In this day and age online security and encryption is often at the forefront in the minds of those of us that all but live our lives on the Internet. We send so much information about us over the wires that we often forget that the mediums we use may not be as secure as we would hope. It’s a modern problem that isn’t going to go away.
While Apple has previously said that its iMessage features end-to-end encryption that should theoretically stop third-parties from eavesdropping on your conversations, Google has been oddly tightlipped about what encryption it employs for its own messaging service, Hangouts. Until now.
Speaking at a recent Reddit AMA – Ask Me Anything, Google security executives Richard Salgado and David Lieber fielded questions from the public, and The American Civil Liberties Union’s top technologist Christopher Soghoian couldn’t help but take advantage of the opportunity. His question? “Why has Google refused to be transparent
about its ability to provide wiretaps for Hangouts? Given Google’s rather impressive track record regarding surveillance transparency, the total secrecy regarding the company’s surveillance capabilities for this product is quite unusual.”
The answer that came back from Salgado was a simple one. “Hangouts are encrypted in transit.”
What that means is that, theoretically at least, Google has complete access to what goes out via Hangouts because it is only encrypted on its way to Google’s servers. Once it’s there, it’s an open season as pointed out by Reddit user reddit_poly.
“For non-technical readers, this means that Hangouts are only encrypted on their way between your computer and Google’s servers. Once they arrive at Google’s end, Google has full access. In short, this is confirmation Google can wiretap Hangouts.”
Google has since confirmed the statement that Hangouts does not use the more secure end-to-end encryption which may set red flags flying for those who are concerned about their privacy in a world where we truly don’t know who is listening in to our conversations. If such things do concern you then we suggest not using Hangouts or, at the
very least, being particularly careful about what information you send via Google’s service.