At their respective yearly developer conferences, Apple and Google both announced changes to their messaging platforms that compete with Facebook Messenger and Snapchat. All of these services now have features like stickers, photo editing, wacky themes, zany message styles, and other fun features. Under this glossy veneer of oversized emoji lies some serious privacy considerations, however. The security risks of Messenger and Snapchat are well–documented, but given that Google have announced a new app, it warrants further investigation.

Consider that Google makes money when you engage with an advertisement. In order to increase their chances of you doing this they develop free services like Gmail and Search. They take this opportunity to serve you those targeted ads, but also to collect metrics on your behavior, which in turn improves targeting. I suspect that the reason that Allo is not encrypted by default is that Google is analyzing your messages to further build out a profile on you, determine what type of ads you’re likely to click on, and serve them to you from the highest bidder. This profile will include products your considering buying, health conditions you mention, plans you have for the future, and more. Google “knows” these facts about you and uses that knowledge to sell advertisements. This would not be possible if the messages were encrypted end-to-end, because only the sender and receiver would have the digital keys required to see the contents of the messages.

If it were the government or someone you knew that intercepted your communications to pry into your business or secrets, it’d be rightly called unwarranted surveillance or just plain creepy. Consider that the analog equivalent of this behavior may be, say, reading your post-office delivered mail, which is a federal crime finable of up to $5,000 and punishable up to 5 years in jail. The turn of phrase at the start of this paragraph, to “pry into the business or secrets of another”, is exactly the wording of federal law 18 U.S. Code § 1702, and yet it seems that this is exactly what technology companies have convinced their users to be complacent with. There will be some that respond to this with, “I have nothing to hide.” Perhaps this is the case for some that make this claim, but if asked, I doubt most people would allow anyone to download their search history in full, forward all of their emails to somebody, or have their recent text messages read aloud in a public place (even if it was done anonymously, I suspect). Further, the mere existence of an incognito mode in Allo admits that there are messages that users do not want to share with Google and be profiled for.

This is a concession, a compromise. It’s because Google, like Facebook, realizes that consumers are wising up about the importance of privacy, and they are attempting to appeal to them. But it’s not a compromise that you have to make considering competing end-to-end encrypted chat services like WhatsApp or iMessage. A much stronger rebuttal to my claim that Allo is surveillance and creepy is that Google’s server do not in fact store the chat logs (it does, however, “read” them). Among other reasons, storing these messages is a liability they must manage with law enforcement agencies (remember Apple vs. the FBI?). As evidence of this, here’s Dieter Bohn from the Verge interviewing Google executives on the launch of Allo:

[Messages sent with Allo] are read by Google’s servers, but Kay assures me that the data is stored “transiently,” which is to say that Google doesn’t keep your chat logs around to be subpoenaed. And Fulay adds that Google doesn’t assign identity to the chat logs on those servers even then.

On storing messages “transiently”, this is not re-assuring. To re-use the previous metaphor: it’s akin to someone reading all of your mail, storing copious notes on the contents, and referring to those notes later to take guesses at your future behavior. Considering that in that period of time the message are stored on Google’s servers, they are run through the world’s most sophisticated machine learning algorithms to glean information from them. The reason they don’t store them is not to protect your privacy, it’s because they’re finished harvesting information from the message. And with regards to Google “not assigning identity ” to messages, the process of “de-anonmyizing” data has been well-documented at MIT and the Universitè Catholique de Louvain. The way it works is cross-referencing “anonymous” data with publicly available or leaked information. Not only that, but the data isn’t much use to Google unless they can use it to target ads to individuals, which makes me skeptical of this claim. Perhaps Google today is secure, both from external hackers and internal leakers, but there’s no guarantee that this will always be the case. Quite the contrary, the recent purchase of LinkedIn by Microsoft and LinkedIn’s frequent leaks show that your data can end up in different hands than you anticipated (though the terms of service users “agreed” to allows it).

The trade-offs involved with using Google’s Allo messaging service are not worth the value they provide. In particular, Allo’s off-by-default end-to-end encryption policy makes it inconvenient to secure your conversations, Google’s motives to profit is opposed to their user’s best interests, and the engineering countermeasures to limit the scope of this are at least unknown, perhaps superficial, and definitely not required considering the competition. However, there are number of really great ideas in Allo that are very popular amongst users of trendier messenger apps like WhatsApp, WeChat, and Facebook Messenger. (For the record, WhatsApp is end-to-end encrypted by default, it doesn’t seem to like WeChat even uses over-the-wire encryption, and Facebook stores all of your messages.) If you’re an Android user, stick with another chat service that encrypts by default like WhatsApp or Signal. If you’re an iOS user, many of the features from Allo were announced to be coming to iMessage, which is encrypted end-to-end, in the Fall.

I prefer Apple to Google. My preferences side with Apple because their hardware is superb, their OS is a lovely shiny UI and ecosystem atop a solid UNIX foundation, and their interests align with mine: they make hardware, I buy hardware, we both win.

There’s no denying the centrality of Google to digital life, however. If you want to find more information something, see a video of something, or communicate with colleagues, chances are you’ll use a Google service. And for some weird reason to do with our perceived value of non-tangible objects, we refuse to pay for this central fact-of-life, and so Google has found ways to monetize that aren’t directly inline with my interests.

For instance, Andrea Shalal reporting for Reuters via John Gruber:

Eric Schmidt, the former chief executive officer of Google, will head a new Pentagon advisory board aimed at bringing Silicon Valley innovation and best practices to the U.S. military, Defense Secretary Ash Carter said on Wednesday. Carter unveiled the new Defense Innovation Advisory Board with Schmidt during the annual RSA cyber security conference in San Francisco, saying it would give the Pentagon access to “the brightest technical minds focused on innovation.”

Makes perfect sense: software is a munition, after all, so why shouldn’t Google be a defense contractor? I hope this relationship truly is about innovation within the military which ultimately brings good to world instead of increased spying on citizens, or worse, more effective destruction.

As artificial intelligence and machine learning is increasingly commercialized, it’s going to begin challenging our legal and moral notions of agency, blame, and responsibility.

Google’s self-driving car had a very minor accident with a bus, and Reuters had this to report about it:

Alphabet Inc’s (GOOGL.O) Google said on Monday it bears “some responsibility” after one of its self-driving cars struck a municipal bus in a minor crash earlier this month.

The crash may be the first case of one of its autonomous cars hitting another vehicle and the fault of the self-driving car. The Mountain View, California-based Internet search leader said it made changes to its software after the crash to avoid future incidents.

Some stray observations:

• I’m surprised Google owned up to even “some responsibility”, as I would have thought they were eager to shed all responsibility early in the product’s existence, because while in the long run they’ll be less accidents with robot drivers, I’m uncertain that the first batch will always be so fortunate.
• I imagine this is 100% the fault of the bus driver, and for purely an unfair reason: as an bike rider, I see how bus drivers in New York City act on the road, and it isn’t always friendly.

Safari on iOS and OS X has been crashing for many people this morning, MacRumors reports. Serendipitously, Google have pushed an update to Chrome on iOS which switches UIWebView for WKWebView, and they posted on their blog today that it’s reduced crashing by 70%. Epic burn aside, it seems to not matter if you’ve got the resources of Apple or Google, or if you’re a one-person shop: code breaks.