I believe the messages can be read by Valve but I have no clue about voice.

Chats, yes. But only if reported would they even need to.

Yeah there is no end to end encryption. Amusingly public/private key encryption is typically done with a significant problem around key exchange where without a trusted broker there is no way to know that Bob's key is actually Bob's key, not the NSA's key for Bob that they have substituted using a man in the middle attack.

WhatsApp for example uses 'trust on first use', which means that "when a key is exchanged, this key is trusted as long as the key does not change". All that means is that the NSA has to be consistently replacing Bob's key with their own from Day 1 otherwise their interception doesn't work.

It shocks me how people don't realise how insecure these supposedly secure transmission protocols are.

Originally posted by Darren:

It shocks me how people don't realise how insecure these supposedly secure transmission protocols are.

Man in the middle or bob,
to determine this, there are things to compare between both ends.

Originally posted by Muppet among Puppets:

Originally posted by Darren:

It shocks me how people don't realise how insecure these supposedly secure transmission protocols are.

Man in the middle or bob,
to determine this, there are things to compare between both ends.

Oh there definitely are ways to check but they all require a trusted middle man. Think about it if you don't have a trusted middle man how do you Muppet secretly let me know what your key is or how to verify it?

You can't send me the key, the man in the middle can subtitute that out as well as lie to you about my key for encrypting the key you wanted to sent to me. If you try to encrypt a known number and send it to me, they can replace that with their own encrypted version of the same number because it's publically known or you had to send it unencrypted first.

All actual techniques involve a trusted middle man (i.e. for certificates there is digital signing which you use another trusted key to verify that this other key is the right person, for WhatsApp has numbers on people's accounts for verification which are checked via the company itself as the "trusted" middle man and so can lie to people and compromise the security) the only exception is if you physically copy a key between two people without transmitting it over the internet (i.e. physically giving them your key on a USB drive).

Originally posted by Darren:

Originally posted by Muppet among Puppets:

Man in the middle or bob,
to determine this, there are things to compare between both ends.

Think about it if you don't have a trusted middle man how do you Muppet secretly let me know what your key is or how to verify it?

This question is the answer.

They can read but I think they don't store the chats forever(someone correct me If I'm wrong. ) at least on the account data page with the gdpr change it don't show my history from years ago Not even some Months.... So unless someone report u, valve don't have u chat history forever.