End-to-end
encryption is the mot du jour when it comes to digital privacy. In
layman's terms it means that when you send a message from your computer,
it is encrypted from the moment you sent it until the moment it is
received. This means, in theory, that no third parties can intercept the
message.
Apple says it uses end-to-end encryption. Google, however, is another story. The company has been notoriously vague about its privacy practices, and a recent Reddit AMA explains why.
Two Google security executives, Richard Salgado and David Lieber, took to Reddit late last week to answer any and all questions. The American Civil Liberties Union's principal technologist Christopher Soghoian seized this opportunity.
He asked, "Why has Google refused to be transparent about its ability to provide wiretaps for Hangouts? Given Google's rather impressive track record regarding surveillance transparency, the total secrecy regarding the company's surveillance capabilities for this product is quite unusual."
Salgado responded, "Hangouts are encrypted in transit."
This is an important admission, because it shows that Google can get access to whatever it is that you're sending. Redditor reddit_poly explained:
"For non-technical readers, this means that Hangouts are only encrypted on their way between your computer and Google's servers. Once they arrive at Google's end, Google has full access. In short, this is confirmation Google can wiretap Hangouts."
Motherboard reached out to Google, which "confirmed that Hangouts doesn't use end-to-end encryption."
This is a questionable policy to say the least, one that shows huge privacy limitations for Hangouts. And it's especially telling when you pit Google's policy next to Apple's end-to-end iMessage encryption.
Apple says it uses end-to-end encryption. Google, however, is another story. The company has been notoriously vague about its privacy practices, and a recent Reddit AMA explains why.
Two Google security executives, Richard Salgado and David Lieber, took to Reddit late last week to answer any and all questions. The American Civil Liberties Union's principal technologist Christopher Soghoian seized this opportunity.
He asked, "Why has Google refused to be transparent about its ability to provide wiretaps for Hangouts? Given Google's rather impressive track record regarding surveillance transparency, the total secrecy regarding the company's surveillance capabilities for this product is quite unusual."
Salgado responded, "Hangouts are encrypted in transit."
This is an important admission, because it shows that Google can get access to whatever it is that you're sending. Redditor reddit_poly explained:
"For non-technical readers, this means that Hangouts are only encrypted on their way between your computer and Google's servers. Once they arrive at Google's end, Google has full access. In short, this is confirmation Google can wiretap Hangouts."
Motherboard reached out to Google, which "confirmed that Hangouts doesn't use end-to-end encryption."
This is a questionable policy to say the least, one that shows huge privacy limitations for Hangouts. And it's especially telling when you pit Google's policy next to Apple's end-to-end iMessage encryption.
No comments:
Post a Comment