cross-posted from: https://kbin.projectsegfau.lt/m/tech@kbin.social/t/26889
Google just announced that all RCS conversations in Messages are now fully end-to-end encrypted, even in group chats. RCS stands for Rich Communication Services and is replacing traditional text and picture messaging, providing you with more dynamic and secure features. With RCS enabled, you can share high-res photos and videos, see typing indicators for your…
Fun fact, a group I knew in uni made an end to end encryption program that sent messages through Google more than a decade ago and Google got really, really mad at them threatening to shut down all Google accounts associated with all IP addresses they used.
Guarantee it’s not fully E2E.
It’s E2E, E2E isn’t really something you can be sneaky about unless you roll your own encryption and then make claims about it totally being safe bro
They, however, run the app you are using to type everything, the keyboard you are using to type everything and the os you are using to type everything. If they want something, they don’t need to look at your in flight messages.
The trust doesn’t even have to be in the encryption, they could very well use the same signal protocol. They would only need a copy of the keys you are using and you wouldn’t even know… That’s the problem with closed source programs, there is no certainty that its not happening (and I’m not saying it is, I can’t prove it, obviously, but the doubt remains, we need to trust these companies not to screw us over and they don’t really have the best track record in that…)
As if you’re any more comfortable with open source software, actively vetting the code, building it yourself, running your own server.
For all you know, Signal keeps a copy of your keys, too. And happily decrypts everything you send and sells it to russian data brokers for re-sale to advertisers.
It’s E2E, E2E isn’t really something you can be sneaky about unless you roll your own encryption and then make claims about it totally being safe bro
With a closed source app? Of course you can. How is anyone supposed to know what keys you use for encryption? Doesn’t even need to be a remote one - just the key generation be reproducible by the developer.
It doesn’t matter if it’s E2E or not when Google can spy on you directly on the phones at either end.
Sent messages “through Google”? Like Chat? Email? That’s such an ambiguous statement.
E2EE has been a available approaching three years now. I’d imagine if they were lying and defrauding the population, someone would have found out by now. This announcement is just that it’s on by default for everyone.
Reminds me how much I hate Apple.
Thanks Google for making Android.
Now please turn the evil knob down a notch and go back being the awesome company you once were.
Edit: typo
Apple purposely will not integrate this to keep a walled garden around their ecosystem and make messaging between apole/Android a shit experience.
In a perfect world everyone would just adopt rcs, it’s better for consumers but Apple only gives a shit about branding/$$$.
Aside from the fact that Google finally implementing E2EE in RCS not having anything at all to do with Apple, I’m confused.
Apple developed a fully encrypted messaging system 16 years ago, 4 years later RCS was developed but wasn’t even adopted by all three major US carriers until 2 years ago (much more complicated than just this as they refused to work together on Universal Profile standards and Google has so ‘valiantly’ stepped in to do it without them), and Apple is the bad guy for not switching to a competitors standard that was (until now) less secure, uses googles back end services, is arguably less capable, has an extremely poor desktop access experience, is less intuitive to enable, and takes away a competitive advantage? All while other E2EE messaging apps have been available on both iOS and Android for years.
Why not push for google to adopt iMessage as a standard instead? Maybe google has been holding iMessage back for 16 years. Maybe Apple isn’t holding rcs back but carriers are. Or maybe it’s the GSMA. Or maybe it’s a larger systemic issue with capitalism. Or maybe it’s one of any number of other issues that makes it disadvantageous for Apple and Google to work together on this.
This article, cancerous as the site is on mobile, does a good job breaking down the issue and how it’s not as clear cut as folks here are trying to make it: https://www.androidpolice.com/google-rcs-messaging-feud-apple-imessage/
At the end of the day, y’all being angry at Apple about RCS sounds just a bit like simping for google and falling prey to their marketing campaign to try and win the messaging war. Im not really interested in experiencing another chromium situation but with messaging. Particularly when WhatsApp is king in the messaging space globally.
The one thing that feels off to me about Google’s implementation is that it’s not vendor agnostic and all comms would need to go through Google’s servers to work. The E2EE bit is an entirely Google specific extension to RCS, for example. The last thing we need is another chromium situation in a different area.
If it wasn’t a Google specific extension, phone networks around the world would need to pick up the pace and adopt RCS, but also they’d need to keep up to date with the latest version of the standard to ensure the functionality is supported. Now, looking at phone networks’ previous track record, they’re really not going to implement it unless they’re forced to and they’ll do so at a real snails pace.
At this point I’d agree that Apple not adopting RCS is really not helpful here.
I feel the EU’s Digital Market Act that’s forcing messenger applications to be interoperable with each other is going to be a much more viable option towards that perfect world scenario. The IETF is even fleshing out a common protocol for it, MIMI with MLS.
Doesn’t really explain what google enabling E2E on RCA has to do with Apple
Still won’t be using it. Sworry!
The fuck is google messages? Is this what replaced hangouts?
On many devices, actually. Over 34 OEMs. https://jibe.google.com/partners/oems/
As an Apple owner I hope Apple will implement this too. I live in a country where everybody communicates through WhatsApp unfortunately.
What do you mean? iMessage is fully end to end encrypted.
As far as google messages RCS goes, that’s googles proprietary version of RCS.
iMessage is not fully E2E encrypted unless you have advanced data protection turned on. If you don’t, the keys to your conversations still rest on Apple’s servers.
It’s full E2E encryption even without that turned on. However, just because something is encrypted doesn’t mean it’s secure, as you point out.
Regardless, governments/organizations have gotten very good at finding vulnerabilities and exploiting them before academic and/or private sector security groups discover the same vulnerabilities, who will then go and publish their findings which eventually leads to them getting patched. As a side note: For anyone interested in some modern hacker/cybersecurity history, I recommend reading the book, Sandworm by Andy Greenberg. It’s pretty damn wild what it covers and that’s only a fraction of the modern state of global cyber warfare (and yes, just about the entire world has been engaged in what pretty much amounts to cyber warfare/espionage/sabotage for the last 10-15+ years).
That’s untrue. The keys are generated on your device and Apple doesn’t have those stored. You need apple devices to grant access for another device as Apple doesn’t have your key. There’s other security holes where apple can generate new keys but that doesn’t change the fact that it is actually E2E encrypted.
I think they might mean they wish Apple would support RCS in general (which Apple has been refusing to do)
For good reason. Honestly anyone pushing for RCS is an idiot or doesn’t understand what they are pushing for.
Among many issues (including E2E missing by default) the idea of giving any control back to carriers is just stupid.
WhatsApp is already E2E encrypted, it always has been. There’s a circlejerk around here about “not true E2E!”, but that’s just straight up nonsense.
Name, service start date, last seen date, IP address, and email address, that’s it. Proof here. Everything Google and Apple also collect. If that’s a problem for you use Signal, not iMessage.
