Electronic Frontier Foundation Google's new instant messaging platform abandons open standards and hurts user privacy
Page 1 of 1
Electronic Frontier Foundation Google's new instant messaging platform abandons open standards and hurts user privacy
https://www.eff.org/deeplinks/2013/05/google-abandons-open-standards-instant-messaging
In the midst of the major press blitz surrounding its annual I/O
Conference, Google dropped some unfortunate news about its instant
messaging plans. In several places around the web, the company is replacing the existing "Talk" platform with a new one called "Hangouts"
that sharply diminishes support for the open messaging protocol known
as XMPP (or sometimes informally Jabber), and also removes the option to disable the archiving of all chat communications. These changes represent a switch from open protocols to proprietary ones, and a clear step backward for many users.
Backsliding on Interoperability
Google's earlier full support for XMPP meant that users could chat
with people on other instant message services, or even who host their
own chat servers. This kind of decentralization is a good thing: it
decreases lock-in to any particular service, which in turn lets the
services compete on important factors like quality, uptime, or respect
for user privacy.
Some users, for example, may not want to provide Google with
information about the content of their messages, or even when and from
where they have logged in, or to whom they are chatting frequently.
Information about the people that users are chatting with can be
sensitive—remember, that data was at the center of an earlier privacy
backlash when Buzz, an earlier social effort, made it public by default.
Allowing federation between services lets users make these choices
themselves. Here's an explanation of the importance of federation from
Google's own documentation of its Talk platform, in a section called "Open Communications":
outlines above. Users are given only the choice to use Google's chat
servers or to cut themselves off from people who do. Worse, Google users
aren't presented with any notice about the change: their buddies who
use jabber.org, member.fsf.org, or any number of other XMPP servers, will simply not appear as available for chat.
These changes are the result of Google dropping a particular subset
of the XMPP standard—namely server-to-server federation. But for now,
Google still supports client-to-server connections, which means that as
long as you are logging in with a Google chat account, you can chat
using any compliant application.
That's important for a number of reasons. A major one is that no official Google client supports Off-the-Record (OTR) encryption,
which is increasingly a critical component of secure online
communication. If both participants in a chat are using Off-the-Record
encryption, they've got a secure end-to-end line, which means nobody
except the two of them—including their service provider—can read their
messages.
Changes to History
Unfortunately, another change from Google may force users to make a
hard choice about whether to use those external clients like Pidgin,
Adium, Gibberbot, or Chatsecure to chat. In particular, the dilemma
comes from the way Google has changed how it archives chats and presents them to the user.
Previously, users could disable "chat history," which would prevent
instant messages from being saved to to their Gmail account. Under the
new settings, users who don't want to keep a copy of their conversations
accessible through Gmail must disable the re-named "Hangout History" on
an individual basis with each contact.1 The catch is that users can only disable Hangout History with an official Google Hangouts client.
So privacy conscious users who want to use Off-the-Record encryption
where possible, but to keep messages out of their Gmail accounts in any
case, are out of luck. And if they wish to continue chatting with their
friends on Google chat, they can't even take their business elsewhere.
As of last week, Google is prompting users to replace the Android
Talk app with Hangouts, and to switch to Hangouts within Gmail in the
Chrome browser. Be advised before updating of the cost to openness of
making these "upgrades."
What Should Google Do?
In public explanations of its dropping XMPP support, Google has said that it was a difficult decision necessitated by new technical demands.
But even if this new protocol responds to different technical
requirements, that shouldn't prevent the company from making it public
and interoperable. Releasing the specifications for Google Hangouts
would be a good first step. Releasing free/open source clients and
servers should follow. It's clear that some of Hangouts' video features
have been implemented in some very Google-specific ways. But that's no
excuse for leading us toward a world where the only practical choices
are proprietary chat clients and protocols.
Another easy move that would benefit users would be for Google to
support Off-the-Record encryption in its official Hangout clients. If
such meaningful privacy options were available to users, it might
mitigate the harms of offering privacy settings only via Google's
proprietary apps.
In Google's "Open Communications" documentation quoted above, the company explains why it made a commitment to open communication channels:
In the midst of the major press blitz surrounding its annual I/O
Conference, Google dropped some unfortunate news about its instant
messaging plans. In several places around the web, the company is replacing the existing "Talk" platform with a new one called "Hangouts"
that sharply diminishes support for the open messaging protocol known
as XMPP (or sometimes informally Jabber), and also removes the option to disable the archiving of all chat communications. These changes represent a switch from open protocols to proprietary ones, and a clear step backward for many users.
Backsliding on Interoperability
Google's earlier full support for XMPP meant that users could chat
with people on other instant message services, or even who host their
own chat servers. This kind of decentralization is a good thing: it
decreases lock-in to any particular service, which in turn lets the
services compete on important factors like quality, uptime, or respect
for user privacy.
Some users, for example, may not want to provide Google with
information about the content of their messages, or even when and from
where they have logged in, or to whom they are chatting frequently.
Information about the people that users are chatting with can be
sensitive—remember, that data was at the center of an earlier privacy
backlash when Buzz, an earlier social effort, made it public by default.
Allowing federation between services lets users make these choices
themselves. Here's an explanation of the importance of federation from
Google's own documentation of its Talk platform, in a section called "Open Communications":
[Service choice] allows you to choose your serviceThe new Hangouts protocol raises precisely the concerns Google
provider based on other more important factors, such as features,
quality of service, and price, while still being able to talk to anyone
you want.
Unfortunately, the same is not true with many popular IM and VOIP
networks today. If the people you want to talk to are all on different
IM/VOIP services, you need to sign up for an account on each service and
connect to each service to talk to them.
outlines above. Users are given only the choice to use Google's chat
servers or to cut themselves off from people who do. Worse, Google users
aren't presented with any notice about the change: their buddies who
use jabber.org, member.fsf.org, or any number of other XMPP servers, will simply not appear as available for chat.
These changes are the result of Google dropping a particular subset
of the XMPP standard—namely server-to-server federation. But for now,
Google still supports client-to-server connections, which means that as
long as you are logging in with a Google chat account, you can chat
using any compliant application.
That's important for a number of reasons. A major one is that no official Google client supports Off-the-Record (OTR) encryption,
which is increasingly a critical component of secure online
communication. If both participants in a chat are using Off-the-Record
encryption, they've got a secure end-to-end line, which means nobody
except the two of them—including their service provider—can read their
messages.
Changes to History
Unfortunately, another change from Google may force users to make a
hard choice about whether to use those external clients like Pidgin,
Adium, Gibberbot, or Chatsecure to chat. In particular, the dilemma
comes from the way Google has changed how it archives chats and presents them to the user.
Previously, users could disable "chat history," which would prevent
instant messages from being saved to to their Gmail account. Under the
new settings, users who don't want to keep a copy of their conversations
accessible through Gmail must disable the re-named "Hangout History" on
an individual basis with each contact.1 The catch is that users can only disable Hangout History with an official Google Hangouts client.
So privacy conscious users who want to use Off-the-Record encryption
where possible, but to keep messages out of their Gmail accounts in any
case, are out of luck. And if they wish to continue chatting with their
friends on Google chat, they can't even take their business elsewhere.
As of last week, Google is prompting users to replace the Android
Talk app with Hangouts, and to switch to Hangouts within Gmail in the
Chrome browser. Be advised before updating of the cost to openness of
making these "upgrades."
What Should Google Do?
In public explanations of its dropping XMPP support, Google has said that it was a difficult decision necessitated by new technical demands.
But even if this new protocol responds to different technical
requirements, that shouldn't prevent the company from making it public
and interoperable. Releasing the specifications for Google Hangouts
would be a good first step. Releasing free/open source clients and
servers should follow. It's clear that some of Hangouts' video features
have been implemented in some very Google-specific ways. But that's no
excuse for leading us toward a world where the only practical choices
are proprietary chat clients and protocols.
Another easy move that would benefit users would be for Google to
support Off-the-Record encryption in its official Hangout clients. If
such meaningful privacy options were available to users, it might
mitigate the harms of offering privacy settings only via Google's
proprietary apps.
In Google's "Open Communications" documentation quoted above, the company explains why it made a commitment to open communication channels:
Google's mission is to make the world's informationWe're frustrated and disappointed to see Google take these steps back from that mission.
universally accessible and useful. Google Talk, which enables users to
instantly communicate with friends, family, and colleagues via voice
calls and instant messaging, reflects our belief that communications
should be accessible and useful as well.
admin- ETERNAL PRESIDENT OF THE REPUBLIC
- Posts : 41616
money : -420000486
bitches : -5361
Join date : 2012-11-18
Age : 27
Location : music is better than popping pills
Re: Electronic Frontier Foundation Google's new instant messaging platform abandons open standards and hurts user privacy
freedoms being defiledspinnythings wrote:sum it up for me
admin- ETERNAL PRESIDENT OF THE REPUBLIC
- Posts : 41616
money : -420000486
bitches : -5361
Join date : 2012-11-18
Age : 27
Location : music is better than popping pills
Similar topics
» Microsoft Censors OpenOffice Download Links -- "the software company has sent several DMCA takedowns to Google, listing copies of its open source competitor Open Office as copyright infringements"
» Free Software Foundation Endorses Its First Laptop
» ITT; Best platform for gaming
» How the Bible and YouTube are fueling the next frontier of password cracking
» so onenote is free on every platform now huh?
» Free Software Foundation Endorses Its First Laptop
» ITT; Best platform for gaming
» How the Bible and YouTube are fueling the next frontier of password cracking
» so onenote is free on every platform now huh?
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum