Linked by Thom Holwerda on Tue 12th May 2015 14:48 UTC

Following a Reddit AMA on government surveillance, Google has admitted that while it does encrypt Hangouts conversations, it does not use end-to-end encryption, meaning the company itself can tap into those sessions when it receives a government court order requiring it to do so. This contrasts with the end-to-end encryption used by some services, like Apple's FaceTime, which cannot be tapped even by the company offering the service.

Wait, you mean to tell me large technology companies are shady and nebulous for PR reasons?

Surely that can't be true, right? Why would they lie?

Permalink for comment 611018
To read all comments associated with this story, please click here.
Not an easy task
by sukru on Sun 17th May 2015 14:22 UTC
Member since:

Recently we discussed this problem with some friends. Given almost all communication methods are "insecure", we tried to come up with a solution that would work, and would be easy to use. Unfortunately this does not seem to be an easy task.

1. The first problem is building an actual client that will work on multiple platform (at least Android, and iOS). There are existing open source applications based on Jabber protocol. However they seemed to be very resource hungry, and did not practically work.

2. The second problem is hosting the service. For obvious reasons, you cannot host it on a cloud provider. Yet, having a dedicated machine at home would be costly, and introduces a single point of failure.

3. The distribution of keys is not easy either. I'm skipping it since it is mentioned in other comments.

4. Having an actual phone that you can trust. There was an article on OSNews, where the baseband OS on all phones is more or less the "master", and your actual OS (iOS/Android) is running in an controlled environment. Since the phone can potentially be remotely accessed, this makes it almost impossible to trust it for this purpose.

We basically gave up after that point.

(Disclaimer: This was a brainstorming session, outside of my work).

Edited 2015-05-17 14:24 UTC

Reply Score: 2