cross-posted from: https://kbin.projectsegfau.lt/m/tech@kbin.social/t/26889

Google just announced that all RCS conversations in Messages are now fully end-to-end encrypted, even in group chats. RCS stands for Rich Communication Services and is replacing traditional text and picture messaging, providing you with more dynamic and secure features. With RCS enabled, you can share high-res photos and videos, see typing indicators for your…

  • Kbin_space_program@kbin.social
    link
    fedilink
    arrow-up
    139
    arrow-down
    23
    ·
    1 year ago

    Fun fact, a group I knew in uni made an end to end encryption program that sent messages through Google more than a decade ago and Google got really, really mad at them threatening to shut down all Google accounts associated with all IP addresses they used.

    Guarantee it’s not fully E2E.

    • echo64@lemmy.world
      link
      fedilink
      English
      arrow-up
      124
      arrow-down
      3
      ·
      1 year ago

      It’s E2E, E2E isn’t really something you can be sneaky about unless you roll your own encryption and then make claims about it totally being safe bro

      They, however, run the app you are using to type everything, the keyboard you are using to type everything and the os you are using to type everything. If they want something, they don’t need to look at your in flight messages.

      • The Hobbyist@lemmy.zip
        link
        fedilink
        English
        arrow-up
        42
        arrow-down
        6
        ·
        1 year ago

        The trust doesn’t even have to be in the encryption, they could very well use the same signal protocol. They would only need a copy of the keys you are using and you wouldn’t even know… That’s the problem with closed source programs, there is no certainty that its not happening (and I’m not saying it is, I can’t prove it, obviously, but the doubt remains, we need to trust these companies not to screw us over and they don’t really have the best track record in that…)

        • Carighan Maconar@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          37
          ·
          1 year ago

          As if you’re any more comfortable with open source software, actively vetting the code, building it yourself, running your own server.

          For all you know, Signal keeps a copy of your keys, too. And happily decrypts everything you send and sells it to russian data brokers for re-sale to advertisers.

          • The Hobbyist@lemmy.zip
            link
            fedilink
            English
            arrow-up
            43
            ·
            1 year ago

            There is a post gathering all security audits performed on Signal messenger:

            https://community.signalusers.org/t/overview-of-third-party-security-audits/13243

            And anybody can double check it, because it’s open source. And not only is it open source, but they have reproducible builds which mean you can verify that the apk you download is the same version as is hosted on github. They also have server code published. Pretty rare. Additionally experts in the field themselves endorse signal.

            Your point is valid for many projects, as open source is not a guarantee for security. But signal is a pretty bad example for that.

            • umami_wasabi@lemmy.ml
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 year ago

              Signal had their server code published? I thought they closed sorced that. I even didn’t notice.

            • Carighan Maconar@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              7
              ·
              1 year ago

              But that’s kinda my point, you rely inherently on someone else doing what open source allows you to do. So in the end you can be tricked just the same.

              I mean of course, Signal is a pretty clearcut case, but even with that one you - and I’m guessing here but tell me it ain’t true 😅 - probably do not actively verify things. You did not check the source code. You did not build your own APK to install it. I don’t think you can build the desktop version yourself but I ain’t entirely sure, granted. You probably did not probe the network data to see whether the built APK actually does what the source code promises it’ll do or has been swapped out for one that allows the server they’re running to log all messages sent.

              And so on.

              My point was entirely that even in the easiest of cases where we could do all of that, we do not actually do it. Hence the point of being able to do that is usually extremely moot.

              And I say this as someone who, at work, checks external libraries we’re using, which is an insanely time-consuming job that entirely explains why no one in their right mind does this without being paid for it, that is, in their spare time for private use.

              • xthexder@l.sw0.com
                link
                fedilink
                English
                arrow-up
                7
                ·
                1 year ago

                If you can’t trust peer review from experts in a field, many aspects of society break down. For example:

                • How can we trust the word of an engineer that says a bridge is safe? Did you verify the calculations yourself? Have you personally tested the tensile strength of that rebar? Better to just avoid bridges to be safe.
                • How can we trust the word of a doctor when they prescribe something? Did you personally look up all the possible side effects and made sure you’ll be safe? Do you research clinical trials yourself to verify efficacy? If you don’t trust your doctor, you’ll be right at home with the anti-vaxxers.
                • How can you trust a lawyer to argue your best case? There’s thousands of pages of law that most people haven’t read. Do you know for yourself that there isn’t some past precedent that completely flips your case? Defending yourself is a bad idea for a lot of reasons.

                Nobody can be an expert in every field. It’s completely unfeasible for most people to verify source code themselves, but that doesn’t mean open source doesn’t matter. Society operates on a degree of trust in our fellow humans that ARE experts in their field. The more experts in agreement the better, since nobody is infallible.

                I’m not sure what you’re suggesting people do? Go live in a hole by themselves because the world is full of liars and deceivers? Or become superhuman and hand verify every possible thing that could negatively effect them?

                • Carighan Maconar@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  4
                  ·
                  1 year ago

                  No of course not. I’m sorry if I’m expressing this badly, my point was merely that open source tends to add a false sense of security for people. The relevant ability to verify is factually never used, and experts that review the code might as well have had access to it without it being open sources (see Whatsapp’s audit a while back).

                  That is not to say that Open Source is not a good thing, don’t get me wrong. But I feel we tend to massively overstate what it adds for us personally. We put too much value on that side of it, as if it automatically means every user has personally verified everything.

              • The Hobbyist@lemmy.zip
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                I’m not qualified to determine personally the situation of signal, or any other app. But I don’t need to. There are several experts who are and the fact that multiple of them have analyzed and evaluated an app as signal should give us a lot of confidence in their conclusions.

                We need to trust experts, and I don’t mean individual experts, but the experts as a whole, especially when they verify each other’s work. This is what it’s about. You can’t do everything yourself, you got to trust some form of collective.

      • Rooki@lemmy.world
        link
        fedilink
        English
        arrow-up
        21
        arrow-down
        2
        ·
        1 year ago

        They can… everything is closed there. It can just be “encrypted” for your eyes

      • GigglyBobble@kbin.social
        link
        fedilink
        arrow-up
        10
        arrow-down
        2
        ·
        1 year ago

        It’s E2E, E2E isn’t really something you can be sneaky about unless you roll your own encryption and then make claims about it totally being safe bro

        With a closed source app? Of course you can. How is anyone supposed to know what keys you use for encryption? Doesn’t even need to be a remote one - just the key generation be reproducible by the developer.

        • Not_Alec_Baldwin@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          I don’t know if you’re understanding that that’s his point.

          If Google can reproduce the key it’s not fully “end to end” unless one of the "end"s is Google.

      • arthurpizza@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        I know they have unencrypted versions from my phone because my tablet and desktop version of messages seamlessly connects to the chat. So it’s probably be E2E in transit alone.

    • pjhenry1216@kbin.social
      link
      fedilink
      arrow-up
      25
      arrow-down
      1
      ·
      1 year ago

      Sent messages “through Google”? Like Chat? Email? That’s such an ambiguous statement.

      E2EE has been a available approaching three years now. I’d imagine if they were lying and defrauding the population, someone would have found out by now. This announcement is just that it’s on by default for everyone.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      1
      ·
      1 year ago

      It doesn’t matter if it’s E2E or not when Google can spy on you directly on the phones at either end.

      • Puzzle_Sluts_4Ever@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Pretty much

        You can use whatever chat clients you want. Multi-billion dollar companies control your OS. They don’t need to sneak in a rootkit: The OS is their rootkit.

        E2E encryption is theoretically nice in the event there is a man in the middle at the cell tower or company. It is of arguable (zero?) value in sim spoof situations. But it is better than not

        But still, don’t trust it for anything that google/apple might care about. Because transmitting and processing voice is hard. Effectively grepping a screen for such dangerous words as “terorrism” and “union” is almost zero cost. Like, I don’t expect google to give a shit about if you like hookers or buy drugs or whatever. But if you are involved in anything that could impact their bottom line…

  • happyhippo@feddit.it
    link
    fedilink
    English
    arrow-up
    85
    arrow-down
    17
    ·
    edit-2
    1 year ago

    Reminds me how much I hate Apple.

    Thanks Google for making Android.

    Now please turn the evil knob down a notch and go back being the awesome company you once were.

    Edit: typo

      • BargsimBoyz@lemmy.world
        link
        fedilink
        English
        arrow-up
        55
        arrow-down
        8
        ·
        1 year ago

        Apple purposely will not integrate this to keep a walled garden around their ecosystem and make messaging between apole/Android a shit experience.

        In a perfect world everyone would just adopt rcs, it’s better for consumers but Apple only gives a shit about branding/$$$.

        • cjf@feddit.uk
          link
          fedilink
          English
          arrow-up
          25
          arrow-down
          1
          ·
          1 year ago

          The one thing that feels off to me about Google’s implementation is that it’s not vendor agnostic and all comms would need to go through Google’s servers to work. The E2EE bit is an entirely Google specific extension to RCS, for example. The last thing we need is another chromium situation in a different area.

          If it wasn’t a Google specific extension, phone networks around the world would need to pick up the pace and adopt RCS, but also they’d need to keep up to date with the latest version of the standard to ensure the functionality is supported. Now, looking at phone networks’ previous track record, they’re really not going to implement it unless they’re forced to and they’ll do so at a real snails pace.

          At this point I’d agree that Apple not adopting RCS is really not helpful here.

          I feel the EU’s Digital Market Act that’s forcing messenger applications to be interoperable with each other is going to be a much more viable option towards that perfect world scenario. The IETF is even fleshing out a common protocol for it, MIMI with MLS.

              • binom@lemmy.world
                link
                fedilink
                English
                arrow-up
                4
                ·
                1 year ago

                they sunsetted the sms functionality in their app “to focus on the signal protocol and make it less confusing for people” if i remember correctly. not a big deal to me, the few sms i send i can use a different app for

        • June@lemm.ee
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          9
          ·
          1 year ago

          Aside from the fact that Google finally implementing E2EE in RCS not having anything at all to do with Apple, I’m confused.

          Apple developed a fully encrypted messaging system 16 years ago, 4 years later RCS was developed but wasn’t even adopted by all three major US carriers until 2 years ago (much more complicated than just this as they refused to work together on Universal Profile standards and Google has so ‘valiantly’ stepped in to do it without them), and Apple is the bad guy for not switching to a competitors standard that was (until now) less secure, uses googles back end services, is arguably less capable, has an extremely poor desktop access experience, is less intuitive to enable, and takes away a competitive advantage? All while other E2EE messaging apps have been available on both iOS and Android for years.

          Why not push for google to adopt iMessage as a standard instead? Maybe google has been holding iMessage back for 16 years. Maybe Apple isn’t holding rcs back but carriers are. Or maybe it’s the GSMA. Or maybe it’s a larger systemic issue with capitalism. Or maybe it’s one of any number of other issues that makes it disadvantageous for Apple and Google to work together on this.

          This article, cancerous as the site is on mobile, does a good job breaking down the issue and how it’s not as clear cut as folks here are trying to make it: https://www.androidpolice.com/google-rcs-messaging-feud-apple-imessage/

          At the end of the day, y’all being angry at Apple about RCS sounds just a bit like simping for google and falling prey to their marketing campaign to try and win the messaging war. Im not really interested in experiencing another chromium situation but with messaging. Particularly when WhatsApp is king in the messaging space globally.

          • kali@lemmy.world
            link
            fedilink
            English
            arrow-up
            13
            arrow-down
            2
            ·
            1 year ago

            Why not push for google to adopt iMessage as a standard instead?

            Because that would ruin Apple’s business model of ‘your friend doesn’t use iMessage because they have an android and thats on them’

            They wouldn’t make money off of iMessage being on androids, which they’ve shown with other things to be the only thing they really care aboyt.

          • happyhippo@feddit.it
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            2
            ·
            1 year ago

            Because Apple wouldn’t fucking let anybody else use iMessage.

            Whereas RCS is out there for anyone to use.

        • June@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Doesn’t really explain what google enabling E2E on RCA has to do with Apple

          • Swarfega@lemm.ee
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            He’s talking about RCS in general. Apple won’t implement it as it’s a huge threat to iMessage which is a service that keeps a lot of the US users buying their phones.

            • June@lemm.ee
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              4
              ·
              edit-2
              1 year ago

              Ok so here’s my take: Apple implemented a secure messaging system in 2007 with iMessage. Then, in 2011 Google started to implement RCS, which then took several years for it to begin rolling out and being adopted.

              Why doesn’t google push to adopt iMessage instead? It was implemented first and has been being constantly developed for 16 years and is certainly more well rounded than RCS.

              Now, everyone is angry that Apple won’t switch to a standard that’s not fully supported by all android devices or carriers, that is potentially less secure, AND takes away a competitive advantage and calls that ‘holding back RCS? I’ve been hearing about RCS for some 10 god damn years, back before I switched to iOS and it’s still not fully adopted across domestic carriers.

              Not to mention, I and many others are working to de-google our lives and I frankly don’t want my messaging going through google backends, even if they do assure me that it’s encrypted. If there’s one thing I know about Apple, it’s that they don’t share my data because it’s a competitive advantage not to. Google on the other hand seems to be happy to give it to anyone that wants it.

              Though I do think it’s funny how your article talks about all the problems with RCS adoption lying with everyone (carriers namely) centering around Google’s implementation of it and then lands on ‘Apple is making it lucrative for 3rd party apps like WhatsApp’ as it’s summary for how Apple is holding back RCS. The article and the headline don’t match.

              I’ll leave this here, not as a counter to yours, but as a more complete picture: https://www.androidpolice.com/google-rcs-messaging-feud-apple-imessage/

              Ultimately, Google is as much at fault as Apple for RCS’ low penetration. However, Apple’s reluctance to support RCS for iMessage and using the latter as an ecosystem lock-in is bad for consumers.

    • phoneymouse@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      Google tracks you everywhere you go all over the internet. Like 90% of websites have a script that calls home to Google to let them know you visited. That’s their business model.

  • GrimChaos@lemmy.world
    link
    fedilink
    English
    arrow-up
    67
    ·
    edit-2
    1 year ago

    Now, open up the RCS API to third party texting apps… Like you said you would many years ago

  • kaato@lemmy.world
    link
    fedilink
    English
    arrow-up
    39
    arrow-down
    1
    ·
    1 year ago

    Using Signal since a few years. Don’t know anything about security but from a user perspective, I can highly recommend it. Takes some time converting your friends but after that it does its thing.

    • Cralder@feddit.nu
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 year ago

      In my experience some friends are unconvertable, and at that point group chats with those friends just end up in the same place as before.

      • kaato@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Yeah, that’s entirely possible; I have some friends unwilling to convert (or that I haven’t bothered with). I do however note an increase in use in Sweden, so I’m still hopeful. Best converter would of course be major screw up from WhatsApp etc. which may or may not happen, but then I’ll be ready to bang the drums again :)

      • jivandabeast@lemmy.browntown.dev
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        1 year ago

        I have some friends like that, but am currently in the process of making the switch over to signal from Snapchat. The key is once you have a critical mass of people in the group they switch over lmao

        Also whenever you make a new gc, for example to plan something, you make it in signal and send them the invite link lol

    • HurlingDurling@lemm.ee
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      But that doesn’t help with sms or rcs. I wish there was an rcs client that was not made by Google

      • TheLight@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        As far as I know Google doesn’t allow third party apps to plug into RCS.

        This is why them bashing Apple for this particular issue always seemed hypocritical to me, they want this to be their own closed ecosystem, with Apple being the exception because they have enough clout to actually go it alone or even take users away from Android.

        Ideally you’d have apps like Signal plugging into the same end-to-end encryption for interoperability, but Google won’t allow that because they just want people to use Google Messages for RCS, and nothing else.

    • xodoh74984@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      To my knowledge, Signal is the only verifiably secure encrypted messaging app that’s market ready. Signal is fully open source, including its encryption algorithm which has been tested numerous times and even gotten government agencies like the FBI all butthurt that can’t break it or get a backdoor from the devs. I have a friend whose cryptography professor contributed to the project.

      It was only in recent years that Signal upped their game enough with the user experience for me to start recommending it to friends and family. In 2013, when I first recall trying it out, Signal was more clunky and always wanted to be your default SMS app. I didn’t like that, because at the time they didn’t have a client to send messages from your computer.

      Nowadays they have an desktop app that syncs with your phone, video calling, and even stories – which some people find weird but I’m all for non-Zuccubus owned private and secure alternatives to social media. I’m pretty sure anyone on Lemmy would love to pull more power away from these surveillance based ad companies and stop being data cows.

      Tl;dr: Fuck the Zuck, keep promoting Signal, democratize the internet

        • Fauzruk@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          The way I see it is, we don’t always want anonymity. Sometimes privacy is enough and this is where Signal shine.

        • xodoh74984@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Late reply, but my main sticking point with Matrix is that it isn’t just an app you can tell your non-tech savvy friends to download. I like the decentralization, but most people don’t care and want something easy to understand and use

    • Carighan Maconar@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I’ll be honest, the UX/UI is kinda my one big gripe with it. It feels so amateurish. More so because the desktop app is very clearly just a website that requires me to run a Chromium to display it, which makes it look pretty bad, more so side-by-side with Unigram, a pretty damn impressive Telegram app.

      But even the Android app barely checks the bare-minimum. Yeah it’s a messenger. Feels kinda laggy compared to Telegram and Messages, lacks any cool animations of neat UI design, lacks cool themes, nothing really. Now of course messengers don’t need any of that, but it just shows to highlight that it isn’t exactly a stellar product except in its austerity, and if it were about that I’d expect it to run significantly better and with less resource hunger than it does on either mobile or desktop.

      Of course, it’s still a really good app, just the UX/UI is exactly the one thing I wouldn’t recommend it for. 😅

      • kaato@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        I see your point. I like that the UI is quite simple, reminds me of the UI in iMessage. I was choosing between telegram and signal but mostly went with signal due to positive things I read online, in addition to being recommended on Privacytools.io which felt good.

        Privacytools.io

        • FarLine99@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          1 year ago

          Do NOT use PrivacyTools. This site was good resource before 2020 but then main developer disappeared for some time and returned with site which sells recommendations on products for money. Weird recommendations popped out. Just use Privacy Guides. Basically all biggest contributors moved on there. You can read more about this story in their FAQ 🙂

        • Carighan Maconar@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Yeah nowadays I only have two people left on Telegram, too. I wish Signal had Telegram’s UI design in most ways but eh.

        • ninchuka@lemmy.one
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          nope, we tried everything and she rarely received messages on time, even when she was on her phone and I send something she wouldnt get a notification till much later and I think even opening the app didnt show it

      • kaato@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I have one friend who does not receive messages when he’s at his work Wi-Fi. My guess is that it’s some firewall protection or something.

    • Polar@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Best thing about RCS is when random strangers text me, or friends friends, our conversations are E2EE because RCS isn’t something you need to download.

  • king_tronzington@lemm.ee
    link
    fedilink
    English
    arrow-up
    22
    ·
    1 year ago

    Definitely happy that this is happening, good on them. However in practice since most of my friends are on iOS I’m still reduced to SMS/MMS and a terrible user experience

    • ediculous@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      There’s an app currently in beta called Beeper that aggregates a bunch of chat apps into one and also lets Android users connect to iMessage using an Apple ID. Highly recommend getting on the wait-list for it, the app has been great and the team working on it are very responsive and transparent.

      Unfortunately RCS support is still in active development so anyone using it may not want to connect their number yet (unless they’re cool with SMS’ing with other Androids).

      • king_tronzington@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Oh yeah I heard about that! Do you use it? How’s the iMessage support on Android? Ideally I’d love if my chats with Android users go over RCS but chats with Apple users go over iMessage.

        That all said relaying my chats through a 3rd party doesn’t make me feel all warm and fuzzy inside…

  • meiti@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    1 year ago

    I think it’s a good move. Carriers are decentralized by design, af if they were not greedy and stupid, they could come up with at least one decent messaging. RCS is good by they did not make e2e mandatory in the protocol.

  • EyesEyesBaby@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    3
    ·
    1 year ago

    As an Apple owner I hope Apple will implement this too. I live in a country where everybody communicates through WhatsApp unfortunately.

    • Ape550@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      11
      ·
      1 year ago

      What do you mean? iMessage is fully end to end encrypted.

      As far as google messages RCS goes, that’s googles proprietary version of RCS.

      • stinky613@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        25
        ·
        1 year ago

        I think they might mean they wish Apple would support RCS in general (which Apple has been refusing to do)

        • mr_tyler_durden@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          30
          ·
          1 year ago

          For good reason. Honestly anyone pushing for RCS is an idiot or doesn’t understand what they are pushing for.

          Among many issues (including E2E missing by default) the idea of giving any control back to carriers is just stupid.

          • Carighan Maconar@lemmy.world
            link
            fedilink
            English
            arrow-up
            13
            arrow-down
            2
            ·
            1 year ago

            You’d rather have the yellow billion dollar company have full control instead of the cyan one? Who cares, it makes no difference! 🤷

            At least RCS is a standard. That’s not a big plus in this particular case, but it is one, and none of the other walled gardens have an equivalent thing to even bring to the table.

            • TheLight@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              1
              ·
              1 year ago

              Google RCS and RCS the standard are not the same thing. Third party apps are not allowed to plug into Google RCS. This is why you won’t find any RCS open source alternative for Google Messages.

              Google is just trying to promote their own walled garden under the guise of an open standard. If they were genuine about this they should allow you to just use any replacement, just like you can replace the stock SMS app on Android.

      • Telodzrum@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        arrow-down
        7
        ·
        1 year ago

        iMessage is not fully E2E encrypted unless you have advanced data protection turned on. If you don’t, the keys to your conversations still rest on Apple’s servers.

        • SulaymanF@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          1 year ago

          That’s untrue. The keys are generated on your device and Apple doesn’t have those stored. You need apple devices to grant access for another device as Apple doesn’t have your key. There’s other security holes where apple can generate new keys but that doesn’t change the fact that it is actually E2E encrypted.

        • Starmina@lemm.ee
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          1 year ago

          I don’t think it’s true as long as you don’t make iCloud Backups

        • bassomitron@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          1 year ago

          It’s full E2E encryption even without that turned on. However, just because something is encrypted doesn’t mean it’s secure, as you point out.

          Regardless, governments/organizations have gotten very good at finding vulnerabilities and exploiting them before academic and/or private sector security groups discover the same vulnerabilities, who will then go and publish their findings which eventually leads to them getting patched. As a side note: For anyone interested in some modern hacker/cybersecurity history, I recommend reading the book, Sandworm by Andy Greenberg. It’s pretty damn wild what it covers and that’s only a fraction of the modern state of global cyber warfare (and yes, just about the entire world has been engaged in what pretty much amounts to cyber warfare/espionage/sabotage for the last 10-15+ years).

    • Steeve@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      3
      ·
      1 year ago

      WhatsApp is already E2E encrypted, it always has been. There’s a circlejerk around here about “not true E2E!”, but that’s just straight up nonsense.

        • Steeve@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          1 year ago

          Name, service start date, last seen date, IP address, and email address, that’s it. Proof here. Everything Google and Apple also collect. If that’s a problem for you use Signal, not iMessage.

          • ᗪᗩᗰᑎ@lemmy.ml
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            1 year ago

            I get that, but Meta/Facebook has a massive track record of not giving a shit about its users. I wouldn’t recommend trusting them, they’ve shown their true colors many times over.

            • Steeve@lemmy.ca
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              You don’t have to trust them, you shouldn’t trust any of them, but your messages are encrypted nonetheless

  • linearchaos@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 year ago

    You bet it’s end to end and encrypted with my key and your key and our friends key the CIA’s key… Wait, what?

    /s… I hope

    • Polar@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Do you know what RCS all provides? because it provides a LOT of great features. I mean the biggest one is 105MB file sizes. I guess you can stick with your carrier limited MMS, which is usually set to 300KB. Or maybe you can pay for Discord Nitro to send more than 8MB files? How about Snapchat which is limited to 60 seconds video files? Perhaps Telegram, that limits your upload speed to a snail pace unless you buy Telegram Premium?

        • Polar@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          So how do you send quick photos and videos? Don’t tell me you’re the person that sends a link lol

          • 👍Maximum Derek👍@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            It doesn’t really come up since I use txts to talk to people.

            Why wouldn’t one use links? Everything is pushed to the cloud anyway. Uploading them again is a lot of extra power used for no gain.