Google Backs Off On Previously Announced Allo Privacy Feature

When Google first unveiled its Allo messaging app, the company said it would not keep a log of chats you have with people when in incognito mode. The company released Allo for iOS and Android users last night, and it seems it is reneging on some of those promises. The Verge reports:The version of Allo rolling out today will store all non-incognito messages by default -- a clear change from Google's earlier statements that the app would only store messages transiently and in non-identifiable form. The records will now persist until the user actively deletes them, giving Google default access to a full history of conversations in the app. Users can also avoid the logging by using Alo's Incognito Mode, which is still fully end-to-end encrypted and unchanged from the initial announcement. Like Hangouts and Gmail, Allo messages will still be encrypted between the device and Google servers, and stored on servers using encryption that leaves the messages accessible to Google's algorithms. According to Google, the change was made to improve the Allo assistant's smart reply feature, which generates suggested responses to a given conversation. Like most machine learning systems, the smart replies work better with more data. As the Allo team tested those replies, they decided the performance boost from permanently stored messages was worth giving up privacy benefits of transient storage.

Who cares about Allo?

[danbob999]

Just improve Gtalk/Hangouts/whatever the new name is.

Re:

[danbob999]

That's exactly what I am going to do. And I bet I won't be alone, and this will be a failure.

Re:

[H3lldr0p]

I've seen the same question being asked everywhere and since there's been no official answer, I'm going to go with "internal politics".

No company is immune from it. Even engineers have politics. It's what greases the wheels of human interactions.

So I'm going to guess it's the same story here. Someone came up with a nifty way to do IM, presented it to their boss, it got pushed up until it became a competing project. And instead of integrating the projects together, the teams were forced to fight for resource

Re:Who cares about Allo?

[Opportunist]

I could imagine it was a bit like an engineer pondering "Hey, I know something! If we implement an IM where people can communicate anonymously and without the fear that their communication is recorded, we could get a ton of security conscious people to use it! And there isn't one like that right now, at least not in the public view, every other IM has of course all the features I'd want to implement, but they all also include corporate snooping."

This went up and down the various offices, changed hands, went from one table to the next, until one of the higher ups saw it and said "That's a great idea, and let's add corporate snooping so we can monetize it".

And so the 99th IM with exactly the same "feature" set nobody wants was created.

Re:

[Gr8Apes]

Adium/Pidgin with OTR.... usable across a multitude of current server based IM systems and about as secure as you can be, considering all IMs can be intercepted and recorded.

Add Jitsi to the list

[DrYak]

Adium/Pidgin with OTR....

Jitsi is another interesting clients.

- Supports XMPP/Jabber/Jingle and SIP (a little bit less options available than Pidgin)

- It also has support for OTR (so a Pidgin+OTR user can have a end-to-end encrypted chat with a Jitsi user, all this over a Jabber connection with Google Talk/Hangouts)

- It also has support for ZRTP (so Jitsi user and, e.g.: a Twinkle user, can have a end-to-end encrypted Voice-call, over some random SIP provider).

Re:

[allo]

I care.

SCNR.

Re:

[danbob999]

Why?
What feature does Allo bring that you were waiting for?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[allo]

I should sue google, i am having the older rights ;-).

Wrong decision

[Errol backfiring]

the Allo team .. decided .. was worth giving up privacy benefits

That is not for the dev team to decide. Let the user decide it. But off course, this is Google. There Is No Such Thing As Privacy.

Re:

[EETech1]

Smart Reply...
Let Google think and speak for you now too!

The better we get to know you, the less you'll have to think about anything...

Re:Wrong decision

[93 Escort Wagon]

The user does decide. They use incognito, or not. They delete the data, or not.

You drink the Google Koolaid, or not.

Re:

[Dr. Evil]

"Are you implying that pointing out a blatant misrepresentation counts as drinking koolaid?"

The expression comes from cult leaders who gave their followers poison. https://en.wikipedia.org/wiki/Drinking_the_Kool-Aid [wikipedia.org].

The implication is that you believe so much in the leader's vision, that you'll drink poison if they command you, I think does compare to believing in Google's vision so much that you'll sacrifice your privacy for their free, convenient apps.

Re:

[Opportunist]

Yeah. Uhhuh. If you believe that, I got a beautiful, only slightly used, bridge near the harbor of SF to sell.

Re:

[chihowa]

For that matter, the internal culture of the company is such that employees would call it out if the FCC's auditors didn't.

The internal culture that "decided the performance boost from permanently stored messages was worth giving up privacy benefits of transient storage"? The internal culture made up of people who voluntarily chose to work for the largest personal data-mining advertising company in the world? The internal culture of the company that, as you just pointed out, has to be continually audited by the FCC because of previous privacy abuses?

Yeah, I have a hard time putting faith in the integrity and commitment to priva

Re:

[bfpierce]

It's absolutely in the dev team decision domain, you know, the whole 'tradeoffs' thing. Maybe they don't teach that these days.

Don't use the app if it offends your sensibilities, or if you really 'must' use it, use the incognito mode.

Re:

[irrational_design]

Wait, I thought that was Facebook's tagline.

Re:

[rainer_d]

the Allo team .. decided .. was worth giving up privacy benefits

That is not for the dev team to decide. Let the user decide it.

Your idea of the "users" of Google is just wrong. Their users are the companies that pay for the ads. What you think are users are really the products that are sold to the actual users.

Re: Wrong decision

[hackwrench]

I think you have confused users with customers. The users are the people who are using the software to hold conversations. The customers are the ad people.

Why does anyone trust Google anymore?

[Anonymous Coward]

Why does anyone trust Google anymore? They are so far beyond evil it's not even funny.

Re:

[sittingnut]

one has to be born idiot loser to trust google, given their record.

not to mention employing war criminals like jared cohen?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[mlw4428]

How are they evil? Sure they're selling some information...but I guess I just don't equate that with being evil. But not only that you're suggesting that they're "far beyond evil." What does that mean? Has Google started assassinating people? I mean "beyond evil it's not even funny" just seems like a massive stretch.

Re:

[Qbertino]

Why does anyone trust Google anymore? They are so far beyond evil it's not even funny.

  Yeah. Facebook and WhatsCrap are much more trustworthy.

Re: Why does anyone trust Google anymore?

[hackwrench]

I think you misspelled Farcebook.

Re:

[Actually, I do RTFA]

Why did anyone trust Google ever?

Re:

[HiThere]

While evil, I wouldn't call it beyond evil. They did, after all, make their policy change publicly available knowledge. If they'd kept it secret they would have deserved your hyperbole.

Re:

[AmiMoJo]

Not really. Compared to most tech companies they are saints. Sure, we would prefer they didn't log and track everything, but at least they don't give the raw data to advertisers or willingly and it to law enforcement without a warrant.

In the scheme of things they are relatively benign and at least provide some privacy controls and useful services when you do let them log. Compared to people like Facebook...

Am i missing something?

[hyperar]

When Google first unveiled its Allo messaging app, the company said it would not keep a log of chats you have with people when in incognito mode. The version of Allo rolling out today will store all non-incognito messages by default

The first sentence talks about INCOGNITO messages and the second about NON-INCOGNITO ones.

Re:

[genessy]

I wondered the exact same thing. I wonder just who is suffering from a reading comprehension disability, us or the poster.

Re:

[CByrd17]

The quote is misleading. What Google is backing off is the idea that ALL messages would be transient.
Now only Incognito ones will be.

Re:

[hyperar]

The quote is misleading. What Google is backing off is the idea that ALL messages would be transient. Now only Incognito ones will be.

I really didn't follow Google's advertisement of Allo, so i really didn't understand the point of the article, if Google actually advertised what you said, now i get it, i just didn't get that from the story.

Re:

[hyperar]

Of course you didn't get it from the story, because you didn't RTFA. See the linked "reneging on some of those promises". The very first paragraph of that article

Alongside the end-to-end-encrypted Incognito Mode, the Allo team talked about bold new message retention practices, storing messages only transiently rather than indefinitely.

Saying alongside incognito means they are talking about something other than incognito.

But that wasn't in the article, was it?, it was in another page, the article is poorly written

Re:

[amRadioHed]

But the original Verge article only says that Google won't store your messages on their servers, it's not talking about storing them on your phone. And now this article is saying the same thing, the messages will be kept on your phone but not on Google's servers. No change.

Whoever wrote this article is confused.

Re:

[DaTrueDave]

It's not simply "misleading," it's downright incorrect. This is the type of libel that could result in legal consequences.

Defaults

[DrYak]

The first sentence talks about INCOGNITO messages and the second about NON-INCOGNITO ones.

Yup, you're missing something : default setting.

By default, on Allo, every conversation is non-incognito. You need to explicitely jumps some (albeit small) hoops to gain privacy by accessing the incognito mode (it works the same as the various "incognito tabs", "porn mode tabs", etc. that have appeared on browsers).
For everyone else, Google's AI will mine the shit out of everything you say - "to help make the AI better by better knowing you, and thus giving you more relevant answers and auto-suggestions" (i

If it's stored - it's vulnerable

[Anonymous Coward]

May as well throw away any claim of privacy.

Getting fed up with the whole premise that absolute 100% privacy outside of intended recipient is NOT DEFAULT AND NOT POSSIBLE.

Settings?

[cmiller173]

I'm curious. In the settings you can disconnect the app from your google account. Would that prevent the logging of non-incognito messages?

Re:

[Actually, I do RTFA]

Nope. A large part of the value of the messages is as a corpus for machine learning.

Re:

[Opportunist]

I can't help but be a little bit turned on by this...

Re:

[HiThere]

You do know that email is, by default, unencrypted during transmission, don't you? Email has/should always been looked on as being as secure as a post card. The thing about things like GMail is that they provide a convenient place for the company to look at everyones messages not only during transmission, but while stored.

Running your own email server doesn't provide you with security during transmission unless you opt-out of the email protocol and replace it with something like https. (Even then there k

Comment removed

[account_deleted]

Comment removed based on user account deletion

Why trust Google?

[Noryungi]

No privacy? Use Signal [eff.org].

One more time, with feelings: use Signal. Use Signal. Use Signal. [whispersystems.org]

Re:

[Herschel Cohen]

>> Use Signal

Seconded ... or thirded (if late) ... or even fourthed (if very late) ...

Re:

[chihowa]

System requirements: Android 2.3 and up, with Google Play Services.

If you want privacy from Google's snooping, use a messenger that requires that Google have closed source system-level services running on your phone and makes extensive use of Google's services for key exchange!

Privacy!

Re:

[Rexdude]

Good luck getting all the people you currently communicate with to switch over, unless they're all security experts or whistleblowers. Network effect's a real party pooper. If only XMPP had taken off the way email did.

Not encrypted at all

[Anonymous Coward]

It's not encrypted at all if google can read your messages. If google can read your messages then the government can read your messages and some other government can read them and bad hackers can read your messages.

I'm seeing pattern here...

[BlueCoder]

Google knows we want real encrypted messaging on phones. It should always be an option to not be tracked. The better results of ____ is a pretext. All governments are going to pressure them to store conversation logs. They know people will notice a change of terms and are looking for the backlash to have something to show those governments.

Re:

[Actually, I do RTFA]

TFS, not even TFA, states a very convincing alternative rationale: they want the data to use as a corpus for their machine learning algorithms.

Re:

[Guillermito]

Who is "we"? Is there really such a huge demand for encrypted messaging? I'm sure most people value more the convenience of being able to switch devices and still see their chat history across all of them over the enhanced privacy they would get by not having their messages centrally stored.

I'm Shocked! Shocked, I say...

[macs4all]

"...As the Allo team tested those replies, they decided the performance boost from permanently stored messages was worth giving up privacy benefits of transient storage."

Chuckle. Chort. Snigger. Guffaw...

Why do they even bother to TRY an LIE anymore?

The real question

[DaDaDaaaaa]

Why the hell would I use a platform purposefully made so that Google can datamine the living shit out of my personal interactions with all my friends and family and spam me with ads while I am talking to them so they can sell me ads to the highest bidder and make more money? It's the equivalents of pigs saying "Wow this slaughter house is so cool, they have free food and it's so comfortable! I think I'm going to stay here!". No thank you. I will keep using Signal and Telegram. Anyone who cares about these gimmicky features is a retard.

Re:

[Rexdude]

If the group of people you communicate with are privacy conscious enough to use Signal and Telegram, I envy you. Nobody I know uses or cares about Signal, they're all happy sitting with Whatsapp so I'm stuck using that as well.

Uh-huh

[ThatsNotPudding]

'Google decided.'

They don't have any canaries at the Chocolate Factory, do they?

Incognito is still private

[phorm]

This is a pretty poor summary, as others have mentioned. It appears the initial promise was that all messages would be unlogged, but that now only applies to incognito mode.

Realistically, as long as this works in "incognito", it's not really a bad thing to log messages in the regular mode. Sometimes there are good reasons to want your chat logs (e.g. if somebody told you how to do something and you need to reference an old chat, etc).

Want private? Just go Incognito.

Re:

[amRadioHed]

No, the initial promise was that the message wouldn't be stored on Google's servers and that is still the case. The author of the article is just confused.

Allo? Allo?

[tmjva]

And will Herr Flick ever find the painting of the Madonna with the big boobies?

Encrypted but not protected.

[fahrbot-bot]

... and stored on servers using encryption that leaves the messages accessible to Google's algorithms.

So, not stored securely at all.

You keep using that word "incognito"

[sttlmark]

I do not think it means what you think it means.

Crowd

[poofmeisterp]

Quite simply, privacy supports terrorism in many peoples' eyes. The government has backed the concept, but focused on encryption.

It looks like another attempt to rewrite the rules to have a win-win (big shocker there). There's more money in winning.

Win: Government and people who really think that things like encryption limitation will somehow thwart terrorists are now happy. Google gets points and possibly more investment from people.
Win: Google has rewritten the conceptual rules and can now also use tha