WhatsApp Messaging Interoperability(developers.facebook.com) |
WhatsApp Messaging Interoperability(developers.facebook.com) |
Looks like interoperability is geo-fenced to Europe only.
This reads like a lot of words to say Fuck You Europe to me.
Well, feelings are mutual, at least we are on the same page, them and me.
Messaging-interoperability is the one aspect of the DMA I don't support. These apps are free to download; and if you care about security (and use Signal) you'll want to avoid cross-service messaging anyway.
Without additional regulations across the globe it’ll be simpler playing the geofencing game for those companies.
Some of them even threaten back charges if it turns out you used more data abroad than at the home country over a long enough period.
I called their bluff once and got away with it, but their systems may have improved since then
I think the previously often raised objections to interoperability were technically and economically mostly sound (federation is much harder to achieve in a secure way, thinking of key distribution, identifier verification etc.).
Now overcoming all of these obstacles and then going the extra mile to implement geofencing (which also has tons of edge cases!) completely undoes that argument.
WhatsApp makes their money from the business clients/apps (which aren't covered under this, which I think is fine by the way).
So why care where a user is on the planet? I just don't see the business reason for this. Maybe I'm missing something?
I've been waiting for this, and hoping I could "just" cook up some of my own code to use with WhatsApp, and/or integrate it with Pidgin or bridge to email or whatever. But the entire process is about as hostile as possible.
For example "Partner shall have in place a dedicated security team" basically excludes most startups, or most smaller companies.
It's not clear to me if this is really complying with the DMA – it's certainly not in the spirit of it, but less sure about the letter of it.
It is probably a positive change for end users, but far far away from the "open up your protocol" I was hoping for.
Making messaging interoperability with third parties safe for users in Europe
https://engineering.fb.com/2024/03/06/security/whatsapp-mess... (https://news.ycombinator.com/item?id=39614085)
Using it with a dedicated username for whatsapp contacts could be a way.
Facebook (and TikTok) store tracking data on iOS that the user CANNOT SEE and CANNOT DELETE:
• It shows my previous account even after I delete the app.
• Clearing Safari's cache does not work.
• Disabling iCloud Drive and iCloud Keychain does not work.
• Even completely signing out of iCloud does not work!
• On a Mac in the Terminal, you can go to ~/Library/Mobile Documents and "ls -al" to see hidden folders like "iCloud~com~Facebook~Messenger" that you cannot otherwise view or delete.
• Someone mentioned that even RESTORING an iCloud BACKUP will resurrect these "eternal cookies"!!
----
WHERE do they store this data?
WHY can't the user see this data?
WHY can't the user delete this data without going through the app?
WHAT ELSE do apps store on our devices that we aren't even aware of? (This is just what we can see: The list of saved accounts for "quick login")
HOW MANY other apps are secretly doing this?
WHY does Apple, parading around as a pompous paragon of privacy, even allow this in the first place??
Meta is requiring that people reside within the EEA, not just are someone who is an EU citizen. They're requiring integrating services to give them the IP addresses of users and for the integrating service to confirm that you're within the EEA at least once in any 60 day period. If Meta thinks you're violating that as a user, they'll cut you off from the integration. If they think the integrating service is just violating it, they'll cut off the integrating service.
It looks like Meta might be requiring as much identifying information about you as they can get so it will probably be relatively easy for Meta to figure out who is cheating.
But if you're not trying to cheat, then yes you'd be able to message US WhatsApp users from a non-WhatsApp account in the EU.
https://www.wired.com/story/whatsapp-interoperability-messag...
Matthew also did a Fosdem talk about it about a month ago: https://fosdem.org/2024/schedule/event/fosdem-2024-3345-open...
I'm sure the free market will handle it ;)One that never loads images would be lovely.
Edit: Waaait a bit. I have it on iOS and I have it on some laptop where whatsapp desktop is an old version.
I can't find it on my desktop where their desktop app is the latest and greatest...
They probably "improved my whatsapp experience".
Edit 2: besides, that just doesn't download the photos, I think? They still take half the screen that could be used for displaying more text...
I'm impressed with EU regulation. Standardized chargers, ending roaming charges, GDPR, DMA. Definitly worth the side effects overall.
I really like the DMA too
Just...use Matrix or XMPP or something ffs. The open protocols _already exist_.
I have some minor hope that WhatsApp will eventually switch to MLS+MIMI, as someone from Facebook does take part in the design process, but that could also be because of Facebook Messenger really.
Can you elaborate on this please?
"Partner represents and warrants that it shall not introduce into WhatsApp’s Systems or Infrastructure, the Sublicensed Encryption Software, or otherwise make accessible to WhatsApp any viruses or any software licensed under the General Public Licence or any similar licence (e.g. GNU Affero General Public License (AGPL), GNU General Public License (GPL), GNU Lesser General Public License (LGPL)) containing a "copyleft" requirement during performance of the Services"
But ... it's not like WhatsApp is hiring me as a sysadmin for their servers, are they? Why would they give me access to their systems? They won't. This seems copy/paste legalese.
"Access" in this case just means "ability to interact with". It doesn't imply root/admin abilities.
That’s pretty much the purpose of Facebook? ;)
That said, I'm sure we'll see open source libraries pop up everywhere to communicate with WhatsApp directly. There already are unofficial WhatsApp clients in various forms, but now they can use the protocol without risking breakage because they reverse engineered the contents of the protocol itself.
I think there will be plenty of space for the Beeper Minis out there right now.
How so? Each of them would need approval by Meta + signing an NDA, and I can easily see that ruling out open source libraries.
That's really a decision you should make, and not WhatsApp – "do I trust this arp242 guy and his GitHub repo?"
And some auditing isn't necessarily too bad, I guess, but a lot of this goes far beyond "basic security"; it's the type of "corporate checkbox security" that we all know works so well.
What’s the point of thinking that WhatsApp is e2ee if anyone can write their own end point?
my friends and I use WhatsApp because we know the messages are secure. Imagine if every other group message had the “green bubble” equivalent experience if someone was using a custom client.
Without the DMA, Meta can make it very hard for any business model based on them, but it's never been a technical obstacle.
In a very similar way, you also need to trust your friends to not activate WhatsApp chat backups to Google Drive or iCloud without a password if you don't want end-to-end encryption to be compromised (there's no indication if they have it on or not), and that's the default suggestion by the official client.
I need to read a bit more carefully through the (limited) technical documentation they have; but all of this seems highly excessive. I'm not a distrustful or cynical person by nature, but I find it hard to avoid the impression that they intentionally made it as hard as possible.
I don't know what "the green bubble experience" means(?)
But even if you're using the official super secure endpoint, there's nothing preventing the user from taking a picture of the screen, which bypasses all protections.
It would be really great to have a keychain section in iOS’s settings, like Keychain Access on Mac. The dev can build in-app functionality to delete keys from the keychain, but there’s not a huge incentive to.
Keychain storage doesn’t let FB track you, just store sign on info, keys, and the like. It’s not able to execute arbitrary code, it’s an encrypted place to store login info that Apple syncs between your devices.
Use them via Safari if you don’t want this (then your logins are saved & synced in Safaris keychain.)
This is an issue because if you ever use an app by a company, uninstall all their apps, and then install one of the developer's apps years later, they can tell it's the same iOS profile (even restored on a different device), profile what you do across those apps/installs/decades, and associate any accounts you log in with. Essentially they can put a permanent cookie that you can't even see on your iOS profile that's shared between their apps. If you use iCloud Keychain, they can probably profile you across all your devices regardless of whether you reset one.
Apple has said this isn't intended functionality and they were going to address the issue many years ago in iOS 10.3 by removing Keychain data when the last app from a developer was uninstalled [1], but they got cold feet. If I recall correctly, the reason was that some app developers were relying on this unintended functionality to ensure free trials couldn't be used more than once. Apple was going to introduce a service that could store only 2 bits of data to enable that use case and then revisit Keychain deletion when the last app from a developer is uninstalled, but it appears they haven't.
It would be great if they'd finally fix this.
It sure lets app developers identify me across app deletions and reinstalls!
I'm also not sure why Apple has kept this loophole open for so long when they are otherwise so focused on making sure user tracking across reinstalls is so hard (e.g. by making APNs tokens change after a reinstall, which used to not be the case as well, restricting access to read the device MAC address and other permanent identifiers etc).
And I am looking at my iPhone now and Meta does not store tracking data in the Keychain.
Are you serious? They literally know my previous accounts even after I DELETE the app, WIPE the iPhone, and login to the same iCloud account on ANOTHER iPhone.
They do this by storing some data. They can store data about anything else. How can be sure if we can't even LOOK at that data?
I only caught this because of the visible symptoms they CHOSE to show us: The list of previous logins.
I'm sure you can remove most and/or all Mac OS files, but they're increasingly using trusted computing and even designing their own chips to increase the control they have over the devices (and correspondingly limit user control).
They sell this as a security feature these days, but the appliance model predates that and security is kind of just along for the ride.
I'm glad to see that people feel strongly that they should have control over the files on their system. I'd like to see that help move us toward users having full control over their computers.
And there are no eternal tracking cookies for Safari even first party ones are deleted every week.
Disabling the iCloud keychain doesn’t clear your local copy.
Or maybe this happens because it's completely off-topic here and has nothing what-so-ever to do with WhatsApp?
Most of your other messages seem similarly off-topic: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
Not only that, people have already answered your question in a previous thread.
There was a popular post just a few hours ago about Filezilla (whatever that is) containing adware in the default download.
This is a FAR more grave violation of privacy than anything so far — Tracking people ACROSS reinstalls AND MULTIPLE PHONES!
Or what tracking data you are referring to ie. is it cookies or local storage but either way you should maybe speak to Apple Support.
Yes iOS apps can store local data and if you're unhappy about it then just delete or reinstall the app.
Well, that doesn't delete all local data. That's exactly the problem!
Good alliteration.
Apple doesn’t enforce what the app does with app data. Apple makes sure that if the app uses a platform API that is sensitive, it gets your opt-in (or prohibits the use of the API altogether). Apple makes sure that the app publishes a privacy nutrition label. But what the app does inside with whatever data you choose to give it, that’s up to the app.
If you voluntarily choose to give data to the app, what the app does with it is your problem. Apple just tries to make sure the app can’t take data that you haven’t chosen to give it.
World's most stupendous & drawn out Yak shave, if one thinks about it
Now, not sure what I was hoping for. None of my messages currently go through Meta and I'm quite happy with this.
As an implementer, I certainly wouldn't want to police and track my users and their location for a chat service, and as a user I wouldn't want a chat service to track me.
I also certainly don't want to depend on a system which is unreliable because it artificially depends on my or my contacts position on Earth
This whole thing sounds like something I will not want to use anyway.
Many people don't actually ever verify their contacts' keys, but rather just rely on the platform provider to have done phone number verification correctly. In that sense, the security model is bit better than TOFU in practice.
> I'm not a distrustful or cynical person by nature, but I find it hard to avoid the impression that they intentionally made it as hard as possible.
There I fully agree. If anyone could find a way, it's the company running the largest messaging infrastructure in the world.
At least 7-8 years. Probably from whenever it became possible to send media messages.
https://apple.stackexchange.com/questions/441112/how-can-i-r...
What's the point of nicknames then?
> Usernames simply allow you to initiate a connection on Signal without sharing your phone number
> Starting soon, your phone number will no longer be visible to people you chat with on Signal, unless they have it in their phone’s contacts. You will also be able to configure a new privacy setting to limit who can find you by your phone number on Signal. And, you’ll now be able to create an optional username that you can share with the people you want to connect with on Signal.
XMPP needs to have a username and server name at the very least. This is because it needs to work in a federated context, and it doesn't use things like DHTs to decentralise messages in a way that allows hiding the routing data. The message body is encrypted, of course, and headers can be minimised, but there will always be unencrypted metadata. To quote the spec:
> The OMEMO protocol does not protect against attackers who rely on metadata and traffic analysis.
As for Matrix: the message body is usually mostly encrypted, but it's leaking a lot of metadata. Message IDs sometimes fine themselves outside of the encrypted envelope as well as timestamps and other information I don't think should need to be outside the encrypted envelope.
Neither XMPP nor Matrix were designed with encryption as a first priority and that led to protocol design choices regarding metadata that cannot be altered without breaking most clients. They also tend to store messages grouped by chat group/conversation, though multi device support is technically optional for XMPP. From a server dump of either XMPP or Matrix, someone can deduce what users are chatting to what users when. In Matrix, you could deduce what messages are responses, updates, or deletions of what other messages, as well as reactions. For Signal, you'd need wiretaps on both sides to deduce that level of information.
A protocol like Signal would be near impossible to federate. That said, if federation is your goal, MIMI+MLS seems to be the future. Matrix is moving towards MLS, Google's RCS encryption already uses MLS, and MIMI and MLS are often tied together in spec definitions. I believe the XMPP people are also working on (have finished work on?) embedding MLS in XMPP as an alternative to existing encryption methods.
but i was not talking security
If you detect that a user is abusing your service, the ability to put a permanent cookie on their device is very useful.
This isn't effective against organized crime groups (they can just get Macs / use the web / whatever), but works well against your average troll or internet racist.
Still tracking, but a very different kind of tracking.
On the other hand, I could imagine their business messaging ambitions to be threatened by third-party clients: There's nothing stopping the vendors of these clients from undercutting Meta on business messaging rates.
And this is all assuming that third-party services couldn't provide their own business messaging services to first-party WhatsApp client users without paying Meta their list price. I don't know whether the DMA allows that, or if normal rates would still apply in that case.
The data is otherwise E2E encrypted but when you see a link preview on WhatsApp Meta knows that.
Also a lot of the data you mentioned will also not be available if you don’t use their client, eg: if you use Signal client then Facebook won’t get your location all as that’s not part of regular text message
Lol. Why should they be allowed to associate my phone with my signal handle even then. If i want them to know I'll tell them.
> a new privacy setting to limit who can find you by your phone number on Signal
Double lol. Limit is not disable.
How about an option to "do not give my phone number to anyone, no matter what reason to pass it around you make up this week"?
And the obvious next step: do not get my phone number period. But that has been discussed before.
> do not get my phone number period
I'd also like that, but they apparently use phone numbers as a primary key for account recovery and identification (e.g. on a new device without the old one present), so that's probably very hard to change architecturally.
There are some interesting concepts of "identityless messengers", but this is inherently hard to do on mobile – at least the platform operator will always know which identities are clustered together on a given device if you want efficient push notification delivery over APNs/FCM.
Like... icq... yahoo messenger... old skype... ?
And even some modern mobile chat apps i think.
What I mean is having an ad-hoc identifier per contact/group chat which doesn’t allow your various contacts to correlate that you are the same person.
Because no one else can answer your questions.
At least on my Mac, I also only see connections to the URL domain, nothing to a Facebook subdomain.
I don’t work at Facebook on this specific system that handles link previews so I have no idea of the details.
The fact is that if they send a request containing the link I previewed which is tied to my IP which connects to my Facebook account then they can 100% correlate that information and figure it out.
Are they doing that? Maybe, maybe not. I don’t work there. But they can if they want to so it all comes down to trust. Do you trust Meta?
Yes but you aren’t truly free to choose which app you download. You have to use the one being used by the people you want to message. That is of strong benefit to incumbents.
Singular? You'd just use whichever app a given person is on (everyone here has 3+ chat apps installed). Wouldn't network effects only kick in when group chats are involved?
Or alternatively, forcing all phones and carriers to support RCS as a condition for certification, and funding the development of a quality FOSS RCS client.
Even then, that consecutive 60-day limit sounds bizarre. For instance, someone who has dual citizenship could legitimately switch between an EU and a non-EU country every single month. Why shouldn't that person have access to these "Interoperable Messaging Services" when in the EU?
There are government services that use whatsapp in my country. This argument "just don't use it" is very tired.
Interoperability can be achieved with E2E encryption.
On paper yes. But I wouldn't trust it.
https://www.wired.com/story/whatsapp-interoperability-messag...
> There will also be the option, Brouwer says, for third-party developers to add a proxy between their apps and WhatsApp’s server. This, he says, could give developers more “flexibility” and remove the need for them to use WhatsApp’s client-server protocols, but it also “increases the potential attack vectors.”
--
> There are government services that use whatsapp in my country. This argument "just don't use it" is very tired.
I'm saying I wouldn't trust or use interoperability. If something/someone is on WhatsApp I'd do it through WhatsApp. Doesn't mean I can't use Signal with all those who use that.
Heck, in the US even taxes are global
Edit: For US citizens