You are viewing a single thread.
View all comments View context
6 points
*

Its a specific, technical phrase that means one thing only, and yes, googles RCS meets that standard:

https://support.google.com/messages/answer/10262381?hl=en

How end-to-end encryption works

When you use the Google Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.

The secret key is a number that’s:

Created on your device and the device you message. It exists only on these two devices.

Not shared with Google, anyone else, or other devices.

Generated again for each message.

Deleted from the sender’s device when the encrypted message is created, and deleted from the receiver’s device when the message is decrypted.

Neither Google or other third parties can read end-to-end encrypted messages because they don’t have the key.

They have more technical information here if you want to deep dive about the literal implementation.

You shouldn’t trust any corporation, but needless FUD detracts from their actual issues.

permalink
report
parent
reply
2 points

Even if we assume they don’t have a backdoor (which is probably accurate), they can still exfiltrate any data they want through Google Play services after it’s decrypted.

They’re an ad company, so they have a vested interest in doing that. So I don’t trust them. If they make it FOSS and not rely on Google Play services, I might trust them, but I’d probably use a fork instead.

permalink
report
parent
reply
9 points

You are missing my point.

I don’t deny the definition of E2EE. What I question is whether or not RCS does in fact meet the standard.

You provided a link from Google itself as verification. That is… not useful.

Has there been an independent audit on RCS? Why or why not?

permalink
report
parent
reply
-1 points
*

Not that I can find. Can you post Signals most recent independent audit?

Many of these orgs don’t post public audits like this. Its not common, even for the open source players like Signal.

What we do have is a megacorp stating its technical implementation extremely explicitly for a well defined security protocol, for a service meant to directly compete with iMessage. If they are violating that, it opens them up to huge legal liability and reputational harm. Neither of these is worth data mining this specific service.

permalink
report
parent
reply
4 points
*
7 points

I’m not suggesting that Signal is any better. I’m supporting absolute distrust until such information is available.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 15K

    Monthly active users

  • 6.7K

    Posts

  • 153K

    Comments