Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It also depends on what your personal requirements for forward secrecy are. As a major platform operator Google should aim somewhere towards the top of that distribution.


Why does Google need long-term forward secrecy? They may encrypt my sessions with keys, but most of their data is the huge index of the public web which is, by definition, public. I suppose they dabble in things like health records, but it seems like most of what they store and forward are public.


Google operates among other things an office suite, a cloud platform, the largest repository of location services data in the world and an IoT health/lifestyle devices company.


And do they encrypt any of those details aside from while the data is in transit? My impression is that they don't.


Im pretty sure they encrypt anything remotely sensitive at rest. A quick google found sources for this for cloud [1] and drive [2].

[1] https://cloud.google.com/docs/security/encryption/default-en...

[2] https://support.google.com/drive/answer/10375054?hl=en-GB


Any big company has numerous data access restrictions. Some of them are obligatory and external, or required for certification. Even basic HDD/SSD decommission and transfer between projects strongly implies that old data was not stored as clear text.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: