this post was submitted on 29 Aug 2023
886 points (100.0% liked)
Asshole Design
39 readers
1 users here now
Nothing comes before profit -- especially not the consumer.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
E2E encryption is only (potentially) effective if the threat is a MITM. If your threat model shows any possibility for your threats to be on either end, it is effectively useless.
Now I'm not saying that you should model Chrome as a threat, but I'm certainly saying that you also can't be certain you don't need to. The whole thing is closed source, the publisher is a Machiavellian megacorporation; and if I were Google, and had to spy on users for profit, that's certainly where I'd start. You know, as anonymized metrics, to "help improving Chrome".
Edit: oh and, I haven't checked what they mean by that, but potentially, the E2EE is meant in the context of the transit only, meaning the data at rest is not encrypted, on your computer, or on the Google servers.
under "keep your info private", this is different than encrypted in transit. I mean I guess they could be lying ๐คทโโ๏ธ
https://support.google.com/chrome/answer/165139
expired