Encryption in Google Allo is not on by default

by Volker Weber

The changes also suggest that parties at a much higher pay scale than Duong's are highly resistant to providing the type of end-to-end encryption that's on by default in messaging apps such as Signal and WhatsApp.

Very good analysis by Ars Technica. Allo does not make any sense to Google, if they cannot listen to your conversation. Hangouts does not have it, Talk did not have it. And in Allo you have to turn it on each and every time. For Google to do its magic it needs to know what you are talking about.

More >

Comments

I'm glad Whatsapp now encrypts everything by default. I never thought I'd prefer Whatsapp over a Google solution... but hey, still time to learn ;-)

Markus Dierker, 2016-05-21

To be fair, the headline should probably specify end-to-end encryption. This issue is more nuanced than it appears.
The traffic is encrypted (https) when leaving the phone, it's just not end-to-end encrypted *within the phone*. This means people can't sniff you traffic externally, but Google assistant can 'help you'. You know, like Clippy.

Craig Wiseman, 2016-05-21

The bar has been raised. End-to-end encryption is the only thing that counts for data in transit.

You could switch it off for Google to listen. But it has to be on by default.

Volker Weber, 2016-05-21

Craig, *on the phone* the data exists in unencrypted form necessarily. Otherwise the app couldn't show you the message you received. The point of end-to-end encryption is that the data is encrypted at the sending application and is only decrypted at the receiving application. However, what Google needs is access to the data in their data center and thus the sending app uses HTTPS to encrypt the data on its way to the server, where it is decrypted (and open for analysis, long-term storage, whatever the server owner wants). For the way to the receiving end, it is again encrypted using HTTPS.

There are a number of attack scenarios and privacy concerns towards this setup which are not applicable or as easily applicable to true end-to-end encryption.

Ragnar Schierholz, 2016-05-22

Recent comments

Samuel Orsenne on Ed Bott :: How to master Microsoft's free cloud storage at 15:08
Volker Weber on Ed Bott :: How to master Microsoft's free cloud storage at 12:08
Axel Koerv on Ed Bott :: How to master Microsoft's free cloud storage at 11:59
Volker Weber on Puzzling Surface Health Report at 10:59
Markus Dierker on Puzzling Surface Health Report at 09:51
Frank van Rijt on Ed Bott :: How to master Microsoft's free cloud storage at 08:29
Stephan H. Wissel on Puzzling Surface Health Report at 02:57
Volker Weber on A hot Apple autumn at 19:45
John Head on A hot Apple autumn at 19:21
Johannes Matzke on A hot Apple autumn at 16:28
Uwe Brahm on Microsoft Office 365 :: Dilettantischer Service at 15:41
Volker Weber on Microsoft Office 365 :: Dilettantischer Service at 15:25
Torben Volkmann on Microsoft Office 365 :: Dilettantischer Service at 15:13
Jens Nullmeyer on A hot Apple autumn at 15:09
Ingo Harpel on Microsoft Office 365 :: Dilettantischer Service at 14:46
Ragnar Schierholz on Microsoft Office 365 :: Dilettantischer Service at 13:50
Hubert Stettner on Microsoft Office 365 :: Dilettantischer Service at 10:02
Stefan Dorscht on Microsoft Office 365 :: Dilettantischer Service at 09:56
Heiko Voigt on Microsoft Office 365 :: Dilettantischer Service at 09:55
Moritz Dahlmann on Microsoft Office 365 :: Dilettantischer Service at 08:57
Volker Weber on Microsoft Office 365 :: Dilettantischer Service at 08:23
Jan Tietze on Microsoft Office 365 :: Dilettantischer Service at 00:32
Axel Koerv on Microsoft Office 365 :: Dilettantischer Service at 23:33
Roland Dressler on Dichtung und Wahrheit am Internetanschluss at 20:15
Marc Beckersjuergen on Dichtung und Wahrheit am Internetanschluss at 18:57

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 05:22

visitors.gif

buy me coffee