
Google backtracks on privacy promise with messaging service Allo - Lordarminius
https://techcrunch.com/2016/09/21/google-lands-in-hot-water-after-backtracking-on-earlier-allo-privacy-promise/
======
sctb
Previously:
[https://news.ycombinator.com/item?id=12547130](https://news.ycombinator.com/item?id=12547130)

------
jjcm
Maybe I'm biased because I've done some intelligent agent work when I was back
at Microsoft, but I really like how Allo handled this. They let the user
decide whether or not they want convenience, or strict privacy. This is how it
should be - up to the user.

Some people want the convenience of having their messages be stored in the
cloud and helper bots to add relevant content to the mix, some people want a
reduced experience but with the reward of privacy.

~~~
heheocoenev
Disagree. The average user is not savvy enough to make this call. Secure end-
to-end so I can have secure conversations with less technical people, and know
we are both safe. It only take one party to escrow the logs to the server and
all those conversations are no longer private. E2E||GTFO

~~~
ak4g
Uh, no. Data loss for your end-users as a default behavior is unforgivable.
The impetus is on people who think it's OK to irretrievably lose access to
_their freaking data_ when their phone battery explodes to set that up. For
myself, and for Joe P. Random, losing my data without my having explicitly
(and again) decided to take that risk is what directly precedes a decision to
no longer use any Google products, full stop.

~~~
pdkl95
People already assume their _voice_ conversations are (usually) ephemeral. As
long as it is explained properly, an ephemeral text chat can not only be
acceptable, it may also be a feature.

More importantly, why are you pretending that end-to-end encryption implies an
irretrievable loss of data? If desired, backups can be made locally or to
another local device such some type of LAN-only network storage or a USB
storage device.

~~~
r00fus
Exactly. Snapchat = ephemeral video sharing/chat. Why is it so big?

------
rglullis
I sort of have this feeling that, if end-to-end encryption is going to be a
standard requirement of the users in the near future, the big software
companies won't know how to resolve this conflict of interest. They can't
offer e2e at the same time that they try to extract value from the
conversation channel. It's the same reason that Google is not really
interested in promoting PGP on Gmail.

Which means that it won't matter which channel people are using to talk to
each other, they will have to find a way to be a conversation point on each
other's channels - e.g, Have a Google Bot on Facebook Messenger and Whatsapp
and Skype and Telegram, and the others doing the same. By that point, the
whole thing gets unbelievably stupid, and it will be better for everyone to
just give up on building the walled gardens and go back to networks based on
interoperable, federated open standards.

I made a "ask HN" [1] post because I am involved in this space, and I wonder
if people here would be willing to put up with the loss of privacy or if they
would be willing to pay for a chat service. I would appreciate if people could
share some thoughts.

[1]:
[https://news.ycombinator.com/item?id=12553221](https://news.ycombinator.com/item?id=12553221)

~~~
LeoPanthera
The big software companies may not be able to figure it out, but the big
hardware companies don't care. This is where the salvation of e2e must come
from, and we're already seeing it with Apple, where iMessage has been e2e for
a long time.

It's not perfect, Apple can still tweak the system to control the keys if they
wanted to (not that I believe they would) but it's a really good start.

~~~
rglullis
Can I use iMessage from my non-Apple computer? Would Apple be willing to open
up its protocol or to implement in other platforms so that it could be
universally adopted?

~~~
karmelapple
Not officially. That still doesn't negate the point that hardware companies
like Apple have already started e2e encryption. The poster also mentioned it's
not perfect; full cross-platform support would presumably be one of those
areas that could get it more perfect.

~~~
dingo_bat
Whatsapp is also e2e encrypted. And they aren't hardware at all.

------
the_common_man
Facetime was also meant to be an open protocol. I think we just have to accept
that big corporations can say whatever and do whatever and get away with it.
Because we let them get away with it. Convenience trumps everything.

~~~
threeseed
Facetime was due to a patent dispute: [http://arstechnica.com/tech-
policy/2016/05/patent-troll-that...](http://arstechnica.com/tech-
policy/2016/05/patent-troll-that-beat-apple-now-wants-judge-to-block-facetime-
imessages/)

Pretty sure Apple would've liked to open it up if they could.

~~~
MBCook
Bonus fun: Steve Jobs announced that without telling anyone before hand, and
haven't talked it over with the lawyers. Even if it wasn't for the patent suit
I'm not 100% sure what would've happened.

------
M_Grey
No one should be surprised by this, they should just make intelligent choices
about how they protect their personal information. If you're in a position
where you have to trust Google or Facebook or any other large company that
lives by selling your data, you have to question how and why you got there.

~~~
thingexplainer
The rest of the world brought me here, and I was unwilling to let them pass me
by and leave me alone but with perfect control of my data.

The world is rich in complexity and devoid of absolutes. I've yet to see
someone build an ivory tower with the foundations to stand more than a small
shove.

~~~
M_Grey
Maybe there's something to be found between dreams of an ivory tower, and just
laying there and taking it with a smile?

~~~
thingexplainer
There surely is, but the first step is to acknowledge that the world has come
to a certain point where we've lost control of our data and intelligence
agencies, and not to write off people who's privacy has been compromised as
fools who should have known better.

Because we are all those fools. Do you use gmail? If you don't, do you email
people who do? Do you use Facebook? Do people talk about you on Facebook, even
if you don't have an account? Do you email people who give Facebook their
contacts? Is that even something you can find out?

Trust is transitive. If someone close to you along your social graph is being
observed, you are being observed indirectly. If many people around you are
being observed, you are being observed rather closely.

~~~
M_Grey
There's a difference between protecting your data from a company that collects
it when you use their service, and hiding from a state-level actor like the
NSA.

I don't use Gmail. I don't use Facebook. For just those reasons. I do use
uBlock Origin, NoScript, uMatrix, and Random Agent Spoofer, and depending on
the site a VPN. I don't throw up my hands and pretend that a platform like
Facebook is somehow fundamental to life.

~~~
thingexplainer
Collection by intelligence/LE agencies and by private companies are
increasingly interrelated. These are not separate problems, but two sides of
the same coin.

I'm afraid you've missed my point, because I don't use those services either.
No man is an island. And very few of them are OpSec masters, either. For
instance, consider how unique that precise set of tools is, how easy it is to
fingerprint browser extensions, and how you've effectively announced your
identity in a public forum.

(Edit: Though doing that without JavaScript would be a pretty neat trick. I'm
pretty sure it'd be possible to do if you can convince tags to load
sequentially, so you can send requests to your server interleaved with
requests for add-on resources, and observe timing. I'm thinking many levels of
nested iframes ought to do the trick. But I don't know that for a fact.)

What I am trying to say is that this is hard, and we cannot solve anything by
oversimplifying or victim blaming.

~~~
M_Grey
It's not a population of victims, by and large it's a population of people who
don't see the point, and can't be bothered. The population of people whom the
NSA keeps tabs on might be victims, the people who use Facebook are definitely
not.

Besides, victim facilitation and precipitation is an ugly, and sad reality of
life. You can be aware of your role in becoming a victim, without blaming
yourself for the actions of other people who took advantage of your situation.

As to the rest, again, we're not talking about dropping off the grid or
avoiding a government, just about not broadcasting everything all of the time
for some paltry "free" service.

~~~
thingexplainer
I feel like you're talking over me rather than trying to understand what I
say.

But stay safe and have a good life anyway, traveler.

~~~
M_Grey
Disagreement can feel like that. Take care.

