WhatsApp Chats Will Soon Work with Other Encrypted Messaging Apps

5 points by fariszr 1 year ago | 7 comments
  • palata 1 year ago
    > You shouldn’t need to know what messaging app your friends or family use to get in touch with them, and you should be able to communicate from one app to another without having to download both.

    Shouldn't you, and should you, really? Right now, if I communicate with someone on Signal, I know that they are using Signal, and I know that we are using the Signal protocol. In a world where I don't know what messaging app my correspondents are using, how do I know that I can trust the protocol?

    > “This effectively means that the approach that we’re trying to take is for WhatsApp to document our client-server protocol and letting third-party clients connect directly to our infrastructure and exchange messages with WhatsApp clients.”

    Ok, third-party clients, why not. Except that now, when I want to verify the key with the correspondent, I will have to see that they use some third-party client (that may not be open source and that may be sending a copy of all my messages to some server), and decide whether or not I am fine with it. In many ways this is worse than being forced to use WhatsApp.

    > Meta’s app will also allow other apps to use different encryption protocols if they can “demonstrate” they reach the security standards that WhatsApp outlines in its guidance.

    Which implies that instead of telling the correspondent that I'd be more comfortable talking over Threema than <whatever>, I will have to say "here are the encryption protocols I trust, can you use one of those from your app?".

    > There will also be the option, Brouwer says, for third-party developers to add a proxy between their apps and WhatsApp’s server.

    And now it's not E2EE anymore, is it?

    I really fear that in practice, it will just weaken end-to-end encryption everywhere. And for what? I have absolutely no problem using multiple apps to talk with friends right now, I don't need one "super-app".

    But maybe that is actually a political incentive: if you can't make E2EE illegal (in order to spy on your citizen), make it weak.

    • fariszr 1 year ago
      > how do I know that I can trust the protocol?

      It's going to show you which app and probably which protocol is going to be used, then you can decide on your own how to proceed.

      > really fear that in practice, it will just weaken end-to-end encryption everywhere. And for what? I have absolutely no problem using multiple apps to talk with friends right now, I don't need one "super-app".

      You always have the option to just use the same app? That won't go away, and it will still have advantages

      > But maybe that is actually a political incentive: if you can't make E2EE illegal (in order to spy on your citizen), make it weak.

      The idea is to kill the network effect in chat apps, it way too strong now, to the point that even the WhatsApp policy change controversy didn't kill it, everybody complained, opened a signal account and then just continued using WhatsApp

      And of course they did the master class of withdrawing the change then rolling it out when the news cycle fizzled out, so that 'protest' had literally no effect on WhatsApp and it's dominant position.

      • palata 1 year ago
        > It's going to show you which app and probably which protocol is going to be used, then you can decide on your own how to proceed.

        I was quoting the part that says: "You shouldn’t need to know what messaging app your friends or family use".

        > You always have the option to just use the same app? That won't go away, and it will still have advantages

        I will not know if the person I'm talking to is using the official Signal app or Tiktok, will I?

        > to the point that even the WhatsApp policy change controversy didn't kill it

        I think it was only a change in the ToS that was reflecting what they had already been doing in practice for years, right? Most people I know did not really care, they just got exposed to alternatives (Signal, Telegram, Threema), and then realized that WhatsApp was just fine for them.

        > The idea is to kill the network effect in chat apps

        I am not sure it will, for the same reason almost everybody uses Google Chrome (not a Chromium variant) or Safari even when there is no lock-in: people just use what they are exposed to.

        I guess it is nice to force them to have an open API, but forcing WhatsApp to interoperate with some arbitrary alternatives (through e.g. a "Telegram" tab?) risks making WhatsApp weird and creating all sorts of problems.

        An open API enables third-party apps, and that's cool. But forcing WhatsApp to support third-party protocols in their own app is just weird to me.

        • fariszr 1 year ago
          > I will not know if the person I'm talking to is using the official Signal app or Tiktok, will I?

          Well, if meta is going to sign an agreement with the app, it's probably going to show which app a user is using, especially to avoid username/phone number collisions between platforms.

          > I think it was only a change in the ToS that was reflecting what they had already been doing in practice for years, right? Most people I know did not really care, they just got exposed to alternatives (Signal, Telegram, Threema), and then realized that WhatsApp was just fine for them.

          Nope, it was much bigger than that, it also heavily widened the scope of the data they stored without encryption.

          > I am not sure it will, for the same reason almost everybody uses Google Chrome (not a Chromium variant) or Safari even when there is no lock-in: people just use what they are exposed to.

          Chromium isn't relevant here, Email is. Even though Gmail and Outlook control like 90% of the market, it didn't stop competitors like Proton or Hey from existing, it allows others to innovate without hitting the same issue, lack of users on their platforms.

          > An open API enables third-party apps, and that's cool. But forcing WhatsApp to support third-party protocols in their own app is just weird to me

          I don't think they have to support anything, it's just an open API, the other app has to be compatible with WhatsApp to be able to send anything. Also, why not? They have the capability to do so.

          I find matrix's article on this very useful https://matrix.org/blog/2022/02/03/digital-markets-act-and-i...