Google Messages To Support MLS Protocol For Interoperable E2E Encrypted Messaging

Google today announced its support for interoperable end-to-end encrypted communication between large messaging platforms, with plans to integrate the MLS protocol into Google Messages and Android. 9to5Google reports: Google says it is "strongly supportive of regulatory efforts that require interoperability for large end-to-end messaging platforms," which is presumably in reference to the European Union's Digital Markets Act. That regulation would require iMessage to be interoperable with other messaging platforms. To achieve this, Google says this interoperability requires "open, industry-vetted standards, particularly in the area of privacy, security, and end-to-end encryption." If not, end-to-end encrypted group messaging and other advanced features would be "impossible in practice." Specifically, "group messages would have to be encrypted and delivered multiple times to cater for every different protocol." [...]

Google says MLS would make possible "practical interoperability across services and platforms, scaling to groups of thousands of multi-device users." This could "unleash a huge field of new opportunities for the users and developers of interoperable messaging services that adopt it."; It is also flexible enough to allow providers to address emerging threats to user privacy and security, such as quantum computing. Google plans to build MLS into its Messages app, which offers E2EE 1:1 and group RCS chats today, and "support its wide deployment across the industry by open sourcing our implementation in the Android codebase." How RCS factors into this remains to be seen.

It's MLS in the US, but ...

[fahrbot-bot]

Google today announced its support for interoperable end-to-end encrypted communication between large messaging platforms, with plans to integrate the MLS protocol into Google Messages and Android.

Other countries will call it the Football protocol. :-)

The solution to a long time self-inflicted problem

[Zuriel]

interoperable end-to-end encrypted communication between large messaging platforms

So it'll be possible to send messages between this year's Google messaging platform, last year's Google messaging platform and next year's Google messaging platform.

Re:

[gabebear]

No, specifically none of Google’s messaging systems this year support MLS. I expect only one Google chat app to support it 2 years when they kill the project.

Will MLS provide the UK's required back-door key?

[david.emery]

That's the HUGE question for this. A 'leaky' MLS could potentially compromise all interoperable message services, OR it could be the reason why currently independent and secure message services tell MLS to pound sand.

Re:

[kqs]

As compared to the current standard, SMS, which changes "potentially compromise" to "guaranteed and provably compromise" communications between different message services. I'm amazed by the effort people make in nit-picking the color of the bandages while they have a gaping chest wound.

Re:

[the_B0fh]

Nobody ever claimed SMS is secure. How you came to that understanding is bizarre. However, if you are comparing E2E encrypted platforms like Signal, MLS, or iMessage to SMS and saying anything is better than SMS, you are avoiding the question, which is, why would ANYONE want to integrate with Google, if Google was going to bend over for countries that demand they poke a hole in it.

Re:

[NomDeAlias]

At this point I just assume everything you listed is compromised. Even if those were secure they'll just drop Pegasus on your phone and read it that way.

Re:

[AmiMoJo]

MLS is an open standard, and was developed by Mozilla and a few others. It is thought to be cryptographically secure. It isn't a network in itself though, it's just a type of crypto that can be used to secure communications between two or more people, so Google will layer it over their existing protocols.

The main dangers is that someone in the encrypted chat has their device compromised, giving whoever controls it access to all the messages. The former Prime Minister of the United Kingdom, Boris Johnson, is

Re:

[mkosmo]

Physical control of a device with the data will always defeat transport-layer cryptography. That's just the nature of data.

Re:

[usedtobestine]

Only if its 1) badly implemented, or 2) has a feature for lawful intercept.

Like Jabbar?

[PinchDuck]

Two decades after dumping Jabbar they want encrypted interoperability between messaging platforms? Gee, itâ(TM)s funny how losing market share makes them suddenly embrace openness and interoperability. Hypocrites.

Re:

[kqs]

You mean Jabber/XMPP? gtalk was open and interoperable, but since exactly zero other non-trivial services would federate with them, nobody cared. Eventually Google got tired of keeping the door open while being limited by XMPP's oddities. But no worries, rather than complain about the dozens of messaging systems which never even tried to interoperate (including iMessage which was/is XMPP based), you whine about the one company which tried and was ignored. One wonders why Google even tries.

Google chat pr

Re:

[Anonymous Coward]

You mean Jabber/XMPP? gtalk was open and interoperable, but since exactly zero other non-trivial services would federate with them, nobody cared. Eventually Google got tired of keeping the door open while being limited by XMPP's oddities. But no worries, rather than complain about the dozens of messaging systems which never even tried to interoperate (including iMessage which was/is XMPP based), you whine about the one company which tried and was ignored. One wonders why Google even tries.

Poor lonely corporation. Google refused to federate with smaller providers.

Google chat protocols have never had any significant market-share; honestly, RCS is probably the highest market share they have ever had in this area. And RCS is fully interoperable, though Google has to route most messages through their own servers because Telecoms don't care about security, interoperability, or functionality.

Only unencrypted RCS is somewhat interoperable. Encryption only works on Google's proprietary RCS servers and apps. Group messages aren't encrypted.

Yet Google dishonestly keeps advertising RCS as open and secure. And running ads painting Apple as the bad guys for not giving up and using Google's system.

Re:

[TwistedGreen]

You mean Jabber?

Re:

[AmiMoJo]

Jabber, now renamed to XMPP, doesn't provide encryption at all. That's not the main issue with it though.

Because XMPP is decentralized like email, it has the same problem as email: abuse. Spamming, malware, scams.

For small players they can simply block servers that send spammy messages, and get the huge benefit of being able to interoperate with Google. For Google, the benefit of interoperating with small players is negligible, and the spam problem is huge.

It will be interesting to see how Thread opening up

3 years

[DraconPern]

I'll give google 3 years before they drop this project.

Blue is still going to be reserved by Apple

[CommunityMember]

Apple will never give up their exclusive blue (it is important to help identify those willing to pay the Job's tax).

Re:

[sabbede]

More importantly, who cares except a handful of snobs that use iPhones? I can't even see how this was ever something that merited legislative attention. There was no impediment to communication and consumers aren't harmed, so where is there any basis for legislative involvement? Let iMessage continue to not work with Androids. It isn't like there aren't plenty of encrypted messaging applications that run on both iPhones and android.

It just doesn't matter.