Why I think that the new EU regulations about messaging apps interopatibility isn't going to work and maybe a solution for thar

[kumicota]

I was watching the second last WAN show recently and saw Linus talking about how good would be if messaging apps had interopatibily and I find that is something almost impossible to do with most messaging apps.

First of all I probably should clarify what I meant by interopatibily, which is the wikipedia and dictionary definition of it: "Interoperability is a characteristic of a product or system to work with other products or systems.".

There's two main reasons that I think that is something impossible to do. First of all is that the way that messaging applications works at server level where they work differently from each other, for example telegram uses MTProto while WhatsApp uses a modified version of XMPP, this alone makes impossible to WhatsApp and Telegram to talk between each other without major rewrites to the core software and the clients if they don't create a common protocol between then.

The second main reason is the lack of federation "A federation is a group of computing or network providers agreeing upon standards of operation in a collective fashion.", which basically is a protocol to make the interopatibily of two distinct softwares, so a way to make telegram and whatsapp to talk without they needing to use the same core protocols and servers(basically invalidating the first point), e-mail is nowadays the most famous federated protocol out there as you can send an e-mail between different servers and domains

The main problem with federation is that the federation itself isn't a protocol itself but a term, so if the EU regulation doesn't specify a commom federated protocol for them to work together, that wouldn't solve anything as Apple, Telegram, Facebook, Google and etc. can each own to create their own "federated" protocols making them able to cripple and limit third-party software access to it. This would force that each messaging app to implement their own integration with other service.

So, here's would be my (maybe not so good) solution to solve this:

The first one would be to EU to create a federation messaging standard and force the companies to implement some basic levels of it.

The second one(that I like the most) is to incentivize people to use open/public federated standards, instead of private ones.

 

Quote

"I'm more familiar with XMPP and Matrix, so while there's way more softwares(IRC for example) I'm not too familiar with their inner workings, so I will focus on XMPP and Matrix." - me

I searched here(LTT forums) before I wrote this to search peoples opnions here about both protocols, while I didn't found a lot I know that most of the complains about them are the lack of features(stickers for example) and the lack of commom people/community(userbase) there.

Unfortunately those are real and valid reasons of why someone doesn't want to join it but they can be tackled.

While the userbase fix is probably the hardest one to fix but a way to do it is for people that belongs or commands larger communities(youtubers, forum chats, software developers, ...) to began to use it too. I'm not saying for they to drop discord(or any other plataform) all together but to use XMPP/Matrix for the community too.

Because those are federated software(where if you are a user from the 404.city server, you can talk and join communities on conversations.imand vice-versa), communities(like LTT) maybe could incentivize the use by giving usernames for supporters.

The lack features is one of the interesting ones in those plataforms, unlike proprietary plataforms, people who have the knowledge and time can add features into theme, because they're open-source and a open-standard, the biggest example in XMPP is omemo end-to-end cryptography on it, that was created as an idea in Google Summer of Code and it ended up being part of the XMPP protocol a year later.

So custom-emojis and more can be done if someone who have the knowledge, time and will to implement it.

 

The lack of community and money is also a big problem with those softwares, an example is Matrix that it for some time had a third-party company funding the project, than they dropped the funding, during the funding phase the project evolved a lot in conparison to now, so increasing the community can lead to more money and making those plataforms better.

 

Sorry for the long post...

[Roswell]

10 hours ago, kumicota said:

The first one would be to EU to create a federation messaging standard and force the companies to implement some basic levels of it.

That would be some 1984 level of awful. Government should never have the ability to dictate how people communicate with each other.

[Mark Kaine]

15 hours ago, kumicota said:

The second one(that I like the most) is to incentivize people to use open/public federated standards, instead of private ones.

 

which is precisely what this law demands, or otherwise

 

Quote

According to the DMA, if a gatekeeper violates the rules laid down in the legislation, it risks a fine of up to 10% of its total global turnover. For a repeat offense, a fine of up to 20% of its global turnover may be imposed.

If a gatekeeper systematically fails to comply with the DMA (or violates the rules at least three times in eight years), the European Commission can open a market investigation and impose "behavioral or structural remedies."

 

You're making this out to be much more complicated than it really is, there are already standardised protocols, which these services use , its probably really as easy as literally "flipping the switch" in most cases…

 

 

[danomicar]

10 minutes ago, Mark Kaine said:

 

You're making this out to be much more complicated than it really is, there are already standardised protocols, which these services use , its probably really as easy as literally "flipping the switch" in most cases…

 

While I definitely agree with you, this doesn't mean we should just "roll out the red carpet" so that it's easier for anyone/anything to... supervise... private conversations. 

[Mark Kaine]

2 hours ago, danomicar said:

this doesn't mean we should just "roll out the red carpet" so that it's easier for anyone/anything to... supervise... private conversations. 

Of course not. While i didnt read anything about security standards, i suppose this law would indeed require some sort of security standards being implemented - which i agree might be difficult, but then I dont really know how "secure" todays security / message protocols really are… i guess to be really secure you'd need strong encryption, and again I dont know how widespread thats used already? 

 

Also another thing i didnt see mentioned, while it says services of a certain size need to open up for smaller ones, it doesnt say anything about whats supposed to happen between the big ones? Id really hope it would work for example  between  say discord and imessage… 

 

In so far I agree this law needs to be a bit better thought out yet , but it definitely goes in the right direction.

 

Overall the bigger impact however will come from allowing 3rd party stores, regulation of preinstalled apps and sideloading, i think…

[Imbadatnames]

The entire thing is so the EU can spy on everyone because they don’t invest enough to have good surveillance as is. On top of that is people want to message each other without using a proprietary app or service then there’s always SMS. Notice they’re only going after the encrypted messengers not the open ones 

[LAwLz]

1 hour ago, Imbadatnames said:

The entire thing is so the EU can spy on everyone because they don’t invest enough to have good surveillance as is. On top of that is people want to message each other without using a proprietary app or service then there’s always SMS. Notice they’re only going after the encrypted messengers not the open ones 

I think you should loosen your tinfoil hat a bit. It seems like it's cutting off the blood supply to your brain.

There is nothing that seems to indicate that the EU is doing this in order to spy on its citizens. 

 

Also, the bill goes after all "big" messaging platforms, not just encrypted ones. It just so happens that most if not all of the big ones are encrypted to some degree. Although big ones like Facebook Messanger does not offer encryption that provides privacy. The EU have basically full access to those messages already. No need for a new law.

By the way, the very privacy-focused messaging apps like Signal are not affected by this bill. That should give you a pretty clear indication that the EU's goal is not to try and gain access to encrypted messages. It is just them saying "hey, this is an issue and we think tech companies should solve it".

 

 

Some experts are worried because secure interoperabilitet is very hard to design. When you send an iMessage from one iPhone user to another, you are guaranteed E2EE and good privacy. The same goes for WhatsApp to WhatsApp. Experts are worried that if Apple are forced to make it so that iMessage works with let's say WhatsApp, the link between the iMessage ecosystem to the WhatsApp ecosystem might be weak. The argument is that "it doesn't work at all" is better than "it works but it might not be secure".

 

I think the fear is overblown. I would argue that interoperability is important, even if it means the security MIGHT (this is purely a hypothetical risk at this stage) be reduced when doing cross-app messaging. It won't weaken the security we already have today, for example WhatsApp to WhatsApp will still be just as secure as today.

But if the only issue is "users might have a false sense of security" then the simple solution is to just warn users. Both iMessage and WhatsApp already does this when you use it with SMS, which is not secure.

 

Are you an iMessage user chatting with another iMessage user? Make the bubbles blue.

Are you an iMessage user chatting with an SMS-user, or WhatsApp user? Then make the bubbles green.

Same on the WhatsApp end. Maybe even put a red ring around the contact profile or whatever, to be extra explicit that this is a different type of chat with a different security level.

 

 

 

Edit:

Also, before listening to experts it is important to judge who they are and what agendas they have.

So far, the two most prominent figures arguing against the DMA are both working at Facebook/Meta.

One of the most well known people who replied to their concerns is Matthew Hodgson who cofounded Matrix.

 

 

There are challenges to implementing what the EU proposes, but it is doable and would greatly benefit the world.

I am willing to trust the words of the Matrix co-founded more than I trust Meta when it comes to the challenges, benefits and drawbacks of interoperability with messaging platforms.

[Imbadatnames]

55 minutes ago, LAwLz said:

I think you should loosen your tinfoil hat a bit. It seems like it's cutting off the blood supply to your brain.

There is nothing that seems to indicate that the EU is doing this in order to spy on its citizens. 

 

Also, the bill goes after all "big" messaging platforms, not just encrypted ones. It just so happens that most if not all of the big ones are encrypted to some degree. Although big ones like Facebook Messanger does not offer encryption that provides privacy. The EU have basically full access to those messages already. No need for a new law.

By the way, the very privacy-focused messaging apps like Signal are not affected by this bill. That should give you a pretty clear indication that the EU's goal is not to try and gain access to encrypted messages. It is just them saying "hey, this is an issue and we think tech companies should solve it".

 

 

Some experts are worried because secure interoperabilitet is very hard to design. When you send an iMessage from one iPhone user to another, you are guaranteed E2EE and good privacy. The same goes for WhatsApp to WhatsApp. Experts are worried that if Apple are forced to make it so that iMessage works with let's say WhatsApp, the link between the iMessage ecosystem to the WhatsApp ecosystem might be weak. The argument is that "it doesn't work at all" is better than "it works but it might not be secure".

 

I think the fear is overblown. I would argue that interoperability is important, even if it means the security MIGHT (this is purely a hypothetical risk at this stage) be reduced when doing cross-app messaging. It won't weaken the security we already have today, for example WhatsApp to WhatsApp will still be just as secure as today.

But if the only issue is "users might have a false sense of security" then the simple solution is to just warn users. Both iMessage and WhatsApp already does this when you use it with SMS, which is not secure.

 

Are you an iMessage user chatting with another iMessage user? Make the bubbles blue.

Are you an iMessage user chatting with an SMS-user, or WhatsApp user? Then make the bubbles green.

Same on the WhatsApp end. Maybe even put a red ring around the contact profile or whatever, to be extra explicit that this is a different type of chat with a different security level.

 

 

 

Edit:

Also, before listening to experts it is important to judge who they are and what agendas they have.

So far, the two most prominent figures arguing against the DMA are both working at Facebook/Meta.

One of the most well known people who replied to their concerns is Matthew Hodgson who cofounded Matrix.

 

 

There are challenges to implementing what the EU proposes, but it is doable and would greatly benefit the world.

I am willing to trust the words of the Matrix co-founded more than I trust Meta when it comes to the challenges, benefits and drawbacks of interoperability with messaging platforms.

So the EU wanted to make everyone use their own standard which they can unencrypt isn’t for spying? 
 

How exactly would it benefit the world? 

[LAwLz]

1 hour ago, Imbadatnames said:

So the EU wanted to make everyone use their own standard which they can unencrypt isn’t for spying? 
 

How exactly would it benefit the world? 

I think you need to read up a bit on what is being proposed. 

 

The EU does not have their own standard that they are telling everyone to use. They have essentially just said "message platforms of a certain size need to cooperate to make them work together. They are not allowed to be walled gardens.". 

No technical implementation or standard have been proposed. That's up to the companies to figure out. 

[kumicota]

4 hours ago, LAwLz said:

The EU does not have their own standard that they are telling everyone to use. They have essentially just said "message platforms of a certain size need to cooperate to make them work together. They are not allowed to be walled gardens.".

That's what I fear the most, they will creep their implementation and because their encryption works differently between every plataform so they won't work

[LAwLz]

35 minutes ago, kumicota said:

That's what I fear the most, they will creep their implementation and because their encryption works differently between every plataform so they won't work

But is that really a big deal? Of course it's better if encryption would still be end-to-end, but we are already kind of in this situation today. Wanna send a message from an Android phone to an iPhone? It will be unencrypted, and it will possibly still be unencrypted even after this legislation goes into effect.

Want to send a message between two iPhones? It will be encrypted. It's encrypted today, and it will still be encrypted after this legislation goes into effect.

 

 

The core of what the DMA proposes is this:

1) "Gatekeepers" (defined as a company with an annual turnover of 7.5 billion euros or more) must provide open and documented APIs to their services. For example, Apple would have to post documentation for how iMessage works, which means other can implement it in their apps.

2) The APIs must provide the same capabilities as the original apps. For example iMessage provides end-to-end encryption. That means that the APIs must also offer functionality for implementing end-to-end encryption. Apple are not allowed to limit what third party developers can do in order to artificially make the official iMessage app the best one.

3) This will only apply to 1:1 messaging and file transfers in the short term, but it will later extend to things like group chats and VoIP.

 

 

To quote Matthew Hodgson:

Quote

Since the DMA announcement on Thursday, there’s been quite a lot of yelling from some very experienced voices that mandating interoperability via open APIs is going to irrevocably undermine end-to-end encrypted messengers like WhatsApp. This seems to mainly be born out of a concern that the DMA is somehow trying to subvert end-to-end encryption, despite the fact that the DMA explicitly mandates that the APIs must expose the same level of security, including end-to-end encryption, that local users are using. (N.B. Signal doesn’t qualify as a gatekeeper, so none of this is relevant to Signal).

 

[Mark Kaine]

2 hours ago, kumicota said:

That's what I fear the most, they will creep their implementation and because their encryption works differently between every plataform so they won't work

Two things, first as i already said this amounts to Sony answer for crossplay saying its "impossible/very difficult" when its in most case really just flipping a switch, aka nonsense.

 

And second, your "solution" (federal encryption- what?) is the same thing you fear the most?

 

 

Yes, im sure thats how apple specifically, and maybe others will try to bad faith argue their way out of this to keep their oh so lucrative gatekeeper role. I can just hope the lawmakers dont fall for it and instead impose the appropriate fines to the fullest. 

[kumicota]

16 hours ago, LAwLz said:

But is that really a big deal?

well, actually no, for myself(as someone who cares about privacy) it is but 99% of other people it won't matter.

 

16 hours ago, LAwLz said:

The APIs must provide the same capabilities as the original apps. For example iMessage provides end-to-end encryption. That means that the APIs must also offer functionality for implementing end-to-end encryption. Apple are not allowed to limit what third party developers can do in order to artificially make the official iMessage app the best one.

While I think they artifically will make(as the face emoji thing can't be easily ported for example and apple probably won't give out documentation for it) I didn't knew about the security part, so it's a better legislation that I thought.

 

15 hours ago, Mark Kaine said:

its "impossible/very difficult" when its in most case really just flipping a switch

That's a different case, the sony case is you making that you can play the same game between console-PC manufactures so making that someone who's playing BF on a PC to be able to play together with someone on a PS5, this is a simpler case where most most of the time is a flipping a switch case.

 

The messaging app case is not that but making that you can message someone on iMessage from Telegram for example a (bad) game analogy would be someone playing COD with someone playing BF, which is doable but not simple.

15 hours ago, Mark Kaine said:

your "solution" (federal encryption- what?) is the same thing you fear the most?

Federation(https://en.wikipedia.org/wiki/Federation_(information_technology) ) is not related to federal and not encryption but it was more the lack of encryption

[FliP0x]

To me, messaging app interoperability is a 'nice to have', but a 'you' problem if you depend on it. That's just my point of view.

 

I've lived just fine with 5 different messaging apps for the past decade.

 

Furthermore, I would not want to have, for example, my Discord contacts spamming my text messaging app and vise versa. Each messaging app has a different kind of contacts and you can enable/disable each as you please.