Google's Allo is a privacy trap, but so are most chat apps

A message on Google’s servers (or anyone’s servers) is a message law enforcement can come looking for. And while Google has been good about demanding warrants from cops, it still ends up complying with most requests for data. In the last six months of 2015 alone, the company complied with 79% of the 12,523 data requests it received from the U.S. government.

When Google announced its new messaging app Allo at its annual I/O conference in May, the company said that messages would be transient, which is to say not stored on Google’s servers for long, by default. That meant that it wouldn’t be possible for Google to use those messages or for law enforcement to read them. They messages simply wouldn’t exist anymore, which was exciting for privacy advocates and users alike.

But with the release of Allo today, the company has gone back on this decision. As The Verge points out, Google hopes to use retained messages to “improve the Allo assistant’s smart reply feature, which generates suggested responses to a given conversation.” This feature, per reporters who got an extended chance to use the app, needs your conversations order to learn your phraseology and suggest bits of it back to you. It could also parse how you speak to different contacts and adjust its suggestions accordingly.

This isn’t new per se. Google has always fed user data into its systems to make them smarter, whether that means tailoring ads to users, using Captchas to train neural nets to recognize objects, or deploying smart replies in your email inbox. But it’s a reversal of a strong privacy-forward stance the company had previously announced.

There are ways around this in Allo. Incognito mode, while stripped of the smart reply features, will allow you to talk privately, as the messages are end-to-end encrypted. The other option is to delete your messages manually. A Google spokesperson said they will be permanently deleted from Google’s servers.

“Your chat history is saved for you until you choose to delete it,” the spokesperson said via email wrote. “You can delete single messages or entire conversations in Allo.”

But if you want them to disappear off Google’s server entirely, both you and the person with whom you’re messaging need to delete the message(s) you want gone, which is a clunky and uncertain privacy option. A default transient storage setting would have been much more likely to result in fewer conversations that came back to haunt users because research shows default settings are the ones people overwhelmingly use (think 95% percent of users). It’s why privacy fighters got so excited when WhatsApp started using end-to-end encryption by default, or upset when it started sharing user data with parent company Facebook.

Perhaps this’ll blow over. Very few people may end up using Allo and Google may eventually shutter it (see also: Google Plus, Orkut, Google Wave). But increasingly, personal user data is going to be used to train machine learning algorithms, whether it’s Facebook photos, images from Russian social networks or your Gmail threads. This is not an ideal privacy situation and it means that law enforcement may come asking for your information. But this is the value proposition of most AI-driven consumer products: you become data, and in exchange you get a little helper who knows how you generally greet your mom via text. It’s the trade-off that’s behind Allo, the “true purpose” of Facebook Messenger’s virtual assistant, and almost any messaging app you run into.

If it’s worth it to you, live the dream. If not, go download Signal.

Ethan Chiel is a reporter for Fusion, writing mostly about the internet and technology. You can (and should) email him at [email protected]