cross-posted from: https://kbin.projectsegfau.lt/m/tech@kbin.social/t/26889

Google just announced that all RCS conversations in Messages are now fully end-to-end encrypted, even in group chats. RCS stands for Rich Communication Services and is replacing traditional text and picture messaging, providing you with more dynamic and secure features. With RCS enabled, you can share high-res photos and videos, see typing indicators for your…

You are viewing a single thread.
View all comments View context
126 points

It’s E2E, E2E isn’t really something you can be sneaky about unless you roll your own encryption and then make claims about it totally being safe bro

They, however, run the app you are using to type everything, the keyboard you are using to type everything and the os you are using to type everything. If they want something, they don’t need to look at your in flight messages.

permalink
report
parent
reply
36 points

The trust doesn’t even have to be in the encryption, they could very well use the same signal protocol. They would only need a copy of the keys you are using and you wouldn’t even know… That’s the problem with closed source programs, there is no certainty that its not happening (and I’m not saying it is, I can’t prove it, obviously, but the doubt remains, we need to trust these companies not to screw us over and they don’t really have the best track record in that…)

permalink
report
parent
reply
-27 points

As if you’re any more comfortable with open source software, actively vetting the code, building it yourself, running your own server.

For all you know, Signal keeps a copy of your keys, too. And happily decrypts everything you send and sells it to russian data brokers for re-sale to advertisers.

permalink
report
parent
reply
43 points

There is a post gathering all security audits performed on Signal messenger:

https://community.signalusers.org/t/overview-of-third-party-security-audits/13243

And anybody can double check it, because it’s open source. And not only is it open source, but they have reproducible builds which mean you can verify that the apk you download is the same version as is hosted on github. They also have server code published. Pretty rare. Additionally experts in the field themselves endorse signal.

Your point is valid for many projects, as open source is not a guarantee for security. But signal is a pretty bad example for that.

permalink
report
parent
reply
-2 points

Bullocks

permalink
report
parent
reply
18 points

They can… everything is closed there. It can just be “encrypted” for your eyes

permalink
report
parent
reply
8 points

It’s E2E, E2E isn’t really something you can be sneaky about unless you roll your own encryption and then make claims about it totally being safe bro

With a closed source app? Of course you can. How is anyone supposed to know what keys you use for encryption? Doesn’t even need to be a remote one - just the key generation be reproducible by the developer.

permalink
report
parent
reply
1 point

I don’t know if you’re understanding that that’s his point.

If Google can reproduce the key it’s not fully “end to end” unless one of the "end"s is Google.

permalink
report
parent
reply
4 points
*

I know they have unencrypted versions from my phone because my tablet and desktop version of messages seamlessly connects to the chat. So it’s probably be E2E in transit alone.

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 16K

    Monthly active users

  • 12K

    Posts

  • 556K

    Comments