It runs on you
A scanner sits on your device and inspects content just before it is encrypted to send, or right after it is decrypted on receipt.
It is the technology at the heart of Europe's encryption fight: software that reads your messages on your own device, before they are ever encrypted. Here is how it works, and why security researchers call it a backdoor.
Encryption stops a provider reading your messages on its servers. Client-side scanning gets around that by moving the check to where the message is still readable: your phone.
A scanner sits on your device and inspects content just before it is encrypted to send, or right after it is decrypted on receipt.
It compares content against hashes of known illegal images, and can use AI classifiers to flag new material or grooming patterns.
It is the only way to inspect content in end-to-end encrypted apps, where the servers genuinely cannot read anything.
It targets serious crime that hides in encrypted channels.
It undermines the very thing encryption promises.
Client-side scanning is when software on your own device inspects your content, before it is encrypted to send or after it is decrypted on receipt, to check it against rules or databases, for example to detect illegal images. Because it runs on your device, it can see content even in end-to-end encrypted apps.
Server-side scanning happens on the company's servers and only works if the provider can already read your content (no end-to-end encryption). Client-side scanning moves the check onto your device, which is the only way to inspect content that is end-to-end encrypted.
Critics argue it is a backdoor by another name: it places a permanent inspection mechanism inside your device, undermining the promise of end-to-end encryption. Once it exists, its scope can be widened, and it can produce false positives that expose innocent people.
It doesn't break the maths of encryption, but critics say it defeats the point: your message is read on your device before it is ever encrypted. Security researchers widely warn that it weakens the overall guarantee that only you and the recipient can see a message.
It is central to the EU's "Chat Control" debate, where a proposed regulation could require detection inside messaging apps. See our explainer on Chat Control for the current status.
NOLO is a private AI with no account and no tracking, and your history stays on your device. Privacy by design, not by inspection.