• sem@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    2
    ·
    18 days ago

    It could be end to end encrypted and safe on the network, but if Google is in charge of the device, what’s to say they’re not reading the message after it’s unencrypted? To be fair this would compromise signal or any other app on Android as well

    • mosiacmango@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      9
      ·
      edit-2
      18 days ago

      That’s a different threat model that verges on “most astonishing corporate espinoage in human history and greatest threat to corporate personhood” possible for Google. It would require thousands if not tens of thousands of Google employees coordinating in utter secrecy to commit an unheard of crime that would be punishable by death in many circumstances.

      If they have backdoored all android phones and are actively exploting them in nefarious ways not explained in their various TOS, then they are exposing themselves to ungodly amounts of legal and regulatory risks.

      I expect no board of directors wants a trillion dollars of company worth to evaporate overnight, and would likely not be okay backdooring literally billions of phones from just a fiduciary standpoint.

      • circuitfarmer@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        1
        ·
        18 days ago

        It would require thousands if not tens of thousands of Google semployees coordinating in utter secrecy

        This is usually used for things like the Moon Landing, where so many folks worked for NASA to make it entirely impossible that the landing was faked.

        But it doesn’t really apply here. We know for example that NSA backdoors exist in Windows. Were those a concerted effort by MS employees? Does everyone working on the project have access to every part of the code?

        It just isn’t how development works at this scale.

        • Pips@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          3
          ·
          18 days ago

          Ok but no one is arguing Windows is encrypted. Google is specifically stating, in a way that could get them sued for shitloads of money, that their messaging protocol is E2EE. They have explicitly described how it is E2EE. Google can be a bad company while still doing this thing within the bounds we all understand. For example, just because the chat can’t be backdoored doesn’t mean the device can’t be.

          • rottingleaf@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            18 days ago

            Telegram has its supposedly E2EE protocol which isn’t used by most of Telegram users, but also there have been a few questionable traits found in it.

            Google is trusted a bit more than Pavel Durov, but it can well do a similar thing.

            And yes, Android is a much larger heap of hay where they can hide a needle.

        • rottingleaf@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          18 days ago

          This is usually used for things like the Moon Landing, where so many folks worked for NASA to make it entirely impossible that the landing was faked.

          I think it’s also confirmed by radio transmissions from the Moon received in real time right then by USSR and other countries.

      • rottingleaf@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        18 days ago

        How do spyware services used by nation-state customers, like Pegasus, work?

        They use backdoors in commonly used platforms on an industrial scale.

        Maybe some of them are vulnerabilities due to honest mistakes, the problem is - the majority of vulnerabilities due to honest mistakes also carry denial of service risks in widespread usage. Which means they get found quickly enough.

        • mosiacmango@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          18 days ago

          So your stance is that Google is applying self designed malware to its own services to violate its own policies to harvest data that could bring intense legal, financial and reputational harm to it as an org it was ever discovered?

          Seems far fetched.

          • rottingleaf@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            18 days ago

            Legal and financial - doubt it. Reputational - counter-propaganda is a thing.

            I think your worldview lags behind our current reality. I mean, even in 30-years old reality it would seem a bit naive.

            Also you’ve ignored me mentioning things like Pegasus, from our current, not hypothetical, reality.

            • mosiacmango@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              18 days ago

              So yes.

              You think a nearly trillion dollar public company has an internal division that writes malware against flaws in its own software in order to harvest data from its own apps. It does this to gain just a bit more data about people it already has a lot of data on, because why not purposely leave active zero days in your own software, right?

              That is wildly conspiratorial thinking, and honestly plain FUD. It undermines serious, actual privacy issues the company has when you make up wild cabals that are running double secret malware attacks against themselves inside Google.

              • rottingleaf@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                18 days ago

                You think a nearly trillion dollar public company has an internal division that writes malware against flaws in its own software in order to harvest data from its own apps. It does this to gain just a bit more data about people it already has a lot of data on, because why not purposely leave active zero days in your own software, right?

                You think you are being the smart one here?

                No, that’s not what I said. Also cypherpunks and other hobbyists are not that much smarter than corporations and nation-states, to be the only ones to think about plausible deniability.

                For example, the whole Windows sources have been given officially for various 3-letter agencies of various countries (Russia included) to study, and of course there are vulnerabilities with the size of such codebase. MS might not have left obvious backdoors and informed FSB of them, but it has given interested parties the ability to find those themselves, which is only a question of work, or maybe make tampered versions of DLLs and what not easier.

                Also they are legally obligated to silently comply with a lot of things.

                That is wildly conspiratorial thinking, and honestly plain FUD.

                WhatsApp and Facebook (before it bought WhatsApp) have both done this, Telegram has done this, MS has done this, even Apple has done this.

                when you make up wild cabals that are running double secret malware attacks against themselves inside Google.

                You made that up, not me. Should have tried to read what you are being told first.