Many of us with desk jobs know Gchat's "off the record" function all too well. When a conversation about the boss' weird new haircut gets a little too controversial, we switch it on, assuming nothing will be remembered by the Internet powers that be.
How the "off the record" chat feature appears on older versions of Google chat.
The feature, which is called "Hangout history" in the current version of Google Hangouts, supposedly makes sure there will be no record of your online gossip. As Google puts it in its description of the "off the record" function: "Chats that have been taken off the record aren't stored in your Gmail chat history, or in the Gmail chat history of the person you're chatting with."
But is it really the great secret-keeper we all assume it to be? Does "off the record" really mean off the record?
The Huffington Post spoke to several cybersecurity professionals to find out. The answer: not really. For one, Google's "off the record" feature isn't what most tech industry professionals actually refer to as "off the record." As several experts pointed out to HuffPost, in the IT security field the term "off the record" usually indicates a chat is encrypted, or coded so that it can't be accessed by third parties.
But Google's "off the record" feature doesn't encrypt your chats, it just chooses not to log them.
Ken Mizota, a project manager for IT security firm Guidance Software, explained that non-encrypted chats have a way of leaving various forms or "traces" of data behind. If an IT administrator with the proper expertise was interested in collecting these traces, he or she could, Mizota said.
The same feature is called "Hangout history" in the current version of Google Hangouts.
Here are three ways your "off the record" chats could be compromised.
1. Your employer is purposefully spying on your chats.
If you're using a work computer provided by your company, chances are the IT administrator has some method of accessing it to see what you've been up to. Though recovering the chats requires some IT wizardry, it's definitely possible for a person who really wants to see what you're saying to find out, said Mat Gangwer, the lead security consultant at IT security firm Rook Security.
"You’re subject to any monitoring policies that are in place at your company as long as they're clearly stated," Garve Hays, software architect for identity and access management at IT security management company NetIQ, told HuffPost.
Tod Beardsley, an engineering manager for IT security company Rapid7, agreed.
"It’s kind of game over at that point, they can do whatever they want,” he said. His advice for keeping secrets from your employer? "Don’t use your work computer."
2. The person you're chatting with isn't using Google chat.
Google's "off the record" feature is designed to ensure that neither person can get a log of the chat. But even Google points out that if the person you're chatting with is using a third-party chat client that supports multiple chatting platforms, such as Adium, "it's possible that his or her software is keeping a separate copy of the chat history."
So if you really want your chats with a friend to be off the record, make sure you know that he or she is actually using Google software before you spill the beans.
3. The person you're chatting with is taking screengrabs.
Unlike with Snapchat, there's no way for one user to tell if the person they're talking to is taking screengrabs of the "off the record" chat.
"[Google 'off the record'] doesn’t prohibit the other person from taking a screenshot of your message," Gangwer said. "The other person could be taking a screenshot of all the chat messages. You would never know about that."
Google didn't respond directly to HuffPost's questions about how secure "off the record" is, but it did clarify that chats previously set to "off the record" will remain so after updating to the new Google Hangouts interface.
Mizota, who admitted he's "a little bit more paranoid than most,” said he always chooeses a more secure chatting platform. But others said Google Hangouts has a time and place.
"I mean, I use it, I’m comfortable with it," Gangwer at Rook Security said. "It’s one of those things if your IT department thinks it has a reason to monitor your information, they’ll find a way to do it, regardless of whether or not you really agreed to it."