E2EE means only your intended recipients can access the plaintext. Unless you intend to give the government access to your plaintext, what you described isn’t E2EE.
Is that google's definition or your definition? not being rude, but its pretty easy to get tricky about this.
Since you are sending the data to google, isn't google an intended recipient? Google has to comply with a variety of laws, and it is likely that they are doing the best they can under the legal constraints. The law just doesn't allow systems like this.
> E2EE means only your intended recipients can access the plaintext.
No, it does not. It means that only endpoints - not intermediaries - handle plaintext. It says nothing about who those endpoints are or who the software is working for.
No, it is not. This is precisely why we have the term E2EE. An escrow agent having your keys but pinky promising not to touch them is indistinguishable from the escrow agent simply having your plaintext.
Unless you’re fine with the escrow agent and anybody they’re willing to share the keys with being a member of your group chat, in which case my original point still stands.
Manufacturers have lied about E2EE since the beginning. Some claim that having the key doesn't change that it's e2ee. Others claim that using https = e2ee, because it's encrypted from one end to the other, you see? (A recent example is Anker Eufy)
The point is that the dictionary definition of E2EE really doesn't matter. Being pedantic about it doesn't help. The only thing that matters is that the vendor describes what they call E2EE.
Yes, but going by that, most messaging services advertised as "E2EE" are already not E2EE by default. You trust them to give you the correct public keys for peer users, unless you verify your peers in-person. Some like iMessage didn't even have that feature until recently.
mu53|1 year ago
Since you are sending the data to google, isn't google an intended recipient? Google has to comply with a variety of laws, and it is likely that they are doing the best they can under the legal constraints. The law just doesn't allow systems like this.
brookst|1 year ago
gtirloni|1 year ago
You're discussing encryption in transit vs encryption at rest in this thread.
fc417fc802|1 year ago
No, it does not. It means that only endpoints - not intermediaries - handle plaintext. It says nothing about who those endpoints are or who the software is working for.
Key escrow and E2EE are fully compatible.
barsonme|1 year ago
Unless you’re fine with the escrow agent and anybody they’re willing to share the keys with being a member of your group chat, in which case my original point still stands.
prophesi|1 year ago
Wild to see someone on HN even entertain this idea.
tredre3|1 year ago
The point is that the dictionary definition of E2EE really doesn't matter. Being pedantic about it doesn't help. The only thing that matters is that the vendor describes what they call E2EE.
hot_gril|1 year ago
GoblinSlayer|1 year ago
immibis|1 year ago