It shouldn't just be limited to messaging. An internet where everyone can built a client against Facebook's API, or Youtube or what have you and users get actual choice and control about how they consume those services would be a big leap forward.
Or a wonderful leap backward, in the most positive sense.
In these days of proprietary wall gardens everywhere it might be difficult to remember, but earlier in the Internet that was how things worked. Every protocol was public, documented in RFCs and all implementations were interoperable (barrings bugs/etc, but mostly anyway).
Even a completely obscure protocol can be reverse-engineered given enough time - in fact if you search on GitHub you can already find a lot of client libraries for proprietary services.
The problem is that at the moment the platform owners intentionally detect usage of these alternative clients and ban their users or abuse laws such as copyright to block their development & usage.
Peer-to-peer communication in WhatsApp in the network topology sense happens where possible when making Voice and Video calls, as this is probably WebRTC-derived (it is WebRTC in everything else these days), which concretely involves some kind of call signalling, then p2p setup to talk RTP if possible. This is not Signal Protocol or Noise: it is most likely the S in SRTP with key agreement done over the Signal Protocol. In other words, no key ratcheting between voice or video packets. I'm actually not sure if the session key is ever changed for a given call. To make this clear: call setup happens via a central server but the media streams will go from your IP to theirs directly, if possible (or proxied via WhatsApp if not). The reason for doing calls p2p like this is where possible is to reduce latency.
This is also, last time I looked, true of Signal. We are good at end-to-end text. We are less good at voice/video, particularly voice/video group calls that might not be p2p-able and rather require the server to do something with the RTP streams.
Now, what you're actually missing is that WhatsApp was in its early days based on a fork of ejabberd, the Erlang XMPP Server, with if I understand correctly custom extensions. Thus WhatsApp actually was at some stage somewhat compatible with open standards.
We've also kinda been here before. Google Talk used to interoperate with XMPP just fine and at one stage my own XMPP server could talk to my friends on Google Talk and they'd pretty much not notice.
I agree however that it would be better to have a new protocol that starts based on end to end key agreement like Signal/Noise, rather than use XMPP. Or perhaps use XMPP _inside_ this protocol. This is because "opt-in" crypto is a disaster that probably has happened. Signal and Noise are also missing what the body of those messages should look like and standards for agreeing for example calls, media transfer and so on, basically all the non-crypto parts.
So, I wouldn’t assume it’s great for end users without digging into the details. Don’t forget the last time they did privacy regulations they created an unending wave of click yes to accept cookies.
PS: Looking at rapid downvotes I see people disagree, but mandatory interoperability would presumably force them to accept SpamNetwork101, SpamNetwork102 … etc.
WhatsApp replaced SMS as a free alternative with media. Sms is just a protocol. It is not necessary that a replacement is walled garden, especially not under the sole guise of spam protection - something that is being done very poorly anyway.
And even if you for some reason don't want to restrict your requests, you'll probably still be fine - Gmail handles protects me from spam pretty well.
What do you love, what is missing?
Can you organize the chats?
Edit: more subtle choice of words to indicate what I meant
> (fa) allow end users, business users, providers and potential providers of on line social networking services access to and interoperability with the same industry-standard service features that are available or used in the provision by the gatekeeper of any social networking services; minimum interoperability requirements shall be in accordance with the relevant Union legislation or the industry standard, where applicable, by providing open standards, open protocols, including Application Programming Interface;
Start using Matrix, we all know that the signup process could be easier (among many other things), throw some money and devs at the project with that specific goal. Start offering services over Matrix. Public money, public code. The whole world benefits.
[1] https://www.theverge.com/2022/3/24/22994234/eu-antitrust-leg...
https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed...
More importantly, who cares about Moxie's (imo crappy) vision? If this were to force him to rethink his stance, that's a plus in my book.
I realize now that Signal will not be affected, only very large companies will. Nevertheless I find your attitude very concerning.
Imagine you were him and you are getting issues filed from people using services the government forced you to build, or were even build by others but forced on your once clean solution. I'd say "screw you guys, I'm going home" (Build your own solution). And I'd agree with him. Where would it end?
I remember back when MSN/Windows Live Messenger used to be one of the most popular options out there. Even though I used Ubuntu, I could still chat with my friends through the Pidgin messenger. This was all possible through the XMPP interface, which still exists by the way.
It's not just that these new messaging platforms are adding no extra value, they are creating worse experiences, and we're buying into it. You now have to install half a dozen messaging apps just to keep up (WhatsApp, Telegram, Facebook, etc.) . And now we're suddenly talking about reinventing the wheel.
Short term thinking and focus on new shiny features over long term sustainability. It's a pattern we see repeated in many aspects of society, not just messaging. Combine this with network effects and it ceases to matter that a minority of people have the time and interest to think about the long term, the majority have already made the decision, and your choices are to either be left out, or participate. It's frustrating, but it's one of those things when a large enough sample of the population are living lives which have much bigger problems than messenger lock-ins.
tl;dr: stickers
You don't have to. If you say you're only reachable with apps that support XMPP then generally people who care about chatting with you will use that. That's what I have been doing since January last year when WhatsApp changed its ToS.
Surveillance is an area where there are still plenty of politicians who try to sabotage (digital) freedoms.
The thing is, there doesn't appear to be any way to know whether this is the case.
Further, the law should specificy that the protocol allows E2EE, and we have traction.
This needs to happen. Mandate interop and federation please.
[1] https://www.penguinrandomhouse.com/books/194417/the-master-s...
So, I think further revisions of this law will somehow need to take this into account.
They don't need to change law to address issues.
Specifically:
- article 7: Compliance with obligations for gatekeepers
- article 10: Updating obligations for gatekeepers and
- article 11: Anti-circumvention
Whether or not they succeed at improving choice and reducing centralised power over comms is up to dumb luck, mostly.
Step 2: So... the encryption your application uses doesn't work well with other platforms.
Step 3: Everyone must use this one kind of encryption for interoperability with our tracking ser... I mean other platforms.
Step 4. Hey, look at all the stuff these activists are talking about.
Step 5. Gulag for the activists
https://www.theverge.com/2022/3/24/22994234/eu-antitrust-leg...
On the contrary, the whole point of this law is to make it not just easy, but even possible for alternative messaging providers to compete.
Clearly they cant be expected to integrate with any 3rd party, so the expectation is that 3rd parties would integrate with them.
You can do this at present via their private API (as per pidgin, etc) - but thats against their terms of service. It seems this law will prevent them imposing such terms.
But they won’t do it exactly given their widely disparate privacy and security model. Unless some kind of an instant messaging standard surfaces.
As is, it would become another cat-n-mouse security theater in leveraging one IM provider’s API weakness to gain additional insight of a subscriber using another IM provider’s API.
- Implement a conversion layer from our internal representation so we can keep it stable.
- Complicate all further feature work because we have to consider how it will affect existing customers of the API.
- Write and maintain documentation for the API.
- Keep the API working even after we no longer use it.
- Maintain multiple versions of the API in parallel.
- Make sure our error messages make sense to people not familiar with our internal systems.
- Be more careful with validation - for our internal APIs it's not the end of the world if a bad request results in a 500 rather than a 400, but it matters a lot for public APIs.
- Be more careful with rate limiting and other defenses against API misuse.
And this is to name just a few. A requirement that everyone expose a public API is pointless if it doesn't include a stability guarantee, and overly burdensome if it does.
This isn’t a requirement that everyone expose a public API . https://www.theverge.com/2022/3/24/22994234/eu-antitrust-leg...:
“The DMA will force new obligations on companies deemed to be “gatekeepers” — a category defined by the legislation as firms with a market capitalization of at least €75 billion ($82 billion); at least 45 million monthly users; and a “platform” like an app or social network. Companies covered by this classification include well-known tech giants like Google, Microsoft, Meta, Amazon, and Apple, but also smaller entities like Booking.com.”
Also relevant: https://www.youtube.com/watch?v=rAlTOfl9F2w
It’s hard for me to muster up even the smallest amount of sympathy for these vampires.
I expect this will take a decade to shake out as US tech firms work tirelessly to protect their spyware walled garden models.
If you want a free, private, modern communication network, build it, don't steal it. In this case we are already very close to having a very nice solution in the form of Matrix. Throw some money and devs for things at Matrix/Element for issues we want to solve there. Push it as a government sanctioned solution. Offer services over Matrix, avoid WhatsApp.
These rules only apply to platforms with a market cap of over €75 billion or European Economic Area turnover of over €7.5 billion.[0] No one is proposing that we require single developers work with Apple and Facebook to make their apps interoperable.
[0] https://www.politico.eu/article/eus-digital-markets-act-adop...
iMessage's advantages are a feature of the Apple ecosystem. WANTING it to interoperate with Facebook or whatever is one thing, but legally REQUIRING it seems to me to be very, very dangerous.
Right now everything is running on their servers with god knows what IP addresses and from where.
So far I haven't been banned but I have had to reset my Facebook password once.
Instagram suddenly stopped working and I had to reconnect a few times.
So far WhatsApp is ok.
IMHO the iOS app is close to useless and I stopped using it.
The desktop app is where it's at and I'm only using that for now.
There is no forcing necessary in other, imo preferred, scenarios. Like pushing Matrix. The solution, which uses the law to force a company will just block new attempts at creating similar but better products.
Try putting yourself in his shoes as the government contemplates publicly about how they are going to force some changes to the project you build based on your very private vision of privacy and subsequently made available for free to millions, based on your hard work.
While I'm against walled gardens, I can see why these companies want to keep them closed. And if I'd work for e.g. snap, I would probably have this opinion as well.
Sawing off the branch you are sitting on is usually not a good idea.
> Included in the rules' scope will be platforms with a market capitalization of €75 billion or turnover in the European Economic Area equal to or above €7.5 billion. [0]
[0] https://www.politico.eu/article/eus-digital-markets-act-adop...
Which ones don't?
Those two alone are the clients that most Windows/Mac XMPP users I know reach for first, probably out of familiarity.
Seems WhatsApp does use noise pipes for some some long running connections. Just checked their doc to be sure.
Depending in the specifics everything from Yahoo! Messenger to MMO chat either needs to get shut down or made interoperable.
I assume it costs Meta a lot too, and so they reduce the quality of media flying around on WhatsApp.
Would others have to be able and willing to pick up these costs if the networks were opened up? I am thinking even if Apple/Meta were forced to open their networks, they would balk at subsidizing outsiders.
I am not clear what the backend costs and cost allocation would be, for example, if someone using iMessage sends me a 4K video to me and I am not using iMessage, and I am offline, but I will expect to see it next time I open up Pidgin on my laptop.
Applying this model to the case of a 4K video sent from iMessage, the file would be hosted by Apple, and you would merely receive a reference to it (i.e. URL) so you can fetch it when you come back online. It's natural to assume this model, as most platforms are already using it today, but of course this is all speculative until things get opened up.
On a final note, Pidgin is a poor choice of example in this case. It supports a much older version of XMPP, its support for the protocol actually hasn't evolved much in the past ~10 years or so. In particular it's missing support for this very file transfer mechanism, and a whole bunch of other things such as multi-device and modern E2EE (though there are third-party plugins attempting to plug some of these gaps). If you're planning to do XMPP in 2022, practically any other XMPP app that's actively developed supports the newer mechanism and many other modern features Pidgin lacks. For desktop that includes Gajim (cross-platform), Dino (Linux, experimentally Windows) and Beagle IM (MacOS).
iCloud Backup was introduced in iOS 5, released in 2011. It escrows either message plaintext or device secret keys (depending on OS version and configuration) to Apple, encrypted with Apple keys (non-e2e) and readable to Apple (and the FBI and others, some of whom access the data without probable cause or a warrant under FAA Section 702).
WhatsApp backup backs up chat plaintext to cloud services (I think Google is the default), also non-e2e and readable to the cloud storage service (who often shares it with government snoops without a search warrant, also under FAA Section 702). They added an e2e option late last year but it doesn't matter if you turn it on because none of the people you chat with are likely to have it enabled (so all of your chats will be backed up in plaintext from the other end).
OK so that doesn't support what you said at all. That's an optional feature (that I do not use), and it's not in any way a "backdoor". Unencrypted backups are a front door. Yes, that iCloud Backups aren't E2EE is bad. Arguably worse (and this would be a more productive area for the EU and others to focus on) is that they're the only general wireless option, that's MUCH more of a nasty tie than messaging. iOS should have a standard API for backing up that any service at all (including a server one runs themselves) can implement and then get pointed at. But none of that is a backdoor in the encryption of iMessage and you do the whole space a real disservice by conflating them.
It doesn't matter. Everyone you chat with uses it because it's on by default, so all of the iMessages you send and receive are backed up in effectively plaintext to Apple (who turns them over to third parties).
> But none of that is a backdoor in the encryption of iMessage and you do the whole space a real disservice by conflating them.
Unencrypted (or encrypted to the ZK middle service, in this case Apple, being the operator of both iMessage and iCloud Backup) key escrow of end-device secret key material in a system that is advertised as end-to-end encrypted is indeed a backdoor in the end-to-end encryption of that system, as now the secret keys don't exist just on the endpoints - the transit service in the middle has a copy of them, allowing message decryption on a non-endpoint as they transit the middle service.
That is definitionally not end-to-end encrypted. It's end-to-middle-and-end encrypted if the middle device has a usable copy the endpoint secret keys, which Apple does.
Why not? Can you come up with examples? Are you worried that they would use automation to generate a new "API" per second, so consumers would need to play catch-up? Do you think that would hold in court, if/when this initiative has been legislated?
From my point of view, the advantages of opening up these platforms outweigh the disadvantages for those who don’t like that.
The whole idea of this type of regulation is that it tries to do what’s best for the consumer, and the market as a whole, not not necessarily for the businesses behind it.
And the arguments hold for Meta too if you ask me. WhatsApp is not a public service. It was not build (or in this case bought later on) with our interests at the top of the priority list. If we want public services with the public's interest at heart, we have to build those services, or sponsor those. Not take them from companies. In this case we already have a nice solution in the from of Matrix.
What are you suggesting?
Countries (and citizens by proxy) have a right to decide how they want services to function in their respective countries. Any company can choose to follow those regulations or voluntarily stop services within that country.
The great part about the EU is that it's a big enough market for companies to want to target it. One doesn't object about food health standards or what standards electronics parts are required to follow, it's the same for internet services.
If these companies do not want to follow these laws, then they are within their right to not operate in the EU.
I don’t think he has he ambition to even get half-way there, and if he ever gets there, I expect he’ll be able to pay others to worry about that.
Is say MMO chat a social network?
What’s going to happen, if this ever goes through, is that the networks will open some kind of api so outsiders can send and be sent basic messages. And you will never be happy using it because you’ll always look like an outsider.
And there is no way to fix this because a big draw of these networks is that they keep adding new features and they are not in the old api so you can’t use them.
And of course it’s going to be a big source of spam so users will get the ability to block the outside from sending messages to them, which means you can’t reach half the people you want.
Disagree, and disagree. Access to friends and family is why people use these apps. Once these tech companies are forced to tear down those walls people will be free to use the app of their choosing to communicate with whomever they prefer. Spyware is harvesting data without the explicit consent of the user.
>What’s going to happen, if this ever goes through, is that the networks will open some kind of api so outsiders can send and be sent basic messages. And you will never be happy using it because you’ll always look like an outsider.
They'll be fined 10% of their global revenue for trying to play such an obvious and silly game.
[arbitrarily deciding what is and isn’t allowed] Everything so arbitrary. Either allowing everything or nothing is not sustainable for anything on the internet so you need arbitrary rules to stop arbitrary things.
>Either allowing everything or nothing is not sustainable for anything on the internet so you need arbitrary rules to stop arbitrary things.
It doesn't need to be so complicated. Allow lawful content and maintain your neutral status, or only allow content you choose and become a publisher.
Using this model it would better to have multiple lists though, or at least tagging within the general contacts list, so tag-based lists could be allowed by certain apps (to keep business and personal messaging separate for example).
New person goes to chat requests, they communicate through another channel they've sent you a message, you go open the graveyard of chat requests and accept theirs.
Well yes, if a messenger refuses to upgrade and consume a working API, it will not consume much. This law is not about forcing all messengers to interoperate with the infinite messengers out there. This law is about forcing those with capitalisation of ~7 billion to provide a sane endpoint.
If you want to talk about the benefits and drawbacks of these laws, thats fine. But please do not phrase it as if these companies are being forced into slavery.
Because that is an absurd framing, because those citizens are fully within their right to set consumer protections, for what is required of companies, if they want access to certain markets.
Law makers, and everyone else, would love to talk about the benefits and cons, to consumers for these laws. Please enter the conversation, and actually talk about that, instead of pretending like these corporations have some moral right to access certain markets, above and beyond the wishes of those citizens who vote on valid consumer protections.
We are not "taking them from companies". Instead, citizens are putting up valid consumer protections and requirements for access to their market, that does not belong to these corporations.
And these corporations can decide to either follow these laws, or leave the market, because those markets do not belong to them.