Google engineer says he'll push for default end-to-end encryption in Allo

Google engineer says he'll push for default end-to-end encryption in Allo

After Google’s decision not to provide end-to-end encryption by default in its new chat app, Allo, raised questions about the balance of security and effective artificial intelligence, one of the company’s top security engineers said he’d push for end-to-end encryption to become the default in future versions of Allo.

Allo debuted with an option to turn on end-to-end encryption, dubbed “incognito mode.” Google obviously takes security seriously, but had to compromise on strong encryption in Allo in order for its AI to work. (Allo messages are encrypted in transit and at rest.)

Thai Duong, an engineer who co-leads Google’s product security team, wrote in a blog post today that he’d push for end-to-end encryption in Allo — then quietly deleted two key paragraphs from his post. In the version he originally published, Duong wrote:

Google engineer says he'll push for default end-to-end encryption in Allo

These two paragraphs have been erased from the version of Duong’s post that is currently live.

This edit probably doesn’t mean that Duong won’t continue to lobby internally for end-to-end encryption — his job is to make Google’s products as secure as possible. But Google, like most major companies, is pretty cagey about revealing its plans for future products and likely didn’t want Duong to reveal on his personal blog what’s next for Allo.

Even without the paragraphs on end-to-end encryption, Duong’s post offers interesting insight into Google’s thinking as it planned to launch Allo. For users who care about the security of their messaging apps, Duong highlights that it’s not encryption that matters most to Allo, but rather the disappearing message feature.

“Most people focus on end-to-end encryption, but I think the best privacy feature of Allo is disappearing messaging,” Duong wrote. “This is what users actually need when it comes to privacy. Snapchat is popular because they know exactly what users want.”

Duong also confirmed the likely reason Google didn’t choose to enable end-to-end encryption in Allo by default: doing so would interfere with some of the cool AI features Allo offers. For users who don’t choose to enable end-to-end encryption, Allo will run AI that offers suggestions, books dinner reservations and buys movie tickets. But the AI won’t work if it can’t scan a user’s messages, and it gets locked out if the user enables end-to-end encryption.

We reached out to Google to ask if the company asked Duong to edit to his blog post and will update if we hear back. Duong stressed that the post only reflected his personal beliefs, not those of Google — and we hope his advocacy for a default incognito mode comes to fruition.

Recommended

Google Hangouts doesn't use end-to-end encryption

If you're using Google Hangouts as your main messaging service, you might want to know that Hangouts doesn't use end-to-end encryption (E2EE), a must-have feature for messaging services in the post-Snowden world. This was recently confirmed during a Reddit Ask Us Anything (AUA) session by Google's Richard Salgado, Director for Law Enforcement and Information Security, ...

Google admits Hangouts doesn't use end-to-end encryption, opening the door for government wiretaps

If you’re really worried the government may be keeping tabs on your conversations, then you’d best avoid Hangouts. According to Motherboard, a Google representative confirmed that Hangouts conversations are only encrypted “in transit,” meaning after the message arrives at the intended recipient Google could access it if forced to do so by a government wiretap. The question ...

Google finally adds HSTS encryption to google.com

Google, known for its security practices, has finally brought HTTP Strict Transport Security (HSTS) to google.com to strengthen its data encryption. HSTS helps protect against eavesdroppers, man-in-the-middle attacks, and hijackers who attempt to spoof a trusted website. Chrome, Safari, and Internet Explorer all support HSTS. "HSTS prevents people from accidentally navigating to HTTP URLs by ...

Is Facebook making end-to-end encryption on Messenger opt-in only?

Facebook’s native chat is due to be silenced: Facebook’s reportedly going to kill it off, forcing users to instead use Messenger. Rumor has it that Facebook Messenger will also offer the option of end-to-end encryption sometime in the next few months. The Guardian, relying on input from three unnamed sources close to the project, earlier ...

暂无评论

发表评论

您的电子邮件地址不会被公开,必填项已用*标注。

This site uses Akismet to reduce spam. Learn how your comment data is processed.