Comment by marcprux
1 day ago
> My assumption is that Google has keys to everything in its kingdom
If that were true, then their claims to support E2E encrypted backups are simply false, and they would have been subject to warrants to unlock backups, just like Apple had been until they implemented their "Advanced Data Protection" in 2022.
Wouldn't there have been be some evidence of that in the past 7 years, either through security research, or through convictions that hinged on information that was gotten from a supposedly E2E-protected backup?
It is possible to set up end to end encryption where two different keys unlock your data. Your key, and a government key. I assume google does this.
1. encrypt data with special key 2. encrypt special key with users key, and 3. encrypt special key with government key
Anyone with the special key can read the data.the user key or the government key can be used to get special key.
This two step process can be done for good or bad purposes. A user can have their key on their device, and a second backup key could be in a usb stick locked in a safe, so if you loose your phone you can get your data back using the second key.
"…two different keys…. Your key, and a government key. I assume google does this."
With the present state of politics—lack of both government and corporate ethics, deception, availability of much fake news, etc.—there's no guarantee that you could be certain of the accuracy of any information about this no matter what its source or apparent authenticity.
I'd thus suggest it'd be foolhardy to assume that total privacy is assured on any of these services.
BTW, I don't have need of these E2E services and don't use them, nor would I ever use them intentionally to send encrypted information. That said, occasionally, I'll send a PDF or such to say a relative containing some personal info and to minimize it being skimmed off by all-and-sundry—data brokers, etc. I'll encrypt it, but I always do so on the assumption that government can read it (that's if it's bothered to do so).
Only fools ought to think otherwise. Clearly, those in the know who actually require unbreakable encryption use other systems that are able to be better audited. If I were ever in their position, then I'd still be suspicious and only out of sheer necessity/desperation would I send an absolute minimum of information.
Yes. There is no ability to know one way or the other if Google, and similar services retain a secondary way to access decryption key. In light of this the only option is to _assume_ they have the capability.
Given the carefully crafted way companies describe their encryption services, it seems more likely than not they have master keys of some sort.
> …there's no guarantee that you could be certain of the accuracy of any information about this no matter what its source or apparent authenticity.
In any case like this, the only thing you could truly trust would be the source code and even then you’d have to be on the lookout for backdoors, which would definitely be beyond my own capability to spot.
In other words, the best bet is to probably only use open source solutions that have been audited and have a good track record, wherever available. Not that there are that many options when it comes to mobile OSes, although at least there are some for file storage and encryption.
2 replies →
> I don’t care for encryption or need it
> encrypts a pdf sent to tech illiterate family members
2 replies →
E2EE means only your intended recipients can access the plaintext. Unless you intend to give the government access to your plaintext, what you described isn’t E2EE.
Is that google's definition or your definition? not being rude, but its pretty easy to get tricky about this.
Since you are sending the data to google, isn't google an intended recipient? Google has to comply with a variety of laws, and it is likely that they are doing the best they can under the legal constraints. The law just doesn't allow systems like this.
9 replies →
> E2EE means only your intended recipients can access the plaintext.
No, it does not. It means that only endpoints - not intermediaries - handle plaintext. It says nothing about who those endpoints are or who the software is working for.
Key escrow and E2EE are fully compatible.
11 replies →
Yes, but going by that, most messaging services advertised as "E2EE" are already not E2EE by default. You trust them to give you the correct public keys for peer users, unless you verify your peers in-person. Some like iMessage didn't even have that feature until recently.
Manufacturers have lied about E2EE since the beginning. Some claim that having the key doesn't change that it's e2ee. Others claim that using https = e2ee, because it's encrypted from one end to the other, you see? (A recent example is Anker Eufy)
The point is that the dictionary definition of E2EE really doesn't matter. Being pedantic about it doesn't help. The only thing that matters is that the vendor describes what they call E2EE.
Google intends you and the government as recipients of data here.
Sure is - three ends - you, the intended recipient, and the government.
I expect this is what they are all doing tbh, although isnt google open source? should be checkable, if the binaries the distribute match the source... oh...
"a special key" afaik is where instead of using 2 large primes for a public key, it uses 1 large prime and the other is a factor of 2 biggish primes, where 1 of the biggish is known, knowing one of the factors lets you factor any public key with a not insignificant but still more compute than most people have access to.
UK has also invested in some serious compute that would appear dedicated to exactly this task.
basically if you dont have full control over the key generation mechansim and enc/dec mechansim it is relatively trivial for states to backdoor anything they want.
Would that still count as E2E-encrypted if another party has access? That would still count as lying to me.
To call it lying is just arguing about the meanings of words. This is literally what lawyers are paid to do. The data payload can be called end to end encrypted. You can easily say to the user that "your emails are encrypted from end to end, they are encrypted before it leaves your computer and decrypted on the receivers computer" without talking about how your key server works.
Systems that incorporate a method to allow unlocking using multiple keys don't usually advertise the fact that this is happening. People may even be legally obligated to not tell you.
8 replies →
That depends on the definition of "end".
2 replies →
Is the source code for every binary blob present on an Android device available for inspection, and is the code running on every Android device verifiable as having been built from that source?
> or through convictions
If they wanted to use this evidence for a normal criminal case, they would just do parallel construction.
It's worth noting that what the security services don't have access to is as secret as what they do have access to. According to the late Ross Anderson, for many years the police were unable to trace calls (or was it internet access?) on one of the major UK mobile networks, because it had been designed without that and in such a way that it was hard to retrofit. This was considered highly confidential, lest all the drug dealers etc switch to that network.
Would it be possible that they feel that the revelation of this backdoor would be too big of a loss so that any of these theoretical cases of the past 7 years have used parallel construction to avoid revealing the encrypted data was viewed?
That’s a big and brittle conspiracy. You have to have little to no defectors. It’s not a stable equilibrium
> Wouldn't there have been be some evidence of that in the past 7 years, either through security research, or through convictions that hinged on information that was gotten from a supposedly E2E-protected backup?
I wouldn't count on it. The main way we'd know about it would be a whistleblower at Google, and whistleblowers are extremely rare. Evidence and court records that might expose a secret backdoor or that the government was getting data from Google that was supposed to be private could easily be kept hidden from the public by sealing it all away for "national security reasons" or by obscuring it though parallel construction.
People are incredibly bad at keeping secrets. And there are a LOT of people at Google. I don’t buy it.
There were a lot of people working for the NSA besides snowden, but none of them blew the whistle even though some of the programs he exposed had been around for 12 years. There were a whole lot of people working at AT&T but employees weren't lining up to tell us about Room 641A (https://en.wikipedia.org/wiki/Room_641A) before Mark Klein. How did everyone else manage to be kept quiet? The details about MKUltra and the Manhattan Project were successfully kept a secret for decades before eventually being declassified.
It'd be a huge mistake to look at the instances where somebody did come forward and spill a secret and assume that it means secrets aren't possible to keep or that there are no secrets being kept right now. It's may not be easy to keep a secret, but governments and corporations are extremely well practiced and have many documented successes.
1 reply →
That’s why Rule #1 of Security, is limit access; regardless of clearance.
Which explains why there’s all these security levels above “Top Secret,” which is really just a baseline.
Google can just borrow a certified encryption library elsewhere.
I don't know the particulars, but in general, silence around a massive tech company on warrants does not mean "they said no and the feds decided to leave them alone"
A trivial method for circumventing code review is to simply push a targeted update of the firmware to devices subject to a government search order.
There are no practical end-user protections against this vector.
PS: I strongly suspect that at least a few public package distribution services are run by security agencies to enable this kind of attack. They can distribute clean packages 99.999% of the time, except for a handful of targeted servers in countries being spied upon. A good example is Chocolatey, which popped up out of nowhere, had no visible source of funding, no mention of their ownership structure anywhere, and was incorporated along with hundreds of other companies in a small building in the middle of nowhere. It just screams of being a CIA front, but obviously that's hard to prove.
The end user protection is to sign updates and publish the fingerprints. It should not be possible for one device to get a different binary than everyone else.
> Chocolatey, which popped up out of nowhere
Chocolatey assuredly did not "pop up out of nowhere" - it was a labour of love from Rob Reynolds to make Windows even barely usable. It likely existed for years before you ever heard of it.
> had no visible source of funding
Rob was employed by Puppet Labs to develop it until he started the commercial entity which now backs it.
> a small building in the middle of nowhere.
As I recall, Rob lives in Topeka, Kansas. It follows that his business would be incorporated there, no?
There was no evidence of any of this on the website until recently (maybe 2 or 3 years ago?), and I did look at every page on there. Similarly, I searched on Google for a while and raised the question in more than a few forums. I dug through the business registration records, etc... and found none of the above.
Sure, now, they have staff photos and the actual names of people on their about page, but just a few years ago it was almost completely devoid of information: https://web.archive.org/web/20190906125729/https://chocolate...
Look at it from the perspective of a paranoid sysadmin half way around the world raising a quizzical eyebrow when random Reddit posts mention how convenient it is, but it's distributing binaries to servers with absolutely no obvious links back to any organisations, people, or even a legitimate looking business building.
[dead]
[dead]