In years past, the need to encrypt your communications or use a VPN were edge cases, but in todays post-Snowden leaks, Metadata retention world, this is becoming common place. Google is often seen as a leader in security and privacy (in some cases) but it turns out, that one of their largest platforms for communications is unencrypted – at least in part.
Google has never been forthcoming about just how encrypted Hangouts is, but in a recent reddit AMA held by Richard Salgado, Google’s director for law enforcement and information security, and David Lieber, Google’s senior privacy policy counsel, the truth finally came out – Hangouts is not encrypted end-to-end.
End-to-end is the key here, Hangouts messages are encrypted on the way from your PC to the server, as confirmed by Mr Salgado in a reply to a user:
Hangouts are encrypted in transit (https://support.google.com/hangouts/answer/6046115[2] ), and we’re continuing to extend and strengthen encryption across more services
Christopher Soghoian, principal technologist at the American Civil Liberties Union followed up on Twitter, posting:
https://twitter.com/csoghoian/status/596738650433593344
Motherboard followed up with Google post-AMA, and advised:
a spokesperson confirmed that Hangouts doesn’t use end-to-end encryption. That makes it technically possible for Google to wiretap conversations at the request of law enforcement agents, even when you turn on the “off the record” feature, which actually only prevents the chat conversations from appearing in your history—it doesn’t provide extra encryption or security.
Google has always been rather open regarding requests for wiretaps, but users it seem want more and whether ‘we’re continuing to extend and strengthen encryption across more services’ is enough will be answered soon. Instant messaging is a big service and if Google doesn’t move to give the people what they want, other services will be waiting to give the users what they want.
rofl! tell ME something I don’t know! why you think I push for s.q.r.l adoption and a similar version but for password!exactly because of this. anything less is just useless
Apple iMessage has end-to-end encryption but they could still easily wiretap conversations using MiTM techniques because they control the key server. The result is the same.
There’s very few messaging apps where wiretapping is not possible. Zendo is one because that requires you meet with the person face-to-fact before messaging.
I just figure every single thing I do on the internet can be accessed, tracked.
I think people who think anything is truly encrypted are kidding themselves.
Did Google ever claim there was end to end encryption in Hangouts? The “truth” that appears to have been exposed here is an embarrassing lack of knowledge within some of the tech bloggers community. One report could be ignored but it is a sign that something very wrong to have this recycled across many sites. Every single hangouts conversation I’ve ever had shows up in the Gmail web interface and always has. Talk was the same… Is there really a single person on the planet that thinks that would be possible with end to end encryption? Clearly, Google’s servers have… Read more »
The story here is that Google has been hiding the fact that Hangouts is not encrypted. This IS newsworthy and as pointed out there will be other platforms that can do this. Google has always claimed they are transparent but it’s taken this long to admit there is no end-to-end encryption.
Your thinly veiled insult towards OP is just really rude – go back under your rock.
No, his observation is correct. The mere fact that you can access your hangouts messages from many different devices – especially the web interface – is clear proof to many people who understand the technology. This is not something that needed to be clarified by Google… There are many people who could prove this for others before now. The fact that it came from Google is moot in my opinion also.
Thanks all – the fact that a security advocate from the ACLU felt this was important led to us posting an article on this – Robert, thanks for being so nice about it /s
It is the original source, more than Ausdroid, that have their facts wrong but it is disappointing to see this nonsense reported in by an Android enthusiast site that really should know better. My post was in no way insulting but yours was, not that your opinion means anything to me… Google has not been hiding anything. The have NEVER claimed to have end-to-end encryption in Hangouts and that fact is that very few messaging apps do. Have anyone shown a single example of Google claiming end-to-end encryption is used? Claims that Google is hiding anything are misleading, at best,… Read more »