• circuitfarmer@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    19 days ago

    You are suggesting that “end-to-end” is some kind of legally codified phrase. It just isn’t. If Google were to steal data from a system claiming to be end-to-end encrypted, no one would be surprised.

    I think your point is: if that were the case, the messages wouldn’t have been end-to-end encrypted, by definition. Which is fine. I’m saying we shouldn’t trust a giant corporation making money off of selling personal data that it actually is end-to-end encrypted.

    By the same token, don’t trust Microsoft when they say Windows is secure.

    • mosiacmango@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      19 days ago

      Its a specific, technical phrase that means one thing only, and yes, googles RCS meets that standard:

      https://support.google.com/messages/answer/10262381?hl=en

      How end-to-end encryption works

      When you use the Google Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.

      The secret key is a number that’s:

      Created on your device and the device you message. It exists only on these two devices.

      Not shared with Google, anyone else, or other devices.

      Generated again for each message.

      Deleted from the sender’s device when the encrypted message is created, and deleted from the receiver’s device when the message is decrypted.

      Neither Google or other third parties can read end-to-end encrypted messages because they don’t have the key.

      They have more technical information here if you want to deep dive about the literal implementation.

      You shouldn’t trust any corporation, but needless FUD detracts from their actual issues.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        19 days ago

        Even if we assume they don’t have a backdoor (which is probably accurate), they can still exfiltrate any data they want through Google Play services after it’s decrypted.

        They’re an ad company, so they have a vested interest in doing that. So I don’t trust them. If they make it FOSS and not rely on Google Play services, I might trust them, but I’d probably use a fork instead.

      • circuitfarmer@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        19 days ago

        You are missing my point.

        I don’t deny the definition of E2EE. What I question is whether or not RCS does in fact meet the standard.

        You provided a link from Google itself as verification. That is… not useful.

        Has there been an independent audit on RCS? Why or why not?