this post was submitted on 29 Aug 2023
1283 points (86.3% liked)

Asshole Design

1180 readers
1 users here now

Nothing comes before profit -- especially not the consumer.

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] 7heo@lemmy.ml 3 points 1 year ago* (last edited 1 year ago) (1 children)

E2E encryption is only (potentially) effective if the threat is a MITM. If your threat model shows any possibility for your threats to be on either end, it is effectively useless.

Now I'm not saying that you should model Chrome as a threat, but I'm certainly saying that you also can't be certain you don't need to. The whole thing is closed source, the publisher is a Machiavellian megacorporation; and if I were Google, and had to spy on users for profit, that's certainly where I'd start. You know, as anonymized metrics, to "help improving Chrome".

Edit: oh and, I haven't checked what they mean by that, but potentially, the E2EE is meant in the context of the transit only, meaning the data at rest is not encrypted, on your computer, or on the Google servers.

[โ€“] jetsetdorito@lemm.ee 3 points 1 year ago (1 children)

under "keep your info private", this is different than encrypted in transit. I mean I guess they could be lying ๐Ÿคทโ€โ™‚๏ธ

https://support.google.com/chrome/answer/165139

[โ€“] 7heo@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)