I'll trust that Google knows what they're doing when implementing encryption.

_phaq · on Aug 16, 2016

The question is not whether Google knows how to do proper end-to-end-encryption, the question is whether they want to do it. They have a clear incentive to not do it properly, which is being able to sift through your data to sell it to advertisers.

tomschlick · on Aug 16, 2016

Would be an interesting test to start chatting on an well established account (a few years old) about something you have never talked about before and see if you get relevant ads.

mvdwoord · on Aug 16, 2016

I did that some years ago on hangouts and it was almost real time. My buddy was on a machine without ad blocker and as soon as we started talking (as an experiment) about cars and mentioning a certain brand a few times, he received ads for that brand moments later.

rplnt · on Aug 16, 2016

Sure, but I also don't trust them to not harvest data from calls by side-channels for advertising purposes.

scrollaway · on Aug 16, 2016

And if they were open sourcing it, you'd say there's no way to know they're not doing that in the compiled release.

Reverse Engineering is the only viable way of determining this stuff. I'd love for it to be open source but it has nothing to do with this.

knocte · on Aug 16, 2016

>And if they were open sourcing it, you'd say there's no way >to know they're not doing that in the compiled release.

Only if they don't use deterministic builds.

mattkevan · on Aug 16, 2016

I'll probably trust them on the encryption bit, but it's less clear they know what they're doing...