WhatsApp is Working on Cross-Platform Messaging (theverge.com) 70
A WhatsApp for Android beta update (version 2.23.19.8) that came out today contains a new screen called Third-party chats, reports WABetaInfo. The Verge: For now, the screen is neither functional nor accessible by users, according to WABetaInfo. But its title is a strong clue that this is likely the first step to opening Meta's encrypted messages app to cross-platform compatibility. The beta comes just days after the European Commission confirmed that WhatsApp owner Meta meets the definition of a "gatekeeper" under the EU's Digital Markets Act (DMA), which requires communication software like WhatsApp to interoperate with third-party messaging apps by March 2024.
Someone at Meta had an epihany (Score:1)
or is this just an evil ploy to avoid some of the pesky EU regulations?
Re:Someone at Meta had an epihany (Score:4, Informative)
or is this just an evil ploy to avoid some of the pesky EU regulations?
It says right in the summary that this is to meet EU regulations.
Why else would they do it?
Re: (Score:2)
Why else would they do it?
LOLwat? Meta's main purpose is to learn as much about you as possible to sell advertising access.
That's like asking why the Gmail app lets you add third-party email accounts to it. Duh, to data-mine the communications that happen outside their servers.
Re: (Score:2, Informative)
Meta's main purpose is to learn as much about you as possible
And having a 3rd party app on a 3rd party service taking that data doesn't achieve that in the slightest.
That's like asking why the Gmail app lets you add third-party email accounts to it.
Gmail is a client for an open system, it's not remotely the same.
Queue the fascists... (Score:2)
... who don't believe that companies should be forced to interoperate. It's socialism!!
How to interoperate with third-party messaging (Score:5, Insightful)
Everyone use XMPP. It's an open standard. With it you can use off-the-shelf HTTP equipment in your data centers to scale out. Create new XMPP extensions to satisfy your own vendor requirements while still offering a pretty robust set of common features across a confederation of servers.
Or everyone can rewrite IRC, AIM, MSN, or ICQ over and over again in an attempt to "capture the market". We've been watching the messaging app war for over 25 years. It's embarrassing.
Re: (Score:3)
No one that makes a bunch of money off their messaging app is going to do it using XMPP.
The point is not interoperability. The point is exclusivity.
If Apple added a special color (let's say purple) to messages sent from a "Carbon Neutral" iPhone (sold for 10x the normal price of the exact same phone), people would clamor to get purple texts. At first they will mostly sell to celebrities with more money than brains. Then, after they milk that for a few years, they'll start to onboard the higher order of pleb
Re: (Score:2)
Fortunately the EU regulates them, forcing them (and all the other potential monopolists) to interoperate.
Apple is going to have to use USB-C charging for the same reason and it's a good thing.
Re: (Score:1)
What's wrong with Apple or anyone else selling a $20k phone with purple texts?
If the mega wealthy want to spend their money on purple texts, what harm does that do to anyone else?
Should Rolex be forced to sell cheap watches? Do we cancel Ferrari? Disallow wine bottles over $20?
If they can sell $20k purple texts then more power to em.
Re:How to interoperate with third-party messaging (Score:5, Insightful)
The point is spam.
If you create an XMPP sever that accepts connections from other servers (federation), it will get flooded with spam.
Imagine you found WhatsApp servers were sending a large amount of spam to yours. If you block WhatsApp servers, you are no longer WhatsApp compatible and your users leave. If you don't, you have to accept WhatsApp spam.
Worse still, you have to accept whatever authentication WhatsApp decides is adequate. You might want to offer your users the ability to block harassers, but if all WhatsApp requires to create a new account is a disposable SIM, you can't really do that in an effective way.
Google tried it back in the 2000s, and that is exactly what they found. Your choice is an open sewer, or you control the sign-up process.
subtle iMessage advantage (Score:4, Interesting)
I find myself in the unfortunate situation of navigating the online dating world the last 9 months or so. Ex-wife was an opioid addict amongst other problems, whatever. Speaking of open sewers, this is one of those.
Anywho, one thing I have discovered is this: 100% of scammers use Linux/Android clients. Surefire tipoff it is a scam, aside from behavioral stuff, is that they are using a landline number to text from. Their goal is to appear geographically from the US, at least to the point of having a NANP area code somewhere close to where the scammer is geographically presenting themselves as being, instead of in a few random West African locations, usually, probably because it takes English speakers and you have to be somewhat close to the US time zone wise to run this scam. If the number is connected to an Apple device and the blue shit comes up in my iMessage, you can be pretty damn certain it is real because it is not cost-effective to use an Apple device in this manner. I could think of a way, but why go through the trouble when most people aren't grokking this?
Cross-platform messaging is pretty useless to me for this reason, and I would expect this lack of security to come up as a sticking point over and over as governments are involved.
Re: (Score:2)
If the number is connected to an Apple device and the blue shit comes up in my iMessage, you can be pretty damn certain it is real because it is not cost-effective to use an Apple device in this manner.
That is nonsense. Ten year old Apple phones or Macs run just fine.
If you believe that above you are an idiot. There is an huge second hand market for old Apple devices.
Re: (Score:2)
Hope it's an iPhone 6 (minimum) tied to a NANP number that you can manipulate from overseas using unreliable hourly personnel.
Lots of people quick to criticize when they understand half or less than half the problem.
Re: (Score:1)
My old phone is an iPhone 4S. ... but I still have it and its camara is AMAZING. Perhaps I just had good luck with that particular exemplar.
I do not use it anymore as I got tired about the "you are holding it wrong" bullshit
But I have unbelievable photos.
E.g I was on Phuket and an extraordinary big cockroach was in the kitchen. Perhaps as long as my thumb. So I made a photo, with flash and kitchen light on. When you zoom into the photo you can count the hairs on the legs of that beast. My new iPhone SE (3 y
Re: (Score:1)
Off topic, but sorry about your ex. I assume rehab didn't help. It's good you saved yourself eventually.
As far as online dating goes, if you're talking to someone for longer than a week and can't get them to meet in person then they are a scammer, catfish, or just using you for the ego boost. Move on. No need for high tech detective work.
I talked to (or in one case didn't as she refused to talk live voice) a number of women, met a few in person, etc, but all game players. Finally, received a like on a
Re: (Score:2)
I think the environment out here changed quite a bit in the last 7 years in terms of scammers. Sometimes the foreign scammers even try to set up a call from their locales, where accents and diction give them away. They make errors...slip in a word of a local language sometimes via text or voice. Makes it easy to identify their location just from that. This stuff must work for them at some level, as they keep doing it. The providers play whack-a-mole but even paid accounts are not much of a limitation a
Re: (Score:1)
True I haven't dated online since then. I do it vicariously through my buddy. I get the dirt through him as he tells me stories, shares screen shots, etc. :-)
I was also the white knight type. I think it's inculcated in us as boys growing up. Too much Disney and Hollywood. But like you I figured it out and got over it, too. Congrats, man! There are still real women out there, but not at the bars and clubs.
Re: (Score:2)
yep, sure, act just like you don't receive spam also in whatsapp ... all chat protocols can be abused
just like smtp, open servers can be abused, but unlike smtp, you can require some registration process to allow random servers from connecting to yours and enforce several rate-limit levels. Them you can also propagate the spam reporting between servers: https://xmpp.org/extensions/xe... [xmpp.org]
Re: (Score:2)
A typical XMPP server won't accept messages from external parties unless you've already added that user to your contact list. Otherwise they can't send you a message, only a friend request - and you can rate limit the number of requests per domain (especially if you don't accept them).
Re: (Score:1)
But you are aware that every messaging App has a different text colour for the left and right side?
I mean, or are you an idiot? You think someone bus an iPhone because Apple changes the colour on iMessenge?
How would the new colour in iMessenger affect, WhatsApp, Signal, Telegram, Line, Skype?
Oh, it would not ... stupid idiot. No one uses iMessenger. Except he wants to sent an SMS ... and most people switch off "sent by internet" because they want to be 100% sure that the SMS is sent as an SMS and reaches th
Re: (Score:1)
Are you sure about not receiving messages? I know if I forget to charge I'll receive a message blast when my phone powers up again so they're definitely caching. Or is this only when they don't have net because their account has been disabled for lack of payment?
Re: (Score:3)
> I mean, or are you an idiot? You think someone bus an iPhone because Apple changes the colour on iMessenge?
Yes, people are indeed that stupid...
https://macdailynews.com/2022/... [macdailynews.com]
And on the other end, there's you...
Re: (Score:1)
Sure,
and articles like that or authors of said articles know what other Messengers like, Telegram, WhatsApp, Signal, Line, Viber, Skype people are using on their iPhone.
Just lolz.
I basically only use iMessanger to RECEIVE 2FA messages, and once a year to sent a REAL SMS, and not an iMessage.
Asocial Networks. (Score:2)
XMPP is the way to go, OBVIOUSLY.
As long as standard interop is not there, no way i'll use those asocial networks.
Re: (Score:2)
Funny thing is, Whatsapp apparently originally started as XMPP, then moved to an extended flavour of the protocol, then closed itself up. Perhaps it's still some sort of XMPP internally, just without any of the good bits, like federation.
Re: (Score:1)
Re: (Score:1)
Yes, they switched to Signal a few years ago.
Re: (Score:2)
They definitely use the signal protocol for encryption, aka double ratchet encryption. [1]
AFAIK the message transport itself is still some modified ejabberd -- XMPP based. (2021 info)
btw: XMPP itself now supports the signal encryption protocol, aptly named OMEMO. [2]
Same goes for Matrix.
[1] https://signal.org/docs/specif... [signal.org]
[2] https://xmpp.org/extensions/xe... [xmpp.org]
Re: (Score:2)
When you're deploying E2EE at scale, how you handle and recover from the myriad of error conditions almost becomes more important than the success path. There are so many things that can break E2EE in the wild, and if you don't pay enough attention to those (or handle them in a user-unfriendly way) its only a matter of time before a lot of ordinary people in countries you've never visited suddenly start to complain that the product is completely broken.
AFAIK, the OMEMO spec doesn't talk much about this at
Re: (Score:2)
I used to use XMPP through Google Chat and interacted with some of my utility bots on my own XMPP server. But Google rewrote their system and ripped out the XMPP support. Maybe I was the only one using the feature and it wasn't worth maintaining, I don't know.
Re: (Score:2)
Imagine an iterative development process going something like this:
- Start with XMPP as a baseline
- Develop an efficient binary encoding, because sending large chunks of XML between low-end smartphones was stupid circa 2010
- Redesign the login/setup process because you paid dearly for every round-trip packet back in those days
- Continue to add features all on your own, for a decade, not looking to someone else's protocol implementation as a guide
At this point, it probably only resembles XMPP if you're looki
Re: (Score:2)
Re: (Score:2)
Done: https://xmpp.org/extensions/xe... [xmpp.org]
Updated every year since 2019.
As for clients: conversations.im. (Fast onboarding : https://quicksy.im/ [quicksy.im] ) . https://siskin.im/ [siskin.im]
Re: (Score:2)
Dumping a box of parts in front of people and asking them to build what they need is the dream of engineering. From there each business can decide what the market wants and how to differentiate. You can add functionality that is exclusive to your users. Or you can support functionality that is supported by many other vendors. You can develop new extensions with partners. Or create new standards together with your industry as part of a standards body. It's a win, win, win. Rolling your own IM protocol or usi
Dupe from 2005 (Score:5, Interesting)
This is a "dupe" from 2005 ;)
https://slashdot.org/story/05/... [slashdot.org]
Funny but.... (Score:2)
Funny, but sadly true.
Re: (Score:2)
How about cross device? (Score:2)
There is still no iPad client. Wtf is with that? And no the iPhone client is not available to iPad. The third party clients suck balls with sandpaper.
Insignificant. (Score:2)
Who cares ipad ?
Who ares whatsapp ?
The combination of both is insignificant.
Re: (Score:1)
Why did you open an article on WhatsApp if you don't care about WhatsApp?
Why did you open *and* reply to a post about iPad if you don't care about iPad?
Show us this doll where I touched you.
Would you like to try again?
Re: (Score:1)
People who use it care.
AFAIK WhatsApp is the most prominent messaging app in Europe.
Re: (Score:2)
There is still no iPad client. Wtf is with that?
Messaging apps need a means to know where to send the message. For Messenger it's your Facebook ID. For Teams it's your Microsoft Account. For SMS and WhatsApp it's your phone number.
Most iPads don't have a unique phone number, so the app can't "find" you. WhatsApp web should still work, but you need a phone with WhatsApp on it with a phone number.
Re: (Score:1)
My other chat apps have an iPad client that works the same as the iPhone one, though. I get what you're saying but others figured out how to do it.
The third party clients are based on the web api. I've tried several. They're all quite painful. I wouldn't even use WA at all except my wife's entire family is on it for whatever reason. I semi regularly use discord interchangeably on my iPhone, iPad and mbp. Same client on all 3, no issues.
I can sms from my iPad and receive sms to it, I assume through my
One client to rule them all (Score:5, Informative)
Get rid of walled garden chat clients: https://matrix.org/ [matrix.org]
Choose just one from the list of Matrix client: https://matrix.org/ecosystem/c... [matrix.org]
Set up your own Matrix home server: https://etke.cc/ [etke.cc]
Bridge it with as many walled gardens you like, to chat with your captive friends: https://etke.cc/help/bridges [etke.cc]
Interoperability vs Security (Score:2)
Given the end to end encryption proprietary systems such as What’s App uses, the DMA could very well wind up with a two tier system, something even the EU recognizes may be the outcome that results to satisfy the act. What’s App to What’s App could still be encrypted but What’s App to iMessage or other 3rd party sent in the clear. Ideally, What’s App would warn users that the message is not encrypted but no doubt that will result in claims What’s App is trying to leverag
Re: (Score:2)
WhatsApp uses the open Signal protocol for E2E encryption.
Re: (Score:2)
WhatsApp uses the open Signal protocol for E2E encryption.
Thanks, I thought they extended it, since what I read says it is based on Signal. My error.
At any rate, I should have been clearer on my concern. There is no assurance you will have E2E encryption or security since the other app could scan messages during delivery, archive clear text versions, etc. If the entity doing that is outside the EU the EU has no recourse, other than perhaps banning it and trying to enforce the ban. A state actor could use the DMA as a way to collect data on targets using the E
Re: (Score:2)
To paraphrase the EU rule: native 3rd party chats must be at least as secure as native chats. In other words, because Whatsapp uses E2EE internally (namely, their own "sender-key" E2EE protocol which they built on top of the basic 2-party signal protocol aka X3DH + Double Ratchet) the same level of E2EE needs to be afforded for the 3rd party chats. Otherwise the EU would see the degraded security as an artificial barrier by whatsapp making it harder for their customers to leave their platform. Reducing such
Re: (Score:2)
To paraphrase the EU rule: native 3rd party chats must be at least as secure as native chats. In other words, because Whatsapp uses E2EE internally (namely, their own "sender-key" E2EE protocol which they built on top of the basic 2-party signal protocol aka X3DH + Double Ratchet) the same level of E2EE needs to be afforded for the 3rd party chats. Otherwise the EU would see the degraded security as an artificial barrier by whatsapp making it harder for their customers to leave their platform. Reducing such barriers is a major goal of the law.
However, that is only applicable in the EU. Once a common encryption protocol is defined, it is easy for a third part app to scan messages, store them, etc. and the EU is powerless if it is outside of the EU or a state actor. You wind up with the appearance of security when in fact it is not there. A similar situation exists with requirements to share user data with third party search engines, etc. There is far too much potential for abuse that needs to be addressed beyond “you can’t do that
Re: (Score:2)
Once a common encryption protocol is defined, it is easy for a third part app to scan messages, store them, etc.
WTF are you on about? End to end encryption rules out man in the middle attacks.
If you're saying that the app itself might do nefarious things on your behalf (like sending your message somewhere other than to the recipient), sure... you're right that could happen, but that could also be happening with the main client, WhatsApp.
There are already 3rd party clients for Signal, which uses the same E2E encryption as WhatsApp, and that hasn't broken the ecosystem or anything like that. For example, "signal-cli":
Re: (Score:2)
Once a common encryption protocol is defined, it is easy for a third part app to scan messages, store them, etc.
WTF are you on about? End to end encryption rules out man in the middle attacks.
If you're saying that the app itself might do nefarious things on your behalf (like sending your message somewhere other than to the recipient), sure... you're right that could happen, but that could also be happening with the main client, WhatsApp.
That’s exactly my point. The EU reg will open up iMessaging (assuming Apple loses it’s “iMessage user base is too small to be a gatekeeper” argument) to third party clients and given the size of the worldwide iMessage user base makes it an attractive target, and allowing 3rd party apps to interact opens up an attack vector. My point is simple: Despite the EU boffins claiming the new req does not reduce security because it requires the same level as currently provided, it in fact do
Re: (Score:2)
The danger is people will assume the same level of protections exist when they may not.
The same danger already exists, but you are locked into only one choice or none. 3rd party clients do not make this worse; They provide a verifiable alternative.
Re: (Score:2)
The danger is people will assume the same level of protections exist when they may not.
The same danger already exists, but you are locked into only one choice or none. 3rd party clients do not make this worse; They provide a verifiable alternative.
I guess we'll just have to agree to disagree on whether 3rd party apps add a new potential danger and have the potential to lessen security. Yes, existing apps could do the same and we are trusting them to do what they say; and in that view there is no new threat. If all third party apps are good actors then it's not an issue; but if one or more aren't you have now created a real threat. However if one is all it takes is one person to use that app in a chain and potentially everyone who is in that messag
Re: (Score:2)
To put it another way, will you trust every app that claims to be secure and interoperates with your secure choice to be really secure, or will you wonder if some, while claiming the same level of security, actually don't have it, either by accident or design?
This reminds me of Snapchat. It came out with disappearing messages and loads of people were like, "oh, you can trust this and there's no way someone can get a copy of the thing you sent before it vanishes". The threat they were attempting to deal with was obviously sending selfie nudes and the like. If one is truly concerned about whatever they want to send getting out in the wild, then they have to trust the transit and recipient, period. Snapchat did not remove the latter requirement - the user could alw
Re: (Score:2)
To put it another way, will you trust every app that claims to be secure and interoperates with your secure choice to be really secure, or will you wonder if some, while claiming the same level of security, actually don't have it, either by accident or design?
This reminds me of Snapchat. It came out with disappearing messages and loads of people were like, "oh, you can trust this and there's no way someone can get a copy of the thing you sent before it vanishes"The threat they were attempting to deal with was obviously sending selfie nudes and the like. If one is truly concerned about whatever they want to send getting out in the wild, then they have to trust the transit and recipient, period. Snapchat did not remove the latter requirement - the user could always take a picture of their phone with another phone.
Back to this story, the end user in an end-to-end encrypted chat can always copy that message off to do whatever they want with it. You can send me a picture via an encrypted WhatsApp or Signal message today, and I can save it to my photos and upload it to the anywhere I'd like. Nothing prevents that.
Of course. As the saying goes, two people can keep a secret if one is dead. Trust in the recipient is needed since they can always save and retransmit anything.
I don't believe in security through obscurity. In fact, I find diverse and competing implementations of like ideas and protocols to be a boon for security. Bring on the 3rd party clients, and stop dictating which implementation is the one true implementation.
We're in agreement here. Choice is good and results in improvements and innovation; however increasing choice does not necessarily mean the same level of security exists across all choices. To use your SnapChat example where loads of people were like, "oh, you can trust this and there's no way someone can get a copy of the thing you sent before it
This comes in handy to me (Score:2)
I am on a dare that I made to myself: how long I can use an Android phone without putting a Google account in it. Although I got WhatsApp from a APK repository, I world prefer something from F-Droid store. The other stuff is working to me so far, except my bank's app, which I don't dare to install from a third party store.
Re: (Score:1)
Lol ... so you installed 3rd party software from a 3rd party app store. ... you are weird.
Your phone is now probably rooted, and you are scared about downloading the Banking App from Google App store
Re: (Score:2)
I am not scared of installing the banking app from Google Play. I don't have Google Play set yet because I don't have any Google account associated with this phone. And even if I found my bank's app somewhere else, I would not install it. But after your comment, if I change my mind, I will reset my phone, install a paid antivirus, then maybe install my bank's app.
Re: This comes in handy to me (Score:2)
If I may suggest, I find Droidify much more stable than F-Droid
.
Then, for stuff that isn't in FOSS repositories, check out Aurora: https://f-droid.org/packages/c... [f-droid.org]
Good luck on your voyage!
Re: (Score:2)
Thank you very much! I've just installed it!
Re: (Score:1)
If you're so concerned about Google why use an android?
Re: This comes in handy to me (Score:1)
Indeed, why not use HarmonyOS?
Re: (Score:2)
It's a start for now. Last time, when I used Cyanogen-mod, I installed Google apps, which kind of makes the point of changing OS's pointless. Next time, I intend to get something like a Fairphone with a KDE Phone interface. I must get used to not have most apps available if I intend to do so.
Re: (Score:1)
Ok I know I'm probably sticking my hand in a fire with this one, but why go through all that trouble? Why not get an iPhone?
Re: (Score:2)
It was a difficult decision and I think that I decided against an iPhone for the wrong reason (which I won't tell). Anyway, as much as I am not very strict with free software, I still can't accept the walled garden approach of Apple. There are derivatives of Android there are not tied with Google. It is possible to flash a different ROM in some Android devices, which is a thing that is not possible with an iPhone. As soon as I discovered that I could start and configure this phone without a Google account,
Re: (Score:1)
Ok, fair enough, I get it. I felt the same until I had ann iPhone and then realized most of the android apps I had were designed to fix UI and UX flaws in the phone and not really actually useful. Once I let go of the need to control every aspect of the device and just use it as intended by Steve, I loved the experience and wouldn't go back. I don't need to put a different ROM or run a variant OS or any of the rest of it. And while I am not naive about it, Apple is a far less shitty PII slurping data a
MLS + MIMI (Score:2)
I hope they interop using MLS. That would scale well and mean 3rd party chats have solid E2EE. Its not *that* far fetched as Whatsapp was somewhat involved in MLS's design in the protocols earlier stages (less so later though).
I guess we'll have to see what Whatsapp does and how good of a job the MIMI working group at the ITEF does...
backup/export (Score:1)
If this means a 3rd party app will be able to backup/export my chats with media content in a easily readable format (think html as telegram does), i'm for it!
How about desktop support? (Score:1)
Atm it only seems to work fully on phones. Their web app doesn't support any video calls, which is kind of a key feature.
Skype has supported this for many years... I don't get why whatsapp is so popular.