[kamilner]

If you mean RCS, end-to-end encryption is not part of the standard, it is a non-standard extension supported only by the google messages app https://support.google.com/messages/answer/10262381?hl=en

[Rebelgecko]

Does RCS need E2E to be better than SMS when it comes to privacy/security?

[dwaite]

IMHO profiled RCS is notably worse than SMS for privacy, because the vast majority of RCS servers are hosted by Google.

SMS can be read but it is still at least somewhat decentralized. It isn't being funneled to a single party whose business model is profiling users.

[llm_nerd]

Yes, it does. RCS without E2E is following the SMS model and putting your telco in charge. It uses transport encryption but that is basically meaningless when every relay sees the entire contents of the message.

[Rebelgecko]

Does that mean Stingrays and just regular old SDRs can still pick up RCS messages?

[llm_nerd]

RCS uses transport encryption and I honestly have no idea if it uses cert pinning or server certs or the like. The bigger concern to me is that it puts your telco in charge, just like the old days of SMS. Without E2E they get to see all of the contents of messages and to share it with whoever they deem they want to share it with, which history has shown is too many people. Telcos were very willing partners in the development of RCS for a reason. And there's a reason the base spec doesn't include E2E. Telcos want a return to the good old days.

SMS is insecure and no one should use it. RCS isn't that much better and history is a lesson that it returns to a partner that isn't trustworthy.

[NavinF]

Yeah anything that's not E2E encrypted is pretty useless for privacy/security these days. Might as well just use DMs on reddit, twitter, etc if you don't care about E2E