Edward Snowden warns about the dangers of using Google Allo
When Google announced the launch of two new messaging apps, the world wondered why. Duo is focused on video calling, while Allo is a more traditional messaging tool, albeit one with a Google assistant built in.
But while the world shrugged, Edward Snowden issued a stark warning. He says that Allo should be avoided, pointing out that the lack of end-to-end encryption makes it "dangerous".
As he has been known to do quite a lot recently, the former NSA contractor took to Twitter to issue his warning. With the current focus on software security and computer users' heightened awareness of privacy issues, Google's decision to turn off end-to-end encryption is slightly baffling. It led Snowden to say:
Google's decision to disable end-to-end encryption by default in its new #Allo chat app is dangerous, and makes it unsafe. Avoid it for now.
— Edward Snowden (@Snowden) May 19, 2016
He later pointed out that even security experts at Google thought that the decision was a mistake. One of them, Thai Duong, blogged about it. He advocates the inclusion of end-to-end encryption within the confines of being "a means to a real end which is disappearing messages". He says that people are more concerned about the physical security and privacy of their devices rather than remote threats posed by a lack of encryption:
... to most users what matters the most is not whether the NSA can read their messages, but the physical security of their devices, blocking unwanted people, and being able to delete messages already sent to other people. In other words, their threat model doesn't include the NSA, but their spouses, their kids, their friends, i.e., people around and near them. Of course it's very likely that users don't care because they don't know what the NSA has been up to. If people know that the NSA is collecting their dick pics, they probably want to block them too. At any rate, NSA is just one of the threat sources that can harm normal users.
Snowden was quick to notice the post, and the fact that it was later tweaked by the author:
#Google's security expert blogged, discussing how #Allo is unsafe by default.
Hours later, he erased that part.Lesson: Bosses read blogs
— Edward Snowden (@Snowden) May 20, 2016
A cached version of the edited post is available, and Ars Technica reports that the deleted paragraph read:
The burning question now is: if incognito mode with end-to-end encryption and disappearing messages is so useful, why isn't it default in Allo?
I wish it's the default (because it's my feature haha :), but even if it is not default all is not lost. I can't promise anything now, but I'm pushing for a setting where users can opt out of cleartext messaging. Basically with one touch you can tell Allo that you want to "Always chat in incognito mode going forward," and from that moment on all your messages will be end-to-end encrypted and auto-deleted. You can still interact with the AI, but only if you explicitly invoke it, so you don't have to give up everything for your privacy gain.
It's not clear whether or not Google has plans to introduce end-to-end encryption into Allo, but until it happens you might want to heed Snowden's advice and give it a wide berth.
Photo credit: GongTo / Shutterstock