Two questions.
My family insist on using Whatsapp for the family chats. I have to keep a copy on a device just so I can communicate with them. I do so under protest, as I was always told it isn’t secure. My brother has just said
“oh Whatsapp is encrypted, it’s perfectly secure”.
First, is it actually as encrypted and safe as my brother claims? That would solve everything.
Second, if it isn’t, where can I get some proof that we should switch to Telegram or whatever? Proof which doesn’t make me look like a raving loony?
I case they’re set on WhatsApp:
You could use something like:
https://github.com/mautrix/whatsapp
and bridge WA to a secure Matrix server of your choice. That way you can have a secure environment and they can use whatever they like.
Here is an overview table about messengers, in case you want to compare them and have more arguments in the discussion:
https://www.messenger-matrix.de/messenger-matrix-en.html
I wouldn’t consider WA secure. They do tracking, they have your phone numbers and those of all of your friends and know exactly who you talk to, when, and how often. Even if they don’t know the content of the message because it’s encrypted, that’s a lot of information for the algorithm to feed on. Apart from that, I’m not sure if they have access to the encryption keys. They might be able to decrypt everything if they want.
I’m sure someone wrote a lengthy blog article about WA. But unless someone does a proper security audit including where the encryption keys are stored and the implications of that and how extra features like breaking encryption in case someone flags an inappropriate post turns out… The ‘it’s safe’ is just a claim by your brother or Meta. You’re free to believe in anything you want. But it’s not necessarily true.
With the new European regulations Whatapp will soon be forced to offer some compatibility towards 3rd party apps, so there are chances that perhaps bridging in this way will become easier in the near future, or at least have some level of official support. But we won’t know for certain how will it work until it happens. All we know is that Whatsapp is currently working on a way for 3rd parties to connect with them.
Personally, I’d hold for a bit to see where does that go and then decide what method to use.
I don’t want to sound overly negative here. But that idea is more a hypothetical proposal “we should do something about it” at this point. There is a working group mimi. But not even a draft or technical proposal, yet. And interoperability is hard, and they also want to come up with a solution that makes it secure, the messages confidential and maybe grant anonymous access. These problems aren’t solved at all as of today. On top you have to deal with spam, malicious servers, users, lawful interception and all kinds of things in a distributed platform. Then they need to come up with a text for the regulation. Write it, discuss and do several revisions, debate it. And there will be lobbyism against it and court cases because it cuts into the business model of large companies. Then it has to be adopted into national legislation and it will get a grace period.
So if you want to wait 'til 2029 (or so) to reply to your mom, go ahead and wait for the EU. I don’t have a crystal ball to be sure, but I highly doubt that this will happen in the next few years.
And on top, there is no guarantee that it turns out good or usable in the first place. There is a lot of lobbyism happening in the EU. Especially by big tech. They’ll find a way to make it a thing that just connects Apple, Meta and Google and exclude independant or secure services.
Yes, I agree that it feels unrealistic that there will be something stable and good by the time the law actually takes effect. But the regulation (the Digital Markets Act) has been already approved since 2022 and we already have a deadline for Whatsapp set by the EU: March 2024 (6 months from 6th September 2023, which is when the Commission designated Meta as “Gatekeeper” and Whatsapp as a “Core Platform Service”).
So, while I’m very skeptical that the result will be satisfactory, I’m very curious to see what will Whatsapp come up with when the deadline hits, because, allegedly, they are already working on it.
Thx for the additional links!
I’m curious what Meta is going to unveil. Usually big tech companies get ahead of legislation, in order to set a standard they like, or to prevent possible more strict regulation from happening. We see the same thing with AI and practically everything the big tech companies lobby for. I’m a bit wary.
Whatsapp is under the hood still a lightly modified XMPP system, and given Zucks recent comments about federated protocols (albright in a Threads i.e. ActivityPub context), they might just get their XMPP federation working again.