
Open Whisper Systems Partners with Google on End-To-end Encryption for Allo - ThatGeoGuy
https://whispersystems.org/blog/allo/
======
robert_foss
To me it seems like Open Whisper Systems are accepting a lot of concessions in
order to have Signal included into products. The trust I once had for moxie is
quickly dissipating.

* Privacy is only provided in Allo in a secondary mode. Not by default.

* Federation of the Signal protocol has been rejected for non-technical reasons.

Also, on a personal note, the desktop client requiring chrome is pretty awful.

~~~
mike_hearn
WhatsApp makes a lot of sacrifices to have encryption by default, like no
backup of messages, no real ability for the servers to do anything smart, no
real search functionality, desktop client that requires the phone to be on,
etc.

An incognito mode allows the default mode to have more functionality, and
matches their approach with Chrome. It's not a bad tradeoff.

~~~
ikeboy
I don't get why encryption and incognito (not leaving a trace on the device)
go together. I should be able to have one without the other.

~~~
eightysix_four
Did you watch what Allo does? In its normal mode it couldn't possibly function
with end-to-end encryption. They also have encryption to and from the server
in the middle when you aren't in that mode.

~~~
ikeboy
Incognito is a useful feature. E2E encryption is a useful feature.

There's no reason to only allow those two features to be used together. You
could have them both turned off by default, and have three modes, one which
turns on E2E and one which turns on incognito.

Also, the incognito decision should be made by each side independently. Just
because I want to delete my traces doesn't mean my partner does.

~~~
dragonwriter
> There's no reason to only allow those two features to be used together.

UX simplicity is, in fact, a reason.

~~~
ikeboy
Then have the default incognito be as described, with an option in settings to
separate the two features.

~~~
mike_hearn
I don't think you've thought this through.

If one side enabled this "use E2E encryption for everything" feature, then the
other side would presumably no longer have access to any of the smart
assistant features. And it would not be obvious why.

Additionally, it would be hard to explain why you'd ever want to enable such a
feature which means nobody would do it. I suspect you want default E2E
encryption for political reasons. Such things don't work unless it's on by
default.

~~~
ikeboy
>If one side enabled this "use E2E encryption for everything" feature

That's not what I'm suggesting. I want E2E to be separate from the "delete
chats when I'm finished" feature.

Wanting an E2E chat that stays on my device when I'm done should be fine.

I'm fine with having E2E require a separate mode, but that shouldn't be
bundled with the incognito feature of not remembering history.

~~~
mike_hearn
I see. In that case, yes it'd make sense to have such a feature, probably
implemented as an archive button in the incognito window (with a warning that
archiving such a chat makes it non-private).

~~~
ikeboy
Are you assuming that all storage ends up on Google's servers (because that's
what hangouts does, maybe)?

Why can't it store E2E chats locally and never upload to google, or even
encrypt with a passphrase like Chrome sync does?

~~~
ComodoHacker
Congrats, you have dug it down to the core. Google just doesn't need chats
that it can't mine for useful data.

~~~
ikeboy
Then why build E2E at all?

~~~
ComodoHacker
To stay competitive (or perceived so).

~~~
ikeboy
So you're suggesting Google crippled the feature so it doesn't get used? This
seems unlikely.

~~~
tdkl
For Google privacy is a problem, since they want as much data they can get. So
they've put in "incognito" so it sounds modern enough what competitors have
with E2E, but they'll try and make it inconvenient and not default as much as
they can.

Of course they won't be open about this, because they're making the world a
better place <insertcuteemojihere>

------
cm3
Has anyone given this

[https://medium.com/@wireapp/axolotl-and-
proteus-788519b186a7](https://medium.com/@wireapp/axolotl-and-
proteus-788519b186a7)

more thought and whether one should avoid Signal and work with a more friendly
project that doesn't seemingly fail at its desire to have widespread use of
the protocol and actually tried to sue WireApp? WireApp's now approved as a
non-infringing implementation in Rust, so that's great for reliability.

Edit: The suing part was initiated by Wire as a response to Moxie demanding
GPL compliance over their claim Wire is infringing. I got that backwards.

~~~
tptacek
You have this story backwards and you should correct your post. Moxie and OWS
didn't threaten to sue Wire. _Wire sued Open Whisper Systems_. That suit made,
but did not substantiate, a claim that OWS asked for money. OWS denies that. I
believe OWS, and not Wire.

The genesis of this claim comes from Wire having used GPL'd OWS code,
apparently for the Signal protocol, _without complying with the GPL_. OWS
demanded that Wire comply with the GPL.

Apparently, upon being told that they would be required to comply with the
GPL, they inquired instead about dual-licensing. That's standard practice when
a company adopts GPL code for their own product but doesn't want to comply
with the GPL: they instead have to pay for a private license.

Instead of paying for a private license, _Wire has apparently chosen to comply
with the GPL instead, and withdrawn their complaint_. I think that was the
right choice.

The knives are definitely out for Signal now that its importance is being
recognized by a wider audience. Complaints about Signal are, unsurprisingly,
getting dumber and more venomous. For instance, last week, Nadim Kobeissi (the
author of Cryptocat, a competing secure messaging system that I think you
should avoid) was on Twitter talking about how impossible a GPL violation
could have been given that Wire's Signal implementation is in Rust.

~~~
dcposch
Nadim had a legitimate and reasonable question.

For those who don't know, here was Thomas Ptacek recently joking about Nadim's
penis:
[https://mobile.twitter.com/tqbf/status/705825790529662976](https://mobile.twitter.com/tqbf/status/705825790529662976)

Here he is telling Nadim "go fuck yourself, forever":
[https://mobile.twitter.com/tqbf/status/705900243313758208](https://mobile.twitter.com/tqbf/status/705900243313758208)

This is unprofessional. That kind of bullying is especially unacceptable
coming from someone who has a lot of money and a pretty big audience, directed
at someone who is young and just starting out.

I think Hacker News should be better than this.

~~~
DanBC
> I think Hacker News should be better than this.

I'm not sure how linking to twitter supports your comment that HN needs to
improve. If he'd said that on HN he'd have been (I assume) banned. dang is
constantly asking people not to be mean or dumb, or banning people for being
mean.

~~~
dcposch
That's fair. Here on HN, tptacek writes negatively about Nadim surprisingly
often. I do think it's bullying, though you're right that it's more subtle
than his behavior on Twitter.

dang is great. I just wish we had a bit less negativity.

\--

Finally, a brief history for readers who dont know yet:

* Cryptocat v1 was a cat themed anonymous chat webapp with very broken homebrew encryption. It was basically Nadim's crypto learning project as far as I can tell when he was ~20 years old.

* Snowden allegedly used it at some point. Oops.

* Crypto experts reviewed it and found significant flaws. Tptacek wrote about how terrible it was, how JS crypto is Considered Harmful, how amateurs shouldn't write crypto because they could get someone killed, etc

* Cryptocat v2 a desktop chat app using Axolotl / Signal Protocol for e2e encryption. Nadim is a phd student now. It's a new and totally separate codebase.

tldr; there's no reason to assume that Cryptocat v2 sucks in the ways the
original did. It may be totally sound.

(I have no involvement w the project and have not reviewed the code.)

------
tptacek
This is fantastic news. The two largest messaging platforms on the Internet
will _both_ be using Signal protocol.

I could ask for more: E2E could be the default for Allo, and it isn't. That's
not great. But the E2E you get when you ask for it will apparently be best-in-
class.

~~~
morgante
Uh, where are you defining Allo as one of the largest messaging platforms on
the internet? It literally just launched.

It might do well, but it could also easily be a flop (as many other social
initiatives from Google have been). Either way it's a _long_ ways from
catching up to WeChat, Viber, or even Facebook Messenger.

~~~
bad_user
It's going to end up on a lot of Android phones. If it's any good, it will
catch on. Hangouts hasn't caught on that much because, imho, it has bad UI.

~~~
PuffinBlue
Agreed.

Hangouts didn't catch on because it was delivered as a group video calling
service that then also did (or perhaps became about?) text, even becoming the
default SMS app on Android.

It also hasn't caught on because it is overly complex. With any other video
calling service you call a person and they have a conversation with you - of
you initiate a group conference and off you go.

Hangout needs you to invite someone, but then what - you're still having this
video broadcast by yourself? Actually, is it a broadcast? Can other people
just join in? Apparently they could depending on your settings (in the past),
but not this seems to have been separated to 'Hangouts On Air'? Who knows, I
don't see why I should bother looking into it when there are clearer options
available.

I love me some Google, so don't misunderstand me, and Duo is a big step in the
right direction for the average users experience compared to Hangouts.

~~~
mike_hearn
The Hangouts mobile app is also incredibly buggy.

~~~
Zigurd
I don't always agree something is "incredibly buggy" but when I do, it's
because I experience multiple daily crashes on a Nexus 5X, which should be the
most compatible and thoroughly tested platform it's running on. That qualifies
as "incredible."

------
Jarwain
What I'm curious about, and think would be really neat, is if one could take
advantage of the shared Signal Protocol to send messages cross-platform.
Specifically, sending an encrypted message to a Whatsapp user from Allo. Or to
a Signal user from Whatsapp. Or any combination/permutation really.

~~~
pnathan
Moxie's on the record as being opposed to federated services.

[https://whispersystems.org/blog/the-ecosystem-is-
moving/](https://whispersystems.org/blog/the-ecosystem-is-moving/)

~~~
zellyn
I don't think I'd characterize his blog post that way. The last sentence
captures what I got from reading it: "It may not be as beautiful as
federation, but at this point it seems that it will have to do."

Also, as djb points out:
[https://twitter.com/hashbreaker/status/732912508089032706](https://twitter.com/hashbreaker/status/732912508089032706)

~~~
mike_hearn
Moxie's essay is strong and djb's point is not: a "federated network" with a
centrally controlled app that updates automatically might as well not be
federated at all: at that point having multiple servers hardly matters. Who
cares about running your own server if you can't run your own client?

Moxie has put into words what I've been thinking myself for a long time - the
old federated protocols from the 1990s have been slowly dying off (with email
being the main holdout, unless you count gmail). And the reason is that they
just don't evolve. There's no incentive to evolve them, there's no
organisational structure to evolve them, creating them takes huge effort AND
they suffer from all sort of hidden ideological constraints that would prevent
them from e.g. doing a partnership with Uber beause Uber is a corporation and
an open protocol isn't. But users don't care about that.

------
Roritharr
I really wonder what the people of allo.im are thinking now.

~~~
goda90
Whoa, I wonder what the story is there. Did Google know this allo.im existed
before naming their thing?

~~~
ocdtrekkie
I suspect they don't care. And I'm guessing allo.im will get booted from the
Play Store for using the same name as a Google product.

~~~
dave42
It's not in the US playstore, so it obviously doesn't exist.

------
NetStrikeForce
I'm not sure I got it right.

Is Google going to be scanning all my conversations to give me suggestions on
what to say next? Really?

I understand the price of things like Gmail, where I get a robust email system
in exchange of scanning my emails and mining my data. I got something very
good from Google, they got my data. Not the best of the deals I ever made, but
it has (had?) a strong appeal.

On the other hand I don't understand this Allo thing: There's no appeal in the
smart assistant, it doesn't bring anything I want to have.

~~~
ComodoHacker
Saving time and hand movement typing "LOL=)" could be quite an appeal,
depending on how many times a day you're doing it.

~~~
tdkl
"What if surveillance looked cute and lovable?" [1]

~Aral Balkan

[1]
[https://www.youtube.com/watch?v=jh8supIUj6c](https://www.youtube.com/watch?v=jh8supIUj6c)

------
lawnchair_larry
For someone concerned about privacy, it's baffling to me that we'd be forced
into sharing our phone number in order to communicate.

------
superkuh
Does this require a phone number like the rest of Open Whisper Systems
products?

~~~
kevincox
Ugh, I hate this phone number as identify business. My pone number changes
every time I move and I have to keep paying to have it. I see the benefit to a
number that I can easily share but I don't like tying it to the telephone
system.

I'll keep using something like hangouts that allows me to keep my contacts
when I move as well as a number of other benefits.

~~~
superuser2
Why does it change? In my experience most people keep their first cell phone
number for their entire lives. Area codes are indicative of nothing, except
where you lived in 2005 [1].

[1] [https://xkcd.com/1129/](https://xkcd.com/1129/)

~~~
GeneralTspoon
If you move internally within a country, sure. But when you actually move
country, you'll need to get a new sim (or be charged roaming fees).

I live in Europe, and I've had 4 different phone numbers in the past 3 years.

------
sigmar
Great news! Hopefully this also means that identity verification (through a
key fingerprint) will be available in Allo (and in Duo?)

------
chinathrow
That is awesome - now we also need to kill metadata collection. Is this
feasible?

Oh and off-the-record was there on Hangouts/Gtalk before - I used it but the
chats were replicated across clients (e.g. Pidgin vs gmail.com) - so not
really off-the-record (i.e. they lied).

~~~
orblivion
It's "Off The Record" in that they claimed not to store history. As I
understand this is completely unrelated to the OTR encryption system.

~~~
chinathrow
I got rate limited so here's my late reply:

Yes, I labelled that incorrectly and I was not talking about the OTR
encryption tech - Google still lied though in terms that they kept a
conversation record and replicated it live and time-delayed across channels.

------
mahyarm
I wonder how many other signal protocol integrations are in progress...

------
p0ppe
Why didn't Google just develop this in house? It almost feels like they're
admitting to having no credibility on privacy without an external partner.

~~~
bad_user
That's nonsense. In-house proprietary encryption is not peer reviewed and
untrustworthy by definition and if you're going to work in the open,
especially for a new proprietary chat app, it makes better sense to build on
an open platform that's already proven and is handled by people that really
know their stuff. More secure and probably cheaper as well.

~~~
nxzero
Being open source or closed source doesn't make code more secure. What make
code more secure is making it more secure. Have you audited the code?

~~~
hobarrera
Open vs closed sources makes a difference in how much I TRUST its security
level, not security itself.

