Comment on Google Messages just flicked the switch on end-to-end encryption for all RCS and group chats
Kbin_space_program@kbin.social 1 year ago
Fun fact, a group I knew in uni made an end to end encryption program that sent messages through Google more than a decade ago and Google got really, really mad at them threatening to shut down all Google accounts associated with all IP addresses they used.
Guarantee it's not fully E2E.
Sent messages "through Google"? Like Chat? Email? That's such an ambiguous statement.
E2EE has been a available approaching three years now. I'd imagine if they were lying and defrauding the population, someone would have found out by now. This announcement is just that it's on by default for everyone.
Hangouts.
It doesn’t matter if it’s E2E or not when Google can spy on you directly on the phones at either end.
Pretty much
You can use whatever chat clients you want. Multi-billion dollar companies control your OS. They don’t need to sneak in a rootkit: The OS is their rootkit.
E2E encryption is theoretically nice in the event there is a man in the middle at the cell tower or company. It is of arguable (zero?) value in sim spoof situations. But it is better than not
But still, don’t trust it for anything that google/apple might care about. Because transmitting and processing voice is hard. Effectively grepping a screen for such dangerous words as “terorrism” and “union” is almost zero cost. Like, I don’t expect google to give a shit about if you like hookers or buy drugs or whatever. But if you are involved in anything that could impact their bottom line…
echo64@lemmy.world 1 year ago
It’s E2E, E2E isn’t really something you can be sneaky about unless you roll your own encryption and then make claims about it totally being safe bro
They, however, run the app you are using to type everything, the keyboard you are using to type everything and the os you are using to type everything. If they want something, they don’t need to look at your in flight messages.
TheHobbyist@lemmy.zip 1 year ago
The trust doesn’t even have to be in the encryption, they could very well use the same signal protocol. They would only need a copy of the keys you are using and you wouldn’t even know… That’s the problem with closed source programs, there is no certainty that its not happening (and I’m not saying it is, I can’t prove it, obviously, but the doubt remains, we need to trust these companies not to screw us over and they don’t really have the best track record in that…)
Carighan@lemmy.world 1 year ago
As if you’re any more comfortable with open source software, actively vetting the code, building it yourself, running your own server.
For all you know, Signal keeps a copy of your keys, too. And happily decrypts everything you send and sells it to russian data brokers for re-sale to advertisers.
TheHobbyist@lemmy.zip 1 year ago
There is a post gathering all security audits performed on Signal messenger:
community.signalusers.org/t/…/13243
And anybody can double check it, because it’s open source. And not only is it open source, but they have reproducible builds which mean you can verify that the apk you download is the same version as is hosted on github. They also have server code published. Pretty rare. Additionally experts in the field themselves endorse signal.
Your point is valid for many projects, as open source is not a guarantee for security. But signal is a pretty bad example for that.
Mubelotix@jlai.lu 1 year ago
Bullocks
Rooki@lemmy.world 1 year ago
They can… everything is closed there. It can just be “encrypted” for your eyes
GigglyBobble@kbin.social 1 year ago
With a closed source app? Of course you can. How is anyone supposed to know what keys you use for encryption? Doesn't even need to be a remote one - just the key generation be reproducible by the developer.
Not_Alec_Baldwin@lemmy.world 1 year ago
I don’t know if you’re understanding that that’s his point.
If Google can reproduce the key it’s not fully “end to end” unless one of the "end"s is Google.
art@lemmy.world 1 year ago
I know they unencrypted versions from my phone because my tablet and desktop version of messages seamlessly connects to the chat. So it’s probably be E2E in transit alone.