Signal had SMS support and dropped it. I imagine any argument for Whatsapp interoperability would face a similar fate.
this post was submitted on 20 Jan 2025
102 points (88.6% liked)
Technology
60704 readers
4670 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
Matrix being federated and interoperable from day 1 was pushing for this and there was a blog post on this:
So, Matrix (federated) and XMPP (federated) would also have "metadata leaks". I imagine there would be metadata exchanged between federated servers and in addition the E2EE of XMPP and Matrix is not so good/modern as Signal's. When Signal-Whatsapp interoperability is mentioned, all people is worried about metadata leaks but it seems that concern dissapears when federation of Matrix or XMPP is mentioned.
Apart from that and one very personal opinion, I always connected Matrix to IRC, I mean, it is used more for the groups functionality than for the person-to-person functionality. And IRC was never considered an Instant Messaging alternative. But this is a very personal feel.
So it looks like the problems are on the WhatsApp side. The EU should force them to get the finger out and come up with a proper solution.
I also am waiting for news on this. I think many users lack of an european view. In Europe Whatsapp is a monopoly for Instant Messaging, look at https://www.statista.com/statistics/1005178/share-population-using-whatsapp-europe/. And you do not break a Monopoly with "remove whatsapp and use only signal". I only have 1 contact in Signal, two years ago I had 5 contacts. If I remove Whatsapp, I lack of IM. Period.
Signal has E2EE encryption, Signal collects very few metadata. If they collect very few metadata, they have very few metadata to expose to Whatsapp. If Whatsapp forces them to provide more metadata, they could argue and even ask for arbitration with the European Comission.
But the lack of interest to ever consider the interoperalibity seems to me they are not interested in the european market. They do not want to grow in Europe to become the best privacy-respectful IM solution (with users).
Hopefully never. Just stop using whatsapp. Be the change.
When facebook bought whatsapp, I walked through the list of chats I had on whatsapp and asked them what other apps they already used. Most people already used something other than a facebook owned thing or were willing to start.
WhatsApp is ubiquitous in Ireland, if only it was as easy to get away from it. Everything from clubs, schools, kids sport is done via group chats on WhatsApp. Absolutely hate Meta as a company, WhatsApp is the only app I use of theirs and only because they bought it from under us. If we could get proper interoperability, we could use a non WhatsApp app, but it's not looking good so far.
Sounds awful, sorry to hear that
WhatsApp and Signal will likely never integrate, unless Signal itself compromises on its actually effective security policies.
Signal's security and privacy model is not compatible with WhatsApp, and if they made it compatible, that would break what makes Signal secure and private.
That would make most people that use Signal quit using it.
If you have friends or family that won't switch to Signal, then they value convenience over privacy and security, regardless of whether or not they are informed enough or intelligent enough to understand this.
IMO, if you value privacy and security, and your friends/family are unwilling to take 5 minutes to install a different phone app to communicate with you, that is how little they value continuing to have a relationship/contact with you, you are not worth that extremely small amount of effort, you are worth less than this extremely minor inconvenience.
Other people may have different stances on this last bit, but that's mine.
I would like to hear more specific details about the loss of privacy that would require the integration with whatsapp for signal users.
- E2EE would be broken?
- which specific metadata of signal users would be exposed (metadata that is not now required by signal)? less metadata of current whatsapp users would be required?
- integration could be a user option?
Because I see a lot of fear but few details that justify it.
https://www.trustedreviews.com/versus/whatsapp-vs-signal-4309419
Neither WhatsApp nor Signal are realistically vulnerable to EE2E being comprimised by a man in the middle style attack, they use the same standard.
But if your threat model only includes being worried about random or organized hackers, then you must not be worried about your own government, or governments it cooperates with.
In a nutshell, when you send a message or photo, metadata is also sent out. Metadata includes information about when the message was delivered, who it was sent to and more. Metadata is not protected by end-to-end encryption, meaning that while the content of your message is safe, a lot of information can still be gleaned from it.
Signal has developed a technology for protecting metadata called Sealed Sender. This allows for metadata to be hidden, giving you an added level of security and privacy. WhatsApp does know the IP address and technical information showing that the request comes from the WhatsApp app.
Law enforcement can fairly easily figure out your real identity if they have your metadata from enough messages.
Almost all modern, advanced surveillance is built around the analysis of metadata to establish patterns and narrow down the pool of suspects or persons of interest down to actual specific individuals.
WhatsApp stores your metadata.
Signal does not.
What exact kinds of metadata are we talking about?
Well we got the bare minimum basics, which are often enough on their own to narrow down to a person:
IP Address.
Send / Recieve Time of Message.
Rough Estimate of Message Length.
Either Rough or Fine GeoLocation Coordinates.
Then we've got everything else that's connected to the 'Meta'verse:
Phone Number
Profile Name (Usually your Real Name)
Anything you've posted on or linked to a Meta Account (Facebook, Instagram)
Or, potentially anything else!
WhatsApp’s privacy policy describes how personal data shared with Facebook “may include other information identified in the Privacy Policy….or obtained upon notice to you or based on your consent”.
Also, WhatsApp sometimes actually stores your actual messages:
WhatsApp does not store messages, but if a message cannot be delivered immediately, it is kept in an encrypted form on the servers for up to 30 days before it is delivered. If it is not delivered, it is then deleted. It does keep track of how often you use the WhatsApp app and your usage habits whilst in the app.
Signal also does not store its messages, and it will not try and link this phone number to an identity, meaning that it won’t have access to your location, email, or other private information.
Because WhatsApp, in some cases, stores your actual messages, that means they can be legally compelled to decrypt them and reveal them to law enforcement.
Signal does not store your actual messages, and thus cannot be legally compelled to provide something they do not possess.
Finally, Signal is a non profit, WhatsApp is a subsidiary of Meta:
WhatsApp is currently owned by Meta, formerly known as Facebook. Due to this integration and WhatsApp’s privacy policy, your information will be shared in order to help Meta better customise its user’s experiences.
Signal is instead owned by the Signal Technology Foundation, which is a registered non-profit that is run on donations from its users. Due to this, Signal does not need to share its user’s information with third-party apps and it’s unlikely that this will change in the future
MegaCorps have every incentive to make as much money as possible, which means selling and making available as much of your data as possible.
A non profit does not have this built in, contradictory incentive.
...
Even without the actual contents of data being revealed, lets throw in some examples of being an American and using WhatsApp where you are potentially fucked:
You live in a state that criminalizes abortion, or gender affirming care, and you plan and execute a plan of getting an abortion/receiving gender affirming care at a clinic, sending messages before, whilst in transit to, at, and returning from the clinic.
You plan, attend, and coordinate a pro palestinian or pro trans rights, or pro health care reform rally, which has some violent act occur, or perhaps even without that.
...
If Signal integrated with Meta, I mean WhatsApp, this would provide at least that bog standard metadata (which, again, is very often enough to profile and identify a person) and potentially actual msg content to WhatsApp from the Signal user, which would comprimise then Signal user's security... which defeats the entire point of using Signal.
For this not to be the case, Meta would have to agree to switch over to Signal's standards, which they will never do.
EDIT:
If Signal did integrate with Meta, and allow the user to msg a WhatsApp user, it would be leaking your IP every single time you do so, so basically it would have to put a warning on every msg you send that way, similar to Firefox warning you that the website you're trying to visit has no HTTPS or expired security credentials.
There's no point.
The classic tech company approach is embrace, extend, extinguish.
Lemmy and other fediverse people/communities recently learned this the hard way, trying to integrate with Meta and then oh whoops, looks like that'll be a one way relationship.
EDIT 2:
Its basically this meme, just replace 'minority social group' with 'privacy conscious users' (which apparently just actually is a minority social group at this point):
So, we had people who loved to send unencrypted SMS messages with Signal. And now we have people who opposes to send encrypted E2EE messages because they could leak supposedly a lot of metadata such as "when the message was delivered, who it was sent to and more" and it would be the end of privacy in Signal.
We should not forget that this only happens if you send messages out of Signal. This would be optional for every user of Signal.
Interoperatibility is the CORE of Internet. Silos are contrary to the idea of Internet. This is an opportunity to interconnect systems, to boost innovation and to give the opportunity to signal and others to gain users, which is now almost impossible with the current monopoly of whatsapp in Europe.
I imagine all the extremist of privacy in Signal with a Proton email account. And I imagine them only sending/receiving emails from other Proton email accounts. Sending to SPAM or to the delete folder every other email because other emails do not achieve the privacy requirements of Proton. In fact, the only real good solution for privacy with Email is to delete the Email account.
If you don't know how big a deal metadata is, you do not understand anything about online data security and privacy.
Sorry, real privacy is silo'd, just like the vast majority of online traffic is, the widely agreed upon base interoperability standards are not private or secure.
SMS is an insecure interoperable standard.
Meta is an insecure silo.
Stop pretending it is an interoperable standard, it isn't, it's just a popular, shitty silo.
Signal is a secure silo.
I'm all for upgrading the universal messaging standards to Signal's, but that'll never happen, because governments (EDIT: and databroker MegaCorps) don't actually like real privacy.
If you wanna stay in a mainstream, dream for corporate data brokers and government surveillance silo, go ahead, nobody is stopping you.
If you wanna join the 'we actually have privacy' silo, well, it does things differently, and it's on you to acclimate to those differences instead of destroying them and demanding assimilation and thus destruction of the very privacy that makes it distinct.
Please see my above post, I edited and expanded it with an illustrative comic as you were making your reply.
EDIT 2: Also Proton is cozying up to Trump, publically, guess you missed the memo on that.
It is easy, even if interoperability is enabled, do not send messages out of Signal. It would be your option. But other people with non military-grade privacy requirements could benefit of improved privacy when it sends messages to whatsapp users from signal app because signal app is foss and signal would enforce better security and privacy than whatsapp app. Signal would gain traction and it could reach more people willing to abandon Meta and corps.
load more comments
(2 replies)
I'd rather my Signal not be federated sigh Facebook at all. I'd be fine downloading a secondary Signal-owned app just for Whatsapp contacts (that way I don't have WhatsApp on my phone), but I do not want my standard Signal traffic routed through Facebook's data-guzzling, privacy-eroding servers.
Why would your signal to signal data be even sent to WhatsApp? Only the signal to WhatsApp and WhatsApp to signal data would go through meta servers... If that's not how it's being designed, it's a failed feature ofc.
load more comments
(1 replies)
Federating would mean handing off chat metadata to Meta and other for-profit companies in the future.
I don't see how anyone excited to use Signal would like that. It very much defeats the purpose of using Signal.
This is not federation, this is signal being able to send message to a WhatsApp server and WhatsApp being able to interpret it to send it to a WhatsApp user. WhatsApp wouldn't know more than what it already knows when you inevitably need to use the app to reply to your grandma or whatever.
A big plus however is that you can convince friends and family to switch since they would be able to keep chatting with their family and friends, so the entry barrier lowers by a ton.
This is not federation and it is great.
Okay, hear me out, but I think it's actually beneficial.
Your content itself is encrypted, e2e so u don't need to worry about that.
The signal protocol has recently introduced sealed sender. sealed sender is completely useless if all communications are going through a centralised server, such as the signal server (You can deanonimise senders easily). If the traffic travels across multiple servers with sealed sender, then it is theoretically impossible to reveal who the sender is unless you have communications with that other server give u info on who the sender was. So if you trust signal not to be collecting your metadata, then you must also trust them, not to be giving your metadata to metadata.
load more comments
(8 replies)
Last I heard Signal wasn't interested in federating with WhatsApp so that initiative basically died before it was born.
It would go against their principles and the mission of the non-profit that runs Signal. They don't store any message data on their servers (unlike WhatsApp), and WhatsApp mines as much data as they can from its users.
How much and to what extent, I can't say, but allowing Signal to federate would essentially let Meta start mining and storing Signal user data. Fuck that noise.
load more comments
(1 replies)
load more comments
(1 replies)
I'm looking forward to the day when I confederate my own fucking messaging server. But I doubt that'll ever come.
I think a lot of the fediverse should introduce Matrix as part of their deployment for private messages directly.
load more comments
(3 replies)
If I understand this document correctly, it would mean that the entire connection somehow gets routed through Meta's servers. I can fully understand the reluctance of other parties, including Signal, to do that, and I wonder how this is actually compliant with the DMA.
You don't understand. This is not for you, the signal user, to speak with WhatsApp users. This is for you to convince them to swap to signal and keep talking to other WhatsApp users. The more people change, the less information will go through meta. Lowering the barrier to swap apps is great.
To send messages, the third-party providers have to construct message protobuf structures which are then encrypted using the Signal Protocol and then packaged into message stanzas in eXtensible Markup Language (XML).
Meta servers push messages to connected clients over a persistent connection. Third-party servers are responsible for hosting any media files their client applications send to Meta clients (such as image or video files). After receiving a media message, Meta clients will subsequently download the encrypted media from the third-party messaging servers using a Meta proxy service.
This is only for messages sent to WhatsApp, right now you are force to use their app to chat with WhatsApp users, which is worse than the proposal.
load more comments
(1 replies)
Just delete it now. Tell your friends that you're moving because of all the tech oligarchs that just got handed the keys to the government and the economy. Tell your friends that Signal is run by a 501(c)3 nonprofit and actually cares about privacy.
I left Meta products in 2010, and it was one of the best decisions I ever made. You deserve not to "be the product" anymore.
Unfortunately this doesn't actually work. Even if people do try Signal, they see they only have one or two contacts, and they go back to WhatsApp.
load more comments
(4 replies)
This is pretty close to how I did it.
The "one or the other" thing is a fallacy. You have just one, but they're clearly happy installing stuff like WA - so tell them to install another app. It's not like they have to switch.
If they subsequently come to realise the value of Signal in time, all the better.
load more comments
(3 replies)
Signal declined, despite the EU bending over backwards and handing them the chance on a silver platter to become relevant.
IMO it's a mistake, like getting rid of SMS support was (which is far less secure than WhatsApp yet Reddit/Lemmy seem to be angry about that but glad about lack of WhatsApp interoperability?? I guess it's because Americans don't really use WhatsApp so it's not a big deal to them, whereas SMS is).
It would have been an amazing opportunity to help those that want to use Signal actually use it.
Yes, I'm aware Meta scrapes what metadata they can from messages, but if you make this clear in Signal when you talk to a WhatsApp user then I don't see the issue, after all it's what they did for SMS chats yet everybody loved that feature!
People trying Signal because it's compatible with WhatsApp that everybody uses would lead to more Signal-to-Signal chats, and that's a good thing.
The Signal foundation seems to care more about being ideologically pure for its 10 users than they do about making a small compromise that leads to far more users and far more Signal-to-Signal chats. It seriously disappointed me, and I stopped my £10 monthly donation hearing that bad news. I was so invested in Signal because I thought it was a great app, but there's no point of financially supporting the growth of an organisation that vehemently rejects growth, I was throwing my money away.
I went from having 10 contacts on Signal down to just one after the SMS purge. I want to use this app but it's pointless. Nobody wants to use an app that nobody uses, and Signal doesn't seem to want any users either.
Frankly, I don't buy their excuse. If they were truly that ideologically pure about absolute privacy, they'd never have added SMS support in the first place! And they wouldn't have tied accounts to phone numbers either!
I think the reason they ditched SMS was down to development costs. Maintaining that functionality, as well as building RCS support, is far more expensive than simply cutting the feature out and trying to salvage some "it's about privacy!" PR. I think the same is true for WhatsApp integration.
E: I knew this would start getting heavily downvoted once the Americans started logging on. Please try to understand that WhatsApp is big in much of the world. Everybody uses it. My bank wouldn't let me take out a mortgage without WhatsApp. That's how ingrained it is. Being able to use Signal and still receive messages from people would go a long way in getting people to install the app.
People trying Signal because it's compatible with WhatsApp that everybody uses would lead to more Signal-to-Signal chats, and that's a good thing.
75% of my signal contacts would delete signal and just use whatsapp if interOp happened... I've already slowly lost 1 or 2 contacts a year because i'm the only one they know on signal and they either gave up or forgot to reinstall when they got a new phone
The 75% of your contacts you describe sound like they installed Signal only to talk to you or at most a handful of people, while most of their social circle is on WhatsApp. These people are trapped on WhatsApp exactly because there is no interoperability.
load more comments
(4 replies)
load more comments
(16 replies)
view more: next ›