Google Hangouts doesn't use end-to-end encryption

Google Hangouts doesn't use end-to-end encryption

If you're using Google Hangouts as your main messaging service, you might want to know that Hangouts doesn't use end-to-end encryption (E2EE), a must-have feature for messaging services in the post-Snowden world.

This was recently confirmed during a Reddit Ask Us Anything (AUA) session by Google's Richard Salgado, Director for Law Enforcement and Information Security, and David Lieber, Senior Privacy Policy Counsel.

As far as messaging services go, end-to-end encryption is a method of encrypting data so that only the sender and the recipient of a certain message can make sense of the data being transferred. The main thing to bear in mind is that the provider of an E2EE-encrypted messaging service cannot view the messages itself, as the data is encrypted and decrypted locally by the sender and the recipient.

While the service provider has access to the bits of information that are transmitted between the sender and the recipient, this data looks like complete gibberish without the encryption key. It's worth noting that Whatsapp, the largest messaging service in the world, uses end-to-end encryption, as does Apple's iMessage.

The two Google representatives confirmed that Hangouts only uses in-transit encryption, a method that prevents ISPs and telecom operators from peeking at the messages. Long story short, Google can intercept Hangouts conversations when ordered by law enforcement agencies and governments.
Google previously revealed that requests for user data coming in from governments across the globe rose one and a half times over the past five years, although the company did not break down the numbers by service.

相关推荐

Google engineer says he'll push for default end-to-end encryption in Allo

After Google’s decision not to provide end-to-end encryption by default in its new chat app, Allo, raised questions about the balance of security and effective artificial intelligence, one of the company’s top security engineers said he’d push for end-to-end encryption to become the default in future versions of Allo. Allo debuted with an option to ...

Google admits Hangouts doesn't use end-to-end encryption, opening the door for government wiretaps

If you’re really worried the government may be keeping tabs on your conversations, then you’d best avoid Hangouts. According to Motherboard, a Google representative confirmed that Hangouts conversations are only encrypted “in transit,” meaning after the message arrives at the intended recipient Google could access it if forced to do so by a government wiretap. The question ...

Google finally adds HSTS encryption to google.com

Google, known for its security practices, has finally brought HTTP Strict Transport Security (HSTS) to google.com to strengthen its data encryption. HSTS helps protect against eavesdroppers, man-in-the-middle attacks, and hijackers who attempt to spoof a trusted website. Chrome, Safari, and Internet Explorer all support HSTS. "HSTS prevents people from accidentally navigating to HTTP URLs by ...

Is Facebook making end-to-end encryption on Messenger opt-in only?

Facebook’s native chat is due to be silenced: Facebook’s reportedly going to kill it off, forcing users to instead use Messenger. Rumor has it that Facebook Messenger will also offer the option of end-to-end encryption sometime in the next few months. The Guardian, relying on input from three unnamed sources close to the project, earlier ...