Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So is the answer "there is nothing that GCM is revealing that NSA doesn't already get from simple traffic analysis"?


The answer is "GCM may reveal more to Google than one would expect from using an E2E encryption application (like metadata, and more than one would initially assume)".

The person I initially replied to was talking about Google, GCM, E2E encryption, and that metadata won't reveal anything to Google except time/date of a single message and the message size. I pointed out there may be more information there.

I have no doubt that the NSA can do traffic analysis, or may have some of this data already... I'm not sure why that is in the replies to my comments in this thread.


That's only a meaningful answer if simple traffic behavior wasn't already revealing the same information. Was it, or wasn't it? I feel like I'm having a hard time getting a straight answer.


Does Google already have simple traffic behavior? If yes, then this information is nothing new to Google. If no, then this information may be new to Google.

Form a straight question and you'll get a straight answer.


Again: what exactly is it that the NSA learns from the GCM messages that they can't learn from the message traffic itself?

I'm beginning to suspect the answer is "nothing", and that this whole thread is really just a superstitious allergy to GCM.


Are you in the right thread? The discussion here is about what information Google can get from GCM messages, not what the NSA can get from GCM messages.

And even though your question is off-topic, I already answered it above.

Why would you accuse someone of being allergic to a technology when they are simply answering questions about it? If you disagree with the actual topic of discussion - that Google (not the NSA) might get more than just "message sizes and timestamps" out of an E2E-encrypted app which uses GCM messages - then have a normal conversation about it instead of bringing up the NSA repeatedly.

And if not, then stop making baseless and inflammatory accusations.


> Are you in the right thread? The discussion here is about what information Google can get from GCM messages

The parent poster of the post you initially replied to asserted that Signal was "giving NSA the only thing what they want: metadata from Google", so I guess that's where tptacek is coming from.

On a side note, Google can't actually know the message sizes because GCM is used without a payload.


Yes, but they're right: we started talking past each other several comments ago. Sorry!


If tptacek wanted to reply to the NSA comment, that's fine, but that's not what happened.

Your side note also applies to that comment, but not mine, so I think it belongs there, not here.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: