Snowden asks people to avoid Google Allo over privacy concerns

But Allo is facing critcism over the ‘end-to-end’ encryption feature, which is not enabled across the app by default. The feature is only available in the Incognito mode. NSA whistleblower Edward Snowden has criticised Google Allo app on Twitter, and said Google’s decision to disable end-to-end encryption was dangerous. He asked people to avoid using the app, and his tweet has been re-tweeted over 8000 times on the site.

Check out the tweet below

Google’s decision to disable end-to-end encryption by default in its new #Allo chat app is dangerous, and makes it unsafe. Avoid it for now.

— Edward Snowden (@Snowden) May 19, 2016

Snowden’s comment comes in the backdrop of a controversy around a blogpost published by a Google engineer Thai Duong, who tried to explain why end-to-end encryption was not enabled by default and allay privacy fears around the app.

The blogpost has since then been re-edited, and while a cache of the original is available on Bing here, it no longer mentions Duong as a Google engineer, but as “someone from outside the team who consulted on security for Allo.”

The original post read, “I’m one of the engineers in charge of the end-to-end encryption feature in Google Allo. This post (and everything else in this blog) is solely my personal opinion, as I don’t speak for my employer.”

Now it says, “This post is solely my personal opinion, as someone from outside the team who consulted on security for Allo.”

Interestingly his original post also mentions that he wishes end-to-end encryption was the default setting on the Allo across the board, a paragraph that also been removed.

In the original post, Duong wrong, “I wish it’s the default (because it’s my feature haha :), but even if it is not default all is not lost. I can’t promise anything now, but I’m pushing for a setting where users can opt out of cleartext messaging. Basically with one touch you can tell Allo that you want to “Always chat in incognito mode going forward,” and from that moment on all your messages will be end-to-end encrypted and auto-deleted. You can still interact with the AI, but only if you explicitly invoke it, so you don’t have to give up everything for your privacy gain.”

That paragraph is now gone, and it’s a point that Snowden has picked up.

#Google‘s security expert blogged, discussing how #Allo is unsafe by default.
Hours later, he erased that part.

Lesson: Bosses read blogs

— Edward Snowden (@Snowden) May 20, 2016

In the new blogpost, Duong says he has erased the paragraph about making end-to-end encryption as default because “it’s not cool to publicly discuss or to speculate the intent or future plans for the features of my employer’s products, even if it’s just my personal opinion.” The new blogpost is available here.

Google Allo app relies on the Google Assistant for its chatbot.

A point Duong was making in the blog was that end-to-end encryption by itself doesn’t really mean much for privacy, and end-to-end encryption without ‘disappearing messages’ means nothing. In Google Allo, messages in the Incognito mode will disappear after sometime and won’t be saved anywhere, neither the device or Google’s servers.