Meta today is offering more details about how it plans to make its messaging apps, WhatsApp and Messenger, interoperable with third-party messaging

  • BrikoXOPM
    link
    fedilink
    English
    arrow-up
    3
    ·
    10 months ago

    The actual DMA compliance needs to be between WhatsApp network and Messenger network. The method is up to them to figure out, and they have chosen Signal protocol. To work with the actual Signal network, those users would have to register on Signal and Meta porting all the data to Signal (with Signal agreement), which would essentially be them switching service instead of being interoperable.

    3rd party Signal apps use the same network, so to use it you have to have an account on Signal network. Like I said, it’s a centralized server, so the Signal stores all the data of the users even if they use 3rd party clients. Same way WhatsApp and Messenger stores user data on their end.

    • DahGangalang@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      I suppose the part I seem to be missing: what’s to stop Facebook from setting up a “Signal Server” that then hosts those users on Whatsapp/Messenger?

      From there, what happens if Facebook then attempt to integrate those servers into the existing Signal network?

      I’m really not sure how information is shared between servers on Signal and am curious if there’s not something at a purely technical level to stop that from happening. I’d imagine there’s some keys that need to be passed around for handling en/decryption which I think is what you’re alluding to, but I want to be clear that that’s what you mean.

      • BrikoXOPM
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        The most obvious reason is licensing. signalapp/Signal-Server is licensed under AGPL-3 which requires any forks to share their code so that the upstream project can take advantage of all the derivative work if they choose to do so. Facebook prefers to keep everything in-house since they can more easily to hide analytic scripts, trackers, and other tracking technology they spend millions on.

        Apart from that, there are technical issue that would need to be solved, since the two services uses different structures. That is possible, but it’s not as simple as running a script.

        Facebook does use Signal protocol for their end-to-end encrypted messages which they promised to finally roll out enabled by default soon, but that just makes having full control over the server side tracking more important.

        From there, what happens if Facebook then attempt to integrate those servers into the existing Signal network?

        They can’t. Only Signal can do that as they fully control the centralized Signal server. And there aren’t a lot of benefits from a Signal point of view in allowing it. Facebook business and privacy invasive practices is everything Signal stands against, and they would have to eat the cost for all those users.

        We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy. Source: https://signal.org/blog/signal-is-expensive/

        Messages is just a small part of a messaging platform at bigger scale. While a lot of technical issues can be solved, it doesn’t always make sense to do so.