cross-posted from: https://kbin.projectsegfau.lt/m/tech@kbin.social/t/26889
Google just announced that all RCS conversations in Messages are now fully end-to-end encrypted, even in group chats. RCS stands for Rich Communication Services and is replacing traditional text and picture messaging, providing you with more dynamic and secure features. With RCS enabled, you can share high-res photos and videos, see typing indicators for your…
As an Apple owner I hope Apple will implement this too. I live in a country where everybody communicates through WhatsApp unfortunately.
What do you mean? iMessage is fully end to end encrypted.
As far as google messages RCS goes, that’s googles proprietary version of RCS.
iMessage is not fully E2E encrypted unless you have advanced data protection turned on. If you don’t, the keys to your conversations still rest on Apple’s servers.
That’s untrue. The keys are generated on your device and Apple doesn’t have those stored. You need apple devices to grant access for another device as Apple doesn’t have your key. There’s other security holes where apple can generate new keys but that doesn’t change the fact that it is actually E2E encrypted.
It’s full E2E encryption even without that turned on. However, just because something is encrypted doesn’t mean it’s secure, as you point out.
Regardless, governments/organizations have gotten very good at finding vulnerabilities and exploiting them before academic and/or private sector security groups discover the same vulnerabilities, who will then go and publish their findings which eventually leads to them getting patched. As a side note: For anyone interested in some modern hacker/cybersecurity history, I recommend reading the book, Sandworm by Andy Greenberg. It’s pretty damn wild what it covers and that’s only a fraction of the modern state of global cyber warfare (and yes, just about the entire world has been engaged in what pretty much amounts to cyber warfare/espionage/sabotage for the last 10-15+ years).
I think they might mean they wish Apple would support RCS in general (which Apple has been refusing to do)
For good reason. Honestly anyone pushing for RCS is an idiot or doesn’t understand what they are pushing for.
Among many issues (including E2E missing by default) the idea of giving any control back to carriers is just stupid.
WhatsApp is already E2E encrypted, it always has been. There’s a circlejerk around here about “not true E2E!”, but that’s just straight up nonsense.
Name, service start date, last seen date, IP address, and email address, that’s it. Proof here. Everything Google and Apple also collect. If that’s a problem for you use Signal, not iMessage.
Fun fact, a group I knew in uni made an end to end encryption program that sent messages through Google more than a decade ago and Google got really, really mad at them threatening to shut down all Google accounts associated with all IP addresses they used.
Guarantee it’s not fully E2E.
It’s E2E, E2E isn’t really something you can be sneaky about unless you roll your own encryption and then make claims about it totally being safe bro
They, however, run the app you are using to type everything, the keyboard you are using to type everything and the os you are using to type everything. If they want something, they don’t need to look at your in flight messages.
The trust doesn’t even have to be in the encryption, they could very well use the same signal protocol. They would only need a copy of the keys you are using and you wouldn’t even know… That’s the problem with closed source programs, there is no certainty that its not happening (and I’m not saying it is, I can’t prove it, obviously, but the doubt remains, we need to trust these companies not to screw us over and they don’t really have the best track record in that…)
As if you’re any more comfortable with open source software, actively vetting the code, building it yourself, running your own server.
For all you know, Signal keeps a copy of your keys, too. And happily decrypts everything you send and sells it to russian data brokers for re-sale to advertisers.
It’s E2E, E2E isn’t really something you can be sneaky about unless you roll your own encryption and then make claims about it totally being safe bro
With a closed source app? Of course you can. How is anyone supposed to know what keys you use for encryption? Doesn’t even need to be a remote one - just the key generation be reproducible by the developer.
Sent messages “through Google”? Like Chat? Email? That’s such an ambiguous statement.
E2EE has been a available approaching three years now. I’d imagine if they were lying and defrauding the population, someone would have found out by now. This announcement is just that it’s on by default for everyone.
It doesn’t matter if it’s E2E or not when Google can spy on you directly on the phones at either end.
I think this is the first feature RCS provides which I want.
Do you know what RCS all provides? because it provides a LOT of great features. I mean the biggest one is 105MB file sizes. I guess you can stick with your carrier limited MMS, which is usually set to 300KB. Or maybe you can pay for Discord Nitro to send more than 8MB files? How about Snapchat which is limited to 60 seconds video files? Perhaps Telegram, that limits your upload speed to a snail pace unless you buy Telegram Premium?
I haven’t attempted to send a file via txt in almost 20 years. They’re txt messages. I also don’t use discord nitro, snapchat, or telegram.
So how do you send quick photos and videos? Don’t tell me you’re the person that sends a link lol
Using Signal since a few years. Don’t know anything about security but from a user perspective, I can highly recommend it. Takes some time converting your friends but after that it does its thing.
In my experience some friends are unconvertable, and at that point group chats with those friends just end up in the same place as before.
Yeah, that’s entirely possible; I have some friends unwilling to convert (or that I haven’t bothered with). I do however note an increase in use in Sweden, so I’m still hopeful. Best converter would of course be major screw up from WhatsApp etc. which may or may not happen, but then I’ll be ready to bang the drums again :)
I have some friends like that, but am currently in the process of making the switch over to signal from Snapchat. The key is once you have a critical mass of people in the group they switch over lmao
Also whenever you make a new gc, for example to plan something, you make it in signal and send them the invite link lol
But that doesn’t help with sms or rcs. I wish there was an rcs client that was not made by Google
As far as I know Google doesn’t allow third party apps to plug into RCS.
This is why them bashing Apple for this particular issue always seemed hypocritical to me, they want this to be their own closed ecosystem, with Apple being the exception because they have enough clout to actually go it alone or even take users away from Android.
Ideally you’d have apps like Signal plugging into the same end-to-end encryption for interoperability, but Google won’t allow that because they just want people to use Google Messages for RCS, and nothing else.
I’ll be honest, the UX/UI is kinda my one big gripe with it. It feels so amateurish. More so because the desktop app is very clearly just a website that requires me to run a Chromium to display it, which makes it look pretty bad, more so side-by-side with Unigram, a pretty damn impressive Telegram app.
But even the Android app barely checks the bare-minimum. Yeah it’s a messenger. Feels kinda laggy compared to Telegram and Messages, lacks any cool animations of neat UI design, lacks cool themes, nothing really. Now of course messengers don’t need any of that, but it just shows to highlight that it isn’t exactly a stellar product except in its austerity, and if it were about that I’d expect it to run significantly better and with less resource hunger than it does on either mobile or desktop.
Of course, it’s still a really good app, just the UX/UI is exactly the one thing I wouldn’t recommend it for. 😅
I see your point. I like that the UI is quite simple, reminds me of the UI in iMessage. I was choosing between telegram and signal but mostly went with signal due to positive things I read online, in addition to being recommended on Privacytools.io which felt good.
Do NOT use PrivacyTools. This site was good resource before 2020 but then main developer disappeared for some time and returned with site which sells recommendations on products for money. Weird recommendations popped out. Just use Privacy Guides. Basically all biggest contributors moved on there. You can read more about this story in their FAQ 🙂
To my knowledge, Signal is the only verifiably secure encrypted messaging app that’s market ready. Signal is fully open source, including its encryption algorithm which has been tested numerous times and even gotten government agencies like the FBI all butthurt that can’t break it or get a backdoor from the devs. I have a friend whose cryptography professor contributed to the project.
It was only in recent years that Signal upped their game enough with the user experience for me to start recommending it to friends and family. In 2013, when I first recall trying it out, Signal was more clunky and always wanted to be your default SMS app. I didn’t like that, because at the time they didn’t have a client to send messages from your computer.
Nowadays they have an desktop app that syncs with your phone, video calling, and even stories – which some people find weird but I’m all for non-Zuccubus owned private and secure alternatives to social media. I’m pretty sure anyone on Lemmy would love to pull more power away from these surveillance based ad companies and stop being data cows.
Tl;dr: Fuck the Zuck, keep promoting Signal, democratize the internet
Late reply, but my main sticking point with Matrix is that it isn’t just an app you can tell your non-tech savvy friends to download. I like the decentralization, but most people don’t care and want something easy to understand and use
