As Google Whispers, The Rest Should Hear Loudly
We have a flawed Internet. It is an Internet created in the 1980s, and the protocols we use are much the same as the ones we developed then, and where security was an afterthough. We must now rebuild, and move away from using simplistic tunnels like TLS and IPSec, and implement proper end-to-end encryption methods. This will authenticate both sides of a conversation, and will overcome many of the problems of using machine-to-machine tunnels. So as some companies such as Zoom have been “forced” to implement end-to-end encryption, others, such as a Google, have been forging ahead with systems based on Signal.
You might have a case to critize Google for its data gathering methods, but you can’t fault them on their drive for better crypto. My “paper of the week” is this [here]:
It’s a really great read, and compared with Zoom’s “let’s implement E2E encryption because we’re getting bad press”, it is a real step forward in thinking, and advances the methods employed by Signal, including with rackets. In fact, if the Internet was created now, it would perhaps look a lot like this. Overall the paper focuses on Google’s approach for Duo in mobile devices and Nest. This includes…
