Always assume Google is stealing all your data possible
Of course they do.
And if they don't, someone else does.
Google software is not secure, nor are they interested in preserving anyone's privacy against third parties or honoring their own terms about data sharing.
Your shit is everywhere.
If you login with Google on your phone with an OS made by Google then you can expect ALL the content on that phone to be potentially at least processed by that company which might including sending back data in some form.
That's not just Google or Microsoft, it's any operating system. The OS can see everything you can see and more. If you do not trust the maker of the OS then you have a problem that no application ran by that OS can solve. encryption in all its forms, e.g. encrypted disk, E2EE or homomorphic encryption do not matter if you are on an "end" (e.g. your phone or desktop) that you do not trust.
As the Messages RCS implementation is supposedly E2EE from device to device; No. It is not possible that a log of your messages' contents are being kept.
Can it stop them from storing your encrypted messages to decrypt later if law enforcement should be able to confiscate your phone and extract the encryption key? Also No. It is not possible for E2EE to prevent "Store ciphertext and decrypt later" attacks.
It also cannot prevent companies from logging who you are conducting an encrypted conversation with; even if the contents cannot be seen and this information cannot be used to infer anything about the contents. It cannot stop companies from making inferences about your messaging activity due to timing of messages sent or who they are sent to.
If these kinds of attacks are on your threat model; you need to ensure you are not sending messages or information via electronic means via your phone to begin with, wherever possible.
It is absurd to assume that they have backdoored the RCS protocol without proof or evidence. This isn't saying it's a verifiably secure or private protocol; but I think you could trust an E2EE RCS message for long enough to help you get someone else onboarded on to Signal or another more properly encrypted messenger without needing to worry about being put on a watch list. I would trust it with my grocery list or trivial communications with family; even if I wouldn't trust it with my truly personal or private conversations.
Yep.
Short answer: Yes
I know that SMS and MMS text messages are transmitted unencrypted, but are RCS text messages different? Serious question.
MMS is not a text message, it's a media message (that's what the M stands for).
Yes, RCS chats are encrypted (supposedly)
MMS is not a text message, it’s a media message (that’s what the M stands for).
See, that's interesting because I was always taught that "text message" is just an overarching term used to describe SMS and MMS. The notion that a text message is a synonym of SMS and only SMS is a new one to me!
Yes, RCS chats are encrypted (supposedly)
Good to know! Do you happen to know if the decryption keys are stored offline or on the carrier's end? Because if the latter, then okay it's more secure than SMS or MMS but only in the sense that some encryption is better than none. Lol.
I mean it's in the name. A message containing media and not text is simply not a text message. Many people use them incorrectly but it's literally in the name.
RCS is (supposedly) E2EE so keys are stored locally.
Meanwhile I applied for reimbursement on my failing Pixel 6a battery and Google keep asking for proof that I own this phone. They won't even allow it on RCS. The trust issue goes both ways.
I do find it suspicious that governments are targeting Signal's E2E encryption but not RCS, FB Messenger or WhatsApp. It's clear which ones are compromised.
FB messenger and WhatsApp use the same encryption on the message content. The difference is metadata. FB and WhatsApp keep all metadata of who users contact and when.
Download all your Google account data and find out.
The NSA certainly does keep a copy regardless.
Also the ISP, all three US mobile providers are currently in legal battles about selling user data, which is then bought by EVERYBODY
If you're able to successfully navigate the fucking maze of settings both on your device and your account, and stay up to date when Google silently opts you into new "features" so you can opt out of them, then probably not. But honestly, no one knows except Google, and they've given you every reason not to trust them.
In regards to RCS, probably the same as every other quasi-private messaging platform: the content of your messages is encrypted and private, but your social graph, who you talk to, when, and how often, is property of the corporation. Or if you're messaging someone on a Samsung or Apple device, then multiple corporations.
I’ve read that the encryption keys are stored on Google servers. If so, they could decrypt them if they wanted.
Exactly! If you don't hold the encryption key (private), then it's not really secure.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)