Encryption in Google Allo is not on by default

by Volker Weber

The changes also suggest that parties at a much higher pay scale than Duong's are highly resistant to providing the type of end-to-end encryption that's on by default in messaging apps such as Signal and WhatsApp.

Very good analysis by Ars Technica. Allo does not make any sense to Google, if they cannot listen to your conversation. Hangouts does not have it, Talk did not have it. And in Allo you have to turn it on each and every time. For Google to do its magic it needs to know what you are talking about.

More >

Comments

I'm glad Whatsapp now encrypts everything by default. I never thought I'd prefer Whatsapp over a Google solution... but hey, still time to learn ;-)

Markus Dierker, 2016-05-21

To be fair, the headline should probably specify end-to-end encryption. This issue is more nuanced than it appears.
The traffic is encrypted (https) when leaving the phone, it's just not end-to-end encrypted *within the phone*. This means people can't sniff you traffic externally, but Google assistant can 'help you'. You know, like Clippy.

Craig Wiseman, 2016-05-21

The bar has been raised. End-to-end encryption is the only thing that counts for data in transit.

You could switch it off for Google to listen. But it has to be on by default.

Volker Weber, 2016-05-21

Craig, *on the phone* the data exists in unencrypted form necessarily. Otherwise the app couldn't show you the message you received. The point of end-to-end encryption is that the data is encrypted at the sending application and is only decrypted at the receiving application. However, what Google needs is access to the data in their data center and thus the sending app uses HTTPS to encrypt the data on its way to the server, where it is decrypted (and open for analysis, long-term storage, whatever the server owner wants). For the way to the receiving end, it is again encrypted using HTTPS.

There are a number of attack scenarios and privacy concerns towards this setup which are not applicable or as easily applicable to true end-to-end encryption.

Ragnar Schierholz, 2016-05-22

Recent comments

Volker Weber on tizi Schlitzohr at 19:01
Wolfram Votteler on tizi Schlitzohr at 18:57
Karl Heindel on Useful gestures for iPad Pro at 15:57
Volker Weber on Useful gestures for iPad Pro at 13:30
Robert Kurt on Useful gestures for iPad Pro at 13:28
Ingo Seifert on Useful gestures for iPad Pro at 10:00
Jochen Schug on Useful gestures for iPad Pro at 07:05
Oliver Stör on Useful gestures for iPad Pro at 23:31
Thomas Holzapfel on Ab morgen :: Surface Pro 6 und Surface Laptop 2 at 16:46
Volker Weber on Ab morgen :: Surface Pro 6 und Surface Laptop 2 at 15:07
Thomas Holzapfel on Ab morgen :: Surface Pro 6 und Surface Laptop 2 at 14:57
Volker Weber on Siri has completely replaced Alexa at 14:55
Volker Weber on Ab morgen :: Surface Pro 6 und Surface Laptop 2 at 14:47
Thomas Holzapfel on Ab morgen :: Surface Pro 6 und Surface Laptop 2 at 14:43
Volker Weber on Lass das Swipen und like das Leben at 09:43
Jens Arne Männig on Lass das Swipen und like das Leben at 09:37
Andreas Linde on Weitergehen. Keine Haufen bilden. at 09:13
Manfred Wiktorin on Lass das Swipen und like das Leben at 09:10
Ole Saalmann on Weitergehen. Keine Haufen bilden. at 08:31
Mariano Kamp on Weitergehen. Keine Haufen bilden. at 08:00
Volker Weber on Weitergehen. Keine Haufen bilden. at 07:43
Mariano Kamp on Weitergehen. Keine Haufen bilden. at 22:59
Jonas Rathert on Stream Spotify on Apple Watch at 22:46
Thomas Cloer on Siri has completely replaced Alexa at 16:49
Andreas Pfau on Siri has completely replaced Alexa at 13:02

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 20:06

visitors.gif

buy me coffee