Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Accused of Showing 'Total Contempt' for Android Users' Privacy (bleepingcomputer.com)

Posted by msmash on from the bad-timing dept.

On the heels of a terse privacy debate, Google may have found another thing to worry about: its attempt to rethink the traditional texting system. From a report: Joe Westby is Amnesty International's Technology and Human Rights researcher. Recently, in response to Google's launch of a new messaging service called "Chat", Westby argued that Google, "shows total contempt for Android users' privacy."

"With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications. Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers," Westby contended. Westby continued, saying: "In the wake of the recent Facebook data scandal, Google's decision is not only dangerous but also out of step with current attitudes to data privacy."

100 comments

  1. Guilty! by amiga3D · · Score: 4, Insightful

    Guilty as charged. I think it's time for some serious anti-trust action in Federal court.

    1. Re:Guilty! by rickb928 · · Score: 1

      Well past time to restrain our government, agreed. But antitrust? I was thinking of relatively simple legislation.

      Oh, and outlaw that forfeiture crap too.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    2. Re:Guilty! by rickb928 · · Score: 2

      It's SMS. PITA to encrypt, both parties need to do so the same way.

      And no, iMessage isn't SMS.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    3. Re:Guilty! by TechyImmigrant · · Score: 5, Informative

      Guilty as charged. I think it's time for some serious anti-trust action in Federal court.

      Nope. It's messaging on the cell phone signalling protocols, just like SMS. This is different to an application running on the top.

      When you are defining such protocols, the governments of the world require "Lawful Access" laws to be adhered to. When we were working on WiMax, the FBI turned up to the meetings to discuss the LA features in the protocol.

      This is why you do secure messaging from and app, over IP.

      SMS and it's brethren will never be secure and there's nothing Google or anyone else can do about it, without a major change of behavior on the part of governments.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    4. Re:Guilty! by Anonymous Coward · · Score: 0

      Can't insist on a human right when ... human rights do not exist. RIGHTS are strictly a political construct of the nation-state; beyond the reach of state power lay only ... red in tooth and claw.

    5. Re:Guilty! by Anonymous Coward · · Score: 1

      Guilty! by amiga3D ( 567632 )

      Seeing all of your past post bitching and complaining when Apple was evil for adding in their own end to end encrypted messaging that didn't use the "official SMS standard", it's shocking to see you hold a completely opposite stance when it isn't Apple doing it.

      So as you have said:

      Not using SMS and using encryption, when you are Apple, evil and bad!
      Not using SMS and using encryption, when you are Google, they are the bastions of freedom!

      Using SMS and not using encryption, when you are Apple, of course Apple would never follow standards.
      Using SMS and not using encryption, when you are Google, time for some serious anti-trust action in Federal court.

    6. Re: Guilty! by Anonymous Coward · · Score: 0

      Google fanboi

    7. Re:Guilty! by duke_cheetah2003 · · Score: 1

      It's SMS. PITA to encrypt, both parties need to do so the same way.

      Just because it's hard, doesn't mean it shouldn't be done. I've heard this excuse on other platforms as well in regards to securing messaging subsystems against third party eavesdropping.

      Considering the hot-button topic end-to-end encrypted communications are becoming, and the lackluster deployment of such proven technologies to secure this stuff, there is simply no excuse for doing this without encryption. Someone is getting paid to not implement it right.

      And frankly, if it's not right, it's not even worth wasting MY time using it. Back to the design board for all dem engineers, come back when you've solved it.

    8. Re: Guilty! by sexconker · · Score: 1

      Suspect was identified as Alek Minassian. Allegedly that's an Armenian name.

    9. Re: Guilty! by Anonymous Coward · · Score: 0

      Yeah! More laws with no penalties for breaking them! After all, only criminals would do that!

    10. Re:Guilty! by mikael · · Score: 2

      You can always create a message, encrypt it, run it through uuencode, then send it as an SMS. Reverse the process at the other end.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    11. Re: Guilty! by rickb928 · · Score: 2

      Then we need to redesign SMS.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    12. Re:Guilty! by Anonymous Coward · · Score: 0

      a major change of behavior on the part of governments

      requires a major change of behavior on the part of the voters. Otherwise, forget about it.

    13. Re:Guilty! by Anonymous Coward · · Score: 0

      One problem with this is the size of an SMS message, which is at most 140 bytes (1120 bits). A weak asymmetric key is 1024 bytes, with 2048 and 4096 being the better options. Unless you physically out-of-band pre-share a symmetric key, you need to use asymmetric encryption first to securely exchange symmetric keys.

    14. Re:Guilty! by Anonymous Coward · · Score: 0

      You can always create a message in unicode and post it on Slashdot. That will encrypt it so nobody can read it. What could be more secure and private?

      Attn editors:

      I kid! I kid! I hate unicode! Your purity here is unmatched. Please don't ever cave in to the whiners who just want to post their damn emojis and other malformed bullshit, I beg you!

    15. Re:Guilty! by TechyImmigrant · · Score: 0

      a major change of behavior on the part of governments

      requires a major change of behavior on the part of the voters. Otherwise, forget about it.

      Not when the guy with fewer votes wins.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    16. Re:Guilty! by Anonymous Coward · · Score: 0

      We all know how the system works, well, those of us who paid attention in school anyway. The procedure for changing the rules are well documented and are very straightforward. Don't come cryin' about it now. Your losses merit personal introspection, not blame passing.

    17. Re:Guilty! by Anonymous Coward · · Score: 0

      Because there are absolutely no other chat applications available for Android and everyone is being forced to use the unreleased Chat application?

      Of course. There must be at least a dozen others even if you only count the Google-branded chat apps...

      ...announced this week.

    18. Re:Guilty! by TheRaven64 · · Score: 3, Insightful

      In a previous thread, someone suggested generating and storing one-time pads on phones. It would be quite interesting to use bluetooth when you're physically near one of your contacts to automatically exchange a few tens of MBs of random noise and then use that as a OTP for future messages sent to them. For large attachments (e.g. photos), you could send a 256-bit AES key and then use symmetric encryption for the contents, but still have the OTP for text messages. 10MBs of OTP key would be more text messages than most people send in a year (around 75K, assuming that they are all full length).

      It would be an interesting experiment...

      --
      I am TheRaven on Soylent News
    19. Re:Guilty! by Anonymous Coward · · Score: 0

      You mean bits, not bytes. And nowadays there are much more efficient options than RSA.

      (To be fair, most of the existing post-quantum algorithms are somewhat worse, but I don't think that's what you were talking about, AC.)

      Anyway, no, there is no reason that out-of-band communication is necessary, let alone "physical" communication; although verifying identities face to face is the only way to ultimately be sure who you're talking to, that level of security isn't needed for most purposes. If you want to send a key-exchange message that's larger than your MTU, you simply break it up into multiple messages.

    20. Re:Guilty! by coofercat · · Score: 1

      I didn't RTFA, but I wonder if this app is a way to shoehorn in RCS (which is a 'rich content' version of SMS)?

      All part of the sudden urge by telcos to stay relevant - Whatsapp/Telegram/Instagram/Snapchat - all of them have hugely eaten their lunch for a long time. I'd imagine they'll continue to do so for a long time too, but time will tell.

    21. Re:Guilty! by Anonymous Coward · · Score: 0

      We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

    22. Re: Guilty! by Rakarra · · Score: 1

      Or just not use SMS at all anymore. There's no excuse for SMS and ridiculously-priced text messaging plans with greedy providers in the age of the smart phone.

    23. Re: Guilty! by rickb928 · · Score: 1

      My SMS is free, unlimited, just like my voice service, for a reasonable price. What are these ridiculously-priced text messaging plans you write of?

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    24. Re: Guilty! by Rakarra · · Score: 1

      My husband has one. He has a cheaper plan that still has a limit/month on the number of text messages. Any excess of that gets a charge/text. He could upgrade, but of course that's more expensive, and he almost never goes over that limit. Of course, it's an artificial charge, the actual cost/text for the phone company is pretty much negligible.

    25. Re:Guilty! by TechyImmigrant · · Score: 1

      I didn't RTFA, but I wonder if this app is a way to shoehorn in RCS (which is a 'rich content' version of SMS)?

      All part of the sudden urge by telcos to stay relevant - Whatsapp/Telegram/Instagram/Snapchat - all of them have hugely eaten their lunch for a long time. I'd imagine they'll continue to do so for a long time too, but time will tell.

      Yes it is, as are most 'service' protocol added to the cell phone protocols. While users tend to want the wireless to just carry IP well and leave the services to run on top of that.

      Do you miss WiMax yet? An 802 protocol with the same service model as 802.3 and 802.11.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  2. End to end isn't the Google way by TimMD909 · · Score: 1, Insightful

    Google would never allow end-to-end encryption of data that they'd like to mine. Why would anyone be surprised?

    1. Re:End to end isn't the Google way by dns4599 · · Score: 5, Interesting

      You know allo exists? By default it does not use end to end encryption but you can enable it if you want to.

    2. Re:End to end isn't the Google way by OneHundredAndTen · · Score: 2

      You know allo exists?

      For how much longer now? With Allo, Google seems to be its inveterate tradition of dropping projects after a while. The truth is though that not many seem to be using it anyway.

    3. Re:End to end isn't the Google way by CrashNBrn · · Score: 0

      Allo is discontinued.

    4. Re:End to end isn't the Google way by Actually,+I+do+RTFA · · Score: 1

      Allo's eminent shutdown was already announced

      .

      --
      Your ad here. Ask me how!
    5. Re:End to end isn't the Google way by Anonymous Coward · · Score: 0

      You know Allo was killed?

    6. Re: End to end isn't the Google way by Anonymous Coward · · Score: 0

      The app is still available for new Google accounts.

    7. Re:End to end isn't the Google way by Teun · · Score: 1

      Who cares uses Signal by open whisper systems.

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    8. Re:End to end isn't the Google way by mjwx · · Score: 1

      Google would never allow end-to-end encryption of data that they'd like to mine. Why would anyone be surprised?

      Except that they do.

      You need to stop thinking like an iSheep. Not enabling by default does not mean it is strictly verboten on Android.

      If you're worried about Google reading your inane and vapid messages, don't use the default message app. This isn't like the Iphone where you've got no choice. I'm sure there's an app that can easily replace Google's yet to be released "Chat". Also SMS isn't a secure protocol to begin with, basically you need to use a different protocol completely for end to end encryption.

      Android was designed from the ground up to be user customisable.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    9. Re:End to end isn't the Google way by Actually,+I+do+RTFA · · Score: 1

      Google announced Thursday that they were no longer developing Allo. It's not long for this world.

      --
      Your ad here. Ask me how!
    10. Re: End to end isn't the Google way by CrashNBrn · · Score: 1

      And will no longer be updated. So what's your point?

  3. Back door by sit1963nz · · Score: 2, Funny

    Google has seriously looked at the best means of supplying an encryption "back door" and it turns out the best way is no encryption , let everyone know the alphabet agencies can spy on you, and a warning not to post anything important.

    1. Re: Back door by Anonymous Coward · · Score: 0

      No backdoor therefore no walls and no roof!

    2. Re:Back door by Anonymous Coward · · Score: 0

      Why would posting anything important be a problem? What's important to me certainly isn't going to be important to the alphabet agencies.

    3. Re: Back door by Anonymous Coward · · Score: 0

      But most people inevitably will.

  4. Most people dont care by 140Mandak262Jamuna · · Score: 5, Insightful
    You set up web site and offer some trivial thing like 25 cents off a loaf of bread, and ask users to setup an account. They will use the same user name password they use for their bank account, and give you all the security question answers too.

    It is debatable, whether Facebook and Google show more contempt towards privacy than the users themselves

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Most people dont care by Anonymous Coward · · Score: 0

      Relevant XKCD: https://www.xkcd.com/792/

    2. Re:Most people dont care by Anonymous Coward · · Score: 2

      It is debatable, whether Facebook and Google show more contempt towards privacy than the users themselves.

      You say it's contempt. I say it's naivety. It'd be illegal to use the username/password on another site, and the naively think they can trust companies not do illegal stuff. This probably stems from the delusion that if a company were to do such a thing, someone would actually be punished.

      Take the above and consider sites like Facebook that allow you to set things as "private". It's no longer a question of people trying to hack routers to wiretap everyone's packets. Facebook is evil and will just look through your stuff. Consider the whole Scroogle campaign by Microsoft. I think what they learned from it is, people just don't believe Google employees care enough to read their mail. So, Microsoft has certain taken that as a message to follow Google's example.

      In the end, the only safe thing to do is to have everyone you care about switch to an OS that won't spy on you, use services that won't spy on you, and use end-to-end encryption with a public standard that prevents any possible backdooring. Feel free to set that up.

    3. Re: Most people dont care by houghi · · Score: 1

      When people start telling me their PIN code, i will stop them. I do not blame them for their ignorance.

      --
      Don't fight for your country, if your country does not fight for you.
    4. Re:Most people dont care by AmiMoJo · · Score: 1

      That's probably why most banks create a username and password for you and don't let you change them. Then you get to set an additional password of your choosing some kind on top.

      It's the kind of half baked but kinda-works solution banks seem to think is fine, but at least they avoid the obvious pitfalls and "Login with Facebook".

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Most people dont care by Anonymous Coward · · Score: 0

      All of my passwords are unique. I have an ability to remember random strings of characters which has only proved useful for passwords. I can't always remember where I left my glasses, though.

    6. Re: Most people dont care by Anonymous Coward · · Score: 0

      And when everyone moves to this new OS the government pitchforks will come out again. Changing OS is not just a case of reinstalling, you have applications and apps in the mix. Putting Linux on your machine will not help if you use Office, and many places still do. You have to move the whole world at once and for a lot of proprietary applications that would be completely impossible.

      Then of course you have retraining and data migration to worry about. Plus hardware compatibility.

      Wherever the people go the government will hunt them and break their encryption by force. This cat and mouse game can go on forever. Each time you move costs you in lost productivity and frustrating bugs.

    7. Re:Most people dont care by Rakarra · · Score: 1

      Relevant XKCD: https://www.xkcd.com/792/

      Aaaah, the naive days, back when we had a hard time believing that Google could ever do evil.

  5. End-to-end encryption by AHuxley · · Score: 2

    Wont someone think of the ads and profits.
    All that real time data to collect and sell.
    You are the product.

    --
    Domestic spying is now "Benign Information Gathering"
  6. Except that it's a protocol, not a server by Jason69 · · Score: 4, Interesting

    Google "Chat" is a protocol much like "SMS". It's not a service in and of itself but the underlying carriage for services to ride on top. Those services should absolutely include encryption but that is not the protocol's job to handle. "Joe Westby is Amnesty International's Technology and Human Rights researcher" Sounds like this research should do a little more research.

    1. Re:Except that it's a protocol, not a server by Anonymous Coward · · Score: 1

      You mean so we end up with steaming piles of shit like TLS? Please. Protocol has _everything_ to do with it.

      Amnesty International works in some of the worst places on the planet, they know just a weee bit about real security. As in, the mere connection from your device to another can get you killed. The w3, Google, etc. all don't give a damn. Their perversion of security is akin to walking into a bank. Sure, you're secure from anyone on the street seeing what you deposited but they still know you did.

      The technical term is stenography.

    2. Re:Except that it's a protocol, not a server by Anubis+IV · · Score: 4, Interesting

      Google "Chat" is a protocol much like "SMS". It's not a service in and of itself but the underlying carriage for services to ride on top. Those services should absolutely include encryption but that is not the protocol's job to handle.

      Actually, it is, because end-to-end encryption cannot feasibly exist* unless a key exchange mechanism is defined by the protocol. Moreover, it's clear that you're thoroughly confused both about what end-to-end encryption actually means and what Chat actually is.

      Encrypting each link in the chain—which is what you're talking about when you suggest it's a server's/service's job to handle encryption—is not the same thing as end-to-end encryption. End-to-end encryption means that only the sender and the recipient are privy to the messages: not the server, not a service, not anyone else in the chain. For that to happen, the message that you're sending has to be encrypted on your device in a way that only your recipient's device can decrypt. For all of that to work, you need a key exchange mechanism baked into the protocol in some way, since otherwise your device would have no idea what keys to use. The individual links along the chain may additionally be encrypted, but even if they weren't the message would still be end-to-end encrypted.

      At this point, end-to-end encryption is simply table stakes for anyone joining the chat game. Anyone trying to enter the field with a chat system that doesn't offer end-to-end encryption is declaring their intent to scan every single one of your private messages for profit.

      As for your protestation that it's a protocol not a service, it actually is a service, in the same way that SMS is both a protocol and a service. Chat supports richer content and a few other niceties that put it above SMS, but it clings to almost all of SMS's flaws, in that it isn't end-to-end encrypted, it's dependent on carrier support, and it's been superseded by far superior products from other companies (e.g. iMessages, WhatsApp, etc.).

      *Okay, technically it can, but what must necessarily happen when using those protocols is that people have to share their public keys with each other in some other manner, such as a real life exchange or a trusted, third-party service, at which point those practices become de facto aspects of the protocol as a result of their necessity. Moreover, no protocol of that sort is suitable for use by the general population, hence why those sorts of protocols are relegated to users who are willing to sacrifice any notion of convenience in the interest of achieving the best security.

    3. Re: Except that it's a protocol, not a server by Anonymous Coward · · Score: 0

      Ahem.

      Steganography

  7. You want end-to-end encryption, ... by Anonymous Coward · · Score: 0

    then use the Signal messaging app at both ends.

    1. Re:You want end-to-end encryption, ... by Kozar_The_Malignant · · Score: 1

      then use the Signal messaging app at both ends.

      Or Telegram.

      --
      Some mornings it's hardly worth chewing through the restraints to get out of bed.
    2. Re:You want end-to-end encryption, ... by Anonymous Coward · · Score: 0

      Rolls their own encryption, doesn't even use encryption by default, closed source? Yeah they're totally equivalent.

  8. nope. this is just giving people what they want by Anonymous Coward · · Score: 0

    The fact that Google gathers your data and uses that to make piles of money is different than the fact the people just want fancy SMS. Their new SMS app (as I understand it, that's all it is, but I don't use SMS or anything Google chat related) is just giving people what they want.

  9. It's not a Google thing, though. by shess · · Score: 4, Interesting

    While Google is putting support behind RCS, it's not a Google thing, it's an industry-standard evolution of SMS. Google really should do better and offer end-to-end encryption, but that would only work in their walled garden, and they would still have to interoperate with everyone outside of that garden, who they have no control over.

    1. Re:It's not a Google thing, though. by Anonymous Coward · · Score: 0

      Not like there is not another standard called XMMP that has been around longer and includes encryption...

    2. Re:It's not a Google thing, though. by Anonymous Coward · · Score: 0

      And has no chance of ever achieving acceptance and support by all carriers and devices. Messaging is something that should be universal. No walled gardens.

    3. Re:It's not a Google thing, though. by Anonymous Coward · · Score: 0

      A "walled garden" happens when a company locks others out. It's a misnomer for the situation of an open protocol that a few bad corporate citizens avoid specifically because it's open and NIH.

  10. There is one superfluous word in the headline by Dirk+Becher · · Score: 1, Interesting

    Guess which one it is. Hint: It tangentially has to do with robots.

  11. Today's joke about technology abuse by Futurepower(R) · · Score: 0

    One day there was noise in my kitchen. I went there and saw Bill Gates eating my ice cream. I asked him why he thought it was okay to do that. He said permission to eat my food was on page 89 of the Windows 10 license agreement.

    I asked him why a billionaire would want to eat someone else's ice cream. He said it gives him a feeling of superiority.

    Also, he said that there is a competition among billionaires to see who can be the most abusive. He still manages Microsoft: "I'm there about 15 percent of the time." The result: Windows 10 is possibly the worst spyware ever made.

    Bill Gates said that Windows 10 spying, putting ads on Windows, making the Windows user interface far worse, forcing updates that are often buggy, and hiding the purpose of the updates makes him confident that he is more abusive than Google and Facebook.

  12. I don't by AndyKron · · Score: 1

    I don't use messaging on anything. Don't trust it.

  13. The flood gates are open by Opportunist · · Score: 3

    Now that the whole Facebook shit hit the fan, we can finally hope that this whole privacy destroying data collection madness gets some attention.

    Keep the stories coming. And make sure that they keep the steam they have now.

    And yes, it doesn't even matter what kind of story. Few people will actually understand what's really going on anyway. But what matters is volume. If there is story after story after story about how companies destroy our privacy, people will finally listen. Not because they understand, but because of the amount that surfaces.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  14. That wouldn't even be legal in today's US by Anonymous Coward · · Score: 1

    Any reasonable person knows that large-scale messaging services offering end-to-end encryption facilitate sex trafficking. It is not legal to knowingly do that in America today. Starting any new end-to-end encryption product without retaining a key is folly unless you lock it from US or Russian use. It's a recipe for losing big money in civil suits.

  15. Google's stance on data privacy by TheReaperD · · Score: 1

    "out of step with current attitudes to data privacy."

    The current and former CEO have made it very clear what their stance on data privacy is: "privacy is dead;" was the quote. So Google's current attitude about data privacy is the same as it has always been. From their point of view, they're doing you a favor in not trying to delude you into believing that you have privacy and being upfront and out in the open that you have none.

    --
    "Be particularly skeptical when presented with evidence confirming what you already believe." -
  16. FUCK YOUR PRIVACY by Anonymous Coward · · Score: 2, Funny

    Hey asshole -- you use my code, then you are my bitch

    -- love, Sergey

  17. Joe Westby is an idiot by viperidaenz · · Score: 4, Insightful

    Chat isn't a replacement for any encrypted communications tool.
    It's a replacement for SMS, which is also not encrypted.
    It's required to be backward compatible with SMS, because not all networks or phones will support it. You can't do end-to-end encryption when one end doesn't support encryption.
    It's required to be operated by cellular carriers, so to be able to be operated in various countries, access to messages is a requirement, like SMS.
    It's required to not have a central set of servers that are operated by a single company, like iMessage, WhatsApp, etc.

    1. Re:Joe Westby is an idiot by Anonymous Coward · · Score: 0

      It's required...It's required...blah blah blah. Is it the devil that requires it?

      Here's a thought. CHANGE THE REQUIREMENTS. The requirements are just reflections of values and goals. If the values and goals were different than raping and selling personal data then the requirements would be different than Google's.

      Wow, so Google listed some requirements. Those requirements are rather like putting a codpiece requirement in a dress code. Outdated and unacceptable.

    2. Re:Joe Westby is an idiot by Anonymous Coward · · Score: 0

      What about this requirement : in order to buy a SIM card, I have to show proof of ID (or do it within a set period after activating the SIM card). This is the law, perhaps in European Union. With a law like that you're fucked anyway.

    3. Re:Joe Westby is an idiot by Anonymous Coward · · Score: 0

      Considering we are talking about Google's product, then Google's requirements are pretty much all that matter. If you don't like it, go roll your own Android OS (without the google apps) and see if you can find a manufacturer to support it.

      Otherwise your complaints are just useless noise.

    4. Re:Joe Westby is an idiot by Anonymous Coward · · Score: 0

      In this case the requirements are set out by the GSM Association, who are apparently trying to create an improved basic cell network messaging system instead of SMS.

      If you have complaints about its security, you should address those to them, not Google.

  18. Just like gmail by mschaffer · · Score: 1

    This is just like gmail where you cannot received encrypted files (such as .7z). Google will not handle emails they cannot open and read.

  19. Simply solved by Anonymous Coward · · Score: 0

    Don't use it. I stopped using all Google chat/messaging products years ago after they started abandoning platforms every 6 months. Fuck Google.

  20. Just switch to iPhone! by Anonymous Coward · · Score: 0

    Privacy is a fundamentally supported feature in iPhone.

  21. Why would anyone *EVER* **EVER** consider Google? by AbRASiON · · Score: 2

    WHY?

    I own an Android phone but Google are _RETARDED_ with messaging apps.
    The amount they've made in the past decade and either modified or cancelled is UTTERLY mind boggling, it's fascinating, it's ... it's incredible just how poor they've handled this.

    I can't put in to words properly just how confusing and terrible it is. They have failed in every conceivable way. They just can NOT stop making new ones, killing old ones, damaging features. It's a total and utter disaster.

    I use whatsapp and 'normal' SMS / text. I won't use Google Chat, Google Hangouts or Allo or anything because they WILL terminate / ruin it in time.

    All they had to do was copy iMessage and have some kind of "SMS from your PC / ipad" functionality and they would've been golden, but nah, they decided to do an utterly, utterly miserable job.

  22. Been said that before by Anonymous Coward · · Score: 0

    Toe-Cheese Stallman has been saying that for more than a decade.

  23. For once, not Google's fault here by Etcetera · · Score: 4, Informative

    End to end encryption is fine, but Google (for once) is doing the right thing by having a telco standard instead of an over-the-top app sending God-knows-what.

    Would I like to see end-to-end encryption? Yes. I'd like to see SS7 issues fixed first. There are plenty of E2E secure messaging solutions out there and I can't see why RCS is worse than MMS as a solution for enchanced SMS service.

    At the very least, this is a fully interoperable system, not tied to Google, Inc or any specific carrier.

    That's a Good Thing.

    --
    Hire a Linux system administrator, systems engineer,
  24. Lets face it... by Anonymous Coward · · Score: 0

    the entire android eco-system is a security disaster. Its almost like the entire thing was written by an ad department who put their best con-artists to work.

  25. Re: RCS is a standard. by sorenstoutner · · Score: 1

    RCS is a communication protocol. We can encrypt the data just like with SMS using the client of our choice. https://github.com/SilenceIM/S... Using an open, distributed protocol is much better than a closed ecosystem. For example, the keys for iMessage and most other encrypted messaging platforms are controlled by the central servers managed by the company. They issue new keys every time a new device is added to the account. It is usually not possible to see what keys have been issued or to otherwise control them from the client side. Therefore, they can read "end-to-end" encrypted messages simply by issuing a key to a device they control and recording all messages in the conversation from that point forward. Using a client to encrypt RCS eliminates this problem. Regarding metadata, whatever server processes the messages has metadata, like who is speaking with whome, how often, and when. For all of these closed systems, it is not possible to run one's own server. In the case of SMS and RCS, the cellular provider has this information. The nice part to this is that not one organization has access to the metadata for all the conversations across the platform, because almost every market has multiple viable carriers (although, large governments could collect this information from all carriers and consolidate it into a central database). In this regard, it is an improvement over iMessage, or Hangouts, or Allo, or WhatsApp, or Signal, or Telegram. But is isn't as good as running an XMPP server yourself with OMEMO encryption. Regardless, Google should be praised for supporting an open standard instead of a closed system. And RCS might finally solve the problems with concatenated SMS. https://www.smallbusinesstech....

  26. Re: RCS is a standard. by Anonymous Coward · · Score: 0

    What an utter waste of time. I don't want any value added services. Just give me a dumb pipe to the internet.

  27. After Google killed hangouts by Anonymous Coward · · Score: 0

    There's no way I'll use another Google message service

    1. Re:After Google killed hangouts by Anonymous Coward · · Score: 0

      This thing should work on non-Google, non-Android phones. Or on Android phones where the user doesn't use a Google account.

      Here's who manages it https://en.wikipedia.org/wiki/GSM_Association

      That you think it's a google message service reminds of everyone thinking that AOL is the Internet, or Internet Explorer is the Internet, or every computer runs Windows 95. No offense - everyone is buying into it being a "Google service" but why so? Use a non-google application to deal with it - for instance the new telephony support in Windows 10 that's in the news too will add RCS support (I haven't bothered to check. Microsoft is part of the RCS consortium)

      What Google "Chat" is, I assume, is the number of the application that Google will foist on people.. they'll likely abuse it by datamining it. Though even then there could be permission checkboxes, or just not signing up to Google.
      But really, my impression is they're pulling an "AOL is the Internet" dick move ("Google Chat is the RCS")

  28. Russian asset snowden by Anonymous Coward · · Score: 0

    'CIA whistleblower Edward Snowden'

    How does this get printed still. At least be accurate:

    'GRU spy Edward Snowden'

  29. The First Rule by Anonymous Coward · · Score: 0

    The First Rule of trusting someone's opinion is knowing that they have their facts right. Edward Snowden is not a CIA whistleblower. So WADR, if you get that wrong, why should I trust your opinion which follows that? I shouldn't.

  30. Re:Why would anyone *EVER* **EVER** consider Googl by Anonymous Coward · · Score: 0

    absolutely, i would be soooo happy with a SMS from PC capability. Nuts that I can't have it (and no i'm not going to use a 3rd party app for it).

  31. Re: RCS is a standard. by Anonymous Coward · · Score: 0

    And what IM service should I sign up to?
    What will I use to send messages to my friends who don't install apps on their phone. People who don't have a google account, not even due to concerns, but because they don't need to - or who have a "gmail" they use on desktop/laptop, but stays there or in a browser perhaps.

  32. Re:Why would anyone *EVER* **EVER** consider Googl by Anonymous Coward · · Score: 0

    iMessage is some proprietary IM with SMS fallback?
    If Google did an exact copy of that, I think we would be talking about a new multi-billion dollar monopoly abuse lawsuit.

  33. "CHAT" Do they mean RCS by wardrich86 · · Score: 1

    Because "Chat" was just the fancy name they gave to RCS, which (to my knowledge). I don't think they really have anything to do with that... they just provided a convenient package for carriers to use to get RCS implemented. By that same logic, should we use the same case due to the fact that their Messages app uses SMS which is also completely devoid of encryption and security?

  34. Re: RCS is a standard. by Anonymous Coward · · Score: 0

    Just give me a dumb pipe to the internet.

    So you want sendto(). It already exists.

  35. Joe Westby should be fired by Anonymous Coward · · Score: 0

    first off he has no idea about telco protocols and the way that the world wide phone system works.

    Second he (and alot of people here) are confusing google and their "chat" app and RCS which are not the same. Google's "chat" is their new app that is going to use RCS to send messages, they are not interchangeable, chat is the app, RCS is the protocol.

    thirdly, as a technology and human rights researcher you would think that he would at least get Snowden's agency right, he blew the whistle on the NSA not the CIA.

  36. Re:Why would anyone *EVER* **EVER** consider Googl by Myrdos · · Score: 1

    Google Wave for the win!

  37. Re:Why would anyone *EVER* **EVER** consider Googl by Anonymous Coward · · Score: 0

    That's because Google no longer hires the smartest, which is something you can clearly see on the leaked internal memos. The only thing they can do now is hipster vector graphics.

  38. Pay attention people... by XSportSeeker · · Score: 1

    Yes, RCS is a replacement for SMS which is also not encrypted, but this is about Chat, the app that Google is packaging this protocol with standard in all Android phones in a near future, possibly in the next Android update.
    An no, just because RCS is a protocol doesn't mean it couldn't have included encryption there.
    It should have, but Google caved in to anti-privacy government and carrier demands.
    So the complaint still stands and is still fair.
    Stop apologizing for Google's crappy offerings.