying to break encryption. The least tech companies can do is actually turn it on.
What You Can Do Right Now
Enable What's Already Available
Turn on WhatsApp encrypted backups (Settings → Chats → Chat backup → End-to-end encrypted backup). Enable Ring's E2EE if you're willing to lose features. Activate Telegram Secret Chats for sensitive conversations.
Pressure the Companies
Visit encryptitalready.org for ready-to-share social media messages and direct links to file feature requests with Apple, Google, Meta, Bluesky, Telegram, and Ring.
Switch to What Works
Signal encrypts everything by default: messages, calls, video, group chats. No setup required. No features disabled. No 16-step process. If a company won't protect your conversations, use one that will.
Ditch Google Authenticator
Use a 2FA app with encrypted backups like Aegis (Android, open source) or keep tokens in Apple Keychain. Your second factor shouldn't be your weakest link.
Sources
- EFF: Introducing Encrypt It Already (January 29, 2026)
- EFF: EFF Calls on Tech Companies to 'Encrypt It Already!' (January 29, 2026)
- Cyber Insider: "Encrypt It Already" campaign demands strong E2EE across popular platforms (January 2026)
- Apple Insider: Encrypt It Already campaign challenges Big Tech to keep your data secure (January 29, 2026)
Published: February 6, 2026