Following a Reddit AMA on government surveillance, Google has admitted that while it does encrypt Hangouts conversations, it does not use end-to-end encryption, meaning the company itself can tap into those sessions when it receives a government court order requiring it to do so. This contrasts with the end-to-end encryption used by some services, like Apple’s FaceTime, which cannot be tapped even by the company offering the service.
Wait, you mean to tell me large technology companies are shady and nebulous for PR reasons?
Surely that can’t be true, right? Why would they lie?
This is still newsworthy?
Business as usual. Of course, sane businesses are moving out of the U.S (go dropbox!)
And out of France too, thanks to out new “Patriot Act”
So I need to switch away from Gandi now too?
Dunno, they’re planning to move this service to Luxembourg in a planned middle term, here some explanations on how the new law will affect net neutrality and transparency :
http://www.lebardegandi.net/post/2015/04/17/Comment-la-loi-sur-le-r…
It sounds like they’re really doing their best: http://www.gandibar.net/post/Hosting%2C-Surveillance%2C-and…
It seems this protest site only works for French residents: http://sous-surveillance.fr/
About the proposed French law: http://www.gandibar.net/post/France-puts-forward-a-new-surveillance…
It’s all fun considering all started from the 7th of January’s terrorist attack upon Muhammad’s caricaturists from Charlie Hebdo.
Our prime minister recognized publicly there had been flaws in the police protection of the group (while they knew they were death threatened, they even decreased the protection time after time).
Solution adopted : put everyone under surveillance instead to increase protection of people threatened. No wonders why taxes are so high in France. Politics are beyond belief here.
It reminds me 2003 with the super hot summer’s heat wave that killed so many elders. The government recognized the lack of preparation (even though the weather reports warned) thus they blamed the citizens by making them loose one public holiday to increase the share for retired people.
Yet retirement annuity is rather ridicule here, even though you work your whole life, especially in agriculture. Many old people are below poverty threshold. Yet all politics are really wealthy, thanks to mandate cumulation.
So, regarding our past and the way politics ‘handle’ problems, it ALWAYS ends on citizens’ back to cover our government’s flaws. But you, as a hard worker, do something back just once, you’ll get fired with no mercy.
It’s just that our national motto is “Liberty, equality, brotherhood” but it had never been so far from the truth. Citizens are more and more raging and growling, I bet the government has set up this new law to get a better control over protestations under the fallacy of ‘terrorism’ and ‘public order disturbance’.
It looks like Egyptian’s spring revolution where the Internet has been shut off to prevent the news from spreading.
It is starting, I bet.
AFAIK they always said it just uses transport encryption and have been open about that.
I have never seen any claims otherwise. Any links?
This is really weak and stupid news.
Real encryption is hard. And if you don’t control the keys it is unsecure PERIOD. Guess who controls the Imessage keys?
First of all if you want to have real encryption you’ll have to be able to validate who you are talking to prevent man-in-the-middle attacks by the service provider (Google Hangouts).
Try coming up with a way to do that for something like Google Hangout and make it simple to use and quick to get started. No easy task.
The problem here is much worse than Facetime, but Google Hangout supports multiple users: encryption with multiple parties is even harder.
Because one person has that ‘big screen’, others all have ‘smaller screens’ in Google hangout.
So the person with the big screen is the person talking. You need to send that data to all other users you’ll quickly use a lot of bandwidth. Especially if there are a lot more users than just 3 or 4. But the encryption is fairly easy in this case. You just have a one to one (peer 2 peer) session key. You need to do encryption of the video for every single viewer.
If you don’t want to do that you’ll have to come up with an other solution.
That will mean creating some kind of shared session key.
So a lots more complicated system and more ways to get it wrong.
I agree that providing end-to-end encryption is not a trivial task, however I would say it is managable. Several apps that are available for quite some time now have shown ways to do it.
Encrypting for multiple parties however was solved a long time ago. Never sent an email with PGP to several recipients?
OK, I looked up how PGP does it, but it depends on solving the first problem.
Really sorry, but I’ve not seen any app solve it where the user can verify the identity of the other person they talk to.
Which app do you think has solved it ? Would love to know. Proving who you are is hard online.
Edited 2015-05-13 13:51 UTC
Lennie,
If you know someone in person, then obviously the most logical way to exchange keys would be in person. This never became popular but there used to be keysigning parties for this very purpose.
However there are other possibilities when you haven’t exchanged keys beforehand. Jitsi for one does this by having parties verify a code across a video/voice over IP channel. I think it uses a diffie hellman algorithm. So while a man-in-the-middle attack could impersonate both ends of the channel, the person reading the code to the other side would reveal to the other side that the encrypted channel is using the wrong keys. In order to forge this type of authentication, the man-in-the-middle would have to fake the video & voice of the person in real time without creating suspicion.
Alas, the Jitsi client is very buggy and crashes frequently when it works at all. So I wouldn’t be surprised if it had exploitable vulnerabilities, but the concept is sound.
People do still do key-singing parties, here is one from today:
https://ripe70.ripe.net/programme/social-events/wednesday/
I like the Jitsi idea.
Not sure how secure this will end up to be in the future, but at least it is a new system which will take attackers time to work on new attacks for it. 🙂
Only thing I know comes close in theory to being secure is:
– I own my own domain-name and I have the ability to set up my own infrastructure
– Mozilla is has Persona which validated email addresses
– and is working on this WebRTC draft: https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-11
– https://bugzilla.mozilla.org/show_bug.cgi?id=901261
If they puts your validated email address in the browser UI that would be pretty secure.
Now if ‘everyone’ uses gmail addresses then this is obviously totally useless. Because it would end up something like: gmail confirms you aren’t being attacked by Google Hangouts.
But it’s a system that could work for companies if you want to prove the person at least has a company email addresses.
Edited 2015-05-13 19:29 UTC
Lennie,
Using standard crypto techniques, you could encrypt the main stream using a block cipher, and then further encrypt the master keys for use by individual decoders (similar to what was done with DVDs+CSS). This would would particularly well with public key encryption where all parties have each other’s public keys stored in an address book. Then everyone who is authorized to see the stream can decrypt the master key using their private key.
The encrypted stream could be stored/forwarded by google’s services without google being able to decrypt it. Alternately the stream could be distributed or even remuxed in a P2P network comprised of authorized peers.
IMHO the real issue isn’t technical, rather google does not actually want it to be solved. As Flatland Spider put it “Companies can’t run their value add services without decrypting the data.” Google’s core business model depends on mining our data, therefor doing end to end encryption right would be the worst thing they could do to themselves.
Also, we don’t actually know that FaceTime does end-to-end encryption. It’s really difficult and involved to do so if you want it to be actually secure and not just “secure enough for marketing”.
We just have to take Apple’s word for it and that might not actually mean much to level-headed people.
The EU better launch an investigation into Apple.
I’m waiting for them to admit that they’re nowhere near as good of quality as Facetime.
Even with Google branded phones (Nexus 5) on wifi the video looks like garbage compared to Facetime.
“This contrasts with the end-to-end encryption used by some services, like Apple’s FaceTime, which cannot be tapped even by the company offering the service.”
How do they know that FaceTime actually does use end-to-end encryption? Closed-source secret development can do whatever it wants, and Apple is certainly not above lying to its customers either.
So… Searching in GMail will actually yield results from your hangouts conversations too.
It’s clear it uses server based storage (sessions are remembered across logins, across browsers), and you don’t have to re-enter your not-shared-with-Google key in each of them, right?
If you don’t trust Google to do the right thing, then gpg your messages through it.
What doesn’t make sense is saying alternative X is better because it implements end to end encryption, unless X is open source and you can trust the code and build/distribution chain.
For end-to-end encryption of chat/voice/video with an easy setup, see the newly announced Ring from Savoir Faire Linux: http://www.ring.cx/
Open Source (GPL v3), it uses peer-to-peer encrypted connections similar to bittorrent and tor. See this blog post for more details: http://blog.savoirfairelinux.com/en/2015/ring-ultimate-privacy-and-…
Of course it doesn’t use end-to-end encryption. Encrypted links are point-to-point links by their nature, and Google wouldn’t be able to use load balancers or be able to multiplex video streams if they used end-to-end encryption.
I had this conversation with a programming intern about two years ago, maybe longer. There has to be some place where then encryption is terminated. Most of the time it’s a load balancer in front of the servers, and after that the data is unencrypted while it goes through their servers. Companies can’t run their value add services without decrypting the data. Their server can’t be audited, so the most secure way to provide services is to host them on boxes that are personally owned and housed in an access controlled datacenter.
Recently we discussed this problem with some friends. Given almost all communication methods are “insecure”, we tried to come up with a solution that would work, and would be easy to use. Unfortunately this does not seem to be an easy task.
1. The first problem is building an actual client that will work on multiple platform (at least Android, and iOS). There are existing open source applications based on Jabber protocol. However they seemed to be very resource hungry, and did not practically work.
2. The second problem is hosting the service. For obvious reasons, you cannot host it on a cloud provider. Yet, having a dedicated machine at home would be costly, and introduces a single point of failure.
3. The distribution of keys is not easy either. I’m skipping it since it is mentioned in other comments.
4. Having an actual phone that you can trust. There was an article on OSNews, where the baseband OS on all phones is more or less the “master”, and your actual OS (iOS/Android) is running in an controlled environment. Since the phone can potentially be remotely accessed, this makes it almost impossible to trust it for this purpose.
We basically gave up after that point.
(Disclaimer: This was a brainstorming session, outside of my work).
Edited 2015-05-17 14:24 UTC