Hacker News new | comments | ask | show | jobs | submit login
If you care about privacy, you should not use Google Allo (vice.com)
248 points by walterbell on May 20, 2016 | hide | past | web | favorite | 150 comments

"Let that sink in for a moment: The selling point of this app is that Google will read your messages, for your convenience."

If that's the author's objection, it's like the author never heard of Gmail.


Gmail? What about Google Search? It knows more about a man than his wife, doctor and lawyer combined. But Google convinced us to happily give up our privacy, for the amazing advantage (no sarcasm) of searching the internet. Maybe it was worth it, but Alo doesn't offer any ground breaking service.

The demo showed only some use cases which mostly look like first world problems, but i personally see a huge need for this. I mean there are millions of people who plan things over chat and Google showing search results for movies, restaurants, flight ticket prices etc in the chat which can be viewed by all the users is very huge IMO. Also, if they open up the platform for other bots like Google, basically we are seeing a FB messenger bot like platform. I will just open the incognito mode they are offering if and when needed.

Why not just install a keylogger on all google devices?

Lack of useful semantic context to guess at the meaning of the keylogged strings making it more difficult for the data to be combined with the user's existing data to help them solve problems.

... but I know you were just being facetious. ;)

Google voice? How do you think they tuned their voice recognition and their translations? Listening to all those free phone calls.

In my experience they still have a crazy amount of tuning to do. The translation is useful maybe 1/4 of the time. It's is what I would call accurate maybe 1/20.

But like Allo, they were never hesitant to say that was the reason for having Google voice and making it free. They needed those millions of hours of voice so that they had the broad diverse base of voices and accents to work with. This is just Google's way of doing things and always have been. Always a little uproar and a week later everyone has forgotten. And two years from now Google can say "but we TOLD you so!"

Honestly, as a developer I don't know if I agree with it or not. If I was in their shoes, it seems like the way to do it. They are honest in what they are doing, but I think its because they know people will forget sooner rather than later.

It's a little different as gmail is useless without search. This is an extension to messaging that nobody was asking for.

Furthermore, email was never secure to begin with. E2E encryption has finally been making its way to devices; this is a major setback for the effort.

"It's a little different as gmail is useless without search."

Are you suggesting the reason they read your email is for search? What about the ads they serve on the promotions tab? What about the fact that it can parse my travel plans and add it to my google calendar? There's a lot more than just search going on.

Why is it a major setback of the effort?

If you're giving every text message to a third party, it's not e2e encrypted anymore....

Nobody's giving every message to a third party. Just every non-Incognito Allo message.

... unless you're assuming "It's from Google, therefore everybody will be using it next week" or something. And if that happens, maybe people find the ability to have a third party sift their conversation data and integrate it against their other data to solve problems they have to be more useful than anonymity?

My greatest concern with Allo was it is bound to build bad habits in the newer generation who do not take a deeper thought about privacy. And it's spoiling them into doing all things the easy way. For e.g. one would wonder if a new message is even typed by the person sending it or its the "suggested" feelings of an AI.

I also understand that even by using only Gmail, we too have allowed corporations into our lives but atleast it has not build habits in me of using technology for every single thing.

This is the usual privacy hysteria knee-jerk reaction: "Watch out, the big companies are going to get data on you!".

And people are going to react exactly like they've done before: if the service is worth it, they'll be happy to trade a few bits of privacy about themselves in exchange for the benefits.

Also, I'm not sure the author of this piece understands what encryption is about since he laments that most people don't search with https on. Er... what? If you want Google to search something on your behalf, they have to be able to read the words you type. Encrypting these words so Google can't read them would be comically useless.

>This is the usual privacy hysteria knee-jerk reaction: "Watch out, the big companies are going to get data on you!".

Whether you care about privacy or not, I don't see anything "hysteric" about it. Indeed, big companies ARE going to get data on you (and they already have too many).

That said, not caring about privacy seems to me a first world privilege. And only because most people are so boring. Sure, if all you do is work, sleep, buy stuff from Amazon, Whole foods and Costco, go for the occasional holiday, watch some Netflix, rinse and repeat, who even cares if the government has data on you?

Try being an activist of any kind however (even someone like MLK who had tons of enemies at the local and big government level, and volumes of FBI files), rubbing the police the wrong way (e.g. being in some group against police violence etc), or even a regular citizen with some democratic views in any place from Egypt to several shady Latin American "democracies", and see what happens...

>Also, I'm not sure the author of this piece understands what encryption is about since he laments that most people don't search with https on. Er... what? If you want Google to search something on your behalf, they have to be able to read the words you type. Encrypting these words so Google can't read them would be comically useless.

No, but encrypting these words so third parties can't read them would be extremely important (that said, Google has https on by default IIRC).

That's a strange arguement.

That's like saying it's not hysterical to say everyone needs Kevlar, because try being a soldier without Kevlar!?

It makes no sense.

People who need to hide things have encrypted options. People who don't, also have options. I don't see the problem.

> People who need to hide things have encrypted options. People who don't, also have options. I don't see the problem.

This viewpoint is tricky. This basically turns encryption use into a big target on a user. If only people who have something to hide use encryption, then everyone using encryption must have something to hide.

Also, your argument makes the assumption that everyone grasps the value of all of their information. Not everyone understands how much of their life can be found out through their Google Maps history.

I prefer to look at it from the perspective of my life not being anyone else's business. If my local MP came up to me and asked me who I'd talked to and where I'd been for the last week, I'd tell them to sit and spin. Why should passive surveillance be any different?

the author doesn't seem to know much about how the internet works, quite frankly. they assume that there's some inherent level of privacy in any chat that isn't e-to-e encrypted. for instance, with FB:

"With M, you are speaking one-on-one with a bot, the bot isn’t monitoring every single thing you say to your friends."

how is that even relevant in this context? you're not comparing Allo to M in isolation, you have to compare it to both M and the Messenger product. in that case, FB is obviously harvesting data from your conversations. even if it is just to train M on how to communicate (a very big if) they would be insane not to.

the author doesn't understand much about the ecosystem as a whole (and considers Allo to be a market leader before launch). lazy reporting, and quite disappointing.

"the author doesn't understand much about the ecosystem as a whole (and considers Allo to be a market leader before launch). lazy reporting, and quite disappointing."

I've noticed over past year that internet security / privacy has become something of a clickbait topic for media outlets with no reputation for writing about it. Usually after reading one paragraph that becomes all too apparent. Sadly that doesn't prevent the headline from becoming mythological truth in internet time.

Of course you have to send Google search queries. Of course it would be a whole lot more elegant on their part to have a simple SLA: "We use the search queries for the express purpose of answering your queries. We do not hold on your personal information for more than XX minutes, neither in personalized nor in aggregated form." It's not that hard, a 30 people organization can pull it off, https://duckduckgo.com/about.

Even better if there were a law that would require internet service providers to provide such a guarantee for people that want it. Make the tradeoff between a few bits of privacy and the benefits realistic, not "either you surrender your privacy, or live as an Amish".

But most people don't want such a feature, and prefer that Google store the history. And there is already a great mechanism for providing different options, as you yourself use: the market. There are different products, one of which people who want this feature can use instead of Google. Why would we need to bring the government into this?

And in this case, what do you think would be the motivation of companies like Google who uses data to monetize for any innovation and provide better service? Companies have to sustain and the only way to be sustainable at that scale as Google is to monetize using the data. You can always go incognito.

>And in this case, what do you think would be the motivation of companies like Google who uses data to monetize for any innovation and provide better service? Companies have to sustain and the only way to be sustainable at that scale as Google is to monetize using the data.

How about we don't allow companies to monetize any other way than directly? E.g. by having paying customers for their services?

Killing all ad-supported BS will make the internet so much better.

For rich people at least...

Poor people are the one's who suffer the most from advertising.

First, it's calculated that a hefty sum of most product purchases is there to cover its advertising campaigns.

If you're rich of course those are peanuts -- what's 10% or 20% more on your groceries and other such purchases? Instead of, say, $40,000 you'll spend $45,000 but no big deal, since you make $1,000,000 per year anyway. But for a poor person, $500 vs $600 is a much bigger deal.

Second, most people (even if they think otherwise) would buy less stuff, and less pricey stuff, if it weren't for advertising. That's what sells a $2 dollar bottle of water that's basically glorified tap water over a 50 cents one, or even regular tap water. Without ads, it's mostly buying what you need, and based on utility, not rushed purchases because some ad hit some subconscious emotional strings.

Let's put it this way: if you're worth $N dollars to Google, those are $N dollars (and more) that Google ads will get you to spend. Advertisers (and companies getting advertised) are not doing it to lose money.

> if the service is worth it

It will only become worth it once the size of the network reaches a critical mass. It could have all the cool features in the world but still be completely useless if you can't use it to reach your friends.

And the article is not talking about using HTTPS when searching, but rather "Incognito Mode", which dissociates some of your personal data (e.g., Google account) from your searches.

I pay cash for all my transactions.

I don't own a car because I fear that the registration systems for licensing and taxes will gather information about me and we know that those government data systems are most vulnerable to attack.

When I travel, it's by bus only - requiring a form of identification at the airport is a front to government spying. Unfortunately, the bus systems are starting to require too much information as well and when this fully happens I'll have to stop traveling by this means too.

Voter registration is unfortunately a front for other malicious activities - such as jury duty, a state-mandated intrusion into my most private information and thoughts - not even bringing up electronic voting - so I stay away from those booths.

I find that just renting an apartment requires too much sharing of my personal information, I try to provide the minimum, but I still find my address on the web and you can see where I live on google street view which is very frustrating.

I don't talk to others and when I do, I don't tell folks anything about me, I'm concerned that they may tell others and pretty soon everyone is going to start showing up at my home and my job and frankly I don't want to answer my door buy their stuff - or worse - they could be hiding violent tendencies.

Today's society makes it extremely difficult to be a nobody. If I could crinkle into a ball and fade away, I would, but, unfortunately, I'm still breathing.

I honestly can't tell if you're being sincere or exaggerating to make a point about how little privacy modern society allows.

But, this is somewhat worrying: "If I could crinkle into a ball and fade away, I would, but, unfortunately, I'm still breathing."

If that's not a joke, you should probably see somebody about your depression.

Or, he might be being sarcastic about how paranoid today's generation is, we'd never know without an explanation.

Is society today really paranoid? Outside of a few loud voices, I think you'll find that is not true. Most people don't even know what data is being collected about them, and seemingly don't care.

Maybe he did something really bad.

I'm sorry, but the obvious sarcasm expressed here is all too common among the slightly younger engineers and related tech company people I work with. They believe that trading traditional notions of privacy for the shiny, novel conveniences of Uber and Google Now is totally worth it, and they see no downside. There are a lot of reasons, I think. The biggest is that for most, there really isn't a downside, yet. How many people are now identifiably being turned down for jobs, apartments, dates, and airplane tickets based what the four or five companies that define our identities online record, store, calculate, and sell? But does anyone doubt that the private civic space in the real world is being slowly paved over by digital identity robber barons? All these friends of mine care about is getting into Google IO to help that company build Larry's libertarian island (look it up), without wondering why they might have been turned down for a ticket.

> How many people are now identifiably being turned down for ...

There's the rub. For the most part you'll never know, unless it reached epidemic proportions.

"Sorry the apartment's gone" - Google told me you had financial problems 15 years ago.

"" (silence) - We infer from the internet you're gay so won't be offering you a job interview. It's illegal discrimination but can't be proven.

The effects of losing privacy in the scenarios you list are mostly invisible. The chilling effect on having legal but fringe or unpopular views has already been demonstrated.

So there is a downside for many. They just don't realise it.

... but there is no downside for the vast majority... so, winning?

You can't infer that, just as I can't infer there is for the majority. There's not enough data.

I suspect there is downside for far more than is generally believed.

How many jobs carry some googling of candidate? Nearly all of them.

You can now discriminate against just about anything you can dscover in search. Politics, religion, "too many" photos of parties, pro or anti any topic. None of these things are the business of an employer or landlord and would never come up pre-google unless you chose to share them in your application.

It's naive to assume none of these occur extensively. Gender discrimination has been illegal for years yet is still widespread.

But you are conflating two things. The data companies collect on me without me knowing is not related to the data that can be googled on me. Because I know about the later and have a level of control over it.

... what does your point have to do with allo ?

> How many people are now identifiably being turned down for jobs, apartments, dates, and airplane tickets based what the four or five companies that define our identities online record, store, calculate, and sell?

Brendan Eich lost his job due to information stored in a database.

HNers, take notice. This was brilliant and funny.

(Oh, and yes one giveaway is "I'm concerned that they may tell others and pretty soon everyone is going to start showing up at my home and my job and frankly I don't...". This coupled with a history of using irony and/or sarcasm and I am sure this is as well.)

> I don't talk to others and when I do, I don't tell folks anything about me, I'm concerned that they may tell others and pretty soon everyone is going to start showing up at my home and my job and frankly I don't want to answer my door buy their stuff - or worse - they could be hiding violent tendencies.

This is clearly paranoia. I'm not sure I can take anything from your comment other than you are very paranoid.

Or sarcasm. One or the other...

I hope you don't leave the house without your dazzle makeup [1] to defeat the facial recognition cameras.

[1] https://cvdazzle.com/

"What is a girl's name?"

"A girl has no name."

I just don't use Google products.

From what I hear, that's akin to wearing a tinfoil hat, living in a hole in the woods, or imagining that there's a secret room somewhere that all internet traffic is being routed through that's operated by an American intelligence agency.

It's rather ignorant to suggest that the U.S. does not actually conduct pervasive Internet surveillance.

Well, I'm not a Google fan boy.


Privacy is one thing, this is another.

If you avoid all that stuff (social interaction, talking to others, owning a car, renting an apartment, traveling by plane, etc) there must be a justification so that what you get out of avoiding it is more important than what you miss not doing them.

What that would that be in this case?

It doesn't sound like it's freedom.

Plus, if your attitude is "unfortunately, I'm still breathing", then how is owing a car or flying by plane or talking to another any worse than that?

Except if this all is Poe's law. In which case, this is a "slippery slope" fallacy which misses the whole point. In which case, if one doesn't have experience with something like a dictatorship, like my country and many others had, it's easy to snark such BS about privacy.

Few questions,

1>how do you handle cellphones?

I found there is few option that you can have LTE network without giving up your identity.

2>how do you handle online payment/shopping such as Amazon?

... and of course you are not using a cellphone... otherwise most of your other efforts would be pointless...

I think your post is sarcasm, but there's some lemonade to make from your lemons.

In 2007, I removed all traces of myself from the internet. Now, if you search me, I don't come up (try it). I likely have google profiles, but I can be sure that none are tied to my real name.

I've been arrested three times, but good luck finding my information in the system, after filing a DMCA takedown notice for violation of my intellectual property rights.

if you're trying to engage in commerce in the modern world, you need to learn trust law. put your assets in trust(s), and retain no personal liability for anything. If your house is owned by another entity that isn't you, and you don't even have a rental contract with that entity, that means you're legally homeless, even though you have both a home and a claim to the property. it's much harder to find you when a Bermuda Trust Corporation owns your home.

I travel by bus and car, though I have an enforced and recognized adverse claim under UNDHR guaranteeing my right to travel unencumbered, which took a bit of a rodeo, but was definitely worth it. "I" am the holder in due course of the New Vehicle Identification Statement (NeVIS) for my car, which means I retain full lawful and equitable title for my property, and do not require a license plate (Steve Jobs did something similar).

With the recent adoption of the UN Declaration on the Rights of Indigenous Persons, second-generation-born-on-American-Soil persons can claim indigenous rights. When it comes to travel, Jay's Treaty[0] makes travel for indigenous people simple; mention it at the border, watch their face light up, and play the Legend of Zelda "secret room" music in your head as you're waved through without more questions.

Citizens have three jobs: Answer your mail, pay the taxes you owe, and Vote. Make sure you reply to all contract offers (those you are obligated to respond to, that is) within 72 hours of receipt. If you get jury duty, inform them that your attendance that day is without prejudice (but attend).

Unfortunately, when it comes to other people, we are definitely in a world of surveillance, which has a chilling effect on other people's ability to stand out from a crowd. The public will punish square pegs that do not fit in round holes, even if they aren't in any way harmful to themselves or others. The best advice I can give is to take a cue from the CIA - Trust, but verify. If someone starts showing signs that they disagree with your lifestyle or political stance, withdraw from having that conversation with them in the future.

Don't crinkle in a ball. Just learn how to survive in a world designed for slavery.

0. https://en.wikipedia.org/wiki/Jay_Treaty#American_Indian_rig...

Is this sovereign citizen crap?


Mr. Poe? Is that you?

People, he's being facetious. But also specious.

There's nothing here to indicate that; not retroactive commentary at the end, nothing. If (s)he's trying to make a joke to make a point, (s)he's doing neither.

All kinds of clever and subtle things become possible in human communication when you stop insisting on overt signposts to interpretation and instead rely on your wit, experience, and judgment to resolve (or accept) possible ambiguities.

The chatbots on HN and Reddit are pretty smart, but yeah, you can find them when they complain about having to have human emotion and intuition to interpret a comment.

There is nothing in his post to assume humor either way, "overt signpost" or not. This is written text, where you don't have the signposts that vocal communication allows, such as sarcasm. I don't insist on "overt signposts" but I'm not going to pretend that there was anything in the post to make the author's point clear. So here I am relying on my wit, experience, and judgement and I have no way to resolve either way. So I'm going to assume the author is trying to make a serious comment.

This is interesting because I would never consider this comment serious whatsoever until I looked at the comments. I agree with cobralibre that you need to rely on your wit, experience, and judgement. Language is very nuanced and can't be taken literal.

This is also under the assumption that the person in question isn't a sociopath.

Oh, come on.

> Voter registration is unfortunately a front for other malicious activities - such as jury duty, a state-mandated intrusion into my most private information and thoughts

How can you get to that point and not immediately understand that it's obviously satire?

> How can you get to that point and not immediately understand that it's obviously satire?

By having encountered people who express exactly that sentiment and are deadly serious about it.

And you should treat those people as satire, too. The insistence on taking everyone seriously all the time only creates friction. It is not your job to take someone seriously, it is their job to make you take them seriously.

> jury duty, a state-mandated intrusion into my most private information and thoughts

Which aspect of that statement do you find satirical?

Jury-duty forces someone to have an opinion on record about some contentious topic. By most accounts that is an intrusion into one's private information and thoughts.

You won't and can't be forced. You can state your objections, and your refusal to make a public judgement, in which case you will not be selected to be on the jury. Even if some unreasonable judge still put you on the jury, you can refuse to vote guilty or not guilty, in which case there would be a hung jury. No court wants someone with such an attitude on a jury, so it won't ever get to this.

I'd hate to have seen your high school essays on Swift's A Modest Proposal.


Unrelated... Would 'they' have really been more awkward than '(s)he'?

I see you Richard Stallman.

Jack Reacher?

Why do you do (or don't do) all the stuff? Sounds completely nutty.

This looks like hyperbole to me, but I have interacted with characters on the Internet that make this look normal.

Except those are more like "Watch out, Murica. Gummint jerst wants you to register so's they know whar to go when they come to terk yer guns! After, they'll round us up into consarnitration camps 'n' turn us all inter hamburgers ter feed th' lizard folk what runs ever'thin'."

They pay non-Mint silver bullion rounds for all their transactions, and only travel at night, by horse.

Poe's Law applies.

Google would be insane to not offer some version of end-to-end encryption in a chat app in 2016, when all of its biggest competitors have it enabled by default.

Who are all of its biggest competitors? Messenger sure doesn't do this (does it even have E2E at all?), Skype doesn't, either. Telegram, even if you considered it a big competitor, did they finally enable E2E by default? Or do you still have to open a "secure chat" for e2e? Kakao, WeChat, ... who else?

Honestly, aside from WhatsApp, I can't even think of one which anybody would consider "big".

That's indefensibly different from "All".

EDIT: Cool, I just learned iMessage is encrypted e2e! That's "Two" :)

I think this is the most important to me. On Android, this is only the second app that is likely to have a large userbase and e2e encryption for chats. The fact that its opt-in is a non issue to me.

Didn't know WhatsApp had default e2e encryption. Might install it and check it out. I imagine it sends some sort of personal information back to the facebook mothership, though.

WhatsApp doesn't just have e2e encryption by default; they actually hired (or just contracted?) Moxie to implement the signal protocol:

Over the past year, we've been progressively rolling out Signal Protocol support for all WhatsApp communication across all WhatsApp clients. This includes chats, group chats, attachments, voice notes, and voice calls across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.

As of today [2016/4/5], the integration is fully complete.

- https://whispersystems.org/blog/whatsapp-complete/

So did Google for Allo.

e2e encryption, meaning all data is "safe while transferred".

The client (Whatsapp) can obviously read the data on both sides - and perhaps sent it to Whatsapp servers with e2e as well, so the data is transferred safely to Whatsapp/Facebook, without other eavesdroppers being able to see it :-)

My point is, if you don't trust the company that created it, it doesn't matter what technology is uses.

So who trusts Whatsapp/Facebook with their private data...?

It doesn't send any personal data back to WhatsApp/Facebook, all it needs to work is a phone number.

Except… WhatsApp definitely gets a copy of your address book: https://www.whatsapp.com/faq/en/general/20971813 “During this entire process, only phone numbers are sent to WhatsApp for lookup, securely, over an encrypted connection.”

Whatsapp also gets the metadata about the message: sender, receiver, time and probably location.

As of last January, WhatsApp handled ~30b messages a day [0]. As of this January, WhatsApp has 1b users [1]. iMessage has ~300m and "several billion" messages per day (hard to get stats unfortunately).

Telegram has 100m users and handles ~15b messages per day [2] but, similar to Google, is not e2e encrypted.

As of last month [3], Facebook Messenger and WhatsApp combined had 60b messages per day. Assuming WhatsApp daily messages grew roughly linearly with users, their increase from 700m to 1b users would put them at ~42b out of that 60, leaving 18b for Facebook.

So there are at least ~40b e2e encrypted messages flying around thanks to WhatsApp, with likely at least 20b (assuming iMessage is bigger than Telegram, which seems reasonable) more from iMessage, putting the e2e encrypted count around the ~60b ballpark.

Telegram and Facebook together would be ~30b and I seriously doubt Skype IM is competitive but KakaoTalk is ~150m users, around the same size as Telegram and WeChat is around 600m users [5].

So the unencrypted messages definitely have far more volume and users than encrypted but the encrypted platforms are still the largest around. The article said "all of its biggest competitors" and given that Google doesn't operate in China (ruling out WeChat), I think that's a reasonable choice of words, although it's really hard to say thanks to iMessage's lack of transparency.

[0]: http://venturebeat.com/2015/01/06/whatsapp-now-has-700m-user...

[1]: http://www.statista.com/statistics/260819/number-of-monthly-...

[2]: https://telegram.org/blog/100-million

[3]: http://www.theverge.com/2016/4/12/11415198/facebook-messenge...

[4]: http://www.statista.com/statistics/248863/number-of-register...

[5]: http://www.statista.com/statistics/255778/number-of-active-w...

I dug into iMessage a bit a while back, and it appeared that Apple held the keys for encrypted chats to allow messages to be sent to multiple devices that a person owns (laptop, iPad, iPhone), insulating the sender from having to know about each possible destination device. If the server has access to the keys, or can add their own key to a set of keys handed to clients during encryption, that fails to meet some definitions of 'end to end' encryption, since a server compromise will also compromise messages. Has the implementation changed in this regard?

The injection of extra keys to your set of public keys on apple's servers is an issue. The counterpoint is you are (supposed) to get a notification on every time a new device/public key is added.

Most users won't have a clue what that even means.

I very much agree with the principle of restricting and monitoring the access law enforcement has to communications.

In practice, I weep for a third party that has to read the dumb shit I chat about.

If we do succeed in building a hell where a preference for Metallica in 1997 is grounds for any sort of consequences at all, I'm not going to blame my past self for foolishly broadcasting that preference, I'm going to blame my current self for cowardly compliance with the hell machine.

The issue with surveillance isn't that boring stuff might be surveilled. It's that the small fraction of people with interesting things to surveil will be surveilled.

I don't care if the NSA sees my communications. There's no real chance of them thinking I'm a terrorist. I emphatically do care if the NSA sees the communications of the next Malcolm X or Mohandas Gandhi or Harriet Tubman. Or worse, if that person is so afraid of surveillance a priori that they don't bother becoming an activist at all.

The problem is that even boring stuff can become 'interesting' with loosely worded and/or selectively enforced laws.

If you become a 'troublemaker', then retroactive trawling can reveal things that you may have done that are 'illegal', but wouldn't be enforced against a normal person in normal circumstances.

I literally said I very much agree with the principle of restricting and monitoring the access law enforcement has to communications. in my comment.

People that are worried about the NSA (hopefully!) aren't making their choices based on this dude's article, which is actually premised on it being important to protect your boring stuff from teh Google.

Yeah, I didn't say you were wrong, just expanding on the point.

I get all that, but I don't get what it has to do with Allo. Malcolm X probably knew to be careful what was said on the phone, because phones are easily surveiled. That probably didn't prevent him from using the phone for casual reasons.

> In practice, I weep for a third party that has to read the dumb shit I chat about.

I weep for my future, because there is a growing majority of people who give out their dumb shit data to everyone who makes a fancy app with smart AI to tell them where to spend money a second faster.

Turning on E2E encryption by default and using your chat data for commercial purposes doesn't have to be a zero sum game...

You can always extract important words from a "block" of chat messages, and feed that into your advertising engine, while keeping the exact sequence of your words and messages encrypted.

Now if the AI bots require the exact sequence of your words to do NLP processing, then yea, you're SOL until the mobile devices become powerful enough to do that processing locally on the device.

Well, it isn't truly end-to-end if Mallory is at both ends with you.

At some point people were excited about agents, and conversational agents.

Well this is the first bits of that. That means some code somewhere has to read what you are saying. Then it helps you. The trade off seems clear to me.

And ultimately I do trust Google. The US government less so, but the solution to that isn't with encryption and crippling technology, but expanding privacy rights in the 21st century. Look forward not backwards.

I can't come up with a sane reason why opt-in privacy is acceptable. Signal is handling the issues that may arise without any issues and whatsapp is just hiding complicated errors from it's users per default so they aren't confused, but they still get encryption by default in both cases.

Opt-in end-to-end encryption is an anti-feature.

Anti-feature for your use case. Plenty of people prefer to trade convenience for anonymity.

How is whatsapp not convenient?

In the future, "because it doesn't integrate with my email and search tools to make it easy to get metadata on what I was just talking about with my friends." Maybe. Seems to be what Google is betting on.

I find it super interesting that this is on the front page at the same time as a ex-Google design ethicist is talking about respecting the user ahead of commercial interests.

It's always good PR to talk about doing things for the users. Then there's business.

Providing an automated assistant that can mine your data to make communication more convenient is respecting the user.

I am not so worried about it. I think Google Allo will get about as many users as Google Plus.

I think you're underestimating the amount of "integration" Google will do with this product to make it the default everywhere.

Google Plus started being integrated into the search results, Picasa, Youtube comments, Android app reviews, and every other place they could think of, basically making it the default Google authentication.

They eventually de-integrated Plus after tons of user complaints (and possibly seeing how horrible the product itself was).

You're right, but I would argue that the insane amount of over-integration was one of the main reasons that Plus failed. For once, here's to hoping that history will repeat itself.

Most people don't care, which means that if you want to chat with most people, you'll need to use mainstream tools.

If you don't want the features, then don't use them, but saying not to use the tool because you'll want the features that will take away privacy makes no sense.

What bothers me more than the lack of privacy or encryption is the idea that we are giving our voice to machines. We are moving to a society where we let technology speak to our friends and loved ones as if they were us. Something essentially human is being lost in that process.

On the bright side maybe we'll get to the point where the bullshit social media conversations are all done by bots. Then we can devalue and ignore them and only have to actually participate in actual conversations.

My bot can just continuously post variations on "Here is a belief, validate it!", "Accept this high status social posturing as true!", "My worldview has been questioned. Outrage! Let us form a mob and bully the outsider into silence!", "I have performed a meaningless I-am-a-good-person ritual, please reassure me that although my employment is based on doing harm to people I am still a good person". And other bots can respond with messages of vague support/retweets/likes/whatever.

Since we seem determined to allow others to control and influence our private conversations let's at least get something out of it.

Exactly! This is how we should we look at it. You don't have to type the obligatory "How Cute" kinda messages and rather spend time on other important things:)

Liked, subscribed, +1'd, followed, and cride evry tim.

That's a complicated topic. I could expand on my thoughts on it, but I'm pretty busy today. Have your people call my people and we'll set something up.

Personally, I have a great number of everyday interactions that I need to have, but do not have any semblance of humanity connected with them. I also highly doubt that people in days of yore actually received a benefit from connecting over the voiceline with their pizza delivery guy.

I'm not worried that my intimate conversations will be replaced by bots. I am interested in automating my "yep" and "haha" responses to things I couldn't care two shakes about.

After the Snowden stuff, I still find it hard to entrust Google and Facebook with the data necessary to provide the super-personalized experience despite the things they have done to try and win back confidence.

Since I still use Google and, to a lesser extent, Facebook products, they have lots of data on me already but these kind of products still give me pause as I think about what could happen. If my experience is like many others, that could make it harder for these types of new products to find the adoption had all the NSA stuff not been revealed.

From a marketing perspective, it could be a really interesting study into the impact of a brand violating the customer's trust and the government's role in forcing the behavior.

I find the outrage about 'yet another chat app / why did you start over from scratch / why not replace Hangouts' interesting relative to this statement from the article:

> Allo is fundamentally different in this way than Hangouts or Gchat.

So either Google can merge Hangouts/Gchat into Allo, and this Vice author gets upset, or Google debuts 'yet another chat app' but then everyone's confused/annoyed there's so many chat apps from Google.

Bad article. There is technological constraint that leads to inability to use end-to-end encryption when using bots (note that they are not only Google's but also 3rt party's). Same is true for other messaging platforms that use bots including Facebook Messenger. Individual messages are encrypted inflight. If you need end-to-end encryption then use incognito mode. IMO this looks like a perfect balance of privacy and functionality.

Make end-to-end encryption the default, with an obvious opt-out for those that want to take advantage of the AI assistance.

Alternatively make opting into incognito mode super obvious and easy as well (but in a way that preserves security) and allow an easy option to always keep it the default, too.

And if Allo is going to be the AI-enhanced messenger from Google, then why not make Hangouts fully e2e encrypted like Facebook made Whatsapp?! Unless they plan to kill Hangouts soon? But I doubt that's even a medium-term plan.

I think Hangouts is here to stay for at least another 5 years, unless they intentionally deprecate it in favor of Allo like they did with Gtalk. However going by the current reception of Allo, that also seems unlikely at the moment.

I plan on moving to Allo myself from Hangouts and the only reason for doing that is the end-to-end encryption of Allo, considering Hangouts has none. So if they want more people like me to switch from Hangouts to Allo, then they'd better strengthen not weaken the Incognito mode (not just security wise, but usability wise as well).

Hopefully in the next 5 years we'll see AI-accelerators embedded into smartphone SoCs, so that most of the AI assistance that Allo can do now can be done locally, but I don't expect Google to push too hard in that direction, so someone else would have to take the lead (probably Apple, and I think they've already started doing stuff like that).

Also, this is somewhat wrong:

> However, turning off location history means you have to type in your full home address every time you want directions home.

You can set your home location in Google Maps, so then you won't have to use it as a "remembered location" through the location history system. I also think the starred locations will be saved similarly, and not through location history. So go ahead and turn off your location history.

Opt-in encryption is no encryption.

It's the end-to-end part that is opt in. Normal messages are encrypted in transit and while stored and only the machine learning system has access to them otherwise.


Of course that means it is just Google policy protecting the messages internally and it probably isn't resistant to a warrant, but the messages are protected from other access.

> Normal messages are encrypted in transit and while stored and only the machine learning system has access to them otherwise.

This is what stood out for me when watching the Google IO talk. It's about as encrypted as sending a plaintext email from one GMail user to another. Which is to say it's not "encrypted" in any meaningful interpretation of the term: Google has the plaintext, Google can change what systems access the plaintext and how; which includes complying with warrants - but also "becoming evil", if they find they have a business need to do so in the future.

It is nice that they at least provide some e2e encryption, but it's hardly much of a selling point of the service.

Still risky. Given PRISM, I wouldn't bet on the safety of any unencrypted data residing in Google's servers.

...until you opt-in.

Why? What does this mean?

Barely anyone opts in. Which means, effectively there is no security takes place in practice.

The idea is, our conversations that are not public, are private. Even if we're discussing some boring grocery list and not a top secret plan to take over the world.

Really? I'm pretty sure one check box, and BOOM! Encryption.

> Opt-in encryption is no encryption.

That's a cute slogan, but I can't see any meaningful sense relevant to the present discussion in which it is true.

You can't have Allo's friendly and useful features AND have end to end encryption. Allo has struck a good compromise. Allo's secure mode is enabled by OWS, which has a very solid reputation for privacy. This along with new security features in Android N make Allo likely to be impervious to threats short of an NSA TAO full-on attack and/or a black bag job. It would be dumb to discourage use of such a tool.

You could have your server doing the search and aggregation job Google has centralized. Google could have sold those servers as home appliances, each of them spidering only those parts of the world our phones know we care about or we will. Travel next week to Berlin? Start downloading maps and transit schedules for there. I'm sure that it could be engineered to be as effective as what we have now. A centralized search engine would be ok. IMHO it would be a much better world but it's not how it turned out to be. Probably Google won't be as powerful as it is and they rationally made the choice, or they never considered the option. I bet on the latter.

I was thinking not about search but about a Google Now appliance running at home. My bet is that the general mindset at Google is about centralization. I can be wrong. But knowing everything everybody does is easy to convert into money.

Google's business needs aside - aren't modern phones powerful enough to process chat content locally, without exposing anything to the outer world? Or it's still more CPU or memory-hungry task than a phone could provide? (I don't have any knowledge/experience in modern computer learning, so genuinely curious.)

It's the data. If you are in New York and chat "Where should we eat?", the phone has to either have a massive amount of data on hand or request some data to make local suggestions.

Then you have to balance how current the data is and storage and so on against the elaborate privacy protection. Google knowing that some person is near some intersection probably isn't much different than Google knowing some person is in NYC. Fresh results about the intersection will naturally be faster to return than fresh results for a larger area that then have to be filtered down on the device.

I guess this is a good reason to add POIs to OpenStreetMap.

Well, analyzing locally and sending a query to Google Maps/OSM/whatever that basically says "food + New York" is one thing. For extra privacy, there can be even a nice opt-in that actually works with AI breaking into conversation with a "Hey, want me to suggest a good restaurant? Just tap here and I will look up some!"

I just wonder if today phones are powerful enough to process texts locally and not disclose the raw unprocessed data to the third parties.

It is likely less an issue of processing locally but a need to build a collection of data to train future versions of the service. To do that you need to see how users are trying to use the "bot", what it doesn't handle well, etc. That lets them improve the models doing the NLP.

"Don't Use Allo"

Wasn't planning on it. The people I communicate with use either Hangouts or iMessage. I don't have room for YAMS (Yet Another Messaging Service).

Google now has what? half doesn't ways to send messages? This time next year, how many will they have shutdown? I'm not moving until Hangouts is one of the victims.

*half dozen

Gboard only receives search data, and they make a really big effort to tell you that.

This kind of thing doesn't work. "Don't use X" is not advice most people are equipped to follow, and most of us who aren't trying to avoid prosecution from a state actor mostly end up wanting to talk to other people and so follow the herd no matter what our own preferences may be.

What's the solution? Instead of writing "Don't use X," write "Use Y." Don't use X, on its own, isn't actionable advice. Use Y can be.

Well, hopefully google will have an option to turn off this predictive response stuff. I know I don't want it.

Frankly, about duo (the video chat app), I don't want the other side to see me without picking up... seriously what? I'm probably not their target demographic though with these apps.

You can use google more or less via startpage.com

Supposedly this should provide more privacy. Email is a different story. Even hosting your own does not solve much. You could host yourself and use GPG but even this does not solve the problem with the metadata.

Relax; it's a Google side product. With 95% certainty, it'll be dead within one year.

I consider myself an optimist, but it's hard to look at Google's history and not agree with you.


Unfortunately, Allo and Duo are off in yet another direction for Google messaging products:



Docs chat (Didn't think of that one, did you?)

Jibe RCS client (rumored)



All of these have different underlying technologies and are aimed at different partners and competitors.

With that logic - that the intent is only to gather data about you and the assumption that few will bother with privacy features - then nothing is stopping google from using an open protocol and client to promote transparency.

"If you care about privacy, you shouldn't use your voice. Because the default is talking instead of whispering, if you aren't careful when discussing sensitive things, you might be overheard."

OK, reach and permanence are far greater with internet chat than with voice. But what we really need to teach our children is to be careful... full stop.

I like Google's suggested short reply options in Inbox, and look forward to the convenience of Allo's bot tech. I also applaud Google for providing a simple and easy way to switch to a private channel if it is needed - surely that is something to celebrate instead of denigrate?

Edit: Small grammar fixes.

Not knowing anything about the author's background, I can only assume he is not very technically knowledgeable, especially when I read:

> but how many people use Incognito for every search?

and then later:

> Likewise, it’s smart to turn off location history in Google Maps because once Google has that data, it's out of your control.

By providing inputs to either service mentioned (Google Search or Google Maps), you are already providing them with your "private data". That's the entire point: you give Google a set of keywords, and it gives you answers. If you didn't want Google to know what you're looking for, why would you tell them?

> If you care about privacy, you should not use Google Allo

"set the fox to guard the henhouse"

It is not that Google is evil, or anything. Quite the opposite, it is probably as good as a corporation can get in that respect.

But they do have a vested interested to learn as much as possible about the users, so they can sell ads, so they can still continue offer amazing products and drive innovation.

Having said that, I would, and do, trust them with all my private data. Things that I would trust only to good friends.

However, if I really wanted something to be absolutely private, Google would not be my first stop. A combination for GnuPG and TOR, maybe, but not Google for sure.

This, from a site with Facebook and Twitter buttons?

If you care about privacy, you should not visit Vice.com.

One too many words. Should be...

"If you care about privacy, you should not use Google."

lol, it had to be said.

Thank goodness some people are seeing this.

Why are we worried about a chat app that hasn't been released yet?

Gryzzl is real

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact