Comment by dtpro20
1 day ago
To call it lying is just arguing about the meanings of words. This is literally what lawyers are paid to do. The data payload can be called end to end encrypted. You can easily say to the user that "your emails are encrypted from end to end, they are encrypted before it leaves your computer and decrypted on the receivers computer" without talking about how your key server works.
Systems that incorporate a method to allow unlocking using multiple keys don't usually advertise the fact that this is happening. People may even be legally obligated to not tell you.
Well Wikipedia says this about E2E:
“End-to-end encryption (E2EE) is a method of implementing a secure communication system where only communicating users can participate. No one else, including the system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to read or send messages.”
So if you send another set of keys to someone else, it’s obviously not E2E.
This is a high level description of intent (by a third party), not a legal promise.
This is not enforceable and promises that are not enforceable are usually seen by BigCos of today as optional. My 2c.
Well I wasn’t saying I would sue them, I was arguing this:
> It is possible to set up end to end encryption where two different keys unlock your data. Your key, and a government key. I assume google does this.
Which by definition is wrong (unless the government is a party in the communication you want to E2E-Encrypt).
2 replies →
> To call it lying is just arguing about the meanings of words.
Or, as us lowly laypeople call it, lying.
TIL man in the middle = e2e encryption.
E2E encryption is not the same as MITM. You’re not adding anything useful to the conversation.
E2E encryption is not vulnerable to MITM. E2E encryption is vulnerable only to how many keys there are and who has access to them.
If someone except the communicating parties has access to the keys, it’s not E2E encrypted anymore though. At least according to this definition:
https://en.wikipedia.org/wiki/End-to-end_encryption
SO if google still has access in an E2E system, but you didnt know, is it still E2E?
What if google told you they also have a key? Does that change the above answer to the question?