← Back to context

Comment by digiown

12 hours ago

We probably can't make it free for all, but for something like a messaging app, we also need to recognize that it isn't optional to function in society. It should be regulated more like a utility:

- Facebook can still control the identity, but there needs to be a legal recourse for getting banned, and their policies can't discriminate against viewpoints, for example

- The client specs should be open so that an alternate client can be implemented (sort of like how Telegram is currently)

4 comments

digiown

Reply
tptacek  11 hours ago

Telegram isn't E2EE by default in the first place (and isn't E2EE for group messages at all).

  • digiown  9 hours ago

    I meant the platform openness aspect, that you are allowed to use alternate clients, but the identity is centralized E2EE is largely independent of this choice.

palata  11 hours ago

> but there needs to be a legal recourse for getting banned

Agreed.

> The client specs should be open so that an alternate client can be implemented

An example that comes to mind is Signal, where they don't want that. They get a lot of criticism for it of course, but I think it the reasoning actually makes sense: in terms of security, allowing third-party clients is a security risk. If your threat model is "people who risk their life using it", it makes sense, right?

Under the EU's Digital Markets Act, WhatsApp is considered a gatekeeper (Signal is not) and has to be open to interoperability. It seems like they do audit the implementations in order to make sure that the security is not too bad. Which makes sense again, but has a cost. For Meta, that's fine. For Signal... I don't know.

Also WhatsApp will - if I understand correctly - make it very clear that you are talking to someone on a third-party client (and again they get a lot of criticism for that). But I think it makes sense... If WhatsApp was so open that every second client was pretty much a spyware, that would defeat the purpose of E2EE messaging.

Not that I strongly disagree, but just saying that it seems... complicated.

  • digiown  9 hours ago

    I was intending that the alternate client should exist to function as an escape hatch. I fully expect most people will still use the default one, just like how people used the official reddit/telegram client when third party ones were available. The existence of an alternative constrains how much Facebook can enshittify the experience.

    E2EE is about secure transport between the endpoints. What happens to the message after the endpoint is not something an app can feasibly enforce. Having control of the clients can at most do things like enforcing deletes, which IMO is not a good idea anyway.

    > every second client was pretty much a spyware

    Very few people will actually use one since the official app won't be outwardly too hostile, and those who do should be sufficiently discerning.