Linked by Thom Holwerda on Thu 22nd Sep 2016 09:03 UTC
Google

Remember when Google said they wouldn't store messages in one of the company's new chat applications, Allo? Yeah, no.

The version of Allo rolling out today will store all non-incognito messages by default - a clear change from Google’s earlier statements that the app would only store messages transiently and in non-identifiable form. The records will now persist until the user actively deletes them, giving Google default access to a full history of conversations in the app. Users can also avoid the logging by using Allo’s Incognito Mode, which is still fully end-to-end encrypted and unchanged from the initial announcement.

Like Hangouts and Gmail, Allo messages will still be encrypted between the device and Google servers, and stored on servers using encryption that leaves the messages accessible to Google's algorithms.

For this reason alone, don't use Google Allo. But wait, there's more! There's also the backwards way it handles multiple devices and phone numbers - another reason to not use Google Allo. Sadly, even if you don't have Allo installed, you may still be forced to deal with it at some point because of some 'clever' tricks by Google Play Services on Android. If someone sends you an Allo message, but you don't have Allo installed, you'll get a special Android notification.

The notification lets you respond through text along (as opposed to stickers, photos or anything like that), or alternatively ignore it altogether. There's also a button taking you straight to the Play Store install page for Allo.

How can Google do this? The notification is generated by Google Play Services, which is installed on just about every Android phone, and updates silently in the background.

Don't use Google Allo.

Order by: Score:
so..
by Quikee on Thu 22nd Sep 2016 09:39 UTC
Quikee
Member since:
2010-07-06

You can use incognito mode if you want to say something "off the record". Otherwise, I'm OK if they log it (which is no different from Hangouts). At least this gives me hope that maybe they will add multi-device support in some form in the future.

Reply Score: 2

Comment by nej_simon
by nej_simon on Thu 22nd Sep 2016 09:42 UTC
nej_simon
Member since:
2011-02-11

For this reason alone, don't use Google Allo.


What's so controversial about that? That they changed the decision from what they initially said?

Reply Score: 2

EFF Secure Messaging Scorecard
by ptman on Thu 22nd Sep 2016 09:48 UTC
ptman
Member since:
2005-08-08

If you care about privacy and security, select your messaging platform based on

https://www.eff.org/secure-messaging-scorecard

Reply Score: 8

RE: EFF Secure Messaging Scorecard
by PJBonoVox on Thu 22nd Sep 2016 17:54 UTC in reply to "EFF Secure Messaging Scorecard"
PJBonoVox Member since:
2006-08-14

I don't see a column for 'do my contacts use it?' which is the primary decision making factor for most of us.

Reply Score: 3

l3v1 Member since:
2005-07-06

I don't see a column for 'do my contacts use it?'


I installed it, but when I saw I can't even tell who among my contacts is using it (since I'd never bother the others with it), I decided never to use it again. If they couldn't put such a very basic required functionality in, I won't bother to spend any time with it.

Reply Score: 2

RE: EFF Secure Messaging Scorecard
by Gargyle on Fri 23rd Sep 2016 11:43 UTC in reply to "EFF Secure Messaging Scorecard"
Gargyle Member since:
2015-03-27

Funny that Signal gets the maximum score, even though it still uses Google Cloud Messaging for the push notifications, thus enabling Google to get all of your information (except for the message contents, but that's actually not as important as it sounds) that you were trying to protect in the first place.

This (very hefty) issue on github explains it all: https://github.com/LibreSignal/LibreSignal/issues/37

In the end you as a consumer cannot trust a centralised service, because you cannot control what happens between the two end-points. The best (as in: usable and practical) alternative to using Signal (or WhatsApp or any other IM) is going from a centralised system to a federated one (like XMPP, but e-mail is also a fine example of a federated communications technology), only joining servers that you really trust (or just setup your own) and in the meantime don't let The Man let it stick it to you by gathering all your metadata.

Edited 2016-09-23 11:43 UTC

Reply Score: 2

Alfman Member since:
2011-01-28

Gargyle,

In the end you as a consumer cannot trust a centralised service, because you cannot control what happens between the two end-points. The best (as in: usable and practical) alternative to using Signal (or WhatsApp or any other IM) is going from a centralised system to a federated one (like XMPP, but e-mail is also a fine example of a federated communications technology), only joining servers that you really trust (or just setup your own) and in the meantime don't let The Man let it stick it to you by gathering all your metadata.


+1!

Federated protocols have so much potential. Decentralization puts control of our data and communications in our own hands, it's just a shame that corporate business models are so adamant that consumers remain tethered to their solos and force us to place our privacy in their hands.

Reply Score: 2

javispedro Member since:
2014-06-04

Please don't, and simply use XMPP rather than binding yourself to a specific "platform" again like the early 00s.

Reply Score: 1

darknexus Member since:
2008-07-15

Maybe we could, if xmpp weren't a mishmash of incompatible garbage between servers. But it is, so not a chance.

Reply Score: 2

Worst of both worlds?
by Lobotomik on Thu 22nd Sep 2016 10:07 UTC
Lobotomik
Member since:
2006-01-03

On one hand, it leaves the messages of presumably innocent users open to inspection: One day some judge might grant the police, or the health insurance company, or Apple Computer, or the Government of China, access to all your history for them to cherry pick your faults at leisure. What constitutes a fault may change with time and space, so somewhere, or some day, this may bite you.

On the other hand, it lets evil users secretly say evil things. If you know what you talk about is criminal or illegal, then you can leave no traces.

It somehow makes no sense.

But then, what they want is to index your messages as they already do with your email, in order to offer new useful features and at the same time serve you ads. Again, you trade privacy for free service. Is it THAT evil?

Reply Score: 5

Comment by sj87
by sj87 on Thu 22nd Sep 2016 10:27 UTC
sj87
Member since:
2007-12-16

The records will now persist until the user actively deletes them, giving Google default access to a full history of conversations in the app.

I don't think even this is true. The messages will always be stored at least twice: once for you and once for the recipient.

Reply Score: 2

Comment by ddc_
by ddc_ on Thu 22nd Sep 2016 10:34 UTC
ddc_
Member since:
2006-12-05

And here follows obligatory comment about how the grass used to be greener:

There used to be multiple services (ICQ, MSNm Yahoo Messenger, etc.), each with is own set of problems and its own walls around. People had to use multiple applications to chat with others, because there was no platform where all of your contacts would be.

Then there was Jabber (now XMPP). It was a state-of-art protocol at that time.¹ It specifically allowed for transports, so that you could have your ICQ, MSN, IRC, etc. contacts in your roster, and you could chat with them as if they were using the same software as you do.² Google, Facebook and many others used XMPP for their chat services. If you wanted to, you could turn on some encryption feature, and your communication was reasonably secure by contemporary standards. That did not work with Google's, Facebook's and many other implementations that were build around non-XMPP services, but at least there was a path forward.

Then Skype happened. People were sold en masse on voice and video communication, and were readily dismissing all the security, privacy and openness concerns citing Skype's dubious security measures. Skype itself dismissed popular demand for openness as inconvenient for spam fighting. Basically, Skype's position on every question was: "Just don't think about it. We did, and we chose the best option. Your back is covered." Apparently people bought in.

Fast forward a few years. Now there are again multiple services (WhatsApp, Viber, Skype, Facebook Messenger, Signal, Telegram), each with is own set of problems and its own set of walls around.³ People have to use multiple applications to chat with others, because there is no platform where all of your contacts are. Back to square one. Only this time the market is very hostile towards any attempts at cross-service compatibility or alternative clients. People are banned for using third-party clients. Either public attitude changed, or people sold out for stickers and slick UIs.

¹ It was a bad protocol from technical standpoint, but hey, others were no better.
² Sometimes things were broken. Eg. every now and then non-ASCII messaging with ICQ contacts was turning into mojibake because somewhere something was incorrectly encoded. But there were workarounds, and things were generally workable.
³ If you are about to reply with something like "But Signal and Telegram are free software!", please don't forget to mention the way I could send a message from Signal to Telegram and vice versa. Also note, Signal's server implementation used to be opensource, but it is proprietary now.

Reply Score: 9

RE: Comment by ddc_
by Licaon_Kter on Thu 22nd Sep 2016 10:44 UTC in reply to "Comment by ddc_"
Licaon_Kter Member since:
2010-03-19

This (was around here before, but its worth repeating): https://gultsch.de/xmpp_2016.html

And all these servers can talk to each other: https://gultsch.de/compliance.html

It's a user choice, again, get the easy route (phone number id and such) or get the secure route (Consversations and one of those servers that have a lot of green on their rows).

Reply Score: 3

RE[2]: Comment by ddc_
by WereCatf on Thu 22nd Sep 2016 12:21 UTC in reply to "RE: Comment by ddc_"
WereCatf Member since:
2006-02-15

XMPP is a fucking terrible protocol. It's outdated, there are a billion different competing extensions within it and the only feature that you can safely expect all the different XMPP-clients to share is text-chat -- nothing more. I can't for the life of me get file-transfers to work between Pidgin and Conversations, for example, and when I managed to get file-transfers to work between Conversations and other clients some clients happily accepted direct peer-to-peer transfers with good speeds, others resorted to the binary-to-text workaround and resulted in ~500Bps speeds, and so on. Hell, even saving a user-avatar was broken, what with several different incompatible extensions for it!

It's an enormous, freaking mess, and I am not surprised in the least that it never got any more popular than it is.

Reply Score: 2

RE[3]: Comment by ddc_
by Licaon_Kter on Thu 22nd Sep 2016 16:12 UTC in reply to "RE[2]: Comment by ddc_"
Licaon_Kter Member since:
2010-03-19

2 things:
* what extension (XEP) does your server support?
* Gajim is the recommended desktop program ( see https://trac.gajim.org/wiki/GajimXEPSupport )

Edited 2016-09-22 16:15 UTC

Reply Score: 1

RE[4]: Comment by ddc_
by WereCatf on Thu 22nd Sep 2016 16:25 UTC in reply to "RE[3]: Comment by ddc_"
WereCatf Member since:
2006-02-15

You do realize that having to worry about which clients support which extensions and which servers support which extensions is exactly the point I was making?

Reply Score: 2

RE[5]: Comment by ddc_
by Licaon_Kter on Thu 22nd Sep 2016 21:24 UTC in reply to "RE[4]: Comment by ddc_"
Licaon_Kter Member since:
2010-03-19

Yet you provided no solution either.

That's the whole point, the "lets use their closed system because we can't read some text" attitude, and then it's either "oh no, their rules text (privacy policy changed eg. Allo)" or "here, read a list of alternative chat clients, but reading is hard" apparently making end users sob.

Anyway, don't worry about XEPs, but then don't worry about what they record either, if you use their system. Oh, but you care? Then come and read those 2 links and you'll be up to date, making an informed choice.

Edited 2016-09-22 21:27 UTC

Reply Score: 2

RE[6]: Comment by ddc_
by WereCatf on Thu 22nd Sep 2016 21:32 UTC in reply to "RE[5]: Comment by ddc_"
WereCatf Member since:
2006-02-15

Yet you provided no solution either.


Indeed, I didn't. There isn't a good solution at the moment! I do wish there was, I ain't going to touch Allo or whatever, but XMPP sure ain't an acceptable alternative, either.

Reply Score: 2

RE: Comment by ddc_
by ptman on Thu 22nd Sep 2016 11:21 UTC in reply to "Comment by ddc_"
ptman Member since:
2005-08-08

Well said. I have some hope for https://matrix.org/

Reply Score: 1

RE: Comment by ddc_
by FooBat on Thu 22nd Sep 2016 13:16 UTC in reply to "Comment by ddc_"
FooBat Member since:
2016-09-08

Then there was Jabber (now XMPP). It was a state-of-art protocol at that time.¹ It specifically allowed for transports, so that you could have your ICQ, MSN, IRC, etc. contacts in your roster, and you could chat with them as if they were using the same software as you do.² Google, Facebook and many others used XMPP for their chat services. If you wanted to, you could turn on some encryption feature, and your communication was reasonably secure by contemporary standards. That did not work with Google's, Facebook's and many other implementations that were build around non-XMPP services, but at least there was a path forward.

Then Skype happened.

What are you talking about??? Skype was widespread long before Facebook happened. I remember Skype being abundant in times when MySpace was the facebook of the time.

Reply Score: 1

RE[2]: Comment by ddc_
by ddc_ on Thu 22nd Sep 2016 15:59 UTC in reply to "RE: Comment by ddc_"
ddc_ Member since:
2006-12-05

"Then" was supposed to mean "after Jabber". I don't think it is that important whether this or that particular service started to use XMPP before Skype or after.

Reply Score: 2

RE: Comment by ddc_
by phoenix on Thu 22nd Sep 2016 19:46 UTC in reply to "Comment by ddc_"
phoenix Member since:
2005-07-11

And here follows obligatory comment about how the grass used to be greener:

There used to be multiple services (ICQ, MSNm Yahoo Messenger, etc.), each with is own set of problems and its own walls around. People had to use multiple applications to chat with others, because there was no platform where all of your contacts would be.


Then there was Trillian, and all was right with the world. It didn't matter which service(s) you had friends on, you could communicate with them. Sure, you still had to sign up for each one, but you only had a single program to worry about using. ;)

Back to square one. Only this time the market is very hostile towards any attempts at cross-service compatibility or alternative clients. People are banned for using third-party clients. Either public attitude changed, or people sold out for stickers and slick UIs.


This is the big issue nowadays. Each service is now very user-hostile and antagonistic against anyone that tries to create bridges between services. ;) Everyone wants to monopolise eyeballs and feed everything through their own apps/servers to better feed their data analytics engines.

Where's the mobile version of Trillian?

Reply Score: 2

RE[2]: Comment by ddc_
by darknexus on Thu 22nd Sep 2016 20:10 UTC in reply to "RE: Comment by ddc_"
darknexus Member since:
2008-07-15

Where's the mobile version of Trillian?

I think it used to be called IM+ Pro. Actually there was (maybe still is?) a mobile version of Trillian, but in order to use it you had to sign up for their cloud account. Screw that. I have to deal with enough accounts already.

Reply Score: 2

Comment by Licaon_Kter
by Licaon_Kter on Thu 22nd Sep 2016 10:47 UTC
Licaon_Kter
Member since:
2010-03-19
Google Play Services
by jbauer on Thu 22nd Sep 2016 10:48 UTC
jbauer
Member since:
2005-07-06

How can Google do this? The notification is generated by Google Play Services, which is installed on just about every Android phone, and updates silently in the background.


No wonder standby battery drain is awful on Android. Google is just taking us for fools with Doze and their pitiful attempts to pretend they're tackling the issue while actually making it worse at the same time.

Reply Score: 1

RE: Google Play Services
by nej_simon on Thu 22nd Sep 2016 12:25 UTC in reply to "Google Play Services"
nej_simon Member since:
2011-02-11

"How can Google do this? The notification is generated by Google Play Services, which is installed on just about every Android phone, and updates silently in the background.


No wonder standby battery drain is awful on Android. Google is just taking us for fools with Doze and their pitiful attempts to pretend they're tackling the issue while actually making it worse at the same time.
"

Other mobile operating systems doesn't upgrade apps automatically?

Reply Score: 2

RE: Google Play Services
by Gargyle on Fri 23rd Sep 2016 11:55 UTC in reply to "Google Play Services"
Gargyle Member since:
2015-03-27

If you feel brave enough, you can always attempt to replace Google Play Services and GMSCore with the MicroG-implementation.

That way there is no way for Google to pull these tricks anymore, nor is there the resulting battery drain.

Reply Score: 1

Notifications
by nicubunu on Thu 22nd Sep 2016 12:25 UTC
nicubunu
Member since:
2014-01-08

I see no problem with displaying simple notifications when the app isn't installed. Is better than missing messages.

Reply Score: 2

RE: Notifications
by darknexus on Thu 22nd Sep 2016 13:44 UTC in reply to "Notifications"
darknexus Member since:
2008-07-15

Let's see if you see a problem when it's an obvious ad, instead of an ad disguised as a notification.

Reply Score: 2

RE[2]: Notifications
by nicubunu on Thu 22nd Sep 2016 14:03 UTC in reply to "RE: Notifications"
nicubunu Member since:
2014-01-08

I already get ads by SMS

Reply Score: 2

Forget about the law
by grahamtriggs on Thu 22nd Sep 2016 14:17 UTC
grahamtriggs
Member since:
2009-05-27

Interesting that everyone jumps to law enforcement, nefarious companies, etc. as the reason to not have their messages stored.

At that level, most people just need to get over themselves - what they say isn't that interesting, isn't that controversial, and isn't going to get them into trouble. Unless they've actually warranted it...

But, there is an issue with storing data - and that is around sensitivity. If the information is stored in the cloud, then it's a target for hackers. I don't care about the cops reading my texts - but when I text someone my address so that they can visit, etc. then maybe I am worried about criminals getting hold of some the information that I text.

Assuming that you trust Google to manage that security, most people would actually see benefits from having their information stored. Lose or break your phone? Want to switch from Android to iPhone, or back again? No problem - just get a device with All, and you haven't lost any of that information.

As ever, knee jerk reactions and hyperbole aren't useful, evaluate what products do and don't do, and use them (or not) appropriately.

Reply Score: 1

RE: Forget about the law
by cb88 on Thu 22nd Sep 2016 16:00 UTC in reply to "Forget about the law"
cb88 Member since:
2009-04-23

The problem with storing conversations... is that if they can access it they can also fake it... if you ever do get important enough for anyone to care. Or on the off chance that someone with access decides to steamroll you because you made them mad etc...

Personally I think technologies like Tox are the answer... all the data is stored encrypted locally (if I want to back it up I can do that too but it's encrypted in the backup) Also most clients use the core library so... they are all on the same page interoperability wise similar to Telegram although I think they do this at the spec/API level.

Hopefully they add multi-device support soon to toxcore (its on the TODO but probably not before the end of the year unless someone coughs up the cash to get the ball rolling)

Reply Score: 4

RE: Forget about the law
by Alfman on Thu 22nd Sep 2016 16:13 UTC in reply to "Forget about the law"
Alfman Member since:
2011-01-28

grahamtriggs,

At that level, most people just need to get over themselves - what they say isn't that interesting, isn't that controversial, and isn't going to get them into trouble. Unless they've actually warranted it...

But, there is an issue with storing data - and that is around sensitivity. If the information is stored in the cloud, then it's a target for hackers. I don't care about the cops reading my texts - but when I text someone my address so that they can visit, etc. then maybe I am worried about criminals getting hold of some the information that I text.

...
As ever, knee jerk reactions and hyperbole aren't useful, evaluate what products do and don't do, and use them (or not) appropriately.


I don't know if it's fair to call it hyperbole though. Data collection is far more pervasive now than for previous generations. These days people can easily ruin their futures by doing things that people have always done, with the difference being that so much more of it is being recorded.

Heck, there are political things that are risky to talk about. For example, it could affect the residency status of green-card holders like myself just for having a negative opinion. This is all the more relevant because an openly nationalist bigot like Trump with no respect for civil rights or the law might well call on the NSA and secret courts to use our data against us in ways that are unexpected and even unlawful. And unfortunately it's not just the US, we don't have a good grasp on how our digital trails might be used in the future.

Now maybe you think it's exaggerated, but mark my words, if we take our privacy for granted, then we will loose it, and powerful people with an agenda will probably try to exploit it.

Edited 2016-09-22 16:13 UTC

Reply Score: 4

RE: Forget about the law
by MysterMask on Thu 22nd Sep 2016 20:50 UTC in reply to "Forget about the law"
MysterMask Member since:
2005-07-12

At that level, most people just need to get over themselves - what they say isn't that interesting


So why does Google use money and put effort into storing those messages?

Pretty naive to think things happen just because Larry found some old spare hard drives lying around at Google and used them for a fun holiday project out of boredom ..

Reply Score: 2

RE[2]: Forget about the law
by Alfman on Thu 22nd Sep 2016 23:38 UTC in reply to "RE: Forget about the law"
Alfman Member since:
2011-01-28

MysterMask,

Pretty naive to think things happen just because Larry found some old spare hard drives lying around at Google and used them for a fun holiday project out of boredom ..


Google corporate policy requires all user data to be kept whenever possible unless the project manager gets a signed exemption from the executives.

[/sarcasm]

Reply Score: 2

RE: Forget about the law
by ilovebeer on Thu 22nd Sep 2016 23:51 UTC in reply to "Forget about the law"
ilovebeer Member since:
2011-08-08

Interesting that everyone jumps to law enforcement, nefarious companies, etc. as the reason to not have their messages stored.

At that level, most people just need to get over themselves - what they say isn't that interesting, isn't that controversial, and isn't going to get them into trouble. Unless they've actually warranted it...

The issue isn't that people believe their conversations are `that interesting`, it's that people don't like to be spied on. People don't like everything they say and do to be recorded. It's not fear of being caught for illegal activities, it's simple principle and a right people are supposed to have under the fourth amendment.

We've reached a point where opinions are held against you - opinions that shouldn't be public to begin with and should certainly be protected by privacy. Opinions, not actions but opinions! The more information logging, the more people are abused by it over things they used to and shouldn't have to worry about.

We live in a world right now where you can't trust the apps you use, the OS your devices need to work, or even the hardware itself. It's actually worse than that because you don't even speak freely in the privacy of your own home. If your phone isn't recording, it's your tv. If it's not your tv, it's your........ Normal human beings tend to have a problem with that.

Reply Score: 4

RE[2]: Forget about the law
by Alfman on Fri 23rd Sep 2016 00:42 UTC in reply to "RE: Forget about the law"
Alfman Member since:
2011-01-28

ilovebeer,

We live in a world right now where you can't trust the apps you use, the OS your devices need to work, or even the hardware itself. It's actually worse than that because you don't even speak freely in the privacy of your own home. If your phone isn't recording, it's your tv. If it's not your tv, it's your........ Normal human beings tend to have a problem with that.


Just this week I came across this post (from a few months back) by a manager for Visual Studio. Apparently VS15 added proprietary tracking code to compiled binaries, which resulted in telemetry data for 3rd party apps getting transmitted to microsoft through one of it's telemetry channels. The post revealed that a new build of VS would be removing said feature, but the comments reveal just how shocking it was to developers that MS had added it their executables without their consent to begin with. It was uncovered by a developer debugging his own software.

Take note that the recommended fix is to add notelemetry.obj to your project to override the feature because VS15 was designed with no option to disable it.

https://www.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_te...
hi everyone. This is Steve Carroll, the dev manager for the Visual C++ team.

Tl;dr: thanks folks for the feedback. Our team will be removing this from our static libs in Update 3.

Our intent was benign – our desire was to build a framework that will help investigate performance problems and improve the quality of our optimizer should we get any reports of slowdowns or endemic perf problems in the field.

We apologize for raising the suspicion levels even further by not including the CRT source, this was just an oversight on our part. Despite that, some of you already investigated how this mechanism works in nice detail. As you have already called out, what the code does is trigger an ETW event which, when it’s turned on, will emit timestamps and module loads events. The event data can only be interpreted if a customer gives us symbol information (i.e. PDBs) so this data is only applicable to customers that are actively seeking help from us and are willing to share these PDBs as part of their investigation. We haven’t actually gone through this full exercise with any customers to date though, and we are so far relying on our established approaches to investigate and address potential problems instead.

We plan to remove these events in Update 3. In the meantime, to remove this dependency in Update 2, you should add notelemetry.obj to your linker command line. If you’re generally concerned about phone-home scenarios, more information about how to configuring Windows 10 appropriately to your needs can be found here: https://technet.microsoft.com/en-us/itpro/windows/manage/configure-w...

Thanks.

Reply Score: 2

RE: Forget about the law
by Morgan on Fri 23rd Sep 2016 00:51 UTC in reply to "Forget about the law"
Morgan Member since:
2005-06-29

This is why I'm dumping Hangouts and FB messenger and going back to plain old SMS and email. Not iMessage either, but the 30+ year old texting and messaging technologies that were good enough for my parents, dammmit! If the three letter agencies are that concerned about what I text to my wife, my best friend, my mom, and my sister; well, let them look. They obviously have too much time on their hands.

If I ever do have something to say that I want to keep hidden I'll be sure to use a secure platform, even if that means a handwritten cypher passed via sneaker net. I simply can't think of a single thing I've said via third party or even first party messaging services that would be a security concern; I save that stuff for face to face conversations.

That said, I'm only speaking for myself. The world does need a better option, and I really hope someone, somewhere creates a truly secure end to end encrypted messaging protocol that is fully open source. There is Signal, but it only works on smartphones, and only those by Apple and Google (to function properly, the Chrome extension must connect to an Android device with Signal installed, which is bonkers). It's also not 100% open source, as the voice component is still proprietary[1]. We need something that is truly cross platform, that works with any Internet connection on any device, and is actually 100% open source. Anything less would be untrustworthy by default.

[1] http://news.softpedia.com/news/wire-drops-lawsuit-alleging-extortio...

Reply Score: 2

RE[2]: Forget about the law
by darknexus on Fri 23rd Sep 2016 13:25 UTC in reply to "RE: Forget about the law"
darknexus Member since:
2008-07-15

This is why I'm dumping Hangouts and FB messenger and going back to plain old SMS and email.

And that's supposed to help you... how? Carriers keep your SMS, and will share it at minimum with law enforcement. E-mail? Who, precisely, are the primary email providers? It doesn't matter one bit if you don't use them. It only matters that the people you email do. Same goes for your carrier: even if your carrier didn't log your SMS, your recipient's carrier probably does.
Tl;dr: Even if you are secure on your end, you can't guarantee the recipient is.

Reply Score: 3

RE[3]: Forget about the law
by Morgan on Fri 23rd Sep 2016 15:06 UTC in reply to "RE[2]: Forget about the law"
Morgan Member since:
2005-06-29

You didn't read my entire comment obviously. I said I'm using SMS and email for non-secure communication. If I ever need secure communication I know how and where to do that. I also said we need a better secure chat option than what we currently have for the folks who do need to communicate privately all the time.

If you'll scroll up and actually fucking read what I wrote, I wouldn't have to repeat myself to you.

Reply Score: 2

RE[4]: Forget about the law
by darknexus on Fri 23rd Sep 2016 18:57 UTC in reply to "RE[3]: Forget about the law"
darknexus Member since:
2008-07-15

I did. But if you really are using these for only non-secure information, again, what good does that do you? Google, Yahoo, etc still know it's you who said what, unless you refuse to send email to anyone who uses any of the big email providers. Your carrier and recipient's carrier still know it's you. I just don't see what you're gaining. And if that recipient has Facebook/Twitter/whatever and doesn't check their cookie settings, they know about you anyway as well. About the only thing you might accomplish is keeping yourself away from iMessage, for whatever good that is.
I guess it just seems to me like we've already lost unless we actually do take steps to use secure communication completely. I've thought about moving my email account off Gmail but what's the point? 95% of my contacts are on Gmail and would be no matter what I might do. The rest are on outlook.com (via hotmail's migration) years ago. There might be one Yahoo address in there somewhere. So, anything I emailed to them would be indexed anyway. I've lost before I've begun, and any so-called freedom from data analytics would be a placebo at best.

Reply Score: 2

RE[5]: Forget about the law
by Morgan on Sat 24th Sep 2016 00:41 UTC in reply to "RE[4]: Forget about the law"
Morgan Member since:
2005-06-29

I've lost before I've begun, and any so-called freedom from data analytics would be a placebo at best.


That's exactly what I'm saying, I don't know why you're being so contrary. I'm going back to plain SMS and email because even if I tried to use more secure channels, it would still all be indexed and sifted through, so I may as well use rock-solid, dependable, never-going-away services that literally everyone has access to. It simplifies my communication. No, I'm not gaining anything on a security front, but I never said I was. What I am gaining is simplicity and dependability.

Again, if I ever need secure communication I know how to do that, and anyone I would need to chat with securely would also know how.

Reply Score: 2

RE[3]: Forget about the law
by Gargyle on Fri 23rd Sep 2016 16:49 UTC in reply to "RE[2]: Forget about the law"
Gargyle Member since:
2015-03-27

"This is why I'm dumping Hangouts and FB messenger and going back to plain old SMS and email.

And that's supposed to help you... how? Carriers keep your SMS, and will share it at minimum with law enforcement. E-mail? Who, precisely, are the primary email providers? It doesn't matter one bit if you don't use them. It only matters that the people you email do. Same goes for your carrier: even if your carrier didn't log your SMS, your recipient's carrier probably does.
Tl;dr: Even if you are secure on your end, you can't guarantee the recipient is.
"

Both SMS and e-mail you can encrypt without online exchange of keys.

For SMS there is TextSecure (or the fork: SilenceIM), for e-mail there is PGP. Sure, they can intercept the contents but not decipher it.

Edited 2016-09-23 16:49 UTC

Reply Score: 1

RE[4]: Forget about the law
by darknexus on Fri 23rd Sep 2016 18:58 UTC in reply to "RE[3]: Forget about the law"
darknexus Member since:
2008-07-15

For SMS there is TextSecure (or the fork: SilenceIM), for e-mail there is PGP. Sure, they can intercept the contents but not decipher it.

And you're going to convince your friends, all of them, to use these things which take extra effort on their part? I don't think so.

Reply Score: 2

RE: Forget about the law
by kwan_e on Fri 23rd Sep 2016 13:35 UTC in reply to "Forget about the law"
kwan_e Member since:
2007-02-18

what they say isn't that interesting, isn't that controversial, and isn't going to get them into trouble. Unless they've actually warranted it...
.
.
.
As ever, knee jerk reactions and hyperbole aren't useful, evaluate what products do and don't do, and use them (or not) appropriately.


https://www.theguardian.com/world/2013/aug/01/new-york-police-terror...

God help you if you had a brown sounding name, or if they decided to knock down your front door, you happened to be black at the time.

Reply Score: 3

Tough choice
by fretinator on Thu 22nd Sep 2016 14:51 UTC
fretinator
Member since:
2005-07-06

But I guess I'll stick with Google Wave.

Reply Score: 3

Or even better
by MysterMask on Thu 22nd Sep 2016 20:28 UTC
MysterMask
Member since:
2005-07-12

Don't use Google.

"If you're not paying for something, you're not the customer; you're the product being sold."
-- Andrew Lewis


Edited 2016-09-22 20:35 UTC

Reply Score: 3