Friday, August 19, 2011

Hidden features in Google+ Hangouts


Google+ Hangouts have hidden private chat and advanced statistical information hidden behind a few keystrokes.
We’ve reported on Hangouts before: Google+ Hangouts – Thoughts And Ideas After One Month Of Use, 6 Productive Ways to Use Google+ Hangouts, and 25 Crazy Google Hangout Ideas, And The People Behind Them to Follow. If you’ve missed the buzz about Hangouts the idea is simple, Google+ Hangouts is a part of Google+ that allows up to 10 participants to “Hangout” virtually via video and chat. It uses the same plugin that’s currently used for voice and video chat for Gmail and GoogleTalk; and it’s free. You might think that a 10 person video chat wouldn’t work very well but the service is smart about figuring out which person is talking and focusing the video stream on them until someone else takes over. If you want to have fun with a group of friends, coordinate plans, or hold a dead simple team video conference call then a Google+ Hangouts is perfect. Here’s a couple unpublished gems to try the next time you use Google+ Hangouts.
Private Google Chat Inside a Hangout
While inside a Hangout, start by clicking another persons video, in other words make sure that the cursor focus wasn’t on your own webcam. Click SHIFT-Q, and then immediately start typing someone’s name. You won’t see anything happen immediately when you hit SHIFT-Q, there’s no visual indicator that anything has occurred. But once you start typing someones name, a box will display in the top left hand corner of your screen. In this screen  you’ll see contact information, and have the ability to invoke Google Chat while inside the Hangout. This isn’t the same chat as you’re used to seeing within your Hangout, and as far as I can tell you could use it to have side-bar conversations with someone and not have it displayed in the public Hangout chat screen. *yes the image below is me having a Hangout with me. I promise it was only for testing purposes. I don’t make a habit of video chatting myself!*

Access detailed statistics about Hangouts
Another cool trick is viewing advanced hangout information and graphical statistics in regards to your connection and computer’s usage. By holding SHIFT-P while in a Hangout a new webpage will pop up showing CPU usage,  as well as audio and video codec in use. There’s even a link at the top that says it will let you simulate a TalkPlugin message.

Google+ Hangouts - Call Info
The graphs section provides a view of graphical data on CPU, memory and bandwidth being used. There’s really a lot of information being displayed graphically here for both audio and video; everything from FPS to video loss ratio, to lost packets.

Google+ Hangouts - Graphical statistics
Lastly, there’s a frame at the bottom that shows detailed networking information. Buried within this data is IP addresses, some form of XMPP chat account being used, and of course more diagnostic information.

Google+ Hangouts - Networking Information
In the last screen you’ll see some IP addresses. The addresses are my internal network. 192.168.0.x addresses are part of a Class C private IP address space used by internal networks. According to Network Solutions Whois lookup, the addresses resolve to Google. In tests with other Google+ users it doesn’t appear that their external IP is ever exposed (and conversely, yours isn’t exposed to them).
However, I’ve heard that someone has developed an exploit allowing them to access Hangouts chats and they have the ability to listen/reply to chat messages. I haven’t been able to confirm if this works or not, but apparently one of the frames that loads for Hangouts is utilizing the Wave Platform. Within that frame there is a special string which is like a pre-generated email account for an individual hangout session (it’s unclear at this time if the “pre-generated email” is the JID referenced in the images above). The claim is that by accessing the on port 5222 someone can bind to the pre-generated account allowing them to receive and send messages over the XMPP Protocol. Plusheadlines will of course post an update if we get more information or confirmation of an exploit.