By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: December 4, 2024

Wednesday, 4 December 2024

From the Department of Bringing Receipts to the Interview ★

From The Stanford Review editor-in-chief Julia Steinberg’s interview with university president Jonathan Levin:

Stanford Review: What is the most important problem in the world right now?

President Levin: There’s no answer to that question. There are too many important problems to give you a single answer.

Stanford Review: That is an application question that we have to answer to apply here.

(Via CJ Ciaramella on Bluesky.)

Jeff Bezos on Trump’s Second Term: ‘I’m Actually Very Optimistic This Time Around’ ★

Alex Heath, writing at The Verge:

“I’m actually very optimistic this time around,” Bezos said of Trump during a rare public appearance at The New York Times DealBook Summit on Wednesday. “He seems to have a lot of energy around reducing regulation. If I can help him do that, I’m going to help him.”

Trump railed against Bezos and his companies — Amazon, Blue Origin, and The Washington Post — during his 2016 term. Bezos defended himself but it did little to help his reputation with Trump. Now, his companies have a lot at stake in the coming administration, from the FTC’s antitrust lawsuit against Amazon to Blue Origin’s efforts to compete with SpaceX for government contracts.

Onstage at the DealBook Summit on Wednesday, Bezos called Trump “calmer this time” and “more settled.” He said he will try to “talk him out of” the idea that the press, which includes The Washington Post, is an enemy of the people.

“You’ve probably grown in the last eight years,” he said to DealBook’s Andrew Ross Sorkin. “He has, too.”

Next up after Bezos at DealBook Summit was Charlie Brown, who professed optimism regarding his next attempt at kicking a football held by Lucy Van Pelt. What the fuck did they put in the water at this conference?

Or, perhaps, these very smart guys are also craven, and these nonsensical remarks, which are quite obviously contrary to reality, are simply additional exhibits of shameful cowardly compliance.

Shame on Google for Their Description of Google Messages’s Encryption Support ★

While writing the previous item regarding the FBI encouraging the use of E2EE text and call protocols, I wound up at the Play Store page for Google Messages. It’s shamefully misleading regarding Google Messages’s support for end-to-end encryption. As I wrote in the previous post, Google Messages does support E2EE, but only over RCS and only if all participants in the chat are using a recent version of Google Messages. But the second screenshot in the Play Store listing flatly declares “Conversations are end-to-end encrypted”, full stop. That is some serious bullshit.

I realize that “Some conversations are end-to-end encrypted” will naturally spur curiosity regarding which conversations are encrypted and which aren’t, but that’s the truth. And users of the app should be aware of that. “RCS conversations with other Google Messages users are encrypted” would work.

Then, in the “report card” section of the listing, it states the following:

Data is encrypted in transit
Your data is transferred over a secure connection

Which, again, is only true sometimes. It’s downright fraudulent to describe Google Messages’s transit security this way. Imagine a typical Android user without technical expertise who takes the advice (now coming from the FBI) to use end-to-end encryption for their messaging. A reasonable person who trusts Google would look at Google’s own description of Google Messages and conclude that if you use Google Messages, all your messages will be secure. That’s false. And depending who you communicate with — iPhone users, Android users with old devices, Android users who use other text messaging apps — it’s quite likely most of your messages won’t be secure.

Just be honest! The E2EE between Google Messages users using Android phones that support RCS is completely seamless and automatic (I just tried it myself using my Android burner), but E2EE is never available for SMS, and never available if a participant in the chat is using any RCS client (on Android or Apple Messages) other than Google Messages. That’s an essential distinction that should be made clear, not obfuscated.

While I’m at it, it’s also embarrassing that Google Voice has no support for RCS at all. It’s Google’s own app and service, and Google has been the world’s most vocal proponent of RCS messaging.

Lastly, I also think it’s a bad idea that Google Messages colors all RCS message bubbles with the exact same colors (dark blue bubbles with white text, natch). SMS messages, at least on my Pixel 4, are pale blue with black text. Google Messages does put a tiny lock in the timeline to indicate when an RCS chat is secure, and they also put a lock badge on the Send button’s paper airplane icon, so there are visual indications whether an RCS chat is encrypted, but because the messages bubble colors are the same for all RCS chats, it’s subtle, not instantly obvious like it is with Apple Messages, where green means “SMS or RCS, never encrypted” and blue means “iMessage, always encrypted”.

U.S. Officials Urge Americans to Use Encrypted Apps, for Texting and Calls, in Wake of Chinese Infiltration of Our Unencrypted Telecom Network ★

Kevin Collier, reporting for NBC News:

Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers.

The hacking campaign, nicknamed Salt Typhoon by Microsoft, is one of the largest intelligence compromises in U.S. history, and it has not yet been fully remediated. Officials on a news call Tuesday refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.

A spokesperson for the Chinese Embassy in Washington did not immediately respond to a request for comment.

Don’t hold your breath.

In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.

“Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible,” Greene said.

It seems kind of new for the FBI to call encryption “our friend”, but now that I think about it, their beef over the years has primarily been about gaining access to locked devices, not eavesdropping on communication protocols. Their advocacy stance on device encryption has not changed — they still want a “back door for good guys” there. Their thinking, I think, is that E2EE communications are a good thing because they protect against remote eavesdropping from foreign adversaries — exactly like this campaign waged by China. The FBI doesn’t need to intercept communications over the wire. When the FBI wants to see someone’s communications, they get a warrant to seize their devices. That’s why the FBI wants device back doors, but are now encouraging the use of protocols that are truly E2EE. But that’s not to say that law enforcement agencies worldwide don’t still fantasize about mandatory “back doors for good guys”.

Here’s a clunker of a paragraph from this NBC News story, though:

Privacy advocates have long advocated using end-to-end encrypted apps. Signal and WhatsApp automatically implement end-to-end encryption in both calls and messages. Google Messages and iMessage also can encrypt calls and texts end to end.

It’s true that both voice and text communications over Signal and WhatsApp are always secured with end-to-end encryption. But Google Messages is an Android app that only handles text messaging via SMS and RCS, not voice. There’s a “Call” button in Google Messages but that just dials the contact using the Phone app — just a plain old-fashioned unencrypted phone call. (There’s a Video Call button in Google Messages, but that button tries to launch Google Meet.) Some text chats in Google Messages are encrypted, but only those using RCS in which all participants are using a recent version of Google Messages. Google Messages does provide visual indicators of the encryption status of a chat. The RCS standard has no encryption; E2EE RCS chats in Google Messages use Google’s proprietary extension and are exclusive to the Google Messages app, so RCS chats between Google Messages and other apps, most conspicuously Apple Messages, are not encrypted.

iMessage is not an app. It is Apple’s proprietary protocol, available within its Messages app. The entire iMessage protocol was built upon end-to-end encryption — all iMessage messages have been E2EE from the start. Apple also offers FaceTime for voice and video calls, and FaceTime calls are always secured by E2EE.