Slashdot Mirror
Don't Use Google Allo (vice.com)
At its developer conference on Wednesday, Google announced Allo, a chatbot-enabled messaging app. The app offers a range of interesting features such as the ability to quickly doodle on an image and get prompt responses. Additionally, it is the "first Google" product to offer end-to-end encryption, though that is not turned on by default. If you're concerned about privacy, you will probably still want to avoid Allo, says the publication. From the report: Allo's big innovation is "Google Assistant," a Siri competitor that will give personalized suggestions and answers to your questions on Allo as well as on the newly announced Google Home, which is a competitor to Amazon's Echo. On Allo, Google Assistant will learn how you talk to certain friends and offer suggested replies to make responding easier. Let that sink in for a moment: The selling point of this app is that Google will read your messages, for your convenience. Google would be insane to not offer some version of end-to-end encryption in a chat app in 2016, when all of its biggest competitors have it enabled by default. Allo uses the Signal Protocol for its encryption, which is good. But as with all other Google products, Allo will work much better if you let Google into your life. Google is banking on the idea that you won't want to enable Incognito Mode, and thus won't enable encryption.Edward Snowden also chimed in on the matter. He said, "Google's decision to disable end-to-end encryption by default in its new Allo chat app is dangerous, and makes it unsafe. Avoid it for now."
I would probably still use it. For my convenience I happily share a lot of things.
There are of course things I won't share but then I won't use this service for those.
The description of Allo in this /. post actually talked me into using it. Well done.
"Use Google Allo with end-to-end encryption enabled"
Yep, that's how it works and I'm not completely sure why, either. Other than, people HATE the inconvenience of security and most of them feel like they have nothing to hide, so why should they bother with additional hassle?
Loading...
...is going to be a big success. Don't ask me why, this is how the market work :)
So far Google has not been particularly successful with any of its social ventures, so I'm not sure why you're expecting that to happen now.
#DeleteChrome
...said the guy whose house was burgled because the wrong person found out he'd be out that night.
What biggest competitors have it enabled by default? Maybe WhatsApp. You don't think Facebook/skype/etc are scanning your messages? No one really knows about WhatsApp either. It isn't open source so you have no idea what it is really doing.
Who's there? Well, just about everyone if it's not encrypted...disappointing.
You'd think that with all Google's resources they could come up with something better, like:
1. Encrypted (default)
2. Encrypted but where Google has the key so can "listen in" and provide those helpful suggestions, and
3. Not secure.
Come to think of it, if you had option 2, who in their right mind would opt for option 3?
Some guys will want the protection of wearing condoms and other guys will want to bend over and be barebacked by all comers.
Since that really comes down to an entirely personal preference, why should setting the default to one side be any worse than setting the default to the other?
and also to upgrade to Windows 10.
Maybe this tendency toward machine translation will drive a boom in endangered languages for which no corporation would bother investing the resources into building in support into their translation engine.
I am far more concerned with writing quickly and accurately than I am with anyone ever going to court to get my communications.
Fine, I have to expand the list:
1) paranoid
2) cheating
3) stupid
Thanks for making me be pedantic, retard.
Yes, because people who break into houses are the same kind of people who have elite hacking skills.
Unless you're rich and/or famous, NO ONE CARES about your texts.
The ONLY solution to hot mic technology, is to nip it in the butt before it takes hold.
The phrase is "nip it in the bud" - to cut it off before it flowers. Nip it in the butt, means something rather different. No bad, just different.
If only we could fall into a woman's arms without falling into her hands
Don't Use Google Allo
Well that's a bloody condescending headline. Tell me why you think I shouldn't, or tell me that someone notable like Snowden has said not to use it, but don't tell me what to do.
I'll use Google Allo if I want to*, end-to-end encryption or not.
*I don't want to, but that's beside the point!
systemd is Roko's Basilisk.
Definitely don't use Google Allo Allo.
At the bottom of the
encryption is not usually user friendly. You have to *do something* or several somethings to configure it to make it work.
This is not inherently true. A device can collect ambient randomness (from keystroke timing, thermal jitter, low bits of camera pixels, etc.), and use that to generate keys, without any action from the end user. There is no good reason that we cannot have effective end-to-end encryption in a user transparent way that even grandma can use, without even realizing she is using it.
If I am talking to someone about buying a Subaru and maybe ordering a pizza, I don't mind seeing advertisements for Subarus and pizza.
If you care whether your texts are encrypted, you're either paranoid or cheating on your wife.
... or someone who has never read a history book. You may have no need for encryption today, but if someday in the future you realize you actually do need it, it may be too late.
"If you care whether your texts are encrypted, you're either paranoid or cheating on your wife. "
Following that logic: If you post as AC, then you are either paranoid or afraid of what you wrote.
If you care whether your texts are encrypted, you're either paranoid or cheating on your wife. Get over yourself.
By the same token, you should be comfortable sending personal correspondence on postcards.
People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
They had too much security and stability - all that security made them more difficult to use, and they lost market share to the likes of Facebook. As for stability: I'm still at a loss as to why mass market users seem to prefer buggy crashy platforms, maybe it makes them feel more like "cutting edge hackers."
Trust me it will be auto correct on steroids. Screen shots will show up in divorce proceedings.
Although on the other hand, for those of us that can't stand small talk over text, its a god send. Sure, lets reply to small talk as if I'm good at doing that. It will be a protection against actually trying to explain in depth how my day went.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Reminds me of Monty Python: Upper class twit of the year.
I'm a Republican, you insensitive clod.
...said the guy whose house was burgled because the wrong person found out he'd be out that night.
Paranoia was list item #1. We covered that already. How about sitting outside your house in a car and waiting for you to leave? No l33t sk1lz required.
And that is why I'm not interested. One manager gets a soggy bowl of cornflakes and *POOF* it's gone.
You don't mind seeing a filtered view of the world that looks how you would prefer it rather than how it actually is?
What filtered view of the world? I know people have been talking for years about the possibility of Google search becoming so personalized that it filters out all contrary views but personalized search isn't that personalized, and I don't think it ever will be.
Data mining may be a concern, depending on your perspective, but the "filter bubble" really isn't. Not with Google search, at any rate. I think it is a concern on social networks and in online forums where people congregate only with those who think the way they do. And in heavily-slanted mainstream media publications.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Usually when I'm looking for info on Subarus and Pizzas, I get ads for Fords and Chinese food, because that's how targeted advertising works.
Encryption doesn't come out of thin air. The value in encryption is that you are uniquely identified in order to gain access to your communication. Verifying that you are, in fact, you requires effort. You must set up trust, and you must maintain that trust. Otherwise you're just encrypting things because you like to use all the surplus compute cycles on your processor.
Is it just my observation, or are there way too many stupid people in the world?
end to end means nothing, the end is Google, that is bad
No, the end is the other party you're chatting with. Google doesn't have access if you use incognito mode. Of course, you'll lose most of the features of Allo in incognito mode. If you're not in incognito mode, the communications are all encrypted, but it is between you and Google and Google and the other person, so the AI can do all of the assistant stuff.
Given that Google is in bed with the Alphabet (pun intended) agencies
No, Google is not in bed with the three-letter agencies. There is absolutely no evidence that Google ever has been in bed with them. Google complies with the law, nothing more. There is evidence (from Snowden's documents) that Google's inter-data center communications were being tapped, but Google moved quickly to encrypt them all to put a stop to that.
Of course, Google does analyze data in order to target ads to you, and any data about you that happens to get stored at Google is available for properly-executed warrants, subpoenas, etc. So if those things bother you, stay in incognito mode and don't use the assistant features, or don't use Allo.
I live off-life and block ever tracker. Normally when I'm looking for Subarus and Pizza I get ads for penis enlargement pills and local hotties who want my phone number. I never chased those hotties, I got too busy punching the monkey.
Why should I, or anyone else for that matter, care what Snowden has to say on the matter (or any other matter for that matter)? He stole and leaked documents. That provides no basis whatsoever for him having the skills or certification for him to speak meaningfully into the technical nature of this particular issue.
Better known as 318230.
Pretty much. I can turn on the incognito mode if I need to.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I always tell people who think they have nothing to hide something to the effect of "So did German Jews before the 1930s".
Or maybe you just don't want to give Google extra help prosecuting psychological warfare on you.
Google's business is to get you to buy stuff their advertisers want you to buy. Both Google and the advertisers employ cutting edge psychology to try and manipulate you into do that.
The difference is that with AC, there is no way to correlate posts and put a person's statement in context. It is impossible to know if this is someone that is always rude, calling people names just because they disagree without any counter-argument - or if this a person who actually adds some thoughtful insight to a topic. There is also no way to know if this is a shill, or if this person has a particular axe to grind. There is also no way to know if someone makes a statement and then follows up with a bunch of others agreeing with their own post.
That said, I do agree with the premise of your question. You don't know who I am. But at least you can look at my other posts and get an idea whether I am trying to make a serious point or just being a jerk or shill.
I am a moderator on a different forum - one that requires full real names. It is amazing how thoughtful and polite people are when they have to personally stand behind the statements they make.
If you care whether your texts are encrypted, you're either paranoid or cheating on your wife. Get over yourself.
Slashdot's captcha should include an IQ test.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
How else am I going to get them?
-----
Sorry, I'm only a 1336 h4x0r.
Don't tell me what to do!
They're not. They are telling you what NOT to do.
You prove my point. The world has over 6000 languages and the website you listed supports fewer than 100.
That nerds working for Microsoft prioritise a language off a TV program doesn't diminish that fact.
You're conflating encryption and authentication. They're very useful together, but they both serve unique roles and each has value outside of their use together.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Don't you like having a history of what you've said in chats? Incognito mode erases the history when you are done...
Wouldn't you just rather have a chat app that's encrypted all the time and lets you decide when to delete a chat or not?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
So what? Cheating is not illegal but I do want it to be private. And I also don't want the FBI to know where, when and from/to who I buy/sell my pot.
Not true.
Authentication doesn't need encryption, but encryption always needs proper authentication.
Even if that authentication is limited to who holds the key.
i thought once I was found, but it was only a dream.
no, most e2e can work with trust-on-first-connect quite okay and you only need to verify if you need to. Still it will be 100% efficient when the first contact was secure (you have a good chance it was, if you're not edward snowden).
That's not the case. Opportunistic encryption has value, even if the holder of the key is unverified. Even an encrypted communications channel that is being actively attacked by a man-in-the-middle is protected from other eavesdroppers. The value is much greater if the two are combined, but encryption without authentication does have some value, depending on the nature of the communication being encrypted.
For example, TLS in SMTP (as implemented in most MTAs) does not require the presented certificate to be traceable back to a CA in a root store for the connection to proceed and there is no memory of the certificate across connections. This does nothing to prevent a MitM attack, but excludes passive eavesdroppers from intercepting the communication and raises the level of effort (and control over the network) needed to intercept communications.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
I won't let you tell me what search engine i should use.