Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Privacy

Google Accused of Showing 'Total Contempt' for Android Users' Privacy (bleepingcomputer.com) 100

On the heels of a terse privacy debate, Google may have found another thing to worry about: its attempt to rethink the traditional texting system. From a report: Joe Westby is Amnesty International's Technology and Human Rights researcher. Recently, in response to Google's launch of a new messaging service called "Chat", Westby argued that Google, "shows total contempt for Android users' privacy."

"With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications. Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers," Westby contended. Westby continued, saying: "In the wake of the recent Facebook data scandal, Google's decision is not only dangerous but also out of step with current attitudes to data privacy."

This discussion has been archived. No new comments can be posted.

Google Accused of Showing 'Total Contempt' for Android Users' Privacy

Comments Filter:
  • Guilty! (Score:5, Insightful)

    by amiga3D ( 567632 ) on Monday April 23, 2018 @04:42PM (#56491093)

    Guilty as charged. I think it's time for some serious anti-trust action in Federal court.

    • Well past time to restrain our government, agreed. But antitrust? I was thinking of relatively simple legislation.

      Oh, and outlaw that forfeiture crap too.

    • Re:Guilty! (Score:5, Informative)

      by TechyImmigrant ( 175943 ) on Monday April 23, 2018 @05:19PM (#56491257) Homepage Journal

      Guilty as charged. I think it's time for some serious anti-trust action in Federal court.

      Nope. It's messaging on the cell phone signalling protocols, just like SMS. This is different to an application running on the top.

      When you are defining such protocols, the governments of the world require "Lawful Access" laws to be adhered to. When we were working on WiMax, the FBI turned up to the meetings to discuss the LA features in the protocol.

      This is why you do secure messaging from and app, over IP.

      SMS and it's brethren will never be secure and there's nothing Google or anyone else can do about it, without a major change of behavior on the part of governments.

      • by mikael ( 484 )

        You can always create a message, encrypt it, run it through uuencode, then send it as an SMS. Reverse the process at the other end.

      • I didn't RTFA, but I wonder if this app is a way to shoehorn in RCS (which is a 'rich content' version of SMS)?

        All part of the sudden urge by telcos to stay relevant - Whatsapp/Telegram/Instagram/Snapchat - all of them have hugely eaten their lunch for a long time. I'd imagine they'll continue to do so for a long time too, but time will tell.

        • I didn't RTFA, but I wonder if this app is a way to shoehorn in RCS (which is a 'rich content' version of SMS)?

          All part of the sudden urge by telcos to stay relevant - Whatsapp/Telegram/Instagram/Snapchat - all of them have hugely eaten their lunch for a long time. I'd imagine they'll continue to do so for a long time too, but time will tell.

          Yes it is, as are most 'service' protocol added to the cell phone protocols. While users tend to want the wireless to just carry IP well and leave the services to run on top of that.

          Do you miss WiMax yet? An 802 protocol with the same service model as 802.3 and 802.11.

    • by Anonymous Coward

      Guilty! by amiga3D ( 567632 )

      Seeing all of your past post bitching and complaining when Apple was evil for adding in their own end to end encrypted messaging that didn't use the "official SMS standard", it's shocking to see you hold a completely opposite stance when it isn't Apple doing it.

      So as you have said:

      Not using SMS and using encryption, when you are Apple, evil and bad!
      Not using SMS and using encryption, when you are Google, they are the bastions of freedom!

      Using SMS and not using encryption, when you are Apple, of course Apple

  • Re: (Score:1, Insightful)

    Comment removed based on user account deletion
    • by Daniel Sobey ( 3688321 ) on Monday April 23, 2018 @05:29PM (#56491321)
      You know allo exists? By default it does not use end to end encryption but you can enable it if you want to.
    • by mjwx ( 966435 )

      Google would never allow end-to-end encryption of data that they'd like to mine. Why would anyone be surprised?

      Except that they do.

      You need to stop thinking like an iSheep. Not enabling by default does not mean it is strictly verboten on Android.

      If you're worried about Google reading your inane and vapid messages, don't use the default message app. This isn't like the Iphone where you've got no choice. I'm sure there's an app that can easily replace Google's yet to be released "Chat". Also SMS isn't a secure protocol to begin with, basically you need to use a different protocol completely for end to end encryp

  • Back door (Score:3, Funny)

    by sit1963nz ( 934837 ) on Monday April 23, 2018 @04:44PM (#56491109)
    Google has seriously looked at the best means of supplying an encryption "back door" and it turns out the best way is no encryption , let everyone know the alphabet agencies can spy on you, and a warning not to post anything important.
  • by 140Mandak262Jamuna ( 970587 ) on Monday April 23, 2018 @04:49PM (#56491137) Journal
    You set up web site and offer some trivial thing like 25 cents off a loaf of bread, and ask users to setup an account. They will use the same user name password they use for their bank account, and give you all the security question answers too.

    It is debatable, whether Facebook and Google show more contempt towards privacy than the users themselves

    • by Anonymous Coward

      It is debatable, whether Facebook and Google show more contempt towards privacy than the users themselves.

      You say it's contempt. I say it's naivety. It'd be illegal to use the username/password on another site, and the naively think they can trust companies not do illegal stuff. This probably stems from the delusion that if a company were to do such a thing, someone would actually be punished.

      Take the above and consider sites like Facebook that allow you to set things as "private". It's no longer a ques

    • Comment removed based on user account deletion
    • by AmiMoJo ( 196126 )

      That's probably why most banks create a username and password for you and don't let you change them. Then you get to set an additional password of your choosing some kind on top.

      It's the kind of half baked but kinda-works solution banks seem to think is fine, but at least they avoid the obvious pitfalls and "Login with Facebook".

  • by AHuxley ( 892839 ) on Monday April 23, 2018 @04:52PM (#56491153) Journal
    Wont someone think of the ads and profits.
    All that real time data to collect and sell.
    You are the product.
  • by Jason69 ( 661789 ) on Monday April 23, 2018 @05:09PM (#56491227)
    Google "Chat" is a protocol much like "SMS". It's not a service in and of itself but the underlying carriage for services to ride on top. Those services should absolutely include encryption but that is not the protocol's job to handle. "Joe Westby is Amnesty International's Technology and Human Rights researcher" Sounds like this research should do a little more research.
    • by Anonymous Coward

      You mean so we end up with steaming piles of shit like TLS? Please. Protocol has _everything_ to do with it.

      Amnesty International works in some of the worst places on the planet, they know just a weee bit about real security. As in, the mere connection from your device to another can get you killed. The w3, Google, etc. all don't give a damn. Their perversion of security is akin to walking into a bank. Sure, you're secure from anyone on the street seeing what you deposited but they still know you

    • by Anubis IV ( 1279820 ) on Monday April 23, 2018 @06:50PM (#56491623)

      Google "Chat" is a protocol much like "SMS". It's not a service in and of itself but the underlying carriage for services to ride on top. Those services should absolutely include encryption but that is not the protocol's job to handle.

      Actually, it is, because end-to-end encryption cannot feasibly exist* unless a key exchange mechanism is defined by the protocol. Moreover, it's clear that you're thoroughly confused both about what end-to-end encryption actually means and what Chat actually is.

      Encrypting each link in the chain—which is what you're talking about when you suggest it's a server's/service's job to handle encryption—is not the same thing as end-to-end encryption [wikipedia.org]. End-to-end encryption means that only the sender and the recipient are privy to the messages: not the server, not a service, not anyone else in the chain. For that to happen, the message that you're sending has to be encrypted on your device in a way that only your recipient's device can decrypt. For all of that to work, you need a key exchange mechanism baked into the protocol in some way, since otherwise your device would have no idea what keys to use. The individual links along the chain may additionally be encrypted, but even if they weren't the message would still be end-to-end encrypted.

      At this point, end-to-end encryption is simply table stakes for anyone joining the chat game. Anyone trying to enter the field with a chat system that doesn't offer end-to-end encryption is declaring their intent to scan every single one of your private messages for profit.

      As for your protestation that it's a protocol not a service, it actually is a service, in the same way that SMS is both a protocol and a service. Chat supports richer content and a few other niceties that put it above SMS, but it clings to almost all of SMS's flaws, in that it isn't end-to-end encrypted, it's dependent on carrier support, and it's been superseded by far superior products from other companies (e.g. iMessages, WhatsApp, etc.).

      *Okay, technically it can, but what must necessarily happen when using those protocols is that people have to share their public keys with each other in some other manner, such as a real life exchange or a trusted, third-party service, at which point those practices become de facto aspects of the protocol as a result of their necessity. Moreover, no protocol of that sort is suitable for use by the general population, hence why those sorts of protocols are relegated to users who are willing to sacrifice any notion of convenience in the interest of achieving the best security.

  • by shess ( 31691 ) on Monday April 23, 2018 @05:19PM (#56491259) Homepage

    While Google is putting support behind RCS, it's not a Google thing, it's an industry-standard evolution of SMS. Google really should do better and offer end-to-end encryption, but that would only work in their walled garden, and they would still have to interoperate with everyone outside of that garden, who they have no control over.

    • RCS is a communication protocol. We can encrypt the data just like with SMS using the client of our choice. https://github.com/SilenceIM/S... [github.com] Using an open, distributed protocol is much better than a closed ecosystem. For example, the keys for iMessage and most other encrypted messaging platforms are controlled by the central servers managed by the company. They issue new keys every time a new device is added to the account. It is usually not possible to see what keys have been issued or to otherwise
  • Guess which one it is. Hint: It tangentially has to do with robots.

  • One day there was noise in my kitchen. I went there and saw Bill Gates eating my ice cream. I asked him why he thought it was okay to do that. He said permission to eat my food was on page 89 of the Windows 10 license agreement.

    I asked him why a billionaire would want to eat someone else's ice cream. He said it gives him a feeling of superiority.

    Also, he said that there is a competition among billionaires to see who can be the most abusive. He still manages Microsoft: "I'm there about 15 percent of th [charlierose.com]
  • I don't use messaging on anything. Don't trust it.
  • by Opportunist ( 166417 ) on Monday April 23, 2018 @05:49PM (#56491413)

    Now that the whole Facebook shit hit the fan, we can finally hope that this whole privacy destroying data collection madness gets some attention.

    Keep the stories coming. And make sure that they keep the steam they have now.

    And yes, it doesn't even matter what kind of story. Few people will actually understand what's really going on anyway. But what matters is volume. If there is story after story after story about how companies destroy our privacy, people will finally listen. Not because they understand, but because of the amount that surfaces.

  • by Anonymous Coward
    Any reasonable person knows that large-scale messaging services offering end-to-end encryption facilitate sex trafficking. It is not legal to knowingly do that in America today. Starting any new end-to-end encryption product without retaining a key is folly unless you lock it from US or Russian use. It's a recipe for losing big money in civil suits.
  • "out of step with current attitudes to data privacy."

    The current and former CEO have made it very clear what their stance on data privacy is: "privacy is dead;" was the quote. So Google's current attitude about data privacy is the same as it has always been. From their point of view, they're doing you a favor in not trying to delude you into believing that you have privacy and being upfront and out in the open that you have none.

  • by Anonymous Coward

    Hey asshole -- you use my code, then you are my bitch

    -- love, Sergey

  • by viperidaenz ( 2515578 ) on Monday April 23, 2018 @08:47PM (#56492043)

    Chat isn't a replacement for any encrypted communications tool.
    It's a replacement for SMS, which is also not encrypted.
    It's required to be backward compatible with SMS, because not all networks or phones will support it. You can't do end-to-end encryption when one end doesn't support encryption.
    It's required to be operated by cellular carriers, so to be able to be operated in various countries, access to messages is a requirement, like SMS.
    It's required to not have a central set of servers that are operated by a single company, like iMessage, WhatsApp, etc.

  • This is just like gmail where you cannot received encrypted files (such as .7z). Google will not handle emails they cannot open and read.

  • WHY?

    I own an Android phone but Google are _RETARDED_ with messaging apps.
    The amount they've made in the past decade and either modified or cancelled is UTTERLY mind boggling, it's fascinating, it's ... it's incredible just how poor they've handled this.

    I can't put in to words properly just how confusing and terrible it is. They have failed in every conceivable way. They just can NOT stop making new ones, killing old ones, damaging features. It's a total and utter disaster.

    I use whatsapp and 'normal' SMS / text. I won't use Google Chat, Google Hangouts or Allo or anything because they WILL terminate / ruin it in time.

    All they had to do was copy iMessage and have some kind of "SMS from your PC / ipad" functionality and they would've been golden, but nah, they decided to do an utterly, utterly miserable job.

  • by Etcetera ( 14711 ) on Monday April 23, 2018 @10:21PM (#56492299) Homepage

    End to end encryption is fine, but Google (for once) is doing the right thing by having a telco standard instead of an over-the-top app sending God-knows-what.

    Would I like to see end-to-end encryption? Yes. I'd like to see SS7 issues fixed first. There are plenty of E2E secure messaging solutions out there and I can't see why RCS is worse than MMS as a solution for enchanced SMS service.

    At the very least, this is a fully interoperable system, not tied to Google, Inc or any specific carrier.

    That's a Good Thing.

  • Because "Chat" was just the fancy name they gave to RCS, which (to my knowledge). I don't think they really have anything to do with that... they just provided a convenient package for carriers to use to get RCS implemented. By that same logic, should we use the same case due to the fact that their Messages app uses SMS which is also completely devoid of encryption and security?
  • Yes, RCS is a replacement for SMS which is also not encrypted, but this is about Chat, the app that Google is packaging this protocol with standard in all Android phones in a near future, possibly in the next Android update.
    An no, just because RCS is a protocol doesn't mean it couldn't have included encryption there.
    It should have, but Google caved in to anti-privacy government and carrier demands.
    So the complaint still stands and is still fair.
    Stop apologizing for Google's crappy offerings.

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Working...