SoylentNews is people
SoylentNews
from the Uou-say-good-bye-and-I-say-Allo-Allo-Allo dept.
Google is 'pausing investment' in Allo
If you've been using Google's messaging app, Allo, it's probably a good time to start thinking about switching to something else. The app isn't getting dropped in a Google-style "Spring Cleaning," but development on the app is being "paused." Specifically, the new head of the communications group at Google, Anil Sabharwal, has made the decision to "pause investment" in Allo and move that team over to focus on Android Messages.
As we explain in our exclusive feature, the move is necessary because Google is going all in on Rich Communication Services, or RCS. The service will be branded "Chat" once carriers launch it, and Google wants to apply as many resources as possible to make sure that this time, finally, Android has a successful messaging app.
Amnesty International has criticized the move:
Responding to Google's launch of a new messaging service for Android phones, Amnesty International's Technology and Human Rights researcher Joe Westby said:
"With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications.
Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers.
"Not only does this shockingly retrograde step leave Google lagging behind its closest competitors - Apple's iMessage and Facebook's WhatsApp both have end-to-end encryption in place by default - it is also a step backwards from the company's previous attempts at online messaging. Google's own app Allo has an option for end-to-end encryption but the company says it will no longer invest in it."
(Score: 3, Insightful) by stormwyrm on Monday April 23 2018, @03:26AM (4 children)
Yes, the problem is really that hard. There is no formidable foe arrayed against a workable solution because the web of trust alternative you are proposing to replace the current system of centralised CAs is not really more workable or even more secure. The big problem here is that effective security has to be usable, and the web of trust that you so extol is a usability nightmare for ordinary people who are not really interested in and don't really care overmuch about security, not even when it leads to them being hacked. It basically winds up at the end to just asking the user whether or not to trust the keys presented by some random website, a question which they would in general be unable to answer properly. It would wind up looking from the user perspective like those annoying UAC prompts of Windows Vista: every new site would pop up some kind of cryptic prompt about trusting the keys the site is presenting. This is no more than passing the buck that stops at the CAs today to the end user. Great, it gives the power users who do know a thing or two about computer security something to crow about, but it doesn't help the rest of the world which needs the security even more. In fact it leaves these non-savvy users even more vulnerable to hacking than under the current system of centralised CAs. There are far more of these ordinary users out there, and if they are hacked, the effects of their hacking will not be limited to themselves alone.
If you do have a better solution that solves the problem of website authentication any better from the known ones so far, the IETF and the W3C await your proposal.
Numquam ponenda est pluralitas sine necessitate.
(Score: 0) by Anonymous Coward on Monday April 23 2018, @05:14AM
Stop building the world for morons.
It's time to cut them out, and move the bell curve up the axis.
(Score: 2) by Runaway1956 on Monday April 23 2018, @11:37AM (2 children)
How sure are you that there is no "formidable foe"?
How many cool applications have been bought out, then subverted? Microsoft may have been the first, but they aren't the only ones to "Embrace, Extend, Extinguish". We had a conversation about Winamp not terribly long ago. Just about the best music player on the market, until a bunch of shitheads bought it, and tried to turn it into a marketing gimmick. And, that game has just gone on and on . . .
More specific to secure communications, we actually do have a "formidable foe", which wears many masks, and goes by many names. Let's just call him Five Eyes.
(Score: 2) by stormwyrm on Monday April 23 2018, @12:49PM (1 child)
Do tell me then what alternative protocol has been ignored and marginalised by the Five Eyes in favour of the all too easily-exploitable centralised certification authorities that are the core of the public key infrastructure of today. Independent cryptographic researchers all around the world have agonised for a better solution to the problem of website authentication and haven't really come up with anything significantly better. The web of trust is decentralised, but it puts too big a burden on the end user for it to be usable or secure as I have argued, and I don't see it as being any harder for an opponent with the resources of the intelligence agencies of major nation-states to subvert than the current CA system. Certification authorities can be subverted and made to issue keys impersonating websites, but the system least does not give an undue burden on the user, and as such it remains the dominant model for website authentication today. If there were a better solution available, I imagine some enterprising and resourceful minds might have already tried to build and use it today. But I don't yet see any serious alternatives.
Yes, the Five Eyes are a formidable foe, but I don't see them as having interfered with cryptographic standards to marginalise alternatives to the centralised CA PKI system that we use today. If there were a practical alternative to the CA system that were more usable and more secure than either web of trust or CAs, we'd hear prominent cryptographers talking about it, and it would quickly gain traction in spite of the fact the intelligence and law enforcement agencies wouldn't like it. To posit that such an authentication protocol exists but knowledge of it is being suppressed by all cryptographers around the world (since they're all in the pay of the Five Eyes) is a preposterous conspiracy theory. It's on the level of the of anti-vaccine conspiracy theory that posits that all medical scientists and professionals around the world (since they're all in the pay of Big Pharma) are suppressing knowledge of the deleterious effects of vaccines.
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by Runaway1956 on Monday April 23 2018, @02:20PM
Every month or so, we hear about congress critters demanding back doors into any crypto applications. Apple is on their shit list for not volunteering to crack an iPhone for them. There is an antagonistic relationship between government, and any crypto team. From 2013, Lavabit and Silent Mail shut down their encrypted emails, due to government pressure. (I believe that Lavabit is back up now.) https://mashable.com/2013/08/09/silent-circle-lavabit-shut-down-to-avoid-nsa-snooping/ [mashable.com] Whatsapp has been under attack in various places, although this particular case doesn't involve the Five Eyes (unless maybe indirectly). https://mashable.com/2013/08/09/silent-circle-lavabit-shut-down-to-avoid-nsa-snooping/ [mashable.com] While definitely NOT part of the Five Eyes, Russia is working hard to shut down Telegram - https://arstechnica.com/information-technology/2018/04/in-effort-to-shut-down-telegram-russia-blocks-amazon-google-network-addresses/ [arstechnica.com]
The Intel communities need not attack the standards, or even openly attack the implementation of those standards. The sneaky bastards can work quietly, behind the scenes, for the most part. When they are successful with their back door plans, we hear nothing. We only hear about their less successful attacks.