{"id":1993,"date":"2013-06-03T10:00:49","date_gmt":"2013-06-03T14:00:49","guid":{"rendered":"http:\/\/www.kaspersky.co.in\/blog\/?p=1993"},"modified":"2020-02-26T22:21:09","modified_gmt":"2020-02-26T16:51:09","slug":"google-privacy-hangouts","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/google-privacy-hangouts\/1993\/","title":{"rendered":"Google Trades Privacy and Security for “Hangouts”"},"content":{"rendered":"

We recently wrote about the conspicuous lack of privacy discussion at Google\u2019s recent I\/O Conference<\/span><\/a><\/span> in San Francisco. While it\u2019s true that there wasn\u2019t much talk of privacy at the event, Google\u2019s actions may have spoken louder than its lack of words when it became clear that the company would be rolling out a new instant messaging platform to replace its long-standing \u201cTalk\u201d app.<\/p>\n

\"hangouts_title\"<\/a><\/p>\n

As highlighted by our activist friends at the Electronic Frontier Foundation<\/span><\/a><\/span>, Google\u2019s understandable move from the somewhat dated \u201cTalk\u201d to its new \u201cHangouts\u201d platform has two consequences: one has to do with the extensible messaging and presence protocol (XMPP), an open-source communication tool that benefited from Google\u2019s support, which the company will scale back dramatically as it implements it\u2019s new messaging service.<\/p>\n

XMPP meant that users could communicate across platforms, using Talk to send messages to users on AOL\u2019s Instant Messenger and any number of other chat providers. It also meant that Talk\u2019s open-source framework supported \u2018Off-the-Record\u2019 (OTR) encryption, not to be confused with Google\u2019s off the record feature, which I will explain shortly. Hangouts will not support either of these functionalities.<\/p>\n

The second and seemingly more relevant (but actually less impactful) consequence is that within the new Hangouts platform, users will no longer have the option of \u201cgoing off the record\u201d for all of their chats. \u201cGoing off the record\u201d means just what you think it means: turning the feature on makes it so that your communications aren\u2019t archived by Google in your chat history. Users can still go off the record, but only on a contact-to-contact basis.<\/p>\n

Per Google\u2019s explanation:<\/p>\n

\u201cWe\u2019ve made a change to the Google Chat and Google Talk chat history settings. You can turn individual chats off the record, but you\u2019ll no longer have the option to turn chat history off for all of your chats.\u201d<\/p>\n

Google is trading the user security and privacy offered by their open-source Talk platform for their new Hangouts platform, which will be a flashier, more competitive and seamless way for the company to tie together its previously discordant applications.<\/div>\n

So what, right? This change represents little more than a slight inconvenience and our reaction embodies our collective propensity toward fake online outrage, right? Sort of, but the discontinuation of XMPP has a more serious consequence upon closer consideration.<\/p>\n

As the EFF\u2019s Parker Higgins notes, privacy-conscious<\/span><\/a> <\/span>users that want to use OTR encryption will not be able to do so. The slight irony is that OTR encryption is a cryptographic communications protocol<\/span><\/a> and a term that Google has misused egregiously. To Google, off the record has merely meant that conversations aren\u2019t archived and has nothing to do with encryption. In reality, OTR is a \u201ccritical component of secure online communication.\u201d When two users are using OTR, no one except them has access to the contents of their communications, including their service provider. The old XMPP framework allowed for users to host their own chat servers, allowing them to use OTR encryption and communicate with Google users. That has changed.<\/p>\n

\u201cUsers are given only the choice to use Google\u2019s chat servers or to cut themselves off from people who do,\u201d writes Higgins. \u201cWorse, Google users aren\u2019t presented with any notice about the change: their buddies who use jabber.org, member.fsf.org or any number of other XMPP servers, will simply not appear as available for chat.\u201d<\/p>\n

The point here is that no official Google application supports OTR, but users could get around that because of the openness of the XMPP framework. In other words, Google is trading the user security and privacy offered by their open-source Talk platform for their new Hangouts platform, which will be a flashier, more competitive and seamless way for the company to tie together its previously discordant applications, like G-Chat, Google Voice, and Google+ Hangouts (not to be confused with the new platform of the same name).<\/p>\n

The vast majority of us will probably be disappointed with Google, a company that has generally done good for user data privacy and security<\/span><\/a><\/span>, but ultimately, we\u2019ll sigh and move into the new platform despite the privacy hit. For those that really require a secure chat app, we compiled a list of good ones<\/span><\/a><\/span> media outlets started suggesting that Skype may be susceptible to government surveillance.<\/p>\n

In all fairness, Talk was great eight years ago when computer to computer instant messaging was the name of the game. In fact, talk was revolutionary in the way it let users chat across platforms. Now however, forever-connected and social mobile messaging between disparate devices and operating systems like What\u2019s App and BlackBerry<\/span><\/a><\/span> and Facebook\u2019s chat services have emerged as the new need, and may in fact end up replacing SMS-based text messages as well as the old chat.<\/p>\n

The Verge<\/span><\/a><\/span> published an excellent exclusive detailing the new Hangouts platform and explaining exactly how it came to be that Google, which seemed to have all the necessary parts, had fallen so far behind on mobile messaging. It\u2019s definitely worth reading.<\/p>\n","protected":false},"excerpt":{"rendered":"

We recently wrote about the conspicuous lack of privacy discussion at Google\u2019s recent I\/O Conference in San Francisco. While it\u2019s true that there wasn\u2019t much talk of privacy at the<\/p>\n","protected":false},"author":42,"featured_media":1995,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[22,43],"class_list":{"0":"post-1993","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-google","9":"tag-privacy"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/google-privacy-hangouts\/1993\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/google-privacy-hangouts\/1993\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/google-privacy-hangouts\/1993\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/google-privacy-hangouts\/1993\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/google-privacy-hangouts\/1993\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/google-privacy-hangouts\/1993\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/google-privacy-hangouts\/1993\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/google\/","name":"google"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/1993","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=1993"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/1993\/revisions"}],"predecessor-version":[{"id":19422,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/1993\/revisions\/19422"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/1995"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=1993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=1993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=1993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}