And why Edward Snowden says "don't use" the chat app.
Google debuted Allo, a chat app featuring a virtual assistant that applies the company’s search smarts to messaging, to mixed reviews on Wednesday.
Many reviewers showed mild, if underwhelmed interest in the new tool. “This is fine,” wrote Dieter Bohn at The Verge. It’s an “early-adopter curiosity that is fun to explore, but still miles from useful,” said Nathan Olivarez-Giles at the Wall Street Journal. “Unremarkable,” though the virtual assistant is a “step up on Cortana and Siri,” PCWorld’s Mark Hachman commented in comparing it to rival virtual assistants.
Meanwhile, privacy advocates took a much harder line against Google’s creation. They bashed the service for failing to employ end-to-end encryption, a feature that secures conversations from hackers and Feds, by default. Further, they slammed Google goog for backtracking on its previous promise to only store data fleetingly, instead of retaining chat logs indefinitely (until a user chooses to delete them).
Get Data Sheet, Fortune’s technology newsletter.
Here’s what you need to know about Google Allo’s privacy controversy.
Google hears you:
As aforementioned, Allo does not end-to-end encrypt chats by default. For the most vocal privacy advocates, this is a non-starter. It means that standard conversations on Google Allo are read, not only by users and their recipients, but by Google’s virtual assistant. This choice, in privacy proponents’ view, is unsettling—and it adds a potential point of vulnerability into the design: Google’s servers (as secure as they may be).
To Google this is a plus. By not encrypting chats end-to-end —which would effectively lock out parties not sending or receiving a given message—Google is able to run its artificial intelligence wizardry on your conversations to better suggest replies, relevant Web search results, info an upcoming flights and planned events, and the occasional joke. Access to chat data allows the company to build smarter AI products, presumably hooking more users, generating “stickiness,” and adding still more ways to make money for the mothership. For the search giant, it’s a virtuous cycle.
How to stay undercover:
Allo’s design makes it easier for federal investigators and spies to obtain your data. That threat became more pronounced after Google backed down from its previous promise not to store people’s chat data for long on its servers. Now the company says it will keep chat logs indefinitely to improve its service, as The Verge has pointed out. You do have the option to wipe the records, which is nice—but it would be better, others argue, if the app asked you from the start where and for how long you prefer to store your data. (On your device or on Google’s remote servers? A day or forever?)
Allo does, however, offer an end-to-end encrypted chat option. It’s called “incognito mode,” after the Google Chrome mode that doesn’t store browser history. This feature allows you to chat discreetly, without worrying about a Google bot (or Fed, or hacker) digesting your every emoji, and it allows you to set a timer for self-destructing messages. Even better, the mode employs the widely lauded Signal protocol, an end-to-end encryption scheme also used in WhatsApp, by default, and in Facebook fb Messenger’s “secret conversations” mode. Not everything has to be on the record, necessarily.
Search, email, chat…:
Don’t get the wrong idea: Data sent via Allo are not entirely unencrypted. Allo scrambles messages sent between you and Google’s servers, and between those servers and recipients. Applying this security measure is far, far, far better than transmitting or storing chats in plaintext, which any interloper can snoop on. It’s fair to say no chat app would launch without such protection—it would be dead on arrival with consumers.
This really isn’t any different from the practices Google has in place for search and Gmail. With Allo, the company has translated its business model into a different medium: a mobile-only (for now) chat app. The company builds a tunnel between you and Google’s data centers, its machines read and log your private data and, in return, the company supplies digital assistance, pockets ad money, and complies with search warrants. If you consider this too invasive and wish to rebel, then you might take the opportunity to reconsider your use of Google’s services, generally.
Allo, or Goodbye?
Whether you decide to use Allo depends on how much you trust Google and what level of risk you’re willing to accept. It’s worth noting that you probably use plenty of services that aren’t end-to-end encrypted by default, like Facebook Messenger, Twitter direct messages, Slack, and Snapchat. If the encryption setup is a deal-breaker for you, you might wish to stick to one of the many competing chat apps that lacks an embedded bot but employs end-to-end encryption by default, like WhatsApp, Apple’s aapl iMessage, or Signal. Otherwise, consider keeping Allo’s incognito mode always booted up.
One final criticism that Allo’s detractors have raised: The app may train people to prefer an AI assistant over the added privacy of an end-to-end encrypted chat. For those concerned about the continuously challenged legal status of strong, end-to-end encryption in the U.S. and elsewhere, this design choice seems a step backward.