Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This only makes sense if they monitor chat conversations.


I don't think that's true at all. If you're willing to believe that they will do evil things with your chat messages, I don't know why you would have trusted the "This chat is off the record" message in the first place.

I can think of many other possible explanations for the change that, while you may not agree with them, are at least reasonable.


They can't retroactively do evil things if they don't have it on their servers.

>I can think of many other possible explanations for the change that, while you may not agree with them, are at least reasonable.

Like what? Care to share them with us?


If they were doing genuinely evil things, they'd simply have been lying about not saving logs all along, no?

> Care to share them with us?

If someone has "off the record" mode enabled, you can't send them a message if they're offline. Makes sense, but it reduces the usefulness of the service for both parties and it's kinda confusing.


Did disabling chat history in the past actually compel them to not monitor chat conversations?


Who knows. I imagine so. There are 2 aspects -- using it to build a profile on you and collaborating with the government agencies to help them gather information on you, or complying with a wiretap warrant.

They could have still be doing both but secretly. However if you mentioned say "home brew kit" in your chat then started seeing home brew kit ads, it would be a dead give-away of what happened.


As long as they keep XMPP support around for ordinary google talk accounts, you have the power to use clients that support OTR-encrypted IMs. That way, Google only stores useless messages.

Pidgin and bitlbee make this super simple to set up. In fact, by default, my client performs auto-detection of someone else's OTR plugin, which means that after I send my first message to someone, my conversation is automatically "lifted" to an encrypted (albeit untrusted) channel. When set up properly, it's so seamless that I don't even notice it happened.


This works as long you only chat from a single device.

Try switching between e.g. laptop and desktop and everything goes up in flames.


So there's some problems with re-establishing an encrypted channel. Usually I get a message telling me that bitlbee has to renegotiate the connection, but then I'm back in action.


Well, try it with two clients simultaneously connected...

If you're lucky the 3 clients will negotiate down to disabling the encryption. But normally they'll just engage in a mutual, infinite re-send loop...


Eh, if you have two clients connected, you're not being really secure, right?

Leaving that door open is bad juju.


I don't understand what you mean. How does having two clients connected rule out "being really secure"?


It seems insecure to leave another point of access open to the conversation, if merely out of principle, due to concerns over leaving a window open for eavesdropping.


There's no reason that has to be insecure (depending on your definition of "secure"). There's also no reason the user shouldn't be allowed to make that choice for himself.


They most definitely do. It would be silly of them not to.

They spent/d real money maintaining it, designing and providing for free.

Unless they are a charitable organization and totally motivated by good intentions the would probably want to scan all the content you pour into their system and build a profile on you so they can sell you better to their real customers -- ad buyers.


Why are you worried about monitoring? Do you have something to hide?


Honest question: is this sarcsam? I can't tell.


Because power is benevolent?

http://chronicle.com/article/Why-Privacy-Matters-Even-if/127...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: