Remember when Google said they wouldn’t store messages in one of the company’s new chat applications, Allo? Yeah, no.
The version of Allo rolling out today will store all non-incognito messages by default – a clear change from Google’s earlier statements that the app would only store messages transiently and in non-identifiable form. The records will now persist until the user actively deletes them, giving Google default access to a full history of conversations in the app. Users can also avoid the logging by using Allo’s Incognito Mode, which is still fully end-to-end encrypted and unchanged from the initial announcement.
Like Hangouts and Gmail, Allo messages will still be encrypted between the device and Google servers, and stored on servers using encryption that leaves the messages accessible to Google’s algorithms.
For this reason alone, don’t use Google Allo. But wait, there’s more! There’s also the backwards way it handles multiple devices and phone numbers – another reason to not use Google Allo. Sadly, even if you don’t have Allo installed, you may still be forced to deal with it at some point because of some ‘clever’ tricks by Google Play Services on Android. If someone sends you an Allo message, but you don’t have Allo installed, you’ll get a special Android notification.
The notification lets you respond through text along (as opposed to stickers, photos or anything like that), or alternatively ignore it altogether. There’s also a button taking you straight to the Play Store install page for Allo.
How can Google do this? The notification is generated by Google Play Services, which is installed on just about every Android phone, and updates silently in the background.
Don’t use Google Allo.
You can use incognito mode if you want to say something “off the record”. Otherwise, I’m OK if they log it (which is no different from Hangouts). At least this gives me hope that maybe they will add multi-device support in some form in the future.
What’s so controversial about that? That they changed the decision from what they initially said?
If you care about privacy and security, select your messaging platform based on
https://www.eff.org/secure-messaging-scorecard
I don’t see a column for ‘do my contacts use it?’ which is the primary decision making factor for most of us.
I installed it, but when I saw I can’t even tell who among my contacts is using it (since I’d never bother the others with it), I decided never to use it again. If they couldn’t put such a very basic required functionality in, I won’t bother to spend any time with it.
Funny that Signal gets the maximum score, even though it still uses Google Cloud Messaging for the push notifications, thus enabling Google to get all of your information (except for the message contents, but that’s actually not as important as it sounds) that you were trying to protect in the first place.
This (very hefty) issue on github explains it all: https://github.com/LibreSignal/LibreSignal/issues/37
In the end you as a consumer cannot trust a centralised service, because you cannot control what happens between the two end-points. The best (as in: usable and practical) alternative to using Signal (or WhatsApp or any other IM) is going from a centralised system to a federated one (like XMPP, but e-mail is also a fine example of a federated communications technology), only joining servers that you really trust (or just setup your own) and in the meantime don’t let The Man let it stick it to you by gathering all your metadata.
Edited 2016-09-23 11:43 UTC
Gargyle,
+1!
Federated protocols have so much potential. Decentralization puts control of our data and communications in our own hands, it’s just a shame that corporate business models are so adamant that consumers remain tethered to their solos and force us to place our privacy in their hands.
Please don’t, and simply use XMPP rather than binding yourself to a specific “platform” again like the early 00s.
Maybe we could, if xmpp weren’t a mishmash of incompatible garbage between servers. But it is, so not a chance.
On one hand, it leaves the messages of presumably innocent users open to inspection: One day some judge might grant the police, or the health insurance company, or Apple Computer, or the Government of China, access to all your history for them to cherry pick your faults at leisure. What constitutes a fault may change with time and space, so somewhere, or some day, this may bite you.
On the other hand, it lets evil users secretly say evil things. If you know what you talk about is criminal or illegal, then you can leave no traces.
It somehow makes no sense.
But then, what they want is to index your messages as they already do with your email, in order to offer new useful features and at the same time serve you ads. Again, you trade privacy for free service. Is it THAT evil?
I don’t think even this is true. The messages will always be stored at least twice: once for you and once for the recipient.
And here follows obligatory comment about how the grass used to be greener:
There used to be multiple services (ICQ, MSNm Yahoo Messenger, etc.), each with is own set of problems and its own walls around. People had to use multiple applications to chat with others, because there was no platform where all of your contacts would be.
Then there was Jabber (now XMPP). It was a state-of-art protocol at that time.¹ It specifically allowed for transports, so that you could have your ICQ, MSN, IRC, etc. contacts in your roster, and you could chat with them as if they were using the same software as you do.² Google, Facebook and many others used XMPP for their chat services. If you wanted to, you could turn on some encryption feature, and your communication was reasonably secure by contemporary standards. That did not work with Google’s, Facebook’s and many other implementations that were build around non-XMPP services, but at least there was a path forward.
Then Skype happened. People were sold en masse on voice and video communication, and were readily dismissing all the security, privacy and openness concerns citing Skype’s dubious security measures. Skype itself dismissed popular demand for openness as inconvenient for spam fighting. Basically, Skype’s position on every question was: “Just don’t think about it. We did, and we chose the best option. Your back is covered.” Apparently people bought in.
Fast forward a few years. Now there are again multiple services (WhatsApp, Viber, Skype, Facebook Messenger, Signal, Telegram), each with is own set of problems and its own set of walls around.³ People have to use multiple applications to chat with others, because there is no platform where all of your contacts are. Back to square one. Only this time the market is very hostile towards any attempts at cross-service compatibility or alternative clients. People are banned for using third-party clients. Either public attitude changed, or people sold out for stickers and slick UIs.
¹ It was a bad protocol from technical standpoint, but hey, others were no better.
² Sometimes things were broken. Eg. every now and then non-ASCII messaging with ICQ contacts was turning into mojibake because somewhere something was incorrectly encoded. But there were workarounds, and things were generally workable.
³ If you are about to reply with something like “But Signal and Telegram are free software!“, please don’t forget to mention the way I could send a message from Signal to Telegram and vice versa. Also note, Signal’s server implementation used to be opensource, but it is proprietary now.
This (was around here before, but its worth repeating): https://gultsch.de/xmpp_2016.html
And all these servers can talk to each other: https://gultsch.de/compliance.html
It’s a user choice, again, get the easy route (phone number id and such) or get the secure route (Consversations and one of those servers that have a lot of green on their rows).
XMPP is a fucking terrible protocol. It’s outdated, there are a billion different competing extensions within it and the only feature that you can safely expect all the different XMPP-clients to share is text-chat — nothing more. I can’t for the life of me get file-transfers to work between Pidgin and Conversations, for example, and when I managed to get file-transfers to work between Conversations and other clients some clients happily accepted direct peer-to-peer transfers with good speeds, others resorted to the binary-to-text workaround and resulted in ~500Bps speeds, and so on. Hell, even saving a user-avatar was broken, what with several different incompatible extensions for it!
It’s an enormous, freaking mess, and I am not surprised in the least that it never got any more popular than it is.
2 things:
* what extension (XEP) does your server support?
* Gajim is the recommended desktop program ( see https://trac.gajim.org/wiki/GajimXEPSupport )
Edited 2016-09-22 16:15 UTC
You do realize that having to worry about which clients support which extensions and which servers support which extensions is exactly the point I was making?
Yet you provided no solution either.
That’s the whole point, the “lets use their closed system because we can’t read some text” attitude, and then it’s either “oh no, their rules text (privacy policy changed eg. Allo)” or “here, read a list of alternative chat clients, but reading is hard” apparently making end users sob.
Anyway, don’t worry about XEPs, but then don’t worry about what they record either, if you use their system. Oh, but you care? Then come and read those 2 links and you’ll be up to date, making an informed choice.
Edited 2016-09-22 21:27 UTC
Indeed, I didn’t. There isn’t a good solution at the moment! I do wish there was, I ain’t going to touch Allo or whatever, but XMPP sure ain’t an acceptable alternative, either.
Well said. I have some hope for https://matrix.org/
What are you talking about??? Skype was widespread long before Facebook happened. I remember Skype being abundant in times when MySpace was the facebook of the time.
“Then” was supposed to mean “after Jabber”. I don’t think it is that important whether this or that particular service started to use XMPP before Skype or after.
This is the big issue nowadays. Each service is now very user-hostile and antagonistic against anyone that tries to create bridges between services.
Everyone wants to monopolise eyeballs and feed everything through their own apps/servers to better feed their data analytics engines.
Where’s the mobile version of Trillian?
I think it used to be called IM+ Pro. Actually there was (maybe still is?) a mobile version of Trillian, but in order to use it you had to sign up for their cloud account. Screw that. I have to deal with enough accounts already.
This app launch is b0rken: http://www.xda-developers.com/allos-shortcomings-seriously-limit-ad…
This chaos needs to stop: http://www.xda-developers.com/how-allo-and-duo-want-to-complicate-m…
No wonder standby battery drain is awful on Android. Google is just taking us for fools with Doze and their pitiful attempts to pretend they’re tackling the issue while actually making it worse at the same time.
Other mobile operating systems doesn’t upgrade apps automatically?
If you feel brave enough, you can always attempt to replace Google Play Services and GMSCore with the MicroG-implementation.
That way there is no way for Google to pull these tricks anymore, nor is there the resulting battery drain.
I see no problem with displaying simple notifications when the app isn’t installed. Is better than missing messages.
Let’s see if you see a problem when it’s an obvious ad, instead of an ad disguised as a notification.
I already get ads by SMS
Interesting that everyone jumps to law enforcement, nefarious companies, etc. as the reason to not have their messages stored.
At that level, most people just need to get over themselves – what they say isn’t that interesting, isn’t that controversial, and isn’t going to get them into trouble. Unless they’ve actually warranted it…
But, there is an issue with storing data – and that is around sensitivity. If the information is stored in the cloud, then it’s a target for hackers. I don’t care about the cops reading my texts – but when I text someone my address so that they can visit, etc. then maybe I am worried about criminals getting hold of some the information that I text.
Assuming that you trust Google to manage that security, most people would actually see benefits from having their information stored. Lose or break your phone? Want to switch from Android to iPhone, or back again? No problem – just get a device with All, and you haven’t lost any of that information.
As ever, knee jerk reactions and hyperbole aren’t useful, evaluate what products do and don’t do, and use them (or not) appropriately.
The problem with storing conversations… is that if they can access it they can also fake it… if you ever do get important enough for anyone to care. Or on the off chance that someone with access decides to steamroll you because you made them mad etc…
Personally I think technologies like Tox are the answer… all the data is stored encrypted locally (if I want to back it up I can do that too but it’s encrypted in the backup) Also most clients use the core library so… they are all on the same page interoperability wise similar to Telegram although I think they do this at the spec/API level.
Hopefully they add multi-device support soon to toxcore (its on the TODO but probably not before the end of the year unless someone coughs up the cash to get the ball rolling)
grahamtriggs,
I don’t know if it’s fair to call it hyperbole though. Data collection is far more pervasive now than for previous generations. These days people can easily ruin their futures by doing things that people have always done, with the difference being that so much more of it is being recorded.
Heck, there are political things that are risky to talk about. For example, it could affect the residency status of green-card holders like myself just for having a negative opinion. This is all the more relevant because an openly nationalist bigot like Trump with no respect for civil rights or the law might well call on the NSA and secret courts to use our data against us in ways that are unexpected and even unlawful. And unfortunately it’s not just the US, we don’t have a good grasp on how our digital trails might be used in the future.
Now maybe you think it’s exaggerated, but mark my words, if we take our privacy for granted, then we will loose it, and powerful people with an agenda will probably try to exploit it.
Edited 2016-09-22 16:13 UTC
So why does Google use money and put effort into storing those messages?
Pretty naive to think things happen just because Larry found some old spare hard drives lying around at Google and used them for a fun holiday project out of boredom ..
MysterMask,
Google corporate policy requires all user data to be kept whenever possible unless the project manager gets a signed exemption from the executives.
[/sarcasm]
The issue isn’t that people believe their conversations are `that interesting`, it’s that people don’t like to be spied on. People don’t like everything they say and do to be recorded. It’s not fear of being caught for illegal activities, it’s simple principle and a right people are supposed to have under the fourth amendment.
We’ve reached a point where opinions are held against you – opinions that shouldn’t be public to begin with and should certainly be protected by privacy. Opinions, not actions but opinions! The more information logging, the more people are abused by it over things they used to and shouldn’t have to worry about.
We live in a world right now where you can’t trust the apps you use, the OS your devices need to work, or even the hardware itself. It’s actually worse than that because you don’t even speak freely in the privacy of your own home. If your phone isn’t recording, it’s your tv. If it’s not your tv, it’s your…….. Normal human beings tend to have a problem with that.
ilovebeer,
This is why I’m dumping Hangouts and FB messenger and going back to plain old SMS and email. Not iMessage either, but the 30+ year old texting and messaging technologies that were good enough for my parents, dammmit! If the three letter agencies are that concerned about what I text to my wife, my best friend, my mom, and my sister; well, let them look. They obviously have too much time on their hands.
If I ever do have something to say that I want to keep hidden I’ll be sure to use a secure platform, even if that means a handwritten cypher passed via sneaker net. I simply can’t think of a single thing I’ve said via third party or even first party messaging services that would be a security concern; I save that stuff for face to face conversations.
That said, I’m only speaking for myself. The world does need a better option, and I really hope someone, somewhere creates a truly secure end to end encrypted messaging protocol that is fully open source. There is Signal, but it only works on smartphones, and only those by Apple and Google (to function properly, the Chrome extension must connect to an Android device with Signal installed, which is bonkers). It’s also not 100% open source, as the voice component is still proprietary[1]. We need something that is truly cross platform, that works with any Internet connection on any device, and is actually 100% open source. Anything less would be untrustworthy by default.
[1] http://news.softpedia.com/news/wire-drops-lawsuit-alleging-extortio…
And that’s supposed to help you… how? Carriers keep your SMS, and will share it at minimum with law enforcement. E-mail? Who, precisely, are the primary email providers? It doesn’t matter one bit if you don’t use them. It only matters that the people you email do. Same goes for your carrier: even if your carrier didn’t log your SMS, your recipient’s carrier probably does.
Tl;dr: Even if you are secure on your end, you can’t guarantee the recipient is.
You didn’t read my entire comment obviously. I said I’m using SMS and email for non-secure communication. If I ever need secure communication I know how and where to do that. I also said we need a better secure chat option than what we currently have for the folks who do need to communicate privately all the time.
If you’ll scroll up and actually fucking read what I wrote, I wouldn’t have to repeat myself to you.
I did. But if you really are using these for only non-secure information, again, what good does that do you? Google, Yahoo, etc still know it’s you who said what, unless you refuse to send email to anyone who uses any of the big email providers. Your carrier and recipient’s carrier still know it’s you. I just don’t see what you’re gaining. And if that recipient has Facebook/Twitter/whatever and doesn’t check their cookie settings, they know about you anyway as well. About the only thing you might accomplish is keeping yourself away from iMessage, for whatever good that is.
I guess it just seems to me like we’ve already lost unless we actually do take steps to use secure communication completely. I’ve thought about moving my email account off Gmail but what’s the point? 95% of my contacts are on Gmail and would be no matter what I might do. The rest are on outlook.com (via hotmail’s migration) years ago. There might be one Yahoo address in there somewhere. So, anything I emailed to them would be indexed anyway. I’ve lost before I’ve begun, and any so-called freedom from data analytics would be a placebo at best.
That’s exactly what I’m saying, I don’t know why you’re being so contrary. I’m going back to plain SMS and email because even if I tried to use more secure channels, it would still all be indexed and sifted through, so I may as well use rock-solid, dependable, never-going-away services that literally everyone has access to. It simplifies my communication. No, I’m not gaining anything on a security front, but I never said I was. What I am gaining is simplicity and dependability.
Again, if I ever need secure communication I know how to do that, and anyone I would need to chat with securely would also know how.
Both SMS and e-mail you can encrypt without online exchange of keys.
For SMS there is TextSecure (or the fork: SilenceIM), for e-mail there is PGP. Sure, they can intercept the contents but not decipher it.
Edited 2016-09-23 16:49 UTC
And you’re going to convince your friends, all of them, to use these things which take extra effort on their part? I don’t think so.
https://www.theguardian.com/world/2013/aug/01/new-york-police-terror…
God help you if you had a brown sounding name, or if they decided to knock down your front door, you happened to be black at the time.
But I guess I’ll stick with Google Wave.
Don’t use Google.
“If you’re not paying for something, you’re not the customer; you’re the product being sold.”
— Andrew Lewis
Edited 2016-09-22 20:35 UTC