Don't Use Google Allo (vice.com) 127
At its developer conference on Wednesday, Google announced Allo, a chatbot-enabled messaging app. The app offers a range of interesting features such as the ability to quickly doodle on an image and get prompt responses. Additionally, it is the "first Google" product to offer end-to-end encryption, though that is not turned on by default. If you're concerned about privacy, you will probably still want to avoid Allo, says the publication. From the report: Allo's big innovation is "Google Assistant," a Siri competitor that will give personalized suggestions and answers to your questions on Allo as well as on the newly announced Google Home, which is a competitor to Amazon's Echo. On Allo, Google Assistant will learn how you talk to certain friends and offer suggested replies to make responding easier. Let that sink in for a moment: The selling point of this app is that Google will read your messages, for your convenience. Google would be insane to not offer some version of end-to-end encryption in a chat app in 2016, when all of its biggest competitors have it enabled by default. Allo uses the Signal Protocol for its encryption, which is good. But as with all other Google products, Allo will work much better if you let Google into your life. Google is banking on the idea that you won't want to enable Incognito Mode, and thus won't enable encryption.Edward Snowden also chimed in on the matter. He said, "Google's decision to disable end-to-end encryption by default in its new Allo chat app is dangerous, and makes it unsafe. Avoid it for now."
If it is insecure... (Score:1)
Re:If it is insecure... (Score:5, Insightful)
encryption is not usually user friendly. You have to *do something* or several somethings to configure it to make it work.
This is not inherently true. A device can collect ambient randomness (from keystroke timing, thermal jitter, low bits of camera pixels, etc.), and use that to generate keys, without any action from the end user. There is no good reason that we cannot have effective end-to-end encryption in a user transparent way that even grandma can use, without even realizing she is using it.
Re: (Score:3)
Encryption doesn't come out of thin air. The value in encryption is that you are uniquely identified in order to gain access to your communication. Verifying that you are, in fact, you requires effort. You must set up trust, and you must maintain that trust. Otherwise you're just encrypting things because you like to use all the surplus compute cycles on your processor.
Re:If it is insecure... (Score:5, Informative)
You're conflating encryption and authentication. They're very useful together, but they both serve unique roles and each has value outside of their use together.
Re: (Score:3)
Not true.
Authentication doesn't need encryption, but encryption always needs proper authentication.
Even if that authentication is limited to who holds the key.
Re: (Score:2)
That's not the case. Opportunistic encryption has value, even if the holder of the key is unverified. Even an encrypted communications channel that is being actively attacked by a man-in-the-middle is protected from other eavesdroppers. The value is much greater if the two are combined, but encryption without authentication does have some value, depending on the nature of the communication being encrypted.
For example, TLS in SMTP (as implemented in most MTAs) does not require the presented certificate to be
Re: (Score:2)
no, most e2e can work with trust-on-first-connect quite okay and you only need to verify if you need to. Still it will be 100% efficient when the first contact was secure (you have a good chance it was, if you're not edward snowden).
Re: (Score:2)
Re: (Score:3)
I always tell people who think they have nothing to hide something to the effect of "So did German Jews before the 1930s".
Re: (Score:3)
...is going to be a big success. Don't ask me why, this is how the market work :)
So far Google has not been particularly successful with any of its social ventures, so I'm not sure why you're expecting that to happen now.
Re: (Score:2)
They had too much security and stability - all that security made them more difficult to use, and they lost market share to the likes of Facebook. As for stability: I'm still at a loss as to why mass market users seem to prefer buggy crashy platforms, maybe it makes them feel more like "cutting edge hackers."
Re: (Score:2)
And that is why I'm not interested. One manager gets a soggy bowl of cornflakes and *POOF* it's gone.
Re: (Score:1)
Go away FBI shill.
Re: (Score:1)
Fine, I have to expand the list:
1) paranoid
2) cheating
3) stupid
Thanks for making me be pedantic, retard.
Re: (Score:3)
...said the guy whose house was burgled because the wrong person found out he'd be out that night.
Re: (Score:2, Insightful)
Yes, because people who break into houses are the same kind of people who have elite hacking skills.
Unless you're rich and/or famous, NO ONE CARES about your texts.
Re: (Score:2)
...said the guy whose house was burgled because the wrong person found out he'd be out that night.
Paranoia was list item #1. We covered that already. How about sitting outside your house in a car and waiting for you to leave? No l33t sk1lz required.
Re: (Score:3, Insightful)
If you care whether your texts are encrypted, you're either paranoid or cheating on your wife.
... or someone who has never read a history book. You may have no need for encryption today, but if someday in the future you realize you actually do need it, it may be too late.
Re:Stop the paranoia, please (Score:4, Insightful)
"If you care whether your texts are encrypted, you're either paranoid or cheating on your wife. "
Following that logic: If you post as AC, then you are either paranoid or afraid of what you wrote.
Re:Stop the paranoia, please (Score:4, Insightful)
The difference is that with AC, there is no way to correlate posts and put a person's statement in context. It is impossible to know if this is someone that is always rude, calling people names just because they disagree without any counter-argument - or if this a person who actually adds some thoughtful insight to a topic. There is also no way to know if this is a shill, or if this person has a particular axe to grind. There is also no way to know if someone makes a statement and then follows up with a bunch of others agreeing with their own post.
That said, I do agree with the premise of your question. You don't know who I am. But at least you can look at my other posts and get an idea whether I am trying to make a serious point or just being a jerk or shill.
I am a moderator on a different forum - one that requires full real names. It is amazing how thoughtful and polite people are when they have to personally stand behind the statements they make.
Re: (Score:3)
If you care whether your texts are encrypted, you're either paranoid or cheating on your wife. Get over yourself.
By the same token, you should be comfortable sending personal correspondence on postcards.
Re: (Score:3)
Or maybe you just don't want to give Google extra help prosecuting psychological warfare on you.
Google's business is to get you to buy stuff their advertisers want you to buy. Both Google and the advertisers employ cutting edge psychology to try and manipulate you into do that.
Re: (Score:3)
If you care whether your texts are encrypted, you're either paranoid or cheating on your wife. Get over yourself.
Slashdot's captcha should include an IQ test.
Re: (Score:2)
So what? Cheating is not illegal but I do want it to be private. And I also don't want the FBI to know where, when and from/to who I buy/sell my pot.
I let it sink in. (Score:2)
I would probably still use it. For my convenience I happily share a lot of things.
There are of course things I won't share but then I won't use this service for those.
Re: (Score:2)
--Microsoft
Re: (Score:2)
I'm a windows user you insensitive clod.
The description actually talked me into using it (Score:4, Insightful)
Re:The description actually talked me into using i (Score:5, Insightful)
Re:The description actually talked me into using i (Score:4, Insightful)
Re:The description actually talked me into using i (Score:5, Insightful)
Re: (Score:2)
I live off-life and block ever tracker. Normally when I'm looking for Subarus and Pizza I get ads for penis enlargement pills and local hotties who want my phone number. I never chased those hotties, I got too busy punching the monkey.
Re: (Score:2)
Re: (Score:2)
You don't mind seeing a filtered view of the world that looks how you would prefer it rather than how it actually is?
What filtered view of the world? I know people have been talking for years about the possibility of Google search becoming so personalized that it filters out all contrary views but personalized search isn't that personalized, and I don't think it ever will be.
Data mining may be a concern, depending on your perspective, but the "filter bubble" really isn't. Not with Google search, at any rate. I think it is a concern on social networks and in online forums where people congregate only with those who think
Re: (Score:2)
Re: (Score:2)
Pretty much. I can turn on the incognito mode if I need to.
Why would you? (Score:2)
Don't you like having a history of what you've said in chats? Incognito mode erases the history when you are done...
Wouldn't you just rather have a chat app that's encrypted all the time and lets you decide when to delete a chat or not?
Alternate Title? (Score:5, Insightful)
Re: (Score:3)
How does that solve anything that is bitched about in the summary? The app has access to any data before and after it's encrypted, so enabling "end-to-end encryption" doesn't actually hide anything from Google. They control both of the ends! Further, the app is closed source, so you have no way to know what is or is not harvested.
If you don't care if Google spies on you, then use Google services and products. If you do care, don't use them. The encryption in the this story is a red herring.
Re: (Score:2)
Some guys will want the protection of wearing condoms and other guys will want to bend over and be barebacked by all comers.
Since that really comes down to an entirely personal preference, why should setting the default to one side be any worse than setting the default to the other?
Uh what? (Score:4, Insightful)
Re: (Score:2)
Skype is end-to-end encrypted.
Re: (Score:2)
Thanks. I stand corrected, embarrassingly so.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
You prove my point. The world has over 6000 languages and the website you listed supports fewer than 100.
That nerds working for Microsoft prioritise a language off a TV program doesn't diminish that fact.
Allo, allo? (Score:2)
Who's there? Well, just about everyone if it's not encrypted...disappointing.
You'd think that with all Google's resources they could come up with something better, like:
1. Encrypted (default)
2. Encrypted but where Google has the key so can "listen in" and provide those helpful suggestions, and
3. Not secure.
Come to think of it, if you had option 2, who in their right mind would opt for option 3?
Re: (Score:2)
They did. Except just 1 and 2 and in this order. There is no 3 because that would be dumb.
1. Encrypted but where Google has the key so can "listen in" and provide those helpful suggestions (default because the app wouldn't be able to do anything cool otherwise)
2. Encrypted end to end for people who want it.
End to end encryption has its benefits but it also prevents a lot of cool things like the chat bots, syncing messages to desktop and tablets, and other cool things.
I'm excited to try Allo (Score:1)
Re:end to end nothing, the end is Google, that is (Score:5, Funny)
The ONLY solution to hot mic technology, is to nip it in the butt before it takes hold.
The phrase is "nip it in the bud" - to cut it off before it flowers. Nip it in the butt, means something rather different. No bad, just different.
Re: (Score:2)
end to end means nothing, the end is Google, that is bad
No, the end is the other party you're chatting with. Google doesn't have access if you use incognito mode. Of course, you'll lose most of the features of Allo in incognito mode. If you're not in incognito mode, the communications are all encrypted, but it is between you and Google and Google and the other person, so the AI can do all of the assistant stuff.
Given that Google is in bed with the Alphabet (pun intended) agencies
No, Google is not in bed with the three-letter agencies. There is absolutely no evidence that Google ever has been in bed with them. Google complies with
Don't tell me what to do (Score:5, Insightful)
Don't Use Google Allo
Well that's a bloody condescending headline. Tell me why you think I shouldn't, or tell me that someone notable like Snowden has said not to use it, but don't tell me what to do.
I'll use Google Allo if I want to*, end-to-end encryption or not.
*I don't want to, but that's beside the point!
Re: (Score:3)
Don't Use Google Allo
Well that's a bloody condescending headline. Tell me why you think I shouldn't, or tell me that someone notable like Snowden has said not to use it, but don't tell me what to do.
I'll use Google Allo if I want to*, end-to-end encryption or not.
*I don't want to, but that's beside the point!
What I am hearing is someone triggered you and you now need a safe space where people won't tell you what to do.
Re: (Score:2)
No, I just prefer news sites not to assume I'm stupid.
Re: (Score:1)
The author read your post history. No assumption was necessary.
Leesen vehry carefulee,I shall say ziz ahnly wance (Score:3)
Definitely don't use Google Allo Allo.
Re: (Score:1)
Don't tell me what to do!
They're not. They are telling you what NOT to do.
Dangerous suggustions (Score:2)
Trust me it will be auto correct on steroids. Screen shots will show up in divorce proceedings.
Although on the other hand, for those of us that can't stand small talk over text, its a god send. Sure, lets reply to small talk as if I'm good at doing that. It will be a protection against actually trying to explain in depth how my day went.
Snowden (Score:2)
Why should I, or anyone else for that matter, care what Snowden has to say on the matter (or any other matter for that matter)? He stole and leaked documents. That provides no basis whatsoever for him having the skills or certification for him to speak meaningfully into the technical nature of this particular issue.
Re: (Score:2)
I would agree with you if he was giving a critique of the algorithms or implementations of the encryption, but he's certainly technically competent (as am I and I suspect you) to discuss the danger of non-end-to-end encrypted connections, with regard to eavesdropping.
Re: (Score:1)
I'm not saying he's an idiot, but there's a difference between having the media's
Re: (Score:2)
I guess my point was that "technically competent" for knowing that non-end-to-end encryption is insecure is a low bar. Really low. I assume any computer literate person to understand what that means. Heck, anyone who uses public wifi should know what that means.
A computer reading my messages?? (Score:2)
Are you missing a comma? (Score:2)
I won't let you tell me what search engine i should use.