Google launched an end-to-end encrypted messaging app at its I/O developer conference this week—hooray! Right?
Not quite. The search giant isn’t just late to the cryptoparty, it also forgot to bring the refreshments. Apple’s iMessage, Facebook’s WhatsApp, Signal, and Wickr all beat Google to the punch with their secure chat apps. And unlike these others, Google added its “incognito” mode only as an opt-in feature, rather than as a default setting. That decision has raised the hackles of privacy advocates.
Google's decision to disable end-to-end encryption by default in its new #Allo chat app is dangerous, and makes it unsafe. Avoid it for now.
— Edward Snowden (@Snowden) May 19, 2016
https://twitter.com/FredericJacobs/status/732999952268414978
To make matters worse, one of the engineers who helped design Allo’s security wrote in a blog post that he wished the end-to-end encryption feature were always on. “I’m pushing for a setting where users can opt out of cleartext messaging,” he said. Soon after, the coder’s comments disappeared.
Dan Goodin at Ars Technica has a great side-by-side analysis of the alterations made to the engineer’s essay post-publication. You can see how the text changed—presumably after these musings came to an employer’s attention. For critics who interpreted Google’s app privacy choices as an endorsement of surveillance, the revisions only served to strengthen their argument. (Guess who’s reading your blog?)
Perhaps Google’s artificially intelligent chat bot—the main selling point of Allo—made some helpful suggestions to the conversation, like “Hey, let me delete that for you.”
By the way, Fortune released its list of the 25 most important private companies this week. Tanium, an IT systems management firm last valued at more than $3 billion, snuck onto it at number 24 between Dell (no. 23) and SpaceX (no. 25). We dubbed it ” the Usain Bolt of cybersecurity.” Note that the nickname derives from Tanium’s fleet-footed network-probing tech, rather than its achievement of a warp speed valuation. Remember, startups, business is a marathon, not a sprint. Pace yourself. More news below.
Robert Hackett
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber, PGP encrypted email, Wickr, Signal, or however you (securely) prefer. Feedback welcome.
THREATS
No one knows how deep the banking fraud rabbit hole goes... An Ecuadorian bank is suing Wells Fargo for transferring millions of dollars to bank accounts in Hong Kong. The incident was likely part of a broader hacking scheme, unknown to both at the time. The lawsuit has made details of the case public, whereas most banks tend to keep such blunders hushed up for fear of drawing unwanted scrutiny from law enforcement officers and regulators. (Fortune)
Meanwhile, other banks have been targeted in scams. A bank in Vietnam says it thwarted a million-dollar fraudulent transaction before hackers could make off with the funds. A panel investigating a similar attack that targeted Bangladesh's central bank has placed some blame on SWIFT, a consortium of banks based in Belgium that handles messaging between financial firms. (Fortune, Fortune)
Apple updates strengthen security. The latest software patch out of Cupertino fixes nearly 70 flaws in the company's iOS code. Most of the vulnerabilities appear to be minor, but a few could cause real damage—leading to leaked data and helping hackers take over devices. Apple is also making people re-enter their passcodes on Touch ID-protected devices more often. Expect an upgrade to the fingerprint scanner in the near future as well. (Fortune, Fortune, Fortune)
LinkedIn data breach worse than thought. Surprising everyone, a 2012 data breach at LinkedIn has resurfaced with the number of compromised accounts far exceeding what was originally reported: as many as 167 million records were lost versus an initial figure of 6.5 million. Surprising no one, the second most popular password used on the site was "linkedin." (Fortune, Fortune)
Sorry, OkCupid users. We know everything about you. Danish researchers scraped, packaged up, and released profile data on 70,000 users of the dating network. Critics blasted the team for leaving in information that would allow people to be re-identified and linked to their sexual proclivities. The dataset was taken down after OkCupid cried copyright. (Fortune)
Demand for Cisco security products is strong. The networking equipment giant reported that revenue for its security products grew 17% in the latest quarter. Customers are clamoring for SourceFire, the cyber intrusion prevention system that Cisco picked up for $2.7 billion in 2013. (Fortune)
By the way, there is an ultra-creepy facial recognition app in town. We, at Fortune, are investing in No-Face masks.
Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/
Looking for previous Data Sheets? Click here.
ACCESS GRANTED
Fortune's Barb Darrow explains why most companies are wasting their time ticking security compliance checkboxes.
You want perfect data security? Dream on.
The need to protect corporate and personal information from unauthorized and possibly nefarious eyes was front and center this week at the MIT Sloan CIO Symposium in Cambridge, Mass.. But experts failed to agree about whether the forces of good are prevailing against the bad guys or even whether breaches are increasing—or are just more public than in the past.
There was consensus among C-level executives, however, that the hassle of complying with regulations actually diverts resources that could be better spent bolstering security. Read the rest on Fortune.com.
FORTUNE RECON
Can 'Coding Bootcamps' Fix the Shortage of Engineers? by Kia Kokalitcheva
Why Google's Privacy Fight in France Is Significant for Everyone by David Meyer
The 4 Groups Who Invade Your Computer Network (and How to Stope Them) by Jeff John Roberts
Alibaba's Jack Ma Skips Anti-Counterfeit Convention by Scott Cendrowski
Why a Civil Case Over Emails Could Hurt Hillary Clinton More Than the FBI by Massimo Calabresi
Apple Squashes App That Warned When Your iPhone Was Hacked by Don Reisinger
Take This Behind-the-Scenes Look at America's Top Secret Spy Agency by The Associated Press
Supreme Court Rejects Privacy Claim in Data Broker Case by Jeff John Roberts
U.S. House Lifts Block on Google-Hosted Apps by Reuters
China Discreetly Interrogates Apple, Microsoft, and Cisco about Security by Robert Hackett
ONE MORE THING
Bill Gates has a book recommendation for you. The billionaire co-founder of Microsoft says he hasn't had much time for sci-fi literature in the past decade, though he admits he loved the genre in his youth. Recently, however, Gates tore through Seveneves, a technofuturistic novel by Neal Stephenson, a master of the art. Summer's coming up, Data Sheet readers. Mark your lists. (Fortune)
