Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday April 22 2018, @04:29PM   Printer-friendly
from the Uou-say-good-bye-and-I-say-Allo-Allo-Allo dept.

Google is 'pausing investment' in Allo

If you've been using Google's messaging app, Allo, it's probably a good time to start thinking about switching to something else. The app isn't getting dropped in a Google-style "Spring Cleaning," but development on the app is being "paused." Specifically, the new head of the communications group at Google, Anil Sabharwal, has made the decision to "pause investment" in Allo and move that team over to focus on Android Messages.

As we explain in our exclusive feature, the move is necessary because Google is going all in on Rich Communication Services, or RCS. The service will be branded "Chat" once carriers launch it, and Google wants to apply as many resources as possible to make sure that this time, finally, Android has a successful messaging app.

Amnesty International has criticized the move:

Responding to Google's launch of a new messaging service for Android phones, Amnesty International's Technology and Human Rights researcher Joe Westby said:

"With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications.

Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers.

"Not only does this shockingly retrograde step leave Google lagging behind its closest competitors - Apple's iMessage and Facebook's WhatsApp both have end-to-end encryption in place by default - it is also a step backwards from the company's previous attempts at online messaging. Google's own app Allo has an option for end-to-end encryption but the company says it will no longer invest in it."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Sunday April 22 2018, @04:56PM (25 children)

    by Anonymous Coward on Sunday April 22 2018, @04:56PM (#670395)

    It's unbelievable that it's still so hard to find a reliable, simple, long-lived means by which to transfer data from one person to another.

    It's crazy.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 1, Funny) by Anonymous Coward on Sunday April 22 2018, @05:12PM (6 children)

    by Anonymous Coward on Sunday April 22 2018, @05:12PM (#670401)
    • (Score: 1) by Ethanol-fueled on Sunday April 22 2018, @08:15PM (5 children)

      by Ethanol-fueled (2792) on Sunday April 22 2018, @08:15PM (#670463) Homepage

      I don't get it. Is there something about this webcomic that's supposed to be funny or witty? I think Dilbert is funny but have a lot of friends who don't "get it," and I feel like that now with this webcomic.

      • (Score: 0) by Anonymous Coward on Monday April 23 2018, @12:41AM (1 child)

        by Anonymous Coward on Monday April 23 2018, @12:41AM (#670549)

        You're at the low end of the bell curve.

        • (Score: 0) by Anonymous Coward on Monday April 23 2018, @01:03AM

          by Anonymous Coward on Monday April 23 2018, @01:03AM (#670556)

          Why? Because he doesn't find a specific thing to be funny? Even if I understand the point of an xkcd comic, I only very rarely laugh and instead quietly agree with the point and move on.

      • (Score: 3, Insightful) by Runaway1956 on Monday April 23 2018, @11:28AM (2 children)

        by Runaway1956 (2926) Subscriber Badge on Monday April 23 2018, @11:28AM (#670685) Journal

        It's not "funny", exactly. It's merely an observation. Despite the fact that the internet has been in wide use for decades now, the average Joe can't do the simplest of things. He won't learn how to set up an FTP server, or even how to connect to one. Instead, he relies on crappy proprietary junk that spies on him. Or, in the case in the comic, they just give up and snail mail, or sneaker net, or some other mundane "solution". It's kinda ironic that our high tech society can't figure out simple solutions to common problems.

        All of which is applicable to this thread.

        • (Score: 3, Touché) by PiMuNu on Monday April 23 2018, @01:02PM (1 child)

          by PiMuNu (3823) on Monday April 23 2018, @01:02PM (#670719)

          > He won't learn how to set up an FTP server

          Sorry, I went into rant mode...

          Not even that - it's a great big pain in the butt to set up an FTP server over domestic network. Who has x hours to spare to figure out how to poke firewall holes in whatever router they are using. What about figuring out workaround for dynamic IP allocation? Finding and installing some FTP server software? Decent client software? You just sunk *at least* 6 hours of my time. I get about 1 hour free time per day, so that is a week's work, which displaces all of the other stuff I could have been doing, like spending time with my family.

          So yeah, dropbox and let them suck up my metadata and sell it to the highest bidder.

          As a random example I spent a couple of hours trying to set up AWS to make a basic website. I didn't manage to get a functional website even using their "easy setup" stuff. I consider myself to be reasonably technically competent - e.g. I am a software guy with 10 years of experience, few software languages and 10 years experience running various linux boxes and stuff. Given a day or two, I am sure I could get something functional... but who has a day or two to dump into this stuff?

          • (Score: 1, Funny) by Anonymous Coward on Monday April 23 2018, @04:55PM

            by Anonymous Coward on Monday April 23 2018, @04:55PM (#670794)

            people should know this:
            HTTP(s) "is" ftp but with "inbetween seek and resume". also it doesn't need a "control port".
            so just installing APACHE (there's a windows version too ... aaaannnndddd the coffee again comes out the wrong hole in the head)
            and drop the file "my_first_birthday_party.mp4" into the /htdocs folder.
            methinks UPnp is an abomination but would be rather handy in this case ... so next open the firewall for the default port (hint:80)
            and do a port-fowarding.
            next, email your dynamic-changing-IP address and the "filename" if /htdocs (document root has been configured non-browsable).
            last, pray, that by the time the receiver gets the email, that your IP address hasn't changed and the info is stale and you go to prison
            because you "unauthorizedly" accessed the web-config portal of some other users internet router (which is still listening and open on port 80 to the interwebZ).
            -
            see it's that simple!
            if you want to crack some real nuts, try the above but with the "s" in http!

  • (Score: 0) by Anonymous Coward on Sunday April 22 2018, @05:34PM (1 child)

    by Anonymous Coward on Sunday April 22 2018, @05:34PM (#670408)

    stone (tablets, walls, pyramids, etc) are your best option for longevity.

    • (Score: 2) by maxwell demon on Sunday April 22 2018, @05:59PM

      by maxwell demon (1608) on Sunday April 22 2018, @05:59PM (#670415) Journal

      However pyramids clearly fail the "simple" criterion.

      --
      The Tao of math: The numbers you can count are not the real numbers.
  • (Score: 3, Interesting) by Anonymous Coward on Sunday April 22 2018, @06:26PM (15 children)

    by Anonymous Coward on Sunday April 22 2018, @06:26PM (#670422)

    a friend of mine tried to get me to install signal.

    it requires a phone with active valid number with a harvestable contact list, to run it on a desktop. it won't run on a desktop without syncing to that phone you can prove is yours.

    fuck that

    encrypted isn't secure when your goal is privacy. signal doesn't need to know who's on my contact list, and their helpful benefit of finding out who in it has signal.. what if I don't want those people to know because I intend to contact one or two people specifically? nope. wizards know best, and the lack of privacy is security.

    eventually, we installed an xmpp compatible server and ssl encryption on the client/server connection. but it was a private cert and so the friends that dont understand how any of it works were more afraid of the scary "this wasn't a cert from someone else's computer we approve of!" than the EULA of the signal program.

    i dont know how to get people to understand how much it costs to get things for free and how much effort it takes to undo the damage of effortless.

    • (Score: -1, Troll) by Anonymous Coward on Sunday April 22 2018, @06:38PM

      by Anonymous Coward on Sunday April 22 2018, @06:38PM (#670428)

      Your friends wouldn't be so scared if there were happy little app for helping them maintain a proper web of trust, but nobody has ever seemed to get that to work.

      I blame GNU, which tends to take simple ideas, elevate minutiae, and then submerge the whole thing in obscure ideology. GnuPG is an example; I suppose it doesn't help that it has received funding from the government in Germany, a place where people are known for their complicated over-engineering.

      Is the problem really that hard? Or is there a formidable foe arrayed against a workable solution?

    • (Score: 5, Informative) by frojack on Sunday April 22 2018, @07:18PM (2 children)

      by frojack (1554) on Sunday April 22 2018, @07:18PM (#670449) Journal

      it requires a phone with active valid number with a harvestable contact list, to run it on a desktop. it won't run on a desktop without syncing to that phone you can prove is yours.

      Half true.

      Full truth here: https://support.signal.org/hc/en-us/articles/115005045728-Does-Signal-send-my-number-to-my-contacts- [signal.org]
      No names is harvested. No numbers are retained.

      There are many ways to use signal without giving out your actual phone number. All of them a bit tricky.
      https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/ [theintercept.com]

      Signal devs has mentioned that they may be coming up with an alternate number option. [reddit.com] The problem here is one of making that number unique and letting others know what it is. That would make using signal without an actual phone much easier, and make it easier to set up the desktop client.

      But you know that any SERVICE that can send messages to you has to have you registered in some way. Even XMPP has to know how to route your connection in order to send your encrypted messages. Pick an xmpp server in some foreign place (beyond the reach of a warrant), one that advertises they they don't even keep connection logs. Get a free cert from lets encrypt for your own server (A raspberry PI ought to work for this.) But even that will need an IP address.

      At least with signal, once your contact and you both get signal running, there is no logging that actual calls or messages even took place, let alone what was said.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 0) by Anonymous Coward on Sunday April 22 2018, @08:17PM

        by Anonymous Coward on Sunday April 22 2018, @08:17PM (#670464)

        Of course, all of these discussions end up at the same place: A working Web of Trust, where endpoints are identified with public keys.

      • (Score: 0) by Anonymous Coward on Monday April 23 2018, @07:22PM

        by Anonymous Coward on Monday April 23 2018, @07:22PM (#670842)

        The whole "we have to identify you to get you your stuff" is bullshit. Service could be fully centralized, semi-centralized, or totally decentralized mesh/blockchain whatever and trivially allow users to find messages meant for them without identifying or being tracked.

    • (Score: 0, Redundant) by Ethanol-fueled on Sunday April 22 2018, @08:19PM (2 children)

      by Ethanol-fueled (2792) on Sunday April 22 2018, @08:19PM (#670465) Homepage

      Android Studio is your friend, buddy. You can bullshit any goddamn thing you like if you set it up properly, although that's a lot more of a hassle than just putting up with signal's bullshit.

      • (Score: 0) by Anonymous Coward on Sunday April 22 2018, @11:18PM (1 child)

        by Anonymous Coward on Sunday April 22 2018, @11:18PM (#670517)

        Please quit posting stupid.

        • (Score: 0) by Anonymous Coward on Monday April 23 2018, @11:32AM

          by Anonymous Coward on Monday April 23 2018, @11:32AM (#670686)

          Fine - we'll stop posting you. And, please don't open the letter we dropped into the mailbox yesterday.

    • (Score: 0, Redundant) by Anonymous Coward on Sunday April 22 2018, @10:17PM (7 children)

      by Anonymous Coward on Sunday April 22 2018, @10:17PM (#670505)

      Your friends wouldn't be so scared if there were a happy little app for helping them maintain a proper web of trust, but nobody has ever seemed to get that to work.

      I blame GNU, which tends to take simple ideas, elevate minutiae, and then submerge the whole thing in obscure ideology. GnuPG is an example; I suppose it doesn't help that it has received funding from the government in Germany, a place where people are known for their complicated over-engineering.

      Is the problem really that hard? Or is there a formidable foe arrayed against a workable solution?

      • (Score: 3, Insightful) by stormwyrm on Monday April 23 2018, @03:26AM (4 children)

        by stormwyrm (717) on Monday April 23 2018, @03:26AM (#670593) Journal

        Yes, the problem is really that hard. There is no formidable foe arrayed against a workable solution because the web of trust alternative you are proposing to replace the current system of centralised CAs is not really more workable or even more secure. The big problem here is that effective security has to be usable, and the web of trust that you so extol is a usability nightmare for ordinary people who are not really interested in and don't really care overmuch about security, not even when it leads to them being hacked. It basically winds up at the end to just asking the user whether or not to trust the keys presented by some random website, a question which they would in general be unable to answer properly. It would wind up looking from the user perspective like those annoying UAC prompts of Windows Vista: every new site would pop up some kind of cryptic prompt about trusting the keys the site is presenting. This is no more than passing the buck that stops at the CAs today to the end user. Great, it gives the power users who do know a thing or two about computer security something to crow about, but it doesn't help the rest of the world which needs the security even more. In fact it leaves these non-savvy users even more vulnerable to hacking than under the current system of centralised CAs. There are far more of these ordinary users out there, and if they are hacked, the effects of their hacking will not be limited to themselves alone.

        If you do have a better solution that solves the problem of website authentication any better from the known ones so far, the IETF and the W3C await your proposal.

        --
        Numquam ponenda est pluralitas sine necessitate.
        • (Score: 0) by Anonymous Coward on Monday April 23 2018, @05:14AM

          by Anonymous Coward on Monday April 23 2018, @05:14AM (#670627)

          Stop building the world for morons.

          It's time to cut them out, and move the bell curve up the axis.

        • (Score: 2) by Runaway1956 on Monday April 23 2018, @11:37AM (2 children)

          by Runaway1956 (2926) Subscriber Badge on Monday April 23 2018, @11:37AM (#670687) Journal

          How sure are you that there is no "formidable foe"?

          How many cool applications have been bought out, then subverted? Microsoft may have been the first, but they aren't the only ones to "Embrace, Extend, Extinguish". We had a conversation about Winamp not terribly long ago. Just about the best music player on the market, until a bunch of shitheads bought it, and tried to turn it into a marketing gimmick. And, that game has just gone on and on . . .

          More specific to secure communications, we actually do have a "formidable foe", which wears many masks, and goes by many names. Let's just call him Five Eyes.

          • (Score: 2) by stormwyrm on Monday April 23 2018, @12:49PM (1 child)

            by stormwyrm (717) on Monday April 23 2018, @12:49PM (#670711) Journal

            Do tell me then what alternative protocol has been ignored and marginalised by the Five Eyes in favour of the all too easily-exploitable centralised certification authorities that are the core of the public key infrastructure of today. Independent cryptographic researchers all around the world have agonised for a better solution to the problem of website authentication and haven't really come up with anything significantly better. The web of trust is decentralised, but it puts too big a burden on the end user for it to be usable or secure as I have argued, and I don't see it as being any harder for an opponent with the resources of the intelligence agencies of major nation-states to subvert than the current CA system. Certification authorities can be subverted and made to issue keys impersonating websites, but the system least does not give an undue burden on the user, and as such it remains the dominant model for website authentication today. If there were a better solution available, I imagine some enterprising and resourceful minds might have already tried to build and use it today. But I don't yet see any serious alternatives.

            Yes, the Five Eyes are a formidable foe, but I don't see them as having interfered with cryptographic standards to marginalise alternatives to the centralised CA PKI system that we use today. If there were a practical alternative to the CA system that were more usable and more secure than either web of trust or CAs, we'd hear prominent cryptographers talking about it, and it would quickly gain traction in spite of the fact the intelligence and law enforcement agencies wouldn't like it. To posit that such an authentication protocol exists but knowledge of it is being suppressed by all cryptographers around the world (since they're all in the pay of the Five Eyes) is a preposterous conspiracy theory. It's on the level of the of anti-vaccine conspiracy theory that posits that all medical scientists and professionals around the world (since they're all in the pay of Big Pharma) are suppressing knowledge of the deleterious effects of vaccines.

            --
            Numquam ponenda est pluralitas sine necessitate.
      • (Score: 3, Interesting) by TheRaven on Monday April 23 2018, @12:35PM

        by TheRaven (270) on Monday April 23 2018, @12:35PM (#670706) Journal

        I blame GNU

        I enjoy GNU bashing at least as much as the next guy, but GNU Ring [ring.cx] is one of the better attempts at building a distributed, secure, IM system.

        --
        sudo mod me up
      • (Score: 0) by Anonymous Coward on Monday April 23 2018, @05:20PM

        by Anonymous Coward on Monday April 23 2018, @05:20PM (#670808)

        the problem isn't "that" hard.
        we could replace all "real world" identifiers of a person with a
        unique number online.
        "real world" identifiers, are for example post address, name, sex, age, phone number (since most SIMs now are tied to all/some of previous), passport number, social security number, I.D. number etc.)
        a person could choose "any" number of unique numbers and use them in certain
        domains, like some for friends, some for business, some for amazon, some for facebook, some for google etc. ... or just one.
        the point is that "you" are then a "throw-away" number that has no relation to any real world identifiers.

        ofc, from the perspective of having to sell advertisement, you can only profile this throw-away number and you don't get to
        profile a set of UNCHANGEABLE identifiers (ok, sure you can move to a new physical address)!

        for some on-line services, some of the real world identifiers are required to function, say shipping stuff to home address.

        for other stuff, advertisement is probably the best example, it MUST NOT be a requirement.

        of course, nobody likes law makers, but maybe it's time to help them a bit and so here a suggestion that data breaches that involve real world identifiers should be fined heavy handed, since once lost, remain un-re-collectible, due to their very nature of being unchangable.

        in the second case, people will just try and get a new throw-away number ...

        least, let's not forget, the source of this insane on-line tracking of real identity: FAME!
        people crave FAME, because it makes them (seem) important, thus a small constellation of people ADVERTISE themselves openly and as much as possible. this makes them seem important ... and the sheep follow!