
Does your video call have End-to-End Encryption? Probably not - supermatt
https://webrtchacks.com/you-dont-have-end-to-end-encryption-e2ee/
======
BiteCode_dev
Phone calls, emails, and text messages don't have e2e encryption, and we have
been using them for 40 years. We are still using them.

Nobody cares.

The USA communications are under constant mass surveillance, by a group of
people that denies it, abuses it, uses secret courts to rule about it even
when unconstitutional, coerce others to submit every data and shut up about
it, and destroy the life of whoever point finger at it.

And people still don't care.

Good luck with telling people that are recording their entire life on
facebook, snapchat and tik tok to be mindful about the tools they use.

~~~
throwaway50203
> Nobody cares.

Repeating this mantra all the time is not helpful.

People have been told that modern computing and privacy cannot coexist. That
all software companies spy on them and users can only choose between giving up
privacy or giving up technology.

On top of that, privacy, by itself, is meaningless. What matters is
information inequality. Inequality is power.

When people can monitor a government you have democracy.

When people cannot monitor a government and the government monitors people you
have tyranny.

Unsurprisingly, there are many paid privacy and anonymity services for wealthy
people.

Please don't say that people just don't care. People have been educated to be
meek to authority.

~~~
BiteCode_dev
Yes. Now what are you going to do about it?

Nothing.

Because alone you can't.

And the others not only won't help you, but their actions will hinder yours.

Because they don't care.

Are you going to educate them?

Here is a list of all the people that did that:
[https://en.wikipedia.org/wiki/List_of_whistleblowers](https://en.wikipedia.org/wiki/List_of_whistleblowers)

Most of them got their life ruined.

Nothing changed.

Because nobody cares.

Educated people have been repeating "don't put things on facebook", "use free
software", "gov is spying on you".

The answers have been "I don't have anything to hide" and "you are paranoid".

Because nobody cares.

You can craft the best technological solution to that, if nobody cares about
it, nothing will happen.

You can give the best information, if nobody cares, nothing will happen.

You can provide the most secure thing, if the competition gain an advantage
from not doing it and you gain nothing, you will lose.

And deep inside you know that because:

1 - you are using a throwaway account

2 - you don't provide any solution to the problem

The situation is exactly the same as with all other topics where we gain a lot
of comfort individually to do the wrong thing collectively.

Did we slow down global warming? Didn't we prevent 60% of the insects from
disappearing? Did we stop delegating slavery to asian countries? Did we even
stop buying from all those companies that enrage us in the news?

Nope.

~~~
fsflover
This is not the only way how political fight happens. There are indeed many
whistleblowers with runied lives. But there are also many more people who
devote a part of their life to educating others and encrypting what they can.
I put GNU/Linux to every computer of my relatives I could reach. I participate
in I2P and Tor networks regularly. I also have a day job and I am not going to
risk it. But if a tiny part of the population did what I do, the world would
be entirely different. People _do_ care about anonymity and privacy. It's just
that they have very limited resources and not everyone can devote a
significant part of their time for that. Please help them and do not spread
the mood of giving up.

tl;dr: Privacy is not binary. You can always increase the price of hacking you
and others.

~~~
BiteCode_dev
You make the mistake a lot of geeks does, thinking it's a technical problem.
It's not.

You can have the best tech in the world, if the state is against you, if laws
are against you, if society is against you, you'll only have scraps of a life.

It's all about people caring. Because only the mass of human can oppose
anything. The rest are just sparks.

And you can state "do care about anonymity and privacy" as much as you want.
Words don't matter. Actions do.

And people are still putting their entire life willingly on Facebook.

~~~
fsflover
I never said it was a technical problem. It is the problem of asymmetry in
information and resources. When more people know that you can confortably use
devices without spying and violations of privacy, more people will oppose
stupid laws removing our basic rights and spyware.

However, not everyone has time/energy to think about those issues. You need to
help people by showing them better options, especially if they do not impose
any restrictions. And a lot of free software is like this in 2020.

------
logjammin
I've been using Wire [1] for years on desktop in large part because of their
E2E claims; I wanted something simple and secure that worked relatively
fluidly for video calls. I've had mostly pleasant experiences with it, and
with many calls I'm surprised by the video quality. I've never tried their
mobile app, but they've got one and it looks nice, aesthetically. Main
drawback has really been that few people I know use it and I've had to cajole
people into doing so a little bit, which stinks.

But I'm not a cryptographer and am unable to verify the company's security
claims. For all I know it's go zero encryption whatsoever. Are there people on
HN who feel qualified to comment? Has anyone used Wire before?

[1] [https://wire.com/en/](https://wire.com/en/)

~~~
wyattpeak
> Main drawback has really been that few people I know use it and I've had to
> cajole people into doing so a little bit, which stinks.

I find it fascinating how committed everyone now is to Zoom when, at least in
my circle, almost nobody had used it before two weeks ago. At that point,
everyone installed it as soon as the first meeting came up, and besides the
ten minutes of everyone figuring it out it was plain sailing.

It's incredible to me that something everyone did without a thought two weeks
ago (installing a new chat application) is now enough of a burden to not
bother with. Highlights strikingly the value of being the first mover (or
first adopted, as the case may be).

~~~
hiq
You can use Zoom with a browser though, which means you might not have to
install anything.

In practice it has never worked for me in the browser (on Debian), but I guess
it does for most people.

~~~
KingOfCoders
Funny, had to use Zoom recently because of some clients who insisted on using
it, and I had to install software (OS X), it didn't work in the browser or I
didn't find the switch.

~~~
tibu
[https://github.com/arkadiyt/zoom-
redirector](https://github.com/arkadiyt/zoom-redirector) Zoom Redirector is a
browser extension that transparently redirects any meeting links to use Zoom's
browser based web client.

~~~
ajot
As seen in [0], it just changes the URL. This can be done with the Redirector
[1] addon, which is generic and can help with similar problems for other
webpages (Twitter -> Nitter; Youtube -> Invidious; www.reddit.com ->
old.reddit.com). I wish there was a way to make and see user-made rules.

[0] [https://addons.cdn.mozilla.net/user-
media/previews/thumbs/23...](https://addons.cdn.mozilla.net/user-
media/previews/thumbs/234/234304.png?modified=1584907414)

[1] [https://addons.mozilla.org/en-
US/firefox/addon/redirector/](https://addons.mozilla.org/en-
US/firefox/addon/redirector/)

------
notRobot
WhatsApp claims that its calls are end-to-end encrypted:
[https://faq.whatsapp.com/en/android/28030015/](https://faq.whatsapp.com/en/android/28030015/)

As does Riot.im (I think? Can't find any explicit mention of calls being
encrypted):
[https://about.riot.im/features.html](https://about.riot.im/features.html)

Can someone with more expertise comment on these two? (I understand that
because WhatsApp isn't F/LOSS, there's a lot that we can't know about how it
works).

~~~
jillesvangurp
It's very simple, the vast majority of popular chat applications out there
don't have open source backends. Which means we basically have to trust their
owners to do the right things and hope for the best.

The business model of choice in this space is to (sometimes) have partially
open source clients but almost never use OSS in the backend. There's a lot of
secret sauce and magic that these companies use to differentiate from each
other and most of that is proprietary. This provides these companies with a
control point to lock in their users to their network.

For the same reason attempts at standardization of protocols and federating
chats and calls between networks have largely stalled/failed. XMPP is
technically still around; it's just that none of the popular solutions in this
space use it.

I'd say Signal is the positive exception in this space where both server and
client are OSS and the client UX is pretty decent. Telegram talks a lot about
security as well but their OSS seems limited to mostly client side. Of course
a lot of the crypto is client side so depending on how paranoid you are that
may or may not be good enough. Either way there probably is a lot of server
side stuff that is relevant to end to end security that is not being
scrutinized outside Telegram.

For both, even if the client is OSS, what goes into the app stores may still
include stuff not accounted for in the source code. Auditing the source code
and the binaries are two things. And then there's the runtime environment to
consider, which is a OS that is probably proprietary that includes lots of
stuff that is a bit icky from a security point of view.

So, there's multiple levels of "trust us, we know what we are doing" that
you'd have to buy into in order to feel secure. IMHO that has been a problem
for a while but most people/companies seem to be indifferent when it comes to
security and happily pay through their nose for 100% proprietary security
snake oil peddled by the sales people of e.g. MS, Zoom, Slack, etc.

~~~
Aachen
> the vast majority of popular chat applications out there don't have open
> source backends. Which means we basically have to trust their owners to do
> the right things and hope for the best.

Err, if that were the case, then why do we bother with encryption at all? End
to end encryption means you don't need to trust the owners, at least for
message contents. For metadata, yeah, that's why I choose not to use a known-
bad company like Facebook (i.e. WhatsApp) and would rather use Signal or Wire
and hope for the best, but that's only metadata. Doesn't mean I trust Wire
with the contents of my communication, at least when verifying people's keys.

~~~
jillesvangurp
Assuming you use stuff like this, that would be a good question to ask
yourself. IMHO it probably helps a little bit keeping some people out but I
have few illusions that the likes of the NSA, Russian, Chineses, North Korean,
and other intelligence agencies don't know of dozens ways to listen in if they
choose to with varying levels of easiness/convenience. As I like to point out,
assuming it's only your friendly local security agencies listening in would be
a misguided assumption.

In any case, I use zoom, google meets, slack, skype, facebook messenger,
whatsapp, probably a few more things regularly both privately and for work.
I'd prefer using Signal more but the people that reach out to call me and the
people that use Signal are basically a Venn diagram consisting of two separate
circles. I've never actually done a call via Signal. I'm assuming it actually
has this feature, but I'm not even sure it does ;-)

~~~
tialaramex
Signal supports one to one calls. Basically it's a secure alternative to the
way you'd normally use your phone. As you see in this thread, multi-party
secure video conferencing is hard and Signal's preference is just not to do
things until they can see how to do them securely and then implement that.

Hence not having "kick member from group" for ages after adding groups. Most
alternatives just have the server know who is in the group and then the server
can manage it, but now the server owners can know who is in which groups and
secretly join and leave any group - so Signal had to invent a whole bunch of
new techniques.

------
hypewatch
> Does your video call have end-to-end encryption? Probably not.

This headline is inaccurate.

FaceTime has end-to-end encryption and is one of the most popular video call
apps used for personal calls.

[https://www.apple.com/privacy/features/](https://www.apple.com/privacy/features/)

~~~
bryanmgreen
Not an Apple die-hard (have never owned one of their computers) but their
privacy efforts are, for me, increasingly a reason to either own or use their
products.

I think privacy will be the backbone of Tim Cook's legacy.

------
supermatt
TLDR:

WebRTC supports e2e encryption between peers. full mesh p2p videoconferencing
is very inefficient for large conferences so an SFU (Selective Forwarding
Unit) is used - a server acting as a peer that redistributes the streams to
call parties. This SFU is basically a middleman - it decrypts the stream, and
reincrypts it as it forwards - meaning that there is no e2e encryption. This
is a current limitation of webrtc mediastreams. There is discussion underway
to fix this with "Insertable Streams", allowing you to transform streams (e.g.
insert an additional encryption layer).

MY THOUGHTS:

Zoom already bypass the usual webrtc mediastreams - instead they use wasm
ffmpeg to record from a canvas and send that data over a data-channel to their
SFU. It seems to me that they could instead encrypt this data before sending
it over the stream, and distribute keys directly between peers via a full mesh
- this would give them full e2e.

As an aside, the ability to implement something like this is SEVERELY hampered
by apples decision not to support webm. I simply do not understand why they
refuse to do so. If they supported webm (and the MediaRecorder API) then there
would be no need to perform unaccelerated wasm-based patent-encumbered video
encoding in the browser in order to provide e2e encrypted media streams via
sfu.

DISCLAIMER:

I don't work for zoom, but I do work on a product that handles e2e webrtc via
SFU using similar mechanisms to that I explained above.

~~~
Aachen
I know webrtc works p2p when possible and does some form of encryption, but I
didn't know it claims e2e encryption. Is this for real, like, any standard
browser implementation can generate keys for e2ee and display them to the user
for verification?

~~~
supermatt
Heres some information: [https://rtcweb-wg.github.io/security-
arch/#rfc.section.4.3](https://rtcweb-wg.github.io/security-
arch/#rfc.section.4.3)

I dont believe there is a way to retrieve the keys via javascript, but you can
get a fingerprint from the SessionDescription. These fingerprints are used to
validate the certificates during the DTLS handshake, so displaying those
should be sufficient for manual verification.

Note that there may be multiple independently encrypted streams per peer, so
you may have to display a few. Its not quite as simple as a single
fingerprint, usually.

I think this is probably an artifact of deriving the SRTP key from the DTLS
key. I would much prefer the option to manage SRTP encryption keys
independently, which would simplify this somewhat.

------
Arathorn
fwiw 1:1 calls in Matrix are e2e encrypted if you do them in an encrypted DM.

for conferences, they can be e2ee too if you do them full mesh (like wire),
but for scalability we use jitsi currently in Riot.

Meanwhile, [https://github.com/matrix-org/matrix-
doc/pull/2359](https://github.com/matrix-org/matrix-doc/pull/2359) is worth a
read.

~~~
kitotik
Perhaps you could blog or tweet about this to draw some more attention to it?

Clearly there is an appetite for this, and it could get some more people
involved with matrix.

------
mproud
Maybe not many people get to use it for work, but FaceTime video calls are.

~~~
deadmutex
IIUC, as does Duo :), with the benefit that you can reach both Android and iOS
users.

Disclaimer: Work at Google, but views are my own.

~~~
supermatt
AFAIK Duo doesn't support e2e encrypted multiparty conferences in the browser.
Its only if all parties are using the mobile apps.

~~~
deadmutex
I didn't see an exception for the browser calls being called out here:
[https://support.google.com/duo/answer/9280240?hl=en](https://support.google.com/duo/answer/9280240?hl=en),
so I am guessing it does support e2e encryption.

~~~
supermatt
You can guess whatever you like - but Duo doesn't even support multiparty
conferences in the browser...

~~~
deadmutex
It would help if you could back up your claims with actual sources.

~~~
supermatt
That google duo doesn't support multiparty conferences in the browser? You can
try starting one if you like. They only support 1-to-1 calls in the browser.

It would be a pretty exhaustive list if they stated everything they don't
do... As such, I cant give you a link for that.

edit: Here you go
[https://support.google.com/duo/thread/11344666?hl=en](https://support.google.com/duo/thread/11344666?hl=en)
Is that sufficient, or do I really need a reference that something doesnt
exist?

~~~
deadmutex
Thank you for the link. You are right that duo does not support group calls in
the browser yet.

------
woile
What about jitsi[1]? I've started to see it pop up in different places. Has
anyone tried it?

[1]: [https://meet.jit.si/](https://meet.jit.si/)

~~~
cyphar
Jitsi Meet works pretty well (though I agent used it for really big meetings).
But in the context of this article, it suffers from the same issues it
outlines because it's based on WebRTC.

------
ghgr
At my company we use a self-hosted Nextcloud instance with the Talk plug-in.
It has chat, video, audio and screen-sharing. It may not be E2E encrypted, but
the data never leaves our servers. It also makes a better impression when you
share a <own_company>.eu link instead of a .webex.com or .zoom.us link.

~~~
kreetx
The Sextcloud homepage says it has "encrypted, peer-to-peer audio/video
calls", so it probably is end-to-end encrypted, at least for two-people calls.

Conference calls probably not, since they say "Individual and group calls &
chat" (i.e not mentioning encryption).

------
d0100
I could quite understand what he meant about WebRTC, is it encripted, but not
super encripted, or is it such a junky encription that a script-kiddy can
decrypt it?

Just launched a product that uses WebRTC and we have a marketing blurb that
says that our P2P WebRTC is encrypted. Is that wrong? Twilio says it is

~~~
supermatt
It is encrypted, yes. The discussion is over end-to-end encryption - i.e. is
there a middle server that has access to the unencrypted streams, or do peers
communicate directly with each other. This depends on your implementation.

------
est
Does e2e work with a large group of people video conferencing?

I thought encryption might get pretty expensive if 1080p streaming directly
between peers. For a team of 30 people it eats bandwidth quickly. If there's
some kind of server (or supernode) transcoding, does transcoding work with
e2e?

~~~
supermatt
Yes, you can have e2e encryption videoconferencing with large groups of people
- just not using webrtc (unless you do some crazy hacks - mentioned in my
other comment).

By definition, a transcoding server or supernode (acting as an MCU -
Multipoint Conferencing Unit) would be a MITM, so that wouldnt be e2e
encrypted.

A simple way with WebRTC for a small conference, would be to transcode on the
origin and provide multiple streams to peers - one for thumbnails, one for
higher quality, low bandwidth fallbacks, etc. This doesnt scale well, but it
works nicely for small conferences.

------
101404
Should I care? My conversations in a Café don't have e2e either.

------
mrfusion
Is https considered end to end encryption? Why or why not?

~~~
prophesi
HTTPS is point-to-point encryption. It's good for client <-> server
communication.

If you need to send data to another client through the server, then HTTPS
won't suffice. The server decrypts the data and then sends it to the other
client via HTTPS.

So if there's more than two points (client <-> server <-> client) you'll need
end-to-end encryption.

~~~
mrfusion
Good point. So how would something like HN work with end to end encryption? I
guess users see each other’s posts but the server can’t.

~~~
prophesi
Yeah, that'd be pretty tricky. End-to-end encryption is really easy to
implement if you're sending data to only one user. It gets really hard and
really slow once you start adding more users.

A simple way would be to encrypt your message with a symmetric key. Then
encrypt this symmetric key with your private key, and create a copies of it
for each recipient and encrypting it with their public key. So each recipient
can decrypt the symmetric key and use that to decrypt the message.

You can probably guess that this gets really messy as you start adding more
users. And you need to know the difference between symmetric key encryption
and public key encryption.

It's probably better to look at a peer-to-peer solution, or find a more
efficient protocol. This is a pretty enlightening StackOverflow post on the
subject:

[https://security.stackexchange.com/questions/126768/which-
pr...](https://security.stackexchange.com/questions/126768/which-protocols-
exist-for-end-to-end-encrypted-group-chat/127331#127331)

~~~
snarf21
Most public/private use symmetric encryption for the data anyway but they use
a key derivation scheme to share the key. You can't use public/private
encryption for data size greater than the key size. Obviously you can
sign/verify any data size.

Also, above you said "encrypt this symmetric key with your private key", did
you mean sign this symmetric key?

~~~
prophesi
Yes, I was trying to explain PKI and signing in as simple of terms as I could.

------
hprotagonist
my understanding is that group FaceTime calls really _are_ E2E.

i don’t know about skype, and i don’t think Signal even supports it.

------
ezg
I'm with Silent Circle all the way. Love their video and conference calling
features and it's encryption I completely trust.

~~~
Erlich_Bachman
Why do you completely trust it?

~~~
ezg
I'll be upfront, I'm a little biased... my dad wrote ZRTP and helped design
the encryption on the Silent Phone app. There are a number of reasons I trust
it. One is that the user is involved in authenticating the call. Most other
encryption apps bury that authentication in the settings, allowing you to not
worry your pretty little head about it. I trust both the good intentions
behind the design as well as the implementation.

~~~
Erlich_Bachman
But if it's not open source...?

~~~
dexterdog
Does Phil Zimmerman still work for them?

------
EvgeniyZh
Let's switch to Tox

------
josteink
Does the average person care? Probably not.

