
Google Hangouts/GTalk glitch sends chats to wrong recipients - CWIZO
http://www.zdnet.com/google-hangoutsgtalk-glitch-sends-chats-to-wrong-recipients-7000021195/
======
sssparkkk
Besides the fact that this is a pretty serious bug, I'm rather underwhelmed by
the care Google has been taking of their hangouts product after releasing it
last May.

And I'm not even talking about things like online-status 'missing' (it's a
design decision on their end), but more the general experience of using
hangouts.

As far as I can tell you're still not able to mute the new message sound,
without turning off notifications all together (hangouts in Gmail). Chatter
picking up in a hangout and you want to mute it for a while? Again, not
possible. Turn off all notifications for that hangout and chances are you'll
completely forget you were ever part of that conversation (snoozing
notifications hangouts-wide makes sure you miss all other personal messages
sent to you as well).

Uploading a photo on a slow network is a pretty terrible experience: it'll
start telling you the upload has failed and it's retrying (no progress to be
seen anywhere). If you delete the message and try again, you'll probably end
up with two of the same messages in your conversation, because often it
doesn't appear to correctly 'receive' your deletion request either.

When you've received a photo that you need to save to your gallery (maybe you
want to zoom-in a little, or share it with someone else?), be prepared to hit
that save button for a while until you finally get a confirmation that the
photo has actually been saved.

Stuff like this is not a problem when it's your first release, but 4 months on
you'd expect a company like Google to be able to iron out quirks like these.
But no, we get extra emoji as one of the few updates to the hangouts platform.

[edit: spelling]

~~~
bluecalm
Also synchronization sucks. I often use it from my desktop only to get "new
message" notification on my phone somewhere around 10 minutes in the
conversation with some messages from the beginning. It also loses message
regularly so I am now used to ask for copy pasting if it's obvious something
got lost. Blatant disregard of things like sorting via status (or displaying
that at all) or introducing more of them is another thing. It looks like some
crazy manager designed his evil plan and convinced all his bosses that it's
the way to go. The app sucks, everyone I know hates it, they forced feeded it
to users with Android update with no way to go back to gtalk.

It's amazing how they completely ignore what people want in the name of some
lucid vision of how web talk should be done. Worse yet, they first lured
people in by releasing an awesome app (gtalk) killing most of the competition
and then changed it to "Google way of doing web" without asking anybody and
with competition already (almost) dead. /rant

~~~
rryan
Killing the competition? There is lots of healthy competition in the
messaging/chat space:

Facebook Chat, WhatsApp, iMessage, SnapChat, Instagram, Skype, etc.

If anything gChat is a struggling platform that didn't make the transition to
the mobile era -- that's the _entire reason Hangouts exists_.

Edited: to use more polite tone.

~~~
lawdawg
It's amazing that on a place like HN it seems like most people just don't get
this.

The vast majority of communication happens on products that: 1\. Don't even
have a desktop component 2\. Have no "status" indication (oh noes!!!) 3\. Are
completely closed ecosystems

And yet you never see posts about how WhatsApp, iMessage, SnapChat, etc are
horrible because of the above reasons.

~~~
27182818284
>It's amazing that on a place like HN it seems like most people just don't get
this.

Communication in general, business communication still is very much dominated
by desktop software (e.g. [http://office.microsoft.com/en-us/microsoft-lync-
video-confe...](http://office.microsoft.com/en-us/microsoft-lync-video-
conferencing-and-instant-messaging-FX102004552.aspx))

------
nknighthb
> _At this time Google Talk is not functioning correctly and we are continuing
> to work to restore full functionality._

This is where you _turn it off_ until you fix it. This isn't a service
disruption, this is a service malfunction with far more serious potential
consequences than delayed emails, or inability to download an app, or
duplicate credit card charges, and you can't fix those consequences after the
fact, not even by applying vast amounts of money.

~~~
GvS
I think they turned off Hangouts and reverted to old talk. I noticed that
messages I've tried to send with Hangouts from G+ web page were not delivered
and chats from gtalk dekstop client are saved in gmail as "chat" not "hangout"

------
davidjgraph
Tut, always so negative. I told an old friend this morning that I was going to
charge the anal probe, of course I meant that remark to my co-founder.

Haven't talked to him in ages, we had a good chat and we're going to meet for
a drink at the weekend (sans probe). Cheers Google!

~~~
stingraycharles
This is irrelevant. Just because you had a positive experience from it doesn't
make this bug less serious.

~~~
Mustafabei
Sheldon? Is that you?

------
Ueland
Was about to create a thread on /r/netsec and ask what was going on, or if i
had gone crazy, after a former colleague of me got everything i wrote to my
fiancee.

Pretty horrible bug.

A Norwegian example/proof:
[https://dl.dropboxusercontent.com/u/83758451/Screenshot_2013...](https://dl.dropboxusercontent.com/u/83758451/Screenshot_2013-09-26-10-40-51.png)

------
wintersFright
Someone's continuous deployment process is about to get mirred in bureaucracy
and paperwork

~~~
CraigJPerry
:-)

Releasing is hard to scale up like google have to. How many apps are they
releasing to daily...!

It's not technical building blocks (they can all be automated), not even busy
work, just complex intertwined dependencies from completely different, often
non-electronic, domains.

Hypothetical release co-ordinator speaking: "Did app A release this morning
into EMEA prod? Ok that means app B can go but only once the security review
team drop their veto. Has release candidate 2 been promoted to the canary
environment yet? Remember B's new deployment process is in scope this release,
and do not release to the 5 servers in the BCP datacentre today..."

Could you imagine managing the constant evolution of a rules engine to replace
a good quality release co-ordinator? I don't think i'd be able to sleep!

As far as i can see, continous deployment doesn't have the general
applicability that continuous delivery enjoys.

~~~
est
No, releasing is easy, until your established process get fucked up by an
Indian PM asking you to "integrate" features into G+

~~~
eshvk
> No, releasing is easy, until your established process get fucked up by an
> Indian PM asking you to "integrate" features into G+

Was it his/her race that fucked it up? Would it have been better if Google
hired only the finest corn-fed Mid Western white American?

~~~
ISL
Perhaps there is confusion in this thread regarding "PM". PM to a programmer
may mean "Program Manager", but in most countries with parliamentary
government, "PM" may mean "Prime Minister".

~~~
saraid216
He's almost certainly referring to Vic Gundotra, the PM for G+.

~~~
gohrt
senior vice president

------
acchow
We deserve a public and highly detailed post-mortem.

~~~
Sarkie
Do we?

~~~
amirmc
Yes, we do. Especially all those business users who have paid for GApps and
have trusted Google with their comms.

In general, we deserve to have more decentralised services that are built on
the principle of 'privacy by design', rather than 'trust by design'. Maybe,
screw-ups like this can help spur more efforts in that regard.

~~~
eddieroger
I agree that paid GApps customers absolutely do, and maybe even a slight
refund for the outage they should be taking. But free customers don't. With no
payment also comes no expectation of service (outside the Terms of Service,
which probably says that this kind of stuff will happen from time to time).

~~~
amirmc
> _" But free customers don't."_

I respectfully (and strongly) disagree. You're essentially saying that free
customers can be completely screwed over and have basically no rights at all
(and you seem to be implying that this ok). Legally speaking, maybe Google has
absolutely no obligation to say anything (even to it's paying customers), but
this isn't about meeting the minimum legal requirements.

On a related note, how many people really have the ability to comprehend the
ToS they click on? The reading level of many of those is surprisingly high
given the demographics that use the services, so the concept of 'informed
consent' is already quite strained imho. Therefore, people fall back on trust
and it's probably in the providers interest that they do this (as they can
make a ToS that's great for their own needs, while legally providing very
little to the user).

------
playhard
I just opened the chat tab and i was shocked to see the conversation i had
with my co-founder sent to my college friend. Two more lines from the same
conversation was sent to my friend's brother. This is serious.

------
ChikkaChiChi
I'm starting to seriously consider moving my teams away from Google;
especially for chat.

Hangouts has been a debacle. I'm furious that the upgrade was shoved down our
throats (on Android) for a next-gen tool that was as feature incomplete as the
first EA Sports' Madden game on a new gaming system.

------
manojlds
Here's the status link -
[http://www.google.com/appsstatus#hl=en&v=issue&ts=1380220199...](http://www.google.com/appsstatus#hl=en&v=issue&ts=1380220199000&sid=3&iid=2115900d3a8ac9a969139e5db5f60052)

------
CWIZO
This just happened to me. I recieved messages (in gmail) from a contact that
ware meant for his wife.

Be careful! I guess the best course of action is not to use gmail chat until
google announces they have fixed the issue.

~~~
houk
No, trust has been broken.

You can't tell me you have confidence that this randomly won't happen again in
the future? It's shattered mine.

~~~
mseebach
Your search for perfect, flawless permanent security will be long, lonely and
ultimately fruitless.

Already you've cut yourself off from flying, riding on trains and driving.
Nobody can guarantee that deadly accidents will never happen, and indeed they
do happen.

Presumably you only eat food your grow yourself. There are regular instances
of contamination in the industrial food sector. Not that any guarantees can
really be made, but at least contamination will be mostly your own fault.

See where I'm going with this?

~~~
eknkc
I generally agree with this reasoning but this is not "flying", this is
"flying with x airlines which dropped a plane once".

There are alternatives and one could choose a statistically safer one. There
is obviously no guarantee. However, gtalk now has the highest likelihood of
sending your messages to random people. That's a reason to avoid it.

~~~
mseebach
When considering "passenger miles flown per incident", GTalk (and Google in
general) has a security record completely on par with the best airlines.

~~~
vectorpush
What about the best chat services? In something like 18 years of chatting on
the internet from IRC to ICQ, AIM, Skype, even Facebook messages, I have
_never_ seen a message go out to an incorrect recipient that wasn't the fault
of my own negligence.

~~~
mseebach
Well, they're also good[1]? British Airways didn't become a better airline
when the Air France plane crashed, just like Air France didn't become a worse
one.

1: Except, of course, IRC which is a protocol, not a service, and it was never
designed to be private, but that's pedantry.

~~~
Karunamon
I think the overall point here is that the _ability_ for a message addressed
to one person to end up on someone else's screen carries some rather
unfortunate implications for the internals of the service. Compare with IRC
private messages, email, heck even XMPP.

~~~
mseebach
Both IRC and XMPP cheerfully supports group messages?

~~~
Karunamon
I know XMPP does because I use that particular function at work daily, and IRC
supports person to person PMs.

What I meant though is that the fact that whatever kind of shenanigans they're
doing internally has a failure condition that can misroute messages is a bit
scary.

------
ddalex
Just happening to me, I thought I was going mad.

It happens on regular accounts, not just Business, I've seen it this morning
when I got messages intended for somebody else.

I would refrain to send any sensitive information over Google Talk right now.

~~~
amirmc
> "I would refrain to send any sensitive information over Google Talk right
> now."

Why only "right now"? Why ever send _sensitive_ information over a 3rd party's
server. While I believe that Google will find and fix the problem, they
probably make little to no claims about the level of security they offer. So
using them at all should be a calculated risk.

~~~
manojlds
So how else do you send them?

~~~
mseebach
The exclusion of third party servers is meaningless. Any communication over
the internet will pass through _at least_ several third party routers, which
are by all intents and purposes servers.

What you shouldn't do is transmitting sensitive information without
controlling the end-to-end encryption chain. If you do that, you can involve
as many third party servers as is convenient.

~~~
amirmc
> _" What you shouldn't do is transmitting sensitive information without
> controlling the end-to-end encryption chain."_

Actually, this is what I meant and I should have been clearer. Thanks for
pointing it out.

------
timmipetit
This also just happened to me. Some messages that I send (using the browser)
to a friend were received by someone else. A messages intended for my
girlfriend was received by a coworker. My Hangouts app (Android) actually
showed these messages in the "wrong" conversation.

------
nmridul
What if this happened with Gmail ? My bank details and other data getting
displayed on someone's Inbox !

EDIT - I don't use gtalk for sending confidential info, so this doesn't affect
me, but this could also happen with Gmail that I trust lot of data with (bank,
school, government etc)..

~~~
capecodcarl
This is probably a good reminder that you should never send anything in
unencrypted e-mail that you wouldn't be willing to write on a postcard and
send via USPS.

------
sanyi
I have experienced this bug for years: everything I send over GTalk goes to
the NSA.

------
curiousDog
Wow, I've always fully trusted gtalk. Even sent over my SSN and credit card
details. Never again.

~~~
mseebach
Well, you shouldn't do that, ever.

That said, the perfect is the enemy of the good.

~~~
r0h1n
> perfect is the enemy of the good

While I agree with that statement in general, I couldn't quite make out what
you meant by it in this context.

Are you saying "good" = " _most_ of the times your Google messages will go to
the intended recipients" and "perfect" = " _all_ of the times your messages
will go to the intended recipients"?

~~~
mseebach
Good means that GTalk is really, really good. Perfect means that it will never
have a bug.

Nobody is talking about that this is some acceptable status quo. It's a bug
and it will be fixed. If past performance is considered, it will be fixed
_fast_.

~~~
r0h1n
Sorry, but I disagree with your choice of adjectives.

You are reducing what happened today to a mere "bug", which is the way Google
(or developers) would look at it. Instead, approach it from the user's POV.
Having your financial, personal, professional, secret or illegal (yes, I'm
sure there will be that too) communications sent to multiple random people is
more than just a bug.

I agree GTalk is "really, really good" like you say, but then what happened
today also should "never, ever happen".

~~~
vdaniuk
Consider that statistically it can happen to any other messaging service
provider. And switching to other instant messaging service won't offer you
additional protection due to that the core problem (it is impossible to
guarantee zero bugs without huge overheads) is the same for all services.

------
c-a
Wouldn't a problem like this call for pulling the service off while it's being
investigated/fixed?

------
k-mcgrady
Suddenly I'm very glad Talk has never been available in my country. After this
I doubt they would have any hope of getting it past EU privacy laws anyway.

Edit:

As the people below have pointed out Voice isn't available to me - Talk is.

~~~
koyote
Wait, Talk is country restricted?

~~~
stickydink
Talk is everywhere, OP probably means Voice, which isn't.

------
nucleardog
Contrary to the articles suggestion that this is recent (past day or two),
this actually happened to me for the first time back on the 20th of the month.
It happened between two non-apps (regular Gmail) accounts.

I mean, I watch what I say online anyway, but I sure wasn't expecting Google
to force me to open a dialogue with an ex.

------
7952
In situations like this I would actually prefer it if the service went offline
until fixed.

------
StavrosK
Well, now I'm glad I convinced most of my friends to install OTR. I do wish
there were an XMPP-supporting instant messaging service with a good mobile
app, though. Google Talk has gone to hell after it got turned into Hangouts...

~~~
philsnow
Use straight jabber/xmpp ? Sign up for a jabber.org account (or hell run your
own ejabberd). I think there are some decent mobile clients.

~~~
StavrosK
Unfortunately, there just cannot be a good mobile client unless it supports
push notifications, which requires server support, which XMPP doesn't have.
The existing clients need to keep a connection open and take too much battery,
sadly...

------
pkallberg
Sounds like chat roulette on a grand scale!

------
mdup
For some time I've pretended that anything I write that should be private (IM,
mail, etc.) is actually public. Nowadays it has become so easy for your
recipient to transfer a mail to the wrong person. Once I've also been victim
of my phone sending texts to the wrong people.

So from now on, just write things you can assume in front of the whole world.
Don't write shit about people you don't like. Keep that for face-to-face talk
with your friends. Things _written_ last so much longer than things _said_.

------
goshx
I'm sending random messages to random people just to see them freaking out.
"Oh, this might be the bug they were talking about this morning"

~~~
TallGuyShort
I hope you inform them you were joking. I think it's pretty irresponsible to
misrepresent a problem this potentially serious.

~~~
goshx
Of course, just a good excuse to talk to people I haven't chat for a while. :)

------
ekns
I've had this happen with facebook chat once maybe two years ago. I wonder if
there have been other places where something like this has happened...

------
realrocker
Happened to me this morning. I listened in for a while to my friends chat to
his client about a bug, while interfering several times with messages of "wtf"
and "what ok?" before realizing the situation and horrified at the prospect of
the client receiving my invaluable inputs. Called the guy up in a jiffy and
told him about it. It seems that I was just a passive receiver.

------
DangerousPie
Time for some Russian roulette: Send offensive messages to random people on
your GTalk and see who receives them!

------
bendoernberg
Good thing I've gotten most of the friends I chat with regularly to switch to
OTR-enabled chat clients.

~~~
devx
Yeah, can we get OTR in Hangouts already, Google? (no, not that "we're not
archiving it - promise!" OTR)

~~~
simias
What would be a correct OTR implementation for you? For in-browser chat you'll
have to trust them at some point anyway...

~~~
nomailing
Why not with a Browser plugin? Pidgin already Supports OTR via gtalk. And on
Android you can use Gitterbot. Google should really implement OTR in a
Javascript library in the Client Browser. Would that be possible?

~~~
simias
Sure, but I like the convenience of web-based no-install gtalk. I think as far
as google is concerned convenience beats security.

They "read" your mails, know what you search for and who your friends are. It
would seem strange for them to go out of their way to provide truly OTR gtalk.
And I'm totally fine with that, there are plenty of alternatives if I ever
need encrypted chat.

------
Keyframe
I don't trust hangouts ever since I discovered, by accident, that if you get
somebody else's invite you can set their status and messages for the invite in
calendar as you want. I reported that to google to which they said it's by
design if you're sending out invites to non-google accounts or if invite is
received in a non-gmail client. While I understand you can't do it any
differently if you want that functionality, but this was on a business
account. I'd rather see limited functionality then where you can set status
for the invite only in gmail/calendar and if you're non-google account or 3rd
party email client you get to only view the invite.

------
Apocryphon
I suppose this is a good time as any to ask fellow HN readers for
alternatives. Preferably the ones with extra crypto features added in the wake
of the PRISM revelations. What alternative chat clients do you use
besides/instead of GTalk?

------
gaving
Deja vu anyone? [http://techcrunch.com/2011/01/05/google-android-sms-
bug/](http://techcrunch.com/2011/01/05/google-android-sms-bug/)

Good going Google.

------
archon810
Google has already fixed it within hours
[http://www.google.com/appsstatus#hl=en&v=issue&ts=1380265199...](http://www.google.com/appsstatus#hl=en&v=issue&ts=1380265199000&sid=3&iid=2115900d3a8ac9a969139e5db5f60052)

~~~
goshx
well, look again.

------
orblivion
Any idea if this is happening over Jabber clients as well?

------
stevoo
Just happend to me today. A coworker was writing to someone else and
everything was coming to me as well.

------
frank_boyd
For those who don't see why they should route their communication through a
company known to partner with the NSA, try one of the server-
less/decentralized/encrypted communication platforms like
[http://retroshare.sourceforge.net/](http://retroshare.sourceforge.net/)

------
houk
I am amazed that this hasn't received more attention.

------
rajesh1906
Google Talk glitch sends chats to wrong recipients..

------
vs4vijay
Same here...

