[liberationtech] Google Hangout the new, better skype? Was Re: Skype redux
Adam Fisk
a at littleshoot.org
Fri Dec 28 09:48:34 PST 2012
On Fri, Dec 28, 2012 at 11:14 AM, Adam Fisk <a at littleshoot.org> wrote:
>
>
>> I sympathize with your frustration about Google and other companies'
>> unwillingness to talk about their interception capabilities. In the
>> particular case of Hangouts, it seems clear that the Hangout data is
>> encrypted only between the user and Google, and not end-to-end.
>
>
> That doesn't appear to be the case, Seth. See:
>
> https://developers.google.com/talk/call_signaling#Encryption
>
>
>
To clarify, it would be possible for Google to actively MITM the
connection, but the media should be encrypted. Note this would be an active
attack on two levels -- first Google swapping in its own keys but then also
swapping in it's own IPs in most cases (non group calls and cases where
NATs can be traversed) to ensure the media actually passes through it's
servers in order to eavesdrop on it. Certainly possible I suppose, but
fairly involved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121228/23f33adb/attachment.html>
More information about the liberationtech
mailing list