86
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 17 Feb 2024
86 points (100.0% liked)
technology
23313 readers
29 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 4 years ago
MODERATORS
When this comes out, turn rcs off. It’s not e2ee unless you’re using googles server.
rcs is a replacement for text messaging which has always been plaintext
You’re right!
Rcs doesn’t have any encryption by default unless you’re using the google rcs server.
For people that would be affected by this, ios users, the understanding that imessages are secure is very wide ranging. And it’s a correct understanding as far as those things tend to go. Few ios users know what rcs is but once support gets rolled out I imagine that understanding will be some variation of “android imessage” with the implicit assumption of security.
So my statement that rcs isn’t secure and that users should disable this if they’re able as soon as it rolled out wasn’t intended to get people to switch back to old insecure sms, but to make sure that they don’t see the new purple bubbles and assume they can speak freely.
Ios users think iMessage is secure?
Yeah, it’s a big part of the onboarding stuff when you make an account. It’s also in advertising and stuff.
They’re generally right too because the kind of mitm attacks that police or others make against texting with either stingray-likes or subpoenaed carriers are defeated by the encryption. It made the news some years ago even.
E: I had a little time to double check myself on this one and foiad training documents from the fbi showed that for both google rcs (not other rcs servers) and imessages they had to get warrants for the google cloud or icloud services the messages were backed up on instead of just using “normal” wiretapping methods in order to get the contents.
It is possible to turn off google cloud and icloud backup of messages, and that’s the smart way to go with it in my opinion.
If it's possible for the cloud service to comply with a warrant it's not correctly implemented end to end encryption.
That’s a great point, and while it’s generally frowned upon to use Wikipedia as a source, I’m not fucking digging through a bunch of crap to post a wall of links on a lib as we would normally do, both because I’m lazy and because you’re not a lib. To that end I’d like to direct you towards the modern usage and Compliance and regulatory requirements for content inspection sections of the Wikipedia article on end to end encryption.
The long and the short of it is that the language around e2ee is muddied now and sometimes a company is offering a service that would be illegal or prohibitively difficult to feature e2ee on in the state its operating in, and that’s important to know.
The point of my original comment way up there in our reply chain was that the default position of an ios user concerned about security should be “turn it off” with regards to rcs because the security posture of most users is to trust imessages and not to trust anything else, it would be too easy to say “ah ha, I can get android style imessages now!” under the assumption of some degree of feature parity including encryption and there is no guarantee that any old rcs message is encrypted. An ios user who turns off rcs will assume that the messages are insecure and will be more likely to have a safer set of interactions than if they trust the transportation layer security of the content which is ambiguously communicated, not communicated or communicated erroneously.
I’m actually pretty confident that the coming rcs implementation won’t be like that, but like you my default position is one of mistrust.
I'm quite a bit more doomer about security than that. An iOS user truly concerned about security should sell their iphone, get an old pre-Intel Management Engine laptop or something, install libreboot and linux, and manually encrypt all their emails with GPG. An iOS user only somewhat concerned about security should look into dedicated secure messaging apps made by companies or groups not subject to their own jurisdiction's laws. The casual iOS user who believes Apple marketing should just leave rcs on to make things that tiny bit more complicated for the world's various intelligence services.
That’s the point I was making though, there’s no guarantee that rcs would make things more complicated for the various intelligence services and a distinct (though, like I said, not my expectation) possibility that it would actually make things easier for them even if one of the encryption supporting rcs services isn’t actively collaborating with law enforcement.
It’s like opening a second loading bay door and suggesting it’ll make things more complex for intruders.
Some of the decisions around apples stuff are actually providing more security than just security through obscurity. Consider what we’re talking about: there’s the security of icloud and that’s it. You either have encrypted messages or plain old sms. The system communicates that to the user very clearly. Even if the system communicated the security of rcs communications as clearly as it does with imessage and sms, that’s still another thing for the user to screw up, another service for law enforcement to put the screws to.
At some point being able to say to people in a really clear way that this is secure, and the other thing isn’t is way better than having some weird in between added in.
We’re kinda chasing each other around a tree and missing the forest though, if the last few years are any indication they’ll just gobble up the push notifications and use them to establish probable cause to arrest then apply the rubber hose until you give up the passcode anyway.
Yup. Just do what I do and pass out encryption keys to everyone I text so they can decrypt the SMS messages I encrypt before sending.
Unfortunately I haven't been able to get my parents to encrypt the SMS they send me😔
Pgp for texts