NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
RCS texting updates will bring end-to-end encryption to green bubble chats (arstechnica.com)
Jtsummers 2 days ago [-]
From the subheading:

> Lack of encryption was one SMS shortcoming that RCS was created to solve.

No it was not. Google added encryption but it was not part of the standard until recently. RCS itself was not created, in part or in whole, to provide E2EE. That it has it now is great (in the standard, broad rollout still to come), but it should not be misrepresented as some privacy-centric service.

londons_explore 2 days ago [-]
Why on earth didn't it have e2e encryption by default from the start??

My bet is because everyone involved wanted the ability to snoop messages...

jonathantf2 2 days ago [-]
Still can't use it on my iPhone though...
MBCook 2 days ago [-]
The standard was literally finalized in the last day or two.
jonathantf2 1 days ago [-]
As in standard, non-encrypted RCS. Because it relies on carrier support as opposed to on Android where it just works
londons_explore 2 days ago [-]
But I bet Apple will take at least 3 years to implement it.

They don't want to see iMessage's lead eroded.

MBCook 2 days ago [-]
Who cares?

People use iMessage because it works great and automatically between iPhones.

I don’t choose to use RCS or iMessage, it’s chosen for me by whoever I’m messaging based on what kind of phone they bought.

RCS being E2EE won’t change market share numbers one iota.

2 days ago [-]
pizzafeelsright 2 days ago [-]
We don't have end to end because the powers that be won't allow it.

There isn't any real technical hurdle.

londons_explore 2 days ago [-]
E2e is a pretty big technical hurdle.

It sometimes necessitates losing messages (especially when one or other endpoint of a conversation gets lost/reset). You're gonna have to have all other components of the app ready to deal with lost/undecryptable messages.

It makes a bunch of future features harder to implement (group chats, web UI for viewing messages).

It makes anti-spam harder, since you can no longer just have a server side detector for messages containing 'b1tc0in'.

It makes it much easier for an attacker to use your infrastructure for botnet command and control or distributing child porn, and there is no way for you to detect or block it, despite laws requiring you to do so.

wilg 2 days ago [-]
And yet, they are allowing it.
cwillu 2 days ago [-]
e2ee is largely subverted so long as manufacturers can push updates that can't possibly be audited by anyone but the manufacturers.

Security that relies on apple having a backbone is inherently fragile.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 17:56:25 GMT+0000 (Coordinated Universal Time) with Vercel.