Google Allo from a privacy point of view
Google started to roll out Allo, its second new messaging app released this year, yesterday. While the roll out is still going on, it is clear already that Google changed things around a bit in regards to privacy and security.
The main selling point of Allo is a bot or AI that Google baked into the messaging application that assists you in a variety of tasks.
This ranges from suggesting answers to messages that you get to offering to look up information when a movie runs in a cinema nearby.
The company announced initially that Allo would not save chat messages on Google servers permanently or in identifiable form.
Google Allo privacy
While that would be the right thing to do from a security and privacy point of view, considering that no one but the chat recipients would have access to messages, it is not what is happening.
Messages will be encrypted between user devices and Google servers, but they are stored in a way that Google gets access to the messages.
The Verge reports that Google did this to improve the assistant's functionality, as it uses the information to learn and become better when it comes to suggesting responses.
As the Allo team tested those replies, they decided the performance boost from permanently stored messages was worth giving up privacy benefits of transient storage.
The downside to this from a privacy perspective is that law enforcement, and anyone else who manages to get access to Google's servers, may access the data.
This is why Edward Snowden recommends not to use Allo.
What is #Allo? A Google app that records every message you ever send and makes it available to police upon request.
Free for download today: Google Mail, Google Maps, and Google Surveillance. That's
#Allo. Don't use Allo.
Allo does ship with a feature called Incognito Mode though. It is disabled by default and needs to be enabled by the user for individual chats.
All messages written while in Incognito Mode are not stored and fully end-to-end encrypted. This means that Google does not have access to those messages.
Closing Words
Allo users trade privacy of their messages for convenience. The bulk of users -- indifferent to privacy and security -- won't know and won't care without the shadow of a doubt. Those who do will forego Allo and miss out on features that no one really needs.
Now You: What is your take on Google Allo?
I will destroy googles privacy policy.2
I gave it a brief shot, but then dropped it after like one message. Once I found out that is sends whoever you are messaging an annoying “Get Allo!!” message, I decided it would be best to not effectively spam the crap out of my contacts.
GOOG is a stealer. It started with ADS and stole your browsing habits. Then it became a search engine: HEY GOOGLE IT! You can clearly smell the work of social engineering at US State Agency level. GOOG has been transformed into a verb, a proper noun to search anything on the net… YOUR FRIEND! And a 1st Party NSA Partner.
GOOG -3.6
Allo! has two faces, but the result is always that YOU are the product.
Google’s business model is to observe and record its users’ behavior and monetize the captured data by selling it to marketers, and who knows who else.
This is the “price” people pay for using Google’s cool, “free” products.
The fake encryption isn’t the only reason allo won’t find a home on my devices. It doesn’t seem to support SMS/MMS – which is widely used in North America for insecure device to device messaging.
Screw Google, and screw Facebook. Their policies have casued me to do the previously unthinkable and switch to Apple. iMessage doesn’t screw you over.
So what makes you think Apple isn’t screwing over its customers too? Apple may claim it has an advantage on security and privacy but that’s just typical marketing language. Here in the real world we watched the Fappening explode all over the Internet. That was an iCloud and social engineering issue, and have fun trying to use iMessage without getting tangled up in Apple’s iCloud service. Even the latest problem involving Leslie Jones was again, an iCloud related matter. Note that iMessage encryption relies solely on interacting with Apple servers, using its own closed, proprietary encryption. At least with Signal Private Messenger’s open encryption protocol, it has been independently vetted and audited.
@Sebby:
“Neither option is appropriate if your goal is true privacy, of course, but at least Apple are on the side of privacy.”
The second part of that sentence does not negate the first part. If you want true privacy, you cannot use an Apple product. You must use something that allows you to keep your own encryption keys. Ideally it should also be open source and audited (though I grant that some closed-source products are probably as good as the open source equivalents). Also ideally, the company that handles all this data should not be located in the National States of America, if you know what I mean…
You are wrong, by the way, to say that Apple is not in the “slurp” business. You think they don’t try to monetize their iTunes / App Store user activities? Think again. And once a company goes down this path, there is no reason to expect them not to go even further (as Microsoft have been doing lately).
Basically you’re right that Apple is preferable to Google for privacy, but Apple is not a good privacy solution. “Sorta” privacy is not privacy.
More facts, less FUD, please. Google are in the slurp business, Apple are not. The celeb leaks were the result, as much as Apple’s careless failure to rate-limit authentication, of poor user passwords. And Apple specifies exactly how their closed protocols protect chat confidentiality–albeit that, yes, it uses closed (and thereby inevitably imperfect) encryption protocols, and Apple’s trust directory servers. I’ll gladly take those over “Open” protocols that, in reality, guarantee nothing because Google store everything to harvest and provide pointless AI services. Neither option is appropriate if your goal is true privacy, of course, but at least Apple are on the side of privacy. There are other ways in which I’d argue that Apple presumes that it’s guiltless or trustable even when that has a privacy implication for users; you eluded to that when you mentioned iCloud, which is now a heavy dependency of the Apple ecosystem, in many ways that aren’t appropriate or necessary. But so far, it’s all been for the user and not for the advertiser, and you have clear choices about whether or not you want to use those that directly affect your privacy, so until this changes I’ll continue to advocate Apple.
TL;DR: if you want to say “Apple are overpricedâ€, just do it. It’s a lot more honest. :)
Google + Privacy = Oxymoron
Sadly there is no way to escape Google Surveillance without giving up internet pretty much…
Uh… yes there is. You don’t have to use any google products and there’s plenty of browser extensions that prevent them from tracking you.