629
U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack (www.nbcnews.com)
submitted 1 week ago by WhatsHerBucket@lemmy.world to c/technology@lemmy.world
198 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] EvilBit@lemmy.world 51 points 1 week ago* (last edited 1 week ago)

google isn't going to fuck around with this service to make money

Your honor, I would like to submit Exhibit A, Google Chrome “Enhanced Privacy”.

https://www.eff.org/deeplinks/2023/09/how-turn-googles-privacy-sandbox-ad-tracking-and-why-you-should

Google will absolutely fuck with anything that makes them money.

[-] mosiacmango@lemm.ee -1 points 1 week ago* (last edited 1 week ago)

Thats a different tech. End to end is cut and dry how it works. If you do anything to data mine it, it's not end to end anymore.

Only the users involved in end to end can access the data in that chat. Everyone else sees encrypted data, i.e noise. If there are any backdoors or any methods to pull data out, you can't bill it as end to end.

[-] micballin@lemmy.world 9 points 1 week ago

They can just claim archived or deleted messages don't qualify for end to end encryption in their privacy policy or something equally vague. If they invent their own program they can invent the loophole on how the data is processed

[-] cheesemoo@lemmy.world 11 points 1 week ago

Or the content is encrypted, but the metadata isn't, so they can market to you based on who you talk to and what they buy, etc.

[-] mosiacmango@lemm.ee 2 points 1 week ago

This part is likely, but not what we are talking about. Who you know and how you interact with them is separate from the fact that the content of the messages is not decryptable by anyone but the participants, by design. There is no "quasi" end to end. Its an either/or situation.

[-] sugar_in_your_tea@sh.itjust.works 2 points 1 week ago

It doesn't matter if the content is encrypted in transit if Google can access the content in the app after decryption. That doesn't violate E2EE, and they could easily exfiltrate the data though Google Play Services, which is a hard requirement.

I don't trust them until the app is FOSS, doesn't rely on Google Play Services, and is independently verified to not send data or metadata to their servers. Until then, I won't use it.

[-] rottingleaf@lemmy.world 1 points 1 week ago

Provided they have an open API and don't ban alternative clients, one can make something kinda similar to TOR in this system, taking from the service provider the identities and channels between them.

Meaning messages routed through a few hops over different users.

Sadly for all these services to have open APIs, there needs to be force applied. And you can't force someone far stronger than you and with the state on their side.

load more comments (3 replies)
load more comments (12 replies)
load more comments (14 replies)
this post was submitted on 04 Dec 2024
629 points (99.4% liked)

Technology

59907 readers
3386 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world