Monday , August 21 2017

Google finally admits that Hangouts conversations are not encrypted end-to-end

hangouts_header
In years past, the need to encrypt your communications or use a VPN were edge cases, but in todays post-Snowden leaks, Metadata retention world, this is becoming common place. Google is often seen as a leader in security and privacy (in some cases) but it turns out, that one of their largest platforms for communications is unencrypted – at least in part.

Google has never been forthcoming about just how encrypted Hangouts is, but in a recent reddit AMA held by Richard Salgado, Google’s director for law enforcement and information security, and David Lieber, Google’s senior privacy policy counsel, the truth finally came out – Hangouts is not encrypted end-to-end.

End-to-end is the key here, Hangouts messages are encrypted on the way from your PC to the server, as confirmed by Mr Salgado in a reply to a user:

Hangouts are encrypted in transit (https://support.google.com/hangouts/answer/6046115[2] ), and we’re continuing to extend and strengthen encryption across more services

Christopher Soghoian, principal technologist at the American Civil Liberties Union followed up on Twitter, posting:

Motherboard followed up with Google post-AMA, and advised:

a spokesperson confirmed that Hangouts doesn’t use end-to-end encryption. That makes it technically possible for Google to wiretap conversations at the request of law enforcement agents, even when you turn on the “off the record” feature, which actually only prevents the chat conversations from appearing in your history—it doesn’t provide extra encryption or security.

Google has always been rather open regarding requests for wiretaps, but users it seem want more and whether ‘we’re continuing to extend and strengthen encryption across more services’ is enough will be answered soon. Instant messaging is a big service and if Google doesn’t move to give the people what they want, other services will be waiting to give the users what they want.

 
Source: reddit.
Via: Motherboard.

Daniel Tyson   Editor

Dan is a die-hard Android fan. Some might even call him a lunatic. He's been an Android user since Android was a thing, and if there's a phone that's run Android, chances are he owns it (his Nexus collection is second-to-none) or has used it.

Dan's dedication to Ausdroid is without question, and he has represented us at some of the biggest international events in our industry including Google I/O, Mobile World Congress, CES and IFA.

Join the Ausdroid Conversation

8 Comments on "Google finally admits that Hangouts conversations are not encrypted end-to-end"

avatar
Sort by:   newest | oldest | most voted
carol argo
Valued Guest
carol argo

rofl! tell ME something I don’t know! why you think I push for s.q.r.l adoption and a similar version but for password!exactly because of this. anything less is just useless

Member

Apple iMessage has end-to-end encryption but they could still easily wiretap conversations using MiTM techniques because they control the key server. The result is the same.

There’s very few messaging apps where wiretapping is not possible. Zendo is one because that requires you meet with the person face-to-fact before messaging.

Andrew
Valued Guest
Andrew

I just figure every single thing I do on the internet can be accessed, tracked.

I think people who think anything is truly encrypted are kidding themselves.

Robert_AU
Valued Guest
Robert_AU
Did Google ever claim there was end to end encryption in Hangouts? The “truth” that appears to have been exposed here is an embarrassing lack of knowledge within some of the tech bloggers community. One report could be ignored but it is a sign that something very wrong to have this recycled across many sites. Every single hangouts conversation I’ve ever had shows up in the Gmail web interface and always has. Talk was the same… Is there really a single person on the planet that thinks that would be possible with end to end encryption? Clearly, Google’s servers have… Read more »
Graham
Valued Guest
Graham

The story here is that Google has been hiding the fact that Hangouts is not encrypted. This IS newsworthy and as pointed out there will be other platforms that can do this. Google has always claimed they are transparent but it’s taken this long to admit there is no end-to-end encryption.

Your thinly veiled insult towards OP is just really rude – go back under your rock.

Robert_AU
Valued Guest
Robert_AU
It is the original source, more than Ausdroid, that have their facts wrong but it is disappointing to see this nonsense reported in by an Android enthusiast site that really should know better. My post was in no way insulting but yours was, not that your opinion means anything to me… Google has not been hiding anything. The have NEVER claimed to have end-to-end encryption in Hangouts and that fact is that very few messaging apps do. Have anyone shown a single example of Google claiming end-to-end encryption is used? Claims that Google is hiding anything are misleading, at best,… Read more »
GregAndo
Valued Guest
GregAndo

No, his observation is correct. The mere fact that you can access your hangouts messages from many different devices – especially the web interface – is clear proof to many people who understand the technology. This is not something that needed to be clarified by Google… There are many people who could prove this for others before now. The fact that it came from Google is moot in my opinion also.

wpDiscuz

Check Also

Plex privacy update highlights potential for data sharing to third parties

Plex is a hugely popular third party media distribution platform that allows you to send …