NOLO
Encryption · explainer

Client-sidescanning.

It is the technology at the heart of Europe's encryption fight: software that reads your messages on your own device, before they are ever encrypted. Here is how it works, and why security researchers call it a backdoor.

The idea

A check inside your device.

Encryption stops a provider reading your messages on its servers. Client-side scanning gets around that by moving the check to where the message is still readable: your phone.

It runs on you

A scanner sits on your device and inspects content just before it is encrypted to send, or right after it is decrypted on receipt.

How it checks

It compares content against hashes of known illegal images, and can use AI classifiers to flag new material or grooming patterns.

Why it exists

It is the only way to inspect content in end-to-end encrypted apps, where the servers genuinely cannot read anything.

The problem

The backdoor argument.

What supporters say

It targets serious crime that hides in encrypted channels.

  • Reaches encrypted contentWhere server-side scanning cannot.
  • Uses known techniquesHash matching is already widespread.

What critics say

It undermines the very thing encryption promises.

  • A permanent inspectorA scanning agent lives inside your trusted device.
  • Scope can creepOnce built, what it looks for can be widened.
  • False positivesInnocent content can be flagged and exposed.
  • Defeats the guaranteeYour message is read before it is ever encrypted.
FAQ

Frequently asked questions.

Client-side scanning is when software on your own device inspects your content, before it is encrypted to send or after it is decrypted on receipt, to check it against rules or databases, for example to detect illegal images. Because it runs on your device, it can see content even in end-to-end encrypted apps.

Server-side scanning happens on the company's servers and only works if the provider can already read your content (no end-to-end encryption). Client-side scanning moves the check onto your device, which is the only way to inspect content that is end-to-end encrypted.

Critics argue it is a backdoor by another name: it places a permanent inspection mechanism inside your device, undermining the promise of end-to-end encryption. Once it exists, its scope can be widened, and it can produce false positives that expose innocent people.

It doesn't break the maths of encryption, but critics say it defeats the point: your message is read on your device before it is ever encrypted. Security researchers widely warn that it weakens the overall guarantee that only you and the recipient can see a message.

It is central to the EU's "Chat Control" debate, where a proposed regulation could require detection inside messaging apps. See our explainer on Chat Control for the current status.

Private by design

Privacy that doesn’t
watch from inside.

NOLO is a private AI with no account and no tracking, and your history stays on your device. Privacy by design, not by inspection.