Comment by hilbert42
20 hours ago
"…two different keys…. Your key, and a government key. I assume google does this."
With the present state of politics—lack of both government and corporate ethics, deception, availability of much fake news, etc.—there's no guarantee that you could be certain of the accuracy of any information about this no matter what its source or apparent authenticity.
I'd thus suggest it'd be foolhardy to assume that total privacy is assured on any of these services.
BTW, I don't have need of these E2E services and don't use them, nor would I ever use them intentionally to send encrypted information. That said, occasionally, I'll send a PDF or such to say a relative containing some personal info and to minimize it being skimmed off by all-and-sundry—data brokers, etc. I'll encrypt it, but I always do so on the assumption that government can read it (that's if it's bothered to do so).
Only fools ought to think otherwise. Clearly, those in the know who actually require unbreakable encryption use other systems that are able to be better audited. If I were ever in their position, then I'd still be suspicious and only out of sheer necessity/desperation would I send an absolute minimum of information.
Yes. There is no ability to know one way or the other if Google, and similar services retain a secondary way to access decryption key. In light of this the only option is to _assume_ they have the capability.
Given the carefully crafted way companies describe their encryption services, it seems more likely than not they have master keys of some sort.
> …there's no guarantee that you could be certain of the accuracy of any information about this no matter what its source or apparent authenticity.
In any case like this, the only thing you could truly trust would be the source code and even then you’d have to be on the lookout for backdoors, which would definitely be beyond my own capability to spot.
In other words, the best bet is to probably only use open source solutions that have been audited and have a good track record, wherever available. Not that there are that many options when it comes to mobile OSes, although at least there are some for file storage and encryption.
Obviously, that's the ideal course of action but I'd reckon that in practice those who would have both a good understanding of the code as well as the intricacies/strengths of encryption algorithms and who also have need to send encrypted messages is vanishing small—except perhaps for some well-known government agencies.
Just because something you do today is legal and not a cause for scrutiny does not mean the same will be true tomorrow.
We have seen this many times throughout history, where people like academics, researchers, teachers, people of particular faith, etc are targeted and each of them has some sort of “evidence” produced as to some sort of crime they have committed either in the present or past to justify their arrest.
The group who needs it today may be small, but having it on and secure by default for all is a far better protection than any justification that the current need is small.
> I don’t care for encryption or need it
> encrypts a pdf sent to tech illiterate family members
From where did you get both 'care' and 'illiterate' — words that I never used?
Not only have you misquoted me, but also you've attempted to distort what I actually said by changing its inference.