Hacker News new | comments | ask | show | jobs | submit login
Google’s new Chat service shows contempt for Android users’ privacy (amnesty.org)
276 points by ColinWright 9 months ago | hide | past | web | favorite | 160 comments

This accusation is wrong. Chat is using a protocol which is a successor of SMS. It's an interface to this protocol and not a 100% WhatsApp/Telegram copy. And this will be also the reason it will fail... it's not all on Google's control, even the network providers will have control and iOS will be missing (that means no entire market reach). The problem with this new standard (RCS I think) is that it was never designed for end to end encryption.

> that means no entire market reach

Globally iOS is about 15% to 20% max. So the onus would be on Apple to integrate RCS into iMessage in order to reach the majority of the market.

I can't see RCS succeeding anyway but it won't be because of Apple. It'll be because it took 11 years to come to market and even my dentist uses WhatsApp now.

Onus? Like there are rules? Or moral obligations on the part of multinationals?

Apple's only responsibility is to itself, and its shareholders.

Yes, there are likely to be contract terms requiring anything with a connection to support RCS.

This will be driven by carriers turning off legacy SMS and MMS servers the same way they turned off 2G GSM.

MMS was already discontinued a few years ago. SMS still has some relevancy for business.

It was? Or do you mean specifically 2G-transported MMS messages? I have flip-phone-using family that still MMS me pictures.

> MMS was already discontinued a few years ago.

Where? In Canada I use MMS every day.

Yes, there is a moral obligation to do the right thing.

Switching to RCS from iMessage would facilitate more warantless wiretapping, and make it easier for carriers to rent seek by charging per message.

It would also probably regress iOS Apple’s customers have already paid money for.

How is any of that morally “the right thing”?

RCS wouldn't replace iMessage, it would be a new layer of fallback between iMessage and the current MMS/SMS fallback, so the security situation wouldn't change.

RCS uses your data plan[0], so it's unlikely carriers will bother charging per message. I already have unlimited international SMS and MMS on my plan anyway. Charging per message on RCS would just mean the protocol would fail and push people to the multitude of other options.


Who says it's right or wrong for x to be integrated into your product? Should they do it if it compromises iMessage encryption? It's not as if there are no WhatsApps/Telegrams etc people can use as an alternative if they don't like the options.

Also, ethics provides specific practices and actions that we can take in order to ‘do the right thing’.

The fact that some corporations act ruthlessly and mercenary with regards to human rights and individual suffering (like Facebook in the recent data scandal), does not abrogate our collective and individual obligation to a higher ethical practice.

How would one determine what such an obligation is any more than one would determine a religious obligation to do the right thing? As much as we wish there was, and as much as we think society would be better if there was, I don't think they exist and the closest thing to them we can emulate, that of a social obligation, has a number of flaws (since social obligations are enforced by social backlash and advertising strongly influences social backlash, and social backlash can often be counter productive).

Wow. You seem to be arguing that because it might be hard to construct an ethical and moral framework that works for society, we should all give up and just default to being purely self interested sociopaths? Yes, building a justice system, laws, social norms and culture is hard. That's why civilization has been working on it for thousands of years, and we are still figuring it out. Multinational corporations are comparatively new, so we don't know how to treat them as well as you know how to treat your next door neighbor or in laws. That doesn't mean we should give up on figuring it out.

>You seem to be arguing that because it might be hard to construct an ethical and moral framework that works for society, we should all give up and just default to being purely self interested sociopaths?

I'm arguing that any such constructed framework is merely fiction. Only what we actually enforce matters, but that there is a distinction between a moral obligation enforced by some concept of being moral or immoral and social obligations enforced by social reaction. I then point out that social obligations are flawed (not that we shouldn't use them, but we should be aware of their flaw).

>Yes, building a justice system, laws, social norms and culture is hard.

And these are different than moral obligations. Laws are enforced by the state. Social norms and culture are enforced by different social reactions, anything from 'tut tutting' and social disapproval to outright violence.

>That doesn't mean we should give up on figuring it out.

I'm not saying we should give up. I'm saying that trying to use moral obligations as the tool is no more useful than using religious obligations are (outside of a theocracy, though in that case religious and legal obligations co-mingle). I'm saying we should use social and legal obligations instead.

Social and legal obligations often originate from ethical frameworks. For example, human rights were initially a purely ethical concept which most white people at that time thought to be ridiculous. And now it is a social and legal obligation in all Western countries to treat every human equally, regardless of skin color or religion.

So by abandoning ethics you are actually cutting off a source for improvements of our social and legal norms.

I'd also would like to point out that it doesn't follow from being constructed that something is 'merely fiction'. Everything in humanities is constructed (and some would even argue that everything in science is constructed). The question is: does it impact our lives? And ethical reasoning obviously does it.

What the right thing is depends on who you ask.

Implementing arbitrary standards is not "the right thing". Especially failed standards such as RCS.

Apple has implented a solution with iMessage, albeit a proprietary one only for iOS communications.

If Google prioritized the privacy of users thet would build a similar product as the default Android messaging service, hopefully as an open platform.

I have been very reluctant to switch to Android for precisely this reason. It represents a lack of concern for user privacy.

It is easy is to send an insecure message via iMessage. When the app will fallback to SMS, there isn't any clear indication that this is less secure. Sure you get the green vs blue bubbles, but security isn't exactly pointed out.

Sure it's not perfect. The point is a default that respects and enforces privacy. It is night and day from Android.

I wish Apple would open the protocol.

SMS fallback can be easily disabled.

And secure chat applications can be easily installed. The whole kerfuffle here is about defaults.

I'd say signal is already a better imessage. The use of phone numbers for linking contacts isn't great; but it's workable as a "better sms". And I prefer it to relying on solo'ed Google contacts.

I still want something that federated, secure(able) and easy to self-host. But I really don't see the need for another iMessage.

The need is for defaults. I want everyone using end to end encryption by default. If Signal became the default, great.

As long as imessage isn't generally available, it isn't a viable "default".

It's funny how the people here are sort of flocking to the alternative: having regulated privacy guarantees.

Of course Google is only implementing RCS here. That would be the agreed (with governments & telcos) standard, the result of regulation. Needless to say, it totally exposes everything to government, and to telcos, and to "interoperability providers" (which Google would be). It is strictly worse than Google when it comes to privacy. I think it includes more than just their chat messages, it seems to include things where you'd be like "why does this need to be part of chat ?" like location.

And it comes with a little something for telcos that I doubt anyone here will like : per-message billing. On the plus side: it will work without a data subscription (I think). On the minus side: per-message billing, with or without data subscription.

So the net effect is that people are being deceived - by amnesty no less - into pressuring Google and governments to expose more of their private information to more parties.

Unfortunately what this does mean is that Google is now caving to government demands - full exposure of everyone's information all the time, without any reason or oversight. Not just to the government, but because the government is also incompetent and can't be bothered to actually store these or make them searchable, they demand you also give all telcos access to it (who will then store it and make it accessible to government agents), and we all know most of those telcos will outsource actually doing this, because they're government monopolies.

> like location

Sharing current location with contacts is a pretty basic feature.

When asking for it, sure. When not ... not so much.

Where "contacts" that are truly interested in this "basic feature" consist of Google, Verizon and 3 letter agencies. Sign me out, thank you very much.

Google (who's software is running your phone) and your operator (who is constantly triangulating you to know where to broadcast the radio signal) already know exactly where you are.

* Google doesn't run software on my phone, thank you very much.

* At the time I was using Android, they were using a plethora of dark patterns to force me to continuously share my location with the "Google Maps" application, even if not in use. Indicating that they weren't just slurping the location info via Android. Most likely because of legal concerns: there are plenty of alternatives to the "Google Maps" application, there are only 2 widely adopted mobile OSes; the spectre of anti-monopoly action looms large.

* There are legal arguments to be made to prevent my operator from profiting from my location information.

> Commercial privacy of location information in the United States

> The U.S. does limit commercial use of location information under the (US) Telecommunications Act, at 47 CFR §222. The Telecommunications Act, at 47 CFR §222(f), requires consent from the subscriber, and prohibits telecommunication common carriers from accessing location information for purposes other than system operation without consent of the customer.[28] Businesses such as LocationSmart, which provide a tracking service based on subscriber information, require mobile users' consent prior to tracking.[29]


* Great! Then you also don't have to worry about RCS. What's the problem?

* Right, my point. Google knows where you are.

* "customer consent" could that not just be a buried paragraph in the contract you signed to get the plan?

A basic feature which I used maybe 5 times in all my life, more to check how it works than because of a real need. So, not so basic and maybe not even an advanced one. How about "dangerous"?

There have been ways to tell friends where we are since forever, no need to let Google know. My GPS is turned off, I could buy a phone without it.

Just because the feature isn't valuable for your personal use case doesn't mean it isn't valuable. I share my location several times a week. It's especially useful in areas where street addresses don't follow a logical order (or are nonexistent altogether).

I want to be able to share my location with Google so that they can share it with one of my contacts. I then want Google to discard that information. I don't want them to share it with other parties unless I consent specifically to each instance. My consent should be informed (a lot of problems would be solved if we just held businesses to higher standards in terms of disclosing their business practices).

I'm even OK with certain exceptions that are consistent with principles that Western civilization is built on. For example if Google retains that information for a period of time solely for the purpose of complying with a lawful search by the police, for which a warrant was obtained based on a reasonable and specific suspicion, I'm OK with that.

We don't need to throw the baby out with the bath water.

When $746 billion of market capitalization critically depend on Google carefully recording your location information every second in the day and using it to increase advertisement revenue, it is somewhat naive to expect the Google will comply with common ethical sense out of the good of their hearts.

On the flip side, if communication with your contacts is encrypted end to end [possibly with law enforcement agencies with a warrant having access to decryption keys], then no matter how much monetary incentive Google has to violate your privacy, they can't.

How about we build systems that keep creepy stalkers at bay by design? What happened with "can-do" attitude in the hacker-sphere?

Can-do attitude includes making things that were otherwise annoying frictionless and easy through technology.

The feature being discussed here is literally the ability to manually press a button to send your location to your contact. With the new Android permission model you can even block the app from reading your permissions when not using it.

[In depth answer]

I dug up the RCS5.1 spec [0]. RCS location is not a benign feature where a user is sharing its location every once in a while by pressing a button. RCS location appears to be continuously broadcasted on unsecured channels, open to third party middle men, for example Google, Verizon or three letter agencies. Note the last bullet point, "Geolocation". Perhaps I'm reading this wrong, and this is not yet another veiled attempt at commercial surveillance. Please educate me.

From Section 3.7, Social Presence Information:


In the EAB, the contact information is extended with social presence information and foresees the following attributes:

* Availability, indicates the user’s (un)willingness to communicate,


* Geolocation, depicts the user location


Once User A has accepted User B as an RCS authorized contact, User B will be able to see the geolocation information of User A (displayed with a text or a map, or both of them) and all updates of that information.


[0] https://www.gsma.com/futurenetworks/wp-content/uploads/2013/...

The section you have listed is about "you have set a geolocation already, control access to who can see it".

Frankly there is no way that Google's RCS app streams your location to any endpoint without an explicit opt in in the app. I'll eat my hat if I'm wrong.

User selects to share location with 1 person in the world, and maybe even forgets about it because the feature is such low value [for the user] anyways. Google [and Verizon, and whomever else is in the middle] gets to snoop on user location forever at whatever precision they want, because "it's in the spec". Looks like a dark pattern for tricking everybody to share the location with Google, enabling corporate 24/7 mass surveillance.


Google has many choices: don't implement clear-text geolocation presence, don't implement RCS, speak up in the standards committee, communicate the implication to Google users, etc. Google chose to silently use a dark pattern to enable 24/7 location snooping.


You are literally looking at what the spec could allow a compliant client to do and then assuming that Google will make an app that uses dark patterns to trick users into doing them when they don't want to (and when it also provides no real value to Google compared to the data collection they can already do)

This is the core dark pattern of BigTech:

"Share with your friends" means "Share with your friends, and we'll snoop/aggregate everything that's ever shared by anyone using our platform in perpetuity and use it to subvert your will, haha 'private communication' is so XX century".

RCS is yet another excuse to implement this dark pattern, with explicit provisions to include unencrypted 24/7 geolocation information in it. Google just rehauled their Android messaging strategy around RCS. They deserve to be called out on it.

PS. You claimed "The feature being discussed here is literally the ability to manually press a button to send your location to your contact." Until you take that back as factually false [it's continuously sending, not gated by a button press per send], we're done here.

A. The ability to manually press a button to send your location to your contact

B. The ability to manually press a button to send your location to your contact without man-in-the-middle snooping.

All I'm saying is that B is better than A, for me personally and for our society at large.

Any idea why they’d even bother implementing the interface, given it appears to be a step backwards compared to current options that customers have?

They did have a choice to adopt it themselves.

> Any idea why they’d even bother implementing the interface, given it appears to be a step backwards compared to current options that customers have?

It's only a "step backwards" if you for some reason don't consider decentralized, standardized protocols implementable by anyone superior to centralized, closed-source walled-garden services.

"Anyone can implement a client" isn't the strongest argument when that's also true for most chat services as well. It's nice that the protocol is out in the open but it's effectively a service provided by cell providers and locked to them.

RCS could have been amazing as a general-purpose protocol for short datagrams that could be sent/received in areas where you can't get a data connection. It would effectively enable every chat app to work when the network is under load but carriers opted for the walled garden.

Or if you judge services on how well they work, not just on how "open" they are. To many people, just being "open" is not the be-all, end-all of whether something is better.

It is a step forward from SMS, although with many of the same drawbacks as SMS.

The point is that they're backing this non-secure chat over backing a secure alternative, like Allo.

You may recall that Google tried to back Allo. They recently backed away from it, with press reports pointing to a near-total lack of support from critical players such as carriers.

Google is stuck working with things their partners will support. They can't reliably be dictatorial like Apple can.

> They can't reliably be dictatorial like Apple can.

Why not?

If they never shipped an RCS client and made Allo part of the required Android install for Play Services compliance, who is going to stop them?

They choose not to be dictatorial.

Yours is the only post in this entire thread adding the needed context.

The article doesn't either. Yet somehow you were at the bottom of the page for me. I don't understand why.

I think RCS is being framed incorrectly. It isn't a competitor to WhatsApp/telegram/iMessage it's an update to SMS

If they bought out another competitor all that would happen would be one more chat client that 20% of your contacts use if that.

With RCS, in order to supplant SMS it requires co-operations with telco. It's there to see increase base line support.

Maybe telco would have been okay with e2e encryption although I highly doubt it. Once the baseline RCS standard is put in place. It maybe possible to implement e2e with an OTR client side extension.

RCS is the successor to or replacement of SMS/MMS. I for one will be happy when I no longer have to ask: "how do you want me to send that to you? Email WhatsApp or telegram?"

> Maybe telco would have been okay with e2e encryption although I highly doubt it.

I don't think it's even about whether they would be "ok" with it, telcos are highly regulated, it is probably illegal to have e2e crypto in a carrier protocol in some jurisdictions.

Reminder: millions of people send SMS's and don't care one bit about encryption, and they only use WhatsApp because it's free to send messages, and pictures are supported.

Sure. That’s even more a reason why Google should be proactive.

Apple defaults to secure if iOS users are texting each other. Google has always done the opposite. I don’t think it’s a coincidence that Google is the one who’s business model depends on sucking up as much content as possible.

Whatsapp came out in 2009. Encryption was added 7 years later in 2016.

Why would anyone who cares about encryption have been using it for the almost decade up till now?

Millions? Literally almost every user of WhatsApp. Those who care about encryption are a miniscule minority.

Just because people don't care about privacy, doesn't mean they dont deserve or in fact need it. But in fact most people care, or assume they have privacy. why does Google not show a red icon to users that these messages are not protected for instance. something browsers do? A company like Google should care about their user's privacy, but well thats the entire point of the article.

This is the sad part I think. SMS being shit is why people actually had obtained some privacy. If the RCS is good, then it is back to square one.

So, why not make it better? Or, why not educate users the messages are in clear text via UI indication that the message is not protected? That would help with users understanding what's going on and allowing them to protect themselves.

Many years ago (starting 2010 or so) Google "simplified" their privacy policies, meaning they threw them out of the window and have a central profile about you and your behavior. Some of Google's tactics are creepy, like Microsoft late 90s creepy. They should be called out more often.

Reference to some of the things that happened back then: https://www.pcworld.com/article/248715/googles_tracking_plan...

Well, I guess someone missed the point that the carriers control SMS, not Google. 'Chat' is a consumer friendly name for Rich Communication Service (RCS) which is built on top of SMS. Google is simply advocating adoption of RCS after failing to get adoption for any of their own rich messaging protocols.

Blame lazy, cash obsessed carriers if you want to blame anyone. Next we will be blaming Google for making a phone app that only uses A5/1 stream cipher which the FBI can intercept and decrypt easily when they want to snoop[0].

Yes Google failed so many times to compete with iMessage, but they did try. I can't blame them to rethink their strategy, I mean most people are using SMS already, I for one would like to at least be able to send full res photos.

[0] https://www.washingtontimes.com/news/2013/mar/29/feds-fbi-wa...

There are sort of two issues here:

The first is that RCS is a flawed specification with inappropriate features for the modern world and shouldn't be adopted. It's being pushed hard by carriers, among others.

The second is that somehow Google has ended up as the punching bag for this gripe for the crime of implementing RCS. I mean... no, that's not really fair (and most of the folks here really should know better). But... meh. I mean, they still implemented it.

People need to stop looking to carriers and software giants to secure their privacy. There are multiple good options in the open source world for secure messaging. We need to be pushing those.

I bet the reporter willfully hung this around Google's neck though it was a carrier standard. The story's just bait-ier with an evil-Google vs people plot

Sorry to be that guy, but no one in Europe uses SMS.

Also it's ridiculous that Google never made a simple WhatsApp clone.

I really wish there were a third phone OS: I don't want to buy iOS devices because the hardware is only manufactured by Apple and on Android you can't get away from Google.

There's the new Purism phone but it probably won't be able to run WhatsApp.

Screw WhatsApp. That's what you should be getting away from anyway. And install CopperheadOS on your phone. It doesn't use any Google services. It even has a list of its defaul connections made by the OS: https://copperhead.co/android/docs/usage_guide#default-conne...

Unfortunately, support for Nexus devices will soon be gone and the Pixel 2 devices with pre-installed CopperheadOS are quite pricey for private use.

You can always just compile it yourself for your own Pixel 2 device. Or use LineageOS which runs on a far wider range of devices and doesn't charge $500 for binaries.

I know WhatsApp isn't perfect, but I wish most people where I lived used it. Well I wish they used anything really. I'm one of my few friends on Android, and it is really annoying being excluded from group chats because of it.

Sony has some open source phones, aren't there an alternative to Pixel 2s for you?

>Screw WhatsApp

Not really possible.

There were third phone OSes (and fourth, fifth...). Nobody wanted them.

Because none of these OSes offer any of the apps people use and want, Same as with Linux and Windows, the vast majority choose the latter because that's where the industry leading applications (Office, Photoshop etc) Drivers support and best games are, Period.

People buy Windows, because it's hard to buy computers at the store that have Linux on them unless you know where to look (or buy locked-down Chrome OS). People don't need MS Office (Libre Office) or Photoshop (GIMP). Games run fine on Linux (see GOG and Steam), and the number would increase if more manufacturers sold laptops with Linux. Most people don't choose their OS -- they are fed.

People buy Windows because they want wifi to work

I've never had a problem with wifi on this laptop, and I use many different wireless hotspots. When it does happen, it isn't a problem that originates with Linux.

nice, there's 1 configuration that works... I've had 5 that don't.

I always research the hardware for Linux compatibility before I buy computers. Thinkpads tend to work well.

Windows Mobile, BlackBerry OS, PalmOS, Maemo, Nokia S-Series all had the top 100 popular apps at the time. MS for instance spent $$$ ensuring that was the case.

Edit: forgot the Kindle Phone..

If you're concerned about phone privacy I'd be concerned about using WhatsApp too, considering its owned by Facebook.

Thats what happens when you run proprietary apps, It becomes impossible for the community to port them to new OSs. Consider moving to Matrix which will work on anything that someone has built a client for it on.

Then the Open apps should have been better. People run proprietary apps because they're easy to use, and they work. Most people aren't going to run open apps just because they're open, so the open apps, in order to gain adoption, have to compete with the proprietary apps by actually working better.

Libre software is easy to use and it works too.

Proprietary apps have stronger lock-in and better marketing.

> the open apps, in order to gain adoption, have to compete with the proprietary apps by actually working better.

Yes. I'm hoping enough people will think Matrix's protocol bridges constitute “working better”.

Riot seems pretty adequate already, although maybe it doesn't have enough emoji, animated stickers and poking for some people's liking. (Also, get off my lawn, bloody kids.)

You certainly can get away from Google on Android. Install a version without Google Play Services. There's lots of software available on F-Droid or the Amazon appstore.

WhatsApp provides an APK download so you don't need the play store to get it: https://www.whatsapp.com/android/

Windows Phone could have been that platform. Yes, it was also backed by a large company, but:

- There were multiple manufacturers.

- Despite of MS' bad reputation, the platform was surprisingly open and flexible. Not as much as Android, but certainly more than iOS.

- UI-wise, it was on par with the two big players. I would argue it was even better, at least more innovative.

Unfortunately, it failed due to devs ignoring it (especially large players), and probably MS' notorious schizophrenic behavior resulting in constant zig-zag courses.

Definitely - I tried an HTC Mozart for a while and was astonished at how pleasant it was to use, particularly given that I hate using Windows on the desktop.

There was no decent map for car navigation, but that could have been reasonably easy to fix.

HERE was the default one on Nokia phones, and it was great. For car navigation, it was better than current Google Maps and HERE WeGo implementations on Android, and on par with Apple Maps since iOS 10 (but like Apple Maps, awful search and POI database)

I've heard it is good, though I don't think it was available at the time I was using the Mozart. What I did have was "Orange maps":


This was OK when it worked, but it had a habit of freezing the phone and requiring a reboot. Also, it would refuse to start if there was no mobile signal, so I would frequently have to drive a few miles from my destination (I always seemed to end up somewhere with no signal) before I could start navigating home.

>Despite of MS' bad reputation, the platform was surprisingly open and flexible.

How do you remove Microsoft from a Windows phone and not have to use any of their services or be tracked by them?

>Unfortunately, it failed due to devs ignoring it

I don't think the devs, they had remaining, could keep up with all of the osbourning they were doing.

I agree. There is really just one smartphone OS out there now with Android gone. I don’t want to touch anything that has been near google.

If there were a third OS, how would you get away from the company that made it?

> The information obtained includes vehicle speed, coolant and oil temperature, throttle position, engine temperature and engine revs. This information is then reportedly sent from Android Auto to Google on a real time basis. Android Auto is now a component of Google Assistant.

This was denied by Google, isn't?

It's ironic that the photo for the linked article about the Android Auto allegations is a Tesla, because Tesla does not support Android Auto and actually does collect that sort of information.


Yes, and no proof from those making the accusations was ever forthcoming.

Not only was it false, but the representative of the company that made the accusation works for VW - the same company that lied and defrauded customers by installing emissions cheating software on their cars.

This is pretty alarmist. In addition to the other comments here about RCS simply being SMS++, privacy and Google have been incompatible for a long time already. If you care about privacy, don't use Google software in the first place.

I always have to plug LineageOS on articles like this. It's a wonderful Android ROM which provides additional privacy settings and which you don't have to install Gapps with. I'm happily using a modern smartphone without a single piece of software from the Big Five tech companies.

From what I understand, RCS is not encrypted so that the carriers can implement it as a SMS replacement and still comply with wire tapping regulations (IANAL, so if anything I just said is wrong, please respond).

However, once RCS is implemented by the carriers, I see no reason Google's Allo couldn't be updated to use RCS and still implement an encryption layer on top of it.

People will keep using WhatsApp, Messengwr and to a lesser extent Telegram. Chat is the nth Google attempt in that space and everybody remembers that the previous ones failed. That memory is all it takes to make this one fail too. The only chance: make it replace the stock Messaging app, the one for SMSes. Then route messages trasparently to the SMS gateway or to RCS.

> The only chance: make it replace the stock Messaging app, the one for SMSes.

This is exactly what is happening.

Or just ignore it altogether. Why bother implementing RCS if you can already ensure Android phones can talk with whatever protocol you want and iPhones will probably only support SMS and iMessage anyway.

What value does it really add to customers? The value to Google is it’s a protocol they don’t have to maintain and an excuse to ignore encryption.

This is a valid point. By backing/pushing RCS, Google doesn't have to maintain the infrastructure (servers, protocol, etc) to support messaging as this would be on the carriers.

Absolutely. Google won't do that, however.

MRW I stumbbled onto the fact that Gboard has a opt-out keylogger.

Edit: Title change made my wording look like a drunk redditor stumbled over to HN. The original title was "Google Accused of Showing 'Total Contempt' for Android Users' Privacy". I too accused Google of 'Total Contempt'.

>> MRW I stumbbled onto the fact that Gboard has a opt-out keylogger.


Edit: I think the parent poster is incorrect insofar as it may be read to imply that keystrokes are sent to Google. While on iOS you can indeed give Gboard (or any keyboard) "Full Access", Google's privacy policy for iOS GBoard is below (Android's is similar). It seems reasonable to me, and only logs your keystrokes _on your device_.

What Gboard sends to Google:

- Gboard sends your searches to Google's web servers to give you search results.

- Gboard also sends usage statistics to Google to let us know which features are used most often and to help us understand problems if the app crashes.

What Gboard doesn't send to Google:

- Other than your searches, Gboard doesn't send anything you type to Google, whether it's a password or chat with a friend. Gboard will remember words you type to help you with spelling or to predict searches you might be interested in, but this data is stored only on your device. This data can't be accessed by Google or by any apps other than Gboard.

- If you’ve turned on contacts search in Gboard search settings, this allows Gboard to search the contacts on your device so you can easily share. None of these queries are sent to Google.

It's probably training the language model powering word suggestions.

Gboard updates the model on-device and sends the updates to Google, meaning no keystroke data needs to be sent to Google while still improving the model with real world usage:

> "[Federated Learning] works like this: your device downloads the current model, improves it by learning from data on your phone, and then summarizes the changes as a small focused update," scientists Brendan McMahan and Daniel Ramage said. "Only this update to the model is sent to the cloud, using encrypted communication, where it is immediately averaged with other user updates to improve the shared model."


It probably still keeps a copy of your typing locally though.

If that were true, so what?

It's not even the creepiest one for me, the creepiest one is receiving a notification while you are at the restaurant from Google Maps saying something like "We know you are there, please send us pictures of that place"

Nice how they use a notification to ask you to do work for them for free.

It's opt-in on iOS at least.

I dream of a service which I can use to send a message to a contact. It knows if that contact is on WhatsApp, Telegram etc. (or plain old SMS) and chooses the best option for that contact automatically. It merges the inbound messages from any of those apps I have so they're all in one place.

I no longer have to use all [n] chat apps installed on my phone just because for each of them, there are a few people only contactable via that particular app.

This was a solved problem back in the day. Pidgin was a desktop application that let you put aim, msn, yahoo, or whatever chat you wanted together. You had one list and you messaged people on there. It was the same regardless of what platform they were on. It was great.

It's pretty hilarious, this has been a solved problem many times. But there doesn't seem to be much money in unifying chat systems, all the money is in making new proprietary ones.

The Windows equivalent was Trillian, which even had IRC support.

This is the one thing that Blackberry got right - unified messaging.

All messaging apps could feed into the system messages app, you'd see it all in one place and could read/reply/etc regardless of what app was actually doing the messaging. From what I could see it worked really well.

Windows Phone used to do this and it was fantastic, Requiescat in Pace.

> Google’s own app Allo has an option for end-to-end encryption but the company says it will no longer invest in it.

I really don't understand Google. Wasn't Allo a tent-pole item at Google I/O a year or so ago, and now it's no longer being invested in?

They're the oil-rich nation of companies. They can afford vanity projects and woeful mismanagement as long as that sweet sweet advertising money keeps coming in. The sectors of the company that keep that running are run well, but side projects like this seem to come and go with little rhyme or reason as far as I can tell. Much like how the militaries of some countries are well-run and competent (and control the oil) while the rest of the government is a clown show.

Yes, exactly this. "You can get away with all kinds of BS when you're sitting in an open fire-hydrant of money." One obvious symptom of this is that Google's internal codebase is organized like a flea market rather than a phone book.

From what I read, Allo didn't get much in the way of support from carriers and OEMs. Practically speaking, Google needs their support to get something in the hands of users.

Google has developed a habit of trying multiple approaches to any given thing, and keeping what's most successful. For definitions of "successful" that aren't always what the rest of us might expect.

I gave Allo an honest shot when it first came out – I was excited by its feature set, and I was hoping for a far improved messenger app.

My first message went to my wife, who's on an iPhone. It was really difficult to suss out exactly how Allo wanted to handle this conversation... It seemed to both want to fallback to a default SMS while also trying to do some of the Google Assistant things, failing at both.

There are certainly some countries where the vast majority of users are Android, but it seemed pretty unfathomable to me that they'd push a product that didn't function appropriately cross-platform.

People using Android should live with the notion that Google siphons absolutely everything from their devices. One way is to block any application is not needed to "speak to google" (or Facebook, or any advertisers).

I always use and suggest to other Android users the NoRoot Firewall [1], and then disable/uninstall everything not needed. Of course that applied to IT pros, as tweaking things without the appropriate knowledge may/will result to a phone bricking/reset.

[1]: https://play.google.com/store/apps/details?id=app.greyshirts...

Any way to turn off auto picture upload when you send it over messaging?

I messaged a pic from my android to my email to edit. Instead of an attachment, it was uploaded and I got a link to an auto shared photo album in my google account.

If I'd sent it to someone else I'd have never known because I don't use google photos at all.

I understand saving bandwidth and trying to get people using account features, but no thanks.

My default is to assume anything uploaded will eventually be public via hackers or a misconfiguration somewhere.

How did you send a message to your email?

I took a picture with my phone and used the send option from the photo viewer with messenger. And entered my non-google email as the recipient.

In the past it would send it as an attachment. =\

If the messenger was your phone's default sms/mms client, sending email is a new trick for me! I just share to gmail or outlook and send it back to me. In outlook it helpfully tags these messages as "note to self". No google drive nonsense either.

There's no way you could brick the phone by using the NoRoot Firewall.

In general, my problem with these apps is that you shift your trust from one company to another. I have no idea who created this app, what their motives are, how securely they guard their signing key and so on.

People play fast and loose with the work 'brick' now-a-days. They usually don't mean brick as in it turns your phone into a brick that can't be brought back. They mean you have to go into recovery mode and restore it.

No I didn't mean it like that. I meant to brick the phone (or get to the need to reset) if someone starts disabling services. With NoRoot worst case scenario is to just block yourself from using some app online.

There aren’t open source versions?

DNS66 and NetGuard are similar open source applications.



"...should live with the notion that Google...

I don't think we can start from this premise anymore. This premise is precisely what is under question.

The laissez faire framing of this premise is: (1) users can use whatever services they want. (2) services have terms and conditions (3) don't like it, don't "sign it."

The frame that is taking shape (eg, GDPR, Zuck's parliamentary question time grilling) is different. Terms & Conditions are not a contract. Take it or leave it propositions are not OK (especially not for monoplies). They're a disingenuous game that does not represent an agreement in any way. Your actual agreement with customers is dictated by law and custom, and these are going to be updated.

South Park paradied this concept with the human centipod. It sounds simpler than it is, because our legal systems are ancient and ridiculous. Our legal systems can't, for example, just say "don't spy on everyone." It must define spying in minute detail, while trying to avoid loopholes and bycatch. This is why laws are so complicated.

But regardless... terms and conditions have reached well into the "reduced to absurdity" point.

Facebook is a monopoly? That’s absurd. Google also isn’t a monopoly. A monopoly doesn’t mean “big with lots of users and few competitors.” A monopoly is when a company is the exclusive provider of a service or a trade.

Bing, Duck Duck Go, Fastmail, Protonmail, iCloud, Vimeo

Twitter, Ello, Signal, 500px

It isn’t like Google and Facebook control access to steel thus making it impossible to build a new product.

So yes, you can just not use the service. I don’t use Facebook, Insta or What’s App anymore. No big deal for me at all; I just asked actual friends on Facebook for their email addresses. I share photos with iPhoto shared galleries, I use iMessage or Signal, I use Twitter.

Suggesting that we are obligated to accept terms and conditions is nonsense.

"A monopoly doesn’t mean “big with lots of users and few competitors.” A monopoly is when a company is the exclusive provider of a service or a trade."

That is the legal definition of a monopoly. Legally, at least in the US and the EU, one does not have to be the sole provider of something to have monopoly power.

And, quite frankly, I do not care if there are competitors or not. No one likes these terms, no one wants these terms, and no one sure as hell wants the company to be able to say, "Take it or leave it." So I'm perfectly happy with regulation saying they can't do that.

Interesting, but as it's implemented as a VPN, it looks like it can not co-exist with other VPNs.

This will not help with the issue that is raised by the article though. The new messaging service Google is pushing is broken by design. If it gets traction then a lot of conversation that were previously secure will no longer be so.

SMS is in decline because it has poor user experience. This helped provide security to users who decided to use other chat services. Now, if the experience is good enough users might flock back to using insecure communication.

So we've come full circle, back to the Windows 98 days. Amazing.

THANK YOU for linking this app

I have to admit it feels really good to block all these background requests.

I am still wondering whether or not LineageOS does send data to google. No definite answers seems to exist. :/

It depends. Do you install Google Apps (Gapps) and services?

no I don't. but the radio app is a huge black box for everything that the systems sends out and (without enabling root access) there is no way to see what's going on.

Wow! This is something ... getting evicirated by Amnesty International!

Oh, I hope this is Google having their “Facebook moment”!

It is, it absolutely is. People will run around going "Google is horrible! Google is terrible", and then ...

Nothing will change.

What realistic choices do people have? I use iOS, but given the choice between a decent Android phone like the Moto E that you can get for less than $150 and a $650+ iPhone, I wouldn't advise most people to get an iPhone.

I prefer the Android experience, but switched back to iOS / iPhone a couple years back precisely because I did ask myself how much Apple’s better-but-not-robustly-verifiable privacy posture was. I decided that, over the life of a phone, that was worth at least $500 and the associated lesser UX.

I don’t know that a smartphone has to cost $650, but I don’t think most US corporations will sign up to deliver a $150 smartphone that doesn’t mine your privacy.

Same. I really want to switch to Android for various reasons but can't bring myself to give up Apple's core respect for privacy.

LineageOS + MicroG is all you need to cut out Google and get enhanced, per-app privacy controls.

Sure. I'm not interested in spending my time hacking my phone tho, and I want to use Google services. I want privacy by default.

Also I'm less concerned about Google having my data than my messages being sent plaintext through carriers.

> What realistic choices do people have?

That's the problem. A market without competition is a cabal.

Love that can-do attitude.

The power of accurate observations is commonly called cynicism by those who haven't got it.

-- George Bernard Shaw

Hardly. The reason Facebook ceased to get a pass for everything it did was because user data was harvested without their permission (friends of friends) and was used for nefarious means. That was a huge shock, and just goes to show how complacent we are about digital privacy. Google’s “Facebook moment” is still very far away.

It isn't . It will have to be bigger, like something huge leaking. A lot of people wont care until everything google knows about them is known by the general public.

John Podesta's emails, say?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact