Google Abandons Open Standards for Instant Messaging
In the midst of the major press blitz surrounding its annual I/O Conference, Google dropped some unfortunate news about its instant messaging plans. In several places around the web, the company is replacing the existing "Talk" platform with a new one called "Hangouts" that sharply diminishes support for the open messaging protocol known as XMPP (or sometimes informally Jabber), and also removes the option to disable the archiving of all chat communications. These changes represent a switch from open protocols to proprietary ones, and a clear step backward for many users.
Backsliding on Interoperability
Google's earlier full support for XMPP meant that users could chat with people on other instant message services, or even who host their own chat servers. This kind of decentralization is a good thing: it decreases lock-in to any particular service, which in turn lets the services compete on important factors like quality, uptime, or respect for user privacy.
Some users, for example, may not want to provide Google with information about the content of their messages, or even when and from where they have logged in, or to whom they are chatting frequently. Information about the people that users are chatting with can be sensitive—remember, that data was at the center of an earlier privacy backlash when Buzz, an earlier social effort, made it public by default.
Allowing federation between services lets users make these choices themselves. Here's an explanation of the importance of federation from Google's own documentation of its Talk platform, in a section called "Open Communications":
[Service choice] allows you to choose your service provider based on other more important factors, such as features, quality of service, and price, while still being able to talk to anyone you want.
Unfortunately, the same is not true with many popular IM and VOIP networks today. If the people you want to talk to are all on different IM/VOIP services, you need to sign up for an account on each service and connect to each service to talk to them.
The new Hangouts protocol raises precisely the concerns Google outlines above. Users are given only the choice to use Google's chat servers or to cut themselves off from people who do. Worse, Google users aren't presented with any notice about the change: their buddies who use jabber.org, member.fsf.org, or any number of other XMPP servers, will simply not appear as available for chat.
These changes are the result of Google dropping a particular subset of the XMPP standard—namely server-to-server federation. But for now, Google still supports client-to-server connections, which means that as long as you are logging in with a Google chat account, you can chat using any compliant application.
That's important for a number of reasons. A major one is that no official Google client supports Off-the-Record (OTR) encryption, which is increasingly a critical component of secure online communication. If both participants in a chat are using Off-the-Record encryption, they've got a secure end-to-end line, which means nobody except the two of them—including their service provider—can read their messages.
Changes to History
Unfortunately, another change from Google may force users to make a hard choice about whether to use those external clients like Pidgin, Adium, Gibberbot, or Chatsecure to chat. In particular, the dilemma comes from the way Google has changed how it archives chats and presents them to the user.
Previously, users could disable "chat history," which would prevent instant messages from being saved to their Gmail account. Under the new settings, users who don't want to keep a copy of their conversations accessible through Gmail must disable the re-named "Hangout History" on an individual basis with each contact.1 The catch is that users can only disable Hangout History with an official Google Hangouts client.
So privacy conscious users who want to use Off-the-Record encryption where possible, but to keep messages out of their Gmail accounts in any case, are out of luck. And if they wish to continue chatting with their friends on Google chat, they can't even take their business elsewhere.
As of last week, Google is prompting users to replace the Android Talk app with Hangouts, and to switch to Hangouts within Gmail in the Chrome browser. Be advised before updating of the cost to openness of making these "upgrades."
What Should Google Do?
In public explanations of its dropping XMPP support, Google has said that it was a difficult decision necessitated by new technical demands. But even if this new protocol responds to different technical requirements, that shouldn't prevent the company from making it public and interoperable. Releasing the specifications for Google Hangouts would be a good first step. Releasing free/open source clients and servers should follow. It's clear that some of Hangouts' video features have been implemented in some very Google-specific ways. But that's no excuse for leading us toward a world where the only practical choices are proprietary chat clients and protocols.
Another easy move that would benefit users would be for Google to support Off-the-Record encryption in its official Hangout clients. If such meaningful privacy options were available to users, it might mitigate the harms of offering privacy settings only via Google's proprietary apps.
In Google's "Open Communications" documentation quoted above, the company explains why it made a commitment to open communication channels:
Google's mission is to make the world's information universally accessible and useful. Google Talk, which enables users to instantly communicate with friends, family, and colleagues via voice calls and instant messaging, reflects our belief that communications should be accessible and useful as well.
We're frustrated and disappointed to see Google take these steps back from that mission.
- 1. To be clear, even the earlier setting was far from perfect from a privacy perspective: disabling chat history only kept the logged messages out of your Gmail account, and didn't prevent other users, or Google itself, from keeping a record of the conversation.
Recent DeepLinks Posts
Mar 1, 2017
Feb 28, 2017
Feb 27, 2017
Feb 24, 2017
Feb 24, 2017
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Eyes, Ears & Nodes Podcast
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games