Comment by Galanwe
11 days ago
I used to work for a well known communication app, the kind everyone here used. Couple things I learnt about "end to end encryption":
- You can call your service e2e encrypted even if every client has the same key bundled into the binary, and rotate it from time to time when it's reversed.
- You can call your service e2e encrypted even if you have a server that stores and pushes client keys. That is how you could access your message history on multiple devices.
- You can call your service e2e encrypted and just retrieve or push client keys at will whenever you get a government request.
I just set it up e2e on Ring last week. It generates the a key and a word list (for backup) on your phone. You have to physically be in vicinity of the Ring camera to activate encryption on the camera. My impression is that Ring is truly offering a version of video collection which they can't access.
But I think your third point is valid, there is nothing stopping Ring from telling the app to share a user's keys and then give them to whoever is asking.