Whenever we get around to establishing a (glorious and best) totalitarian government, it's really going to appreciate how easy it is to find out who the loyal citizens are, and who the future gulag workers will be. People have really gone out of their way to lay some really solid groundwork. We'll set new records for efficiency in identifying those critical of the regime and getting them separated from the pure-minded.
When that happens, that government won't need Google to give them the information. Chances are they already have it. AT&T's secret rooms have been public knowledge since at least 2006.
This comes at a funny time. Just today I searched for a secure (end-to-end encrypted), multi-device capable IM service. It does not seem to exist.
You are forced to pick either proper multi-device support (GTalk, Skype, Hipchat) or end-to-end privacy without multi-device support (libpurple based client with OTR-plugin).
It's sad. It's especially sad that not even the utterly over-engineered XMPP has bothered to specify proper multi-device support (conversations synced to all devices).
I've noticed the same thing. Actually, I think my girlfriend pointed it out and was thinking of writing a suitably encrypted multi-device-compatible IM client at one point.
Not sure I'd agree with over-engineered, but anyway.
End-to-end privacy with multi-device support has been specified in XMPP for years; the problem is that it's vastly complicated and therefore nobody ever implemented it.
In part this is because when XMPP was started, people wanted different things from multi-device - they wanted to be able to leave their desktop logged in, move to their laptop, and not have the conversation pop up there - there being no message-read state in XMPP. So instead, the idea was that you'd pull the archive from the server if you wanted it.
Later, Carbons were introduced, which basically says that if the message wouldn't normally come to "this" client, tell me about it anyway.
As for end-to-end... Well, the original RFCs include a method based on X.509 and CMS (RFC 3923). Never implemented. There's been various different concepts since (OTR-esque and XMLSEC based). None has yet got traction, but you'd be welcome to draw a line in the sand and implement one of them.
they wanted to be able to leave their desktop logged in, move to their laptop, and not have the conversation pop up there
Did someone outside the XMPP-bubble really request that?
Why would you possibly want to not see the entire conversation when switching between multiple devices?
the problem is that it's vastly complicated and therefore nobody ever implemented it.
That's what I mean by over-engineered. As a matter of fact no single jabber client or server (that I know of) supports multi-device sync, not even without crypto. I.e. 13 years after its inception jabber (the "platform") still lacks fundamental functionality. Despite tens of thousands of lines of specification and lots of energy spent on absurdities like "transports".
After seeing "off the record" chats synced across browser sessions a few times, I became convinced that Google was storing the chat session on its servers at least temporarily. I can't help but wonder if this is just a way to remind people that "off the record" really isn't, and nobody should be relying on that particular property.
The correct way is for google to be storing encrypted off-the-record chat messages, decrypted by the client in javascript (or however the android client would do it). That way, Google would be able to persist chat history across devices if they share keys, but the stored ciphertext is useless to them.
They're almost certainly not doing that. That would be extremely difficult to implement in a way that works in regular browsers without special plugins and is still secure.
I appreciate that -- but there's a difference between "chat history enabled by default [to make our services work better]" and "you can't turn off chat history permanently." In the latter case, one could imagine it wouldn't be too hard for Google to keep messages temporarily until they've been pushed to all devices and then remove them from their servers?
A very legitimate point and question. Needless to say, it seems Google is not trying to serve the same demographic and use-cases as say... http://www.whispersystems.org/
Though I agree it would be nice if someday we could enable temporary history and client-side encryption for everything. Perhaps this could be how DuckDuckGo grows beyond just search. I would look forward to such a future.
The problem is the "all devices" bit - what happens if you add a new device? How do you define the low watermark behind which a new device gets nothing?
User expectations of privacy and magic are often in conflict, especially when sync is involved.
The most annoying thing about this option to me is that it turned off my record of the chat in addition to that of my privacy-minded conversation partner. Hey, bud, I'm fine if you don't want this conversation recorded, but if the bytes are hitting my computer, I want to decide whether they're kept. I could do it with an XMPP client, but not within gmail itself. So, for me, this gets rid of a small annoyance.
But they haven't removed the feature, just it (the option) persisting from one session to another. That doesn't strike me as a feature that would be particularly time consuming.
I really wouldn't understand such a move. If I had to do a Hangout instead of placing a voice call, this has major unfavourable implications on my telecommunications:
1) I have to ensure that I shower and shave before every such call.
2) As a somewhat average looking (at best) chap, I have to contend with bias (however subtle) against my appearance (especially when doing interviews and such-like)
3) As a, uh, "person of colour" with a relatively clear accent when speaking English, I have to contend with bias (however subtle) against my appearance (especially when doing interviews and such-like)
4) (admittedly minor reason) I would be unable to physically goof off while still sounding relatively professional (think pacing about, spinning on the chair, stretching out on the couch, etc.)
For all these reasons, I've never understood the point of things like FaceTime and Hangouts replacing normal voice calls.
The new iOS Hangouts app is a gchat client. While I'm not sure how it's implemented, it seems they'll likely bundle gchat (and other google chat services) under the Hangouts brand.
This doesn't seem like a good way to 'kill it off.' I would imagine that the vast majority of users aren't using this feature (even though they probably should).
This is good news: Don't pretend to not be logging something they're actually logging (and, can't really choose not to log since they can be ordered to secretly do so).
So Google (and others) can build a network of companies to avoid taxation, but a chat system that's safe from eavesdropping would have been off-limits?
I would assume that Google Now-type products work better when they have as much information as possible, and making all chats save by default all the time would be a good way to get much more information from people. Still, yes, kind of creepy.
I would assume that Google Now-type products work better when they have as much information as possible, and making all chats save by default all the time would be a good way to get much more information from people.
IRS, FBI, your divorce lawyer, former business partner's lawyer and the local police department also work better...when they have everything you've done, where you've been (hello Android!)searched for and said all stored and cataloged. If it's stored they'll get it, otherwise there's nothing to get. If you have nothing to hide, you shouldn't be worried and all. /s
Stupid question. Do they only keep a history of chats happening inside the Gmail chat client? I only ever use Google Talk via Adium or Pidgin. If they're recording my conversations even when I'm not in the Gmail app and I can't turn this off, then I think I'm done with my Google account.
How do you confirm other than looking for chat logs within Gmail? I don't have any chat logs as I had all conversation logging disabled before this update.
I am connected via Adium pretty much all the time, and talk to multiple people every day.
Gmail shows me one "chat", from years ago, which consisted of me and a friend trying out the chat-from-within-gmail interface. Nothing else is in there.
I don't think that's true at all. If you're willing to believe that they will do evil things with your chat messages, I don't know why you would have trusted the "This chat is off the record" message in the first place.
I can think of many other possible explanations for the change that, while you may not agree with them, are at least reasonable.
If they were doing genuinely evil things, they'd simply have been lying about not saving logs all along, no?
> Care to share them with us?
If someone has "off the record" mode enabled, you can't send them a message if they're offline. Makes sense, but it reduces the usefulness of the service for both parties and it's kinda confusing.
Who knows. I imagine so. There are 2 aspects -- using it to build a profile on you and collaborating with the government agencies to help them gather information on you, or complying with a wiretap warrant.
They could have still be doing both but secretly. However if you mentioned say "home brew kit" in your chat then started seeing home brew kit ads, it would be a dead give-away of what happened.
As long as they keep XMPP support around for ordinary google talk accounts, you have the power to use clients that support OTR-encrypted IMs. That way, Google only stores useless messages.
Pidgin and bitlbee make this super simple to set up. In fact, by default, my client performs auto-detection of someone else's OTR plugin, which means that after I send my first message to someone, my conversation is automatically "lifted" to an encrypted (albeit untrusted) channel. When set up properly, it's so seamless that I don't even notice it happened.
So there's some problems with re-establishing an encrypted channel. Usually I get a message telling me that bitlbee has to renegotiate the connection, but then I'm back in action.
It seems insecure to leave another point of access open to the conversation, if merely out of principle, due to concerns over leaving a window open for eavesdropping.
There's no reason that has to be insecure (depending on your definition of "secure"). There's also no reason the user shouldn't be allowed to make that choice for himself.
They most definitely do. It would be silly of them not to.
They spent/d real money maintaining it, designing and providing for free.
Unless they are a charitable organization and totally motivated by good intentions the would probably want to scan all the content you pour into their system and build a profile on you so they can sell you better to their real customers -- ad buyers.
I wasn't aware that Google Talk was keeping chat transcripts until a couple of weeks ago. But it turned out to be a huge win for me when I had to deal with a former business partner.
While my users today did get a message on their Windows clients, all my chat histories still seem to be "off the record" for my Google Apps for Business account.
