It's 2018, and Google just proposed an instant messaging tool with no encryption

Originally published at: https://boingboing.net/2018/04/24/chat-vs-spooks.html

3 Likes

Google didn’t propose an instant messaging tool. They just proposed implementing an existing standard and using it instead of SMS/MMS. Which are both unencrypted already.

13 Likes

Dammit, here I was thinking this would be neat because MMS is thoroughly borked on every Nougat ROM I put on this phone (it only runs KitKat as stock).

Not so neat.

Maybe so, but they don’t use the internet.

Neither does RCS. If it did it wouldn’t need to be supported at the carrier level.

2 Likes

Google shows a staggering failure to respect the human rights of its customers,

It’s run by billionaires, that and many more reasons to not thrust them.

7 Likes

Yes, I am sure that end-to-end encryption would be nice. However, the proposed Google Chat is not an app, but a service that does not use the internet, but rather cellular service such as SMS.

Google already has two encrypted chat apps, Duo and Allo (although Allo is probably going away).

3 Likes

Saying it has no encryption is somewhat disingenuous. I haven’t read the standard, but I’d be pretty shocked if it didn’t use TLS.

The issue is end-to-end encryption. Yes, carrier-provided replacement for SMS is going to allow the NSA and cops to read your text messages in their underwear, just like they can right now. Is anyone surprised? It would be illegal in a lot of places otherwise.

2 Likes

Does anyone still use IM?

I thought Google had pretty much put the spike in it after first adopting an existing standard federated protocol, then axing the federation bridges, then ditching the whole thing.

Now they’re going to ruin SMS?

1 Like

Does Hangouts still count?

Nobody that cares about their users would be proposing an unencrypted messaging standard these days.

4 Likes

An easy fix is to make end-to-end encryption a (sticky) option.

Is Apple’s iMessages system illegal in a lot of places?

3 Likes

My mouth works just fine for chat, and it’s not encrypted. We’ve been just fine for thousands of years without crypto, you nerds just want to show off your slide rules.

1 Like

… a storm in a teapot?

2 Likes

Can we use it to send dick pics?

Asking for a politician.

3 Likes

Not baffling at all. Google scans through your communications to know what kinds of ads you’ll like. That’s how they make money. Don’t like it? Use a different service. Apple’s business model does not depend upon surveilling its users, so they have a business incentive to encrypt data on iMessage. Even WhatsApp, which is encrypted, still allows its parent company Facebook to gather metadata about WHO you talk with (though not WHAT you say).

I don’t see any reason you can’t use a more secure service like Signal on top of this to provide the security it lacks, but yes, that does make it yet another useless Google messaging solution.

If it’s clearly stated that it’s unecrypted, then I don’t see what the problem is.

1 Like

Mobile phone kernels are completely compromised by the manufacturers and security agencies, so encryption which happens in an application is going to be ineffective.

Given where this protocol has to live and the amount of work it takes to get all these carriers on the same page … encryption would have been nearly impossible to get implemented.

Who holds the keys? This is a cross carrier solution that will be going over the carrier networks and not the internet exactly.

This is in the same space as SMS.

2 Likes

Personally I don’t see the issue here.

I think it’s perfectly fine to create new unencrypted messaging services, as long as the users are made aware of this in advance.

I used IRC for years. I still use email. I post on forums. I know these communications can be read but it’s not an issue for me. I use Signal for some other communication, although in reality that’s pretty much to appease my security geek friends more than out of necessity to hide it.

I’m not saying that there isn’t need for encrypted messaging services. But I’ve noticed that out of my own use most of it just doesn’t need to be encrypted. Am I strange?

Even with this Facebook thing that people are going bananas over - for me the service has just been another IRC or a public forum. When it asked me to review my settings I just thought that if I have sensitive information I wouldn’t be giving it to them to begin with, so that’s a non-issue.

Am I missing something obvious here? Is this really about the fringe cases (I’m assuming not applicable to most here) of malicious governments and possible future illegality of current social norms, or are people posting private nude videos of themselves and arranging booty calls with their lovers on Facebook? This is a genuine question.

1 Like