this post was submitted on 08 Nov 2023
252 points (97.7% liked)
Technology
59428 readers
4396 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why not Signal protocol?
Google uses Signal protocol to handle E2E for RCS communication: https://arstechnica.com/gadgets/2021/06/google-enables-end-to-end-encryption-for-androids-default-sms-rcs-app/
The way I understand RCS (and that someone will correct me) is that it's similar to the OSI network stack. RCS is like the lower transport or network layer for routing messages between providers, so when you send a text on AT&T it can be delivered to a Verizon phone via RCS as opposed to SMS. Within the messages, the data can be encrypted using the Signal protocol to do the key exchange and whatnot necessary for the communication.
When you're sending an iMessage to someone, it's not going through the cell provider and instead using the data connection to send the message to Apple who delivers the message. When iMessage falls back to SMS, that is going through the cell carrier, and had technical limitations RCS tries to resolve, including not being encrypted. Realistically, having this fallback not be over SMS but via RCS is the only option, since apple will never get rid of iMessage. Short of legislation, once Verizon or AT&T announces they're going to stop supporting SMS, that'll be when Apple takes RCS seriously, because there will be no other option.
Google SAYS they use the Signal protocol.
Without open-source applications, you have to trust these companies to do the right thing when they can track you and make money from it in every single step of the way. Same goes for Meta with Whatsapp.
Isn't this trivial to check by decrypting network traffic sent from a device? Security researchers probably already tried to find any flaw they could.
And to add to this, Google published a technical overview for signal implementation in RCS: https://www.gstatic.com/messages/papers/messages_e2ee.pdf
Knowing Apple, the other option will be to not allow users to message people who don't have an iPhone.
Why don't we just skip the additional middleman and fo straight through Signal
I truly wish carriers would ditch SMS/MMS already.
Me too. They should move to a new system, we could call it Rich Communication Standard (RCS) or something.
Signal protocol only encrypts things, it doesent deliver them
I don't have a problem with the delivery companies delivering encrypted text. Its when they insist on participating in the "decryption process" that one has to put their foot down.