
If you care about privacy, you should not use Google Allo - walterbell
http://motherboard.vice.com/read/dont-use-google-allo
======
fixermark
"Let that sink in for a moment: The selling point of this app is that Google
will read your messages, for your convenience."

If that's the author's objection, it's like the author never heard of Gmail.

[https://developers.google.com/schemas/tutorials/google-
now-c...](https://developers.google.com/schemas/tutorials/google-now-cards)

~~~
visarga
Gmail? What about Google Search? It knows more about a man than his wife,
doctor and lawyer combined. But Google convinced us to happily give up our
privacy, for the amazing advantage (no sarcasm) of searching the internet.
Maybe it was worth it, but Alo doesn't offer any ground breaking service.

~~~
vthallam
The demo showed only some use cases which mostly look like first world
problems, but i personally see a huge need for this. I mean there are millions
of people who plan things over chat and Google showing search results for
movies, restaurants, flight ticket prices etc in the chat which can be viewed
by all the users is very huge IMO. Also, if they open up the platform for
other bots like Google, basically we are seeing a FB messenger bot like
platform. I will just open the incognito mode they are offering if and when
needed.

~~~
zxcvcxz
Why not just install a keylogger on all google devices?

~~~
fixermark
Lack of useful semantic context to guess at the meaning of the keylogged
strings making it more difficult for the data to be combined with the user's
existing data to help them solve problems.

... but I know you were just being facetious. ;)

------
incepted
This is the usual privacy hysteria knee-jerk reaction: "Watch out, the big
companies are going to get data on you!".

And people are going to react exactly like they've done before: if the service
is worth it, they'll be happy to trade a few bits of privacy about themselves
in exchange for the benefits.

Also, I'm not sure the author of this piece understands what encryption is
about since he laments that most people don't search with https on. Er...
what? If you want Google to search something on your behalf, they have to be
able to read the words you type. Encrypting these words so Google can't read
them would be comically useless.

~~~
pacala
Of course you have to send Google search queries. Of course it would be a
whole lot more elegant on their part to have a simple SLA: "We use the search
queries for the express purpose of answering your queries. We do not hold on
your personal information for more than XX minutes, neither in personalized
nor in aggregated form." It's not that hard, a 30 people organization can pull
it off, [https://duckduckgo.com/about](https://duckduckgo.com/about).

Even better if there were a law that would require internet service providers
to provide such a guarantee for people that want it. Make the tradeoff between
a few bits of privacy and the benefits realistic, not "either you surrender
your privacy, or live as an Amish".

~~~
vthallam
And in this case, what do you think would be the motivation of companies like
Google who uses data to monetize for any innovation and provide better
service? Companies have to sustain and the only way to be sustainable at that
scale as Google is to monetize using the data. You can always go incognito.

~~~
coldtea
> _And in this case, what do you think would be the motivation of companies
> like Google who uses data to monetize for any innovation and provide better
> service? Companies have to sustain and the only way to be sustainable at
> that scale as Google is to monetize using the data._

How about we don't allow companies to monetize any other way than directly?
E.g. by having paying customers for their services?

Killing all ad-supported BS will make the internet so much better.

~~~
yomism
For rich people at least...

~~~
coldtea
Poor people are the one's who suffer the most from advertising.

First, it's calculated that a hefty sum of most product purchases is there to
cover its advertising campaigns.

If you're rich of course those are peanuts -- what's 10% or 20% more on your
groceries and other such purchases? Instead of, say, $40,000 you'll spend
$45,000 but no big deal, since you make $1,000,000 per year anyway. But for a
poor person, $500 vs $600 is a much bigger deal.

Second, most people (even if they think otherwise) would buy less stuff, and
less pricey stuff, if it weren't for advertising. That's what sells a $2
dollar bottle of water that's basically glorified tap water over a 50 cents
one, or even regular tap water. Without ads, it's mostly buying what you need,
and based on utility, not rushed purchases because some ad hit some
subconscious emotional strings.

Let's put it this way: if you're worth $N dollars to Google, those are $N
dollars (and more) that Google ads will get you to spend. Advertisers (and
companies getting advertised) are not doing it to lose money.

------
oceanswave
I pay cash for all my transactions.

I don't own a car because I fear that the registration systems for licensing
and taxes will gather information about me and we know that those government
data systems are most vulnerable to attack.

When I travel, it's by bus only - requiring a form of identification at the
airport is a front to government spying. Unfortunately, the bus systems are
starting to require too much information as well and when this fully happens
I'll have to stop traveling by this means too.

Voter registration is unfortunately a front for other malicious activities -
such as jury duty, a state-mandated intrusion into my most private information
and thoughts - not even bringing up electronic voting - so I stay away from
those booths.

I find that just renting an apartment requires too much sharing of my personal
information, I try to provide the minimum, but I still find my address on the
web and you can see where I live on google street view which is very
frustrating.

I don't talk to others and when I do, I don't tell folks anything about me,
I'm concerned that they may tell others and pretty soon everyone is going to
start showing up at my home and my job and frankly I don't want to answer my
door buy their stuff - or worse - they could be hiding violent tendencies.

Today's society makes it extremely difficult to be a nobody. If I could
crinkle into a ball and fade away, I would, but, unfortunately, I'm still
breathing.

~~~
billiam
I'm sorry, but the obvious sarcasm expressed here is all too common among the
slightly younger engineers and related tech company people I work with. They
believe that trading traditional notions of privacy for the shiny, novel
conveniences of Uber and Google Now is totally worth it, and they see no
downside. There are a lot of reasons, I think. The biggest is that for most,
there really isn't a downside, yet. How many people are now identifiably being
turned down for jobs, apartments, dates, and airplane tickets based what the
four or five companies that define our identities online record, store,
calculate, and sell? But does anyone doubt that the private civic space in the
real world is being slowly paved over by digital identity robber barons? All
these friends of mine care about is getting into Google IO to help that
company build Larry's libertarian island (look it up), without wondering why
they might have been turned down for a ticket.

~~~
anexprogrammer
> How many people are now identifiably being turned down for ...

There's the rub. For the most part you'll never know, unless it reached
epidemic proportions.

"Sorry the apartment's gone" \- Google told me you had financial problems 15
years ago.

"" (silence) - We infer from the internet you're gay so won't be offering you
a job interview. It's illegal discrimination but can't be proven.

The effects of losing privacy in the scenarios you list are mostly invisible.
The chilling effect on having legal but fringe or unpopular views has already
been demonstrated.

So there is a downside for many. They just don't realise it.

~~~
1stop
... but there is no downside for the vast majority... so, winning?

~~~
anexprogrammer
You can't infer that, just as I can't infer there is for the majority. There's
not enough data.

I suspect there is downside for far more than is generally believed.

How many jobs carry some googling of candidate? Nearly all of them.

You can now discriminate against just about anything you can dscover in
search. Politics, religion, "too many" photos of parties, pro or anti any
topic. None of these things are the business of an employer or landlord and
would never come up pre-google unless you _chose_ to share them in your
application.

It's naive to assume none of these occur extensively. Gender discrimination
has been illegal for years yet is still widespread.

~~~
1stop
But you are conflating two things. The data companies collect on me without me
knowing is not related to the data that can be googled on me. Because I know
about the later and have a level of control over it.

... what does your point have to do with allo ?

------
nothrabannosir
_Google would be insane to not offer some version of end-to-end encryption in
a chat app in 2016, when all of its biggest competitors have it enabled by
default._

Who are all of its biggest competitors? Messenger sure doesn't do this (does
it even have E2E at all?), Skype doesn't, either. Telegram, even if you
considered it a big competitor, did they finally enable E2E by default? Or do
you still have to open a "secure chat" for e2e? Kakao, WeChat, ... who else?

Honestly, aside from WhatsApp, I can't even think of one which anybody would
consider "big".

That's indefensibly different from "All".

EDIT: Cool, I just learned iMessage is encrypted e2e! That's "Two" :)

~~~
ac29
I think this is the most important to me. On Android, this is only the second
app that is likely to have a large userbase and e2e encryption for chats. The
fact that its opt-in is a non issue to me.

Didn't know WhatsApp had default e2e encryption. Might install it and check it
out. I imagine it sends some sort of personal information back to the facebook
mothership, though.

~~~
nothrabannosir
WhatsApp doesn't just have e2e encryption by default; they actually hired (or
just contracted?) Moxie to implement the signal protocol:

 _Over the past year, we 've been progressively rolling out Signal Protocol
support for all WhatsApp communication across all WhatsApp clients. This
includes chats, group chats, attachments, voice notes, and voice calls across
Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10._

 _As of today [2016 /4/5], the integration is fully complete._

\- [https://whispersystems.org/blog/whatsapp-
complete/](https://whispersystems.org/blog/whatsapp-complete/)

~~~
nileshtrivedi
So did Google for Allo.

------
maxerickson
I very much agree with the principle of restricting and monitoring the access
law enforcement has to communications.

In practice, I weep for a third party that has to read the dumb shit I chat
about.

If we do succeed in building a hell where a preference for Metallica in 1997
is grounds for any sort of consequences at all, I'm not going to blame my past
self for foolishly broadcasting that preference, I'm going to blame my current
self for cowardly compliance with the hell machine.

~~~
umanwizard
The issue with surveillance isn't that boring stuff might be surveilled. It's
that the small fraction of people with interesting things to surveil will be
surveilled.

I don't care if the NSA sees my communications. There's no real chance of them
thinking I'm a terrorist. I emphatically __do __care if the NSA sees the
communications of the next Malcolm X or Mohandas Gandhi or Harriet Tubman. Or
worse, if that person is so afraid of surveillance a priori that they don 't
bother becoming an activist at all.

~~~
maxerickson
I literally said _I very much agree with the principle of restricting and
monitoring the access law enforcement has to communications._ in my comment.

People that are worried about the NSA (hopefully!) aren't making their choices
based on this dude's article, which _is_ actually premised on it being
important to protect your boring stuff from teh Google.

~~~
umanwizard
Yeah, I didn't say you were wrong, just expanding on the point.

------
pookeh
Turning on E2E encryption by default and using your chat data for commercial
purposes doesn't have to be a zero sum game...

You can always extract important words from a "block" of chat messages, and
feed that into your advertising engine, while keeping the exact sequence of
your words and messages encrypted.

Now if the AI bots require the exact sequence of your words to do NLP
processing, then yea, you're SOL until the mobile devices become powerful
enough to do that processing locally on the device.

~~~
verytrivial
Well, it isn't truly end-to-end if Mallory is at both ends with you.

------
kpcyrd
I can't come up with a sane reason why opt-in privacy is acceptable. Signal is
handling the issues that may arise without any issues and whatsapp is just
hiding complicated errors from it's users per default so they aren't confused,
but they still get encryption by default in both cases.

Opt-in end-to-end encryption is an anti-feature.

~~~
fixermark
Anti-feature for your use case. Plenty of people prefer to trade convenience
for anonymity.

~~~
kpcyrd
How is whatsapp not convenient?

~~~
fixermark
In the future, "because it doesn't integrate with my email and search tools to
make it easy to get metadata on what I was just talking about with my
friends." Maybe. Seems to be what Google is betting on.

------
vicbrooker
I find it super interesting that this is on the front page at the same time as
a ex-Google design ethicist is talking about respecting the user ahead of
commercial interests.

~~~
deprave
It's always good PR to talk about doing things for the users. Then there's
business.

------
PaulHoule
I am not so worried about it. I think Google Allo will get about as many users
as Google Plus.

~~~
nacs
I think you're underestimating the amount of "integration" Google will do with
this product to make it the default everywhere.

Google Plus started being integrated into the search results, Picasa, Youtube
comments, Android app reviews, and every other place they could think of,
basically making it the default Google authentication.

They eventually de-integrated Plus after tons of user complaints (and possibly
seeing how horrible the product itself was).

~~~
Jordrok
You're right, but I would argue that the insane amount of over-integration was
one of the main reasons that Plus failed. For once, here's to hoping that
history will repeat itself.

------
nxzero
Most people don't care, which means that if you want to chat with most people,
you'll need to use mainstream tools.

If you don't want the features, then don't use them, but saying not to use the
tool because you'll want the features that will take away privacy makes no
sense.

------
darkerside
What bothers me more than the lack of privacy or encryption is the idea that
we are giving our voice to machines. We are moving to a society where we let
technology speak to our friends and loved ones as if they were us. Something
essentially human is being lost in that process.

~~~
freshhawk
On the bright side maybe we'll get to the point where the bullshit social
media conversations are all done by bots. Then we can devalue and ignore them
and only have to actually participate in actual conversations.

My bot can just continuously post variations on "Here is a belief, validate
it!", "Accept this high status social posturing as true!", "My worldview has
been questioned. Outrage! Let us form a mob and bully the outsider into
silence!", "I have performed a meaningless I-am-a-good-person ritual, please
reassure me that although my employment is based on doing harm to people I am
still a good person". And other bots can respond with messages of vague
support/retweets/likes/whatever.

Since we seem determined to allow others to control and influence our private
conversations let's at least get something out of it.

~~~
vthallam
Exactly! This is how we should we look at it. You don't have to type the
obligatory "How Cute" kinda messages and rather spend time on other important
things:)

------
mead5432
After the Snowden stuff, I still find it hard to entrust Google and Facebook
with the data necessary to provide the super-personalized experience despite
the things they have done to try and win back confidence.

Since I still use Google and, to a lesser extent, Facebook products, they have
lots of data on me already but these kind of products still give me pause as I
think about what could happen. If my experience is like many others, that
could make it harder for these types of new products to find the adoption had
all the NSA stuff not been revealed.

From a marketing perspective, it could be a really interesting study into the
impact of a brand violating the customer's trust and the government's role in
forcing the behavior.

------
netinstructions
I find the outrage about 'yet another chat app / why did you start over from
scratch / why not replace Hangouts' interesting relative to this statement
from the article:

> Allo is fundamentally different in this way than Hangouts or Gchat.

So either Google can merge Hangouts/Gchat into Allo, and this Vice author gets
upset, or Google debuts 'yet another chat app' but then everyone's
confused/annoyed there's so many chat apps from Google.

------
amaks
Bad article. There is technological constraint that leads to inability to use
_end-to-end_ encryption when using bots (note that they are not only Google's
but also 3rt party's). Same is true for other messaging platforms that use
bots including Facebook Messenger. Individual messages are encrypted inflight.
If you need end-to-end encryption then use incognito mode. IMO this looks like
a perfect balance of privacy and functionality.

------
mtgx
Make end-to-end encryption the default, with an obvious opt-out for those that
want to take advantage of the AI assistance.

Alternatively make opting into incognito mode super obvious and easy as well
(but in a way that preserves security) and allow an easy option to always keep
it the default, too.

And if Allo is going to be the AI-enhanced messenger from Google, then why not
make Hangouts fully e2e encrypted like Facebook made Whatsapp?! Unless they
plan to kill Hangouts soon? But I doubt that's even a medium-term plan.

I think Hangouts is here to stay for at least another 5 years, unless they
intentionally deprecate it in favor of Allo like they did with Gtalk. However
going by the current reception of Allo, that also seems unlikely at the
moment.

I plan on moving to Allo myself from Hangouts and the _only_ reason for doing
that is the end-to-end encryption of Allo, considering Hangouts has none. So
if they want more people like me to switch from Hangouts to Allo, then they'd
better strengthen not weaken the Incognito mode (not just security wise, but
usability wise as well).

Hopefully in the next 5 years we'll see AI-accelerators embedded into
smartphone SoCs, so that most of the AI assistance that Allo can do now can be
done locally, but I don't expect Google to push too hard in that direction, so
someone else would have to take the lead (probably Apple, and I think they've
already started doing stuff like that).

Also, this is somewhat wrong:

> _However, turning off location history means you have to type in your full
> home address every time you want directions home._

You can set your home location in Google Maps, so then you won't have to use
it as a "remembered location" through the location history system. I also
think the starred locations will be saved similarly, and not through location
history. So go ahead and turn off your location history.

------
okket
Opt-in encryption is no encryption.

~~~
maxerickson
It's the end-to-end part that is opt in. Normal messages are encrypted in
transit and while stored and only the machine learning system has access to
them otherwise.

[https://vnhacker.blogspot.com/2016/05/security-and-
privacy-i...](https://vnhacker.blogspot.com/2016/05/security-and-privacy-in-
google-allo.html)

Of course that means it is just Google policy protecting the messages
internally and it probably isn't resistant to a warrant, but the messages are
protected from other access.

~~~
e12e
> Normal messages are encrypted in transit and while stored and only the
> machine learning system has access to them otherwise.

This is what stood out for me when watching the Google IO talk. It's about as
encrypted as sending a plaintext email from one GMail user to another. Which
is to say it's not "encrypted" in any meaningful interpretation of the term:
Google has the plaintext, Google can change what systems access the plaintext
and how; which includes complying with warrants - but also "becoming evil", if
they find they have a business need to do so in the future.

It is nice that they at least provide some e2e encryption, but it's hardly
much of a selling point of the service.

------
Zigurd
You can't have Allo's friendly and useful features AND have end to end
encryption. Allo has struck a good compromise. Allo's secure mode is enabled
by OWS, which has a very solid reputation for privacy. This along with new
security features in Android N make Allo likely to be impervious to threats
short of an NSA TAO full-on attack and/or a black bag job. It would be dumb to
discourage use of such a tool.

~~~
pmontra
You could have your server doing the search and aggregation job Google has
centralized. Google could have sold those servers as home appliances, each of
them spidering only those parts of the world our phones know we care about or
we will. Travel next week to Berlin? Start downloading maps and transit
schedules for there. I'm sure that it could be engineered to be as effective
as what we have now. A centralized search engine would be ok. IMHO it would be
a much better world but it's not how it turned out to be. Probably Google
won't be as powerful as it is and they rationally made the choice, or they
never considered the option. I bet on the latter.

~~~
fixermark
Why would you bet on the latter?

[https://www.google.com/work/search/products/gsa.html](https://www.google.com/work/search/products/gsa.html)

~~~
pmontra
I was thinking not about search but about a Google Now appliance running at
home. My bet is that the general mindset at Google is about centralization. I
can be wrong. But knowing everything everybody does is easy to convert into
money.

------
JustSomeNobody
"Don't Use Allo"

Wasn't planning on it. The people I communicate with use either Hangouts or
iMessage. I don't have room for YAMS (Yet Another Messaging Service).

Google now has what? half doesn't ways to send messages? This time next year,
how many will they have shutdown? I'm not moving until Hangouts is one of the
victims.

~~~
corndoge
*half dozen

------
bsimpson
Gboard only receives search data, and they make a really big effort to tell
you that.

------
cwyers
This kind of thing doesn't work. "Don't use X" is not advice most people are
equipped to follow, and most of us who aren't trying to avoid prosecution from
a state actor mostly end up wanting to talk to other people and so follow the
herd no matter what our own preferences may be.

What's the solution? Instead of writing "Don't use X," write "Use Y." Don't
use X, on its own, isn't actionable advice. Use Y can be.

------
throw7
Well, hopefully google will have an option to turn off this predictive
response stuff. I know I don't want it.

Frankly, about duo (the video chat app), I don't want the other side to see me
without picking up... seriously what? I'm probably not their target
demographic though with these apps.

------
tiatia
You can use google more or less via startpage.com

Supposedly this should provide more privacy. Email is a different story. Even
hosting your own does not solve much. You could host yourself and use GPG but
even this does not solve the problem with the metadata.

------
_pmf_
Relax; it's a Google side product. With 95% certainty, it'll be dead within
one year.

~~~
RankingMember
I consider myself an optimist, but it's hard to look at Google's history and
not agree with you.

[http://www.wordstream.com/articles/retired-google-
projects](http://www.wordstream.com/articles/retired-google-projects)

------
INTPenis
With that logic - that the intent is only to gather data about you and the
assumption that few will bother with privacy features - then nothing is
stopping google from using an open protocol and client to promote
transparency.

------
foxylad
"If you care about privacy, you shouldn't use your voice. Because the default
is talking instead of whispering, if you aren't careful when discussing
sensitive things, you might be overheard."

OK, reach and permanence are far greater with internet chat than with voice.
But what we really need to teach our children is to be careful... full stop.

I like Google's suggested short reply options in Inbox, and look forward to
the convenience of Allo's bot tech. I also applaud Google for providing a
simple and easy way to switch to a private channel if it is needed - surely
that is something to celebrate instead of denigrate?

Edit: Small grammar fixes.

------
jerluc
Not knowing anything about the author's background, I can only assume he is
not very technically knowledgeable, especially when I read:

> but how many people use Incognito for every search?

and then later:

> Likewise, it’s smart to turn off location history in Google Maps because
> once Google has that data, it's out of your control.

By providing inputs to either service mentioned (Google Search or Google
Maps), you are already providing them with your "private data". That's the
entire point: you give Google a set of keywords, and it gives you answers. If
you didn't want Google to know what you're looking for, why would you tell
them?

------
kinkdr
> If you care about privacy, you should not use Google Allo

"set the fox to guard the henhouse"

It is not that Google is evil, or anything. Quite the opposite, it is probably
as good as a corporation can get in that respect.

But they do have a vested interested to learn as much as possible about the
users, so they can sell ads, so they can still continue offer amazing products
and drive innovation.

Having said that, I would, and do, trust them with all my private data. Things
that I would trust only to good friends.

However, if I really wanted something to be absolutely private, Google would
not be my first stop. A combination for GnuPG and TOR, maybe, but not Google
for sure.

------
jasonlotito
This, from a site with Facebook and Twitter buttons?

If you care about privacy, you should not visit Vice.com.

------
sandworm101
One too many words. Should be...

"If you care about privacy, you should not use Google."

lol, it had to be said.

------
codeisawesome
Thank goodness some people are seeing this.

------
josep2
Why are we worried about a chat app that hasn't been released yet?

------
aplkorex
Gryzzl is real

