On Fri, Dec 28, 2012 at 11:14 AM, Adam Fisk <[email protected]> wrote:
> > >> I sympathize with your frustration about Google and other companies' >> unwillingness to talk about their interception capabilities. In the >> particular case of Hangouts, it seems clear that the Hangout data is >> encrypted only between the user and Google, and not end-to-end. > > > That doesn't appear to be the case, Seth. See: > > https://developers.google.com/talk/call_signaling#Encryption > > > To clarify, it would be possible for Google to actively MITM the connection, but the media should be encrypted. Note this would be an active attack on two levels -- first Google swapping in its own keys but then also swapping in it's own IPs in most cases (non group calls and cases where NATs can be traversed) to ensure the media actually passes through it's servers in order to eavesdrop on it. Certainly possible I suppose, but fairly involved.
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
