Apparently, Google thinks it’s too good for that, that they can do whatever they want. It’s true: they can do whatever they want, but their decisions will impact their users, and in this case, negatively. It’s good advice that you shouldn’t do something merely because you can do it. By not implementing mandatory encryption like the rest of the XMPP network, Google is leaving its users unsecured and vulnerable to eavesdropping. Some might even say that not securing the connection is deliberate, to ensure that Google can scan your chats if the need arises. This selfish thinking will now also keep Google’s users from interacting with people on encryption-mandatory XMPP servers.
Our options, as admins, have been to (a) maintain insecure connections with everyone because Google doesn’t support secure connections, or (b) support secure connections with everyone else and not connect to Google. For a long time we have done (a), but we have become increasingly uncomfortable with allowing your messages to go “in the clear” for anyone to eavesdrop. As a community, the operators of XMPP services have finally decided to choose security. I continue to hope that Google and other large service providers will see the light and support a higher level of security for their users.
— Peter Saint-Andre, “Re: Presence 404” (network.jabber.user; 2014-05-20)
If asked why they didn’t implement encryption, Google will probably mention that XMPP is on the way out as Hangouts replaces Gtalk. People in Hangouts will be able to chat only with other people on Hangouts. So much for embracing open Web standards, Google.
The main goal should be to make communication easier and more accessible to people, not earn a profit or to get as many users on your service as you can. Besides, people should flock to your service for what it offers, not because all their friends are there. Whatever happened to resisting peer pressure? Having users because of peer pressure is nothing to brag about.
We’re not happy about this, Google; it’s not only people outside your service, but inside, too: I’ve explained the issue to my Google contacts and they’re not happy with it, either. We want to communicate, and you’ve created a barrier.
To Google’s users, and to users of other such closed services as Skype and Facebook (to name a few), you have a part in this, too. It’s illogical to willingly put yourself in a jail by using such a closed service. Don’t do that to yourself. Go sign up at a free and open XMPP service like Jabber.org, Pale Moon XMPP, or any of the other fine public XMPP services out there, and free yourself.
- Pale Moon XMPP service
- Happy Encrypted Network [xmpp.org]
- Google Abandons Open Standards for Instant Messaging [EFF]