Comment by palata
14 hours ago
> but there needs to be a legal recourse for getting banned
Agreed.
> The client specs should be open so that an alternate client can be implemented
An example that comes to mind is Signal, where they don't want that. They get a lot of criticism for it of course, but I think it the reasoning actually makes sense: in terms of security, allowing third-party clients is a security risk. If your threat model is "people who risk their life using it", it makes sense, right?
Under the EU's Digital Markets Act, WhatsApp is considered a gatekeeper (Signal is not) and has to be open to interoperability. It seems like they do audit the implementations in order to make sure that the security is not too bad. Which makes sense again, but has a cost. For Meta, that's fine. For Signal... I don't know.
Also WhatsApp will - if I understand correctly - make it very clear that you are talking to someone on a third-party client (and again they get a lot of criticism for that). But I think it makes sense... If WhatsApp was so open that every second client was pretty much a spyware, that would defeat the purpose of E2EE messaging.
Not that I strongly disagree, but just saying that it seems... complicated.
I was intending that the alternate client should exist to function as an escape hatch. I fully expect most people will still use the default one, just like how people used the official reddit/telegram client when third party ones were available. The existence of an alternative constrains how much Facebook can enshittify the experience.
E2EE is about secure transport between the endpoints. What happens to the message after the endpoint is not something an app can feasibly enforce. Having control of the clients can at most do things like enforcing deletes, which IMO is not a good idea anyway.
> every second client was pretty much a spyware
Very few people will actually use one since the official app won't be outwardly too hostile, and those who do should be sufficiently discerning.
I don't think that it can work like that. If you make it fully open, you don't know what can happen. It cannot improve the security, it can only worsen it.
Suddenly you go from people using WhatsApp to people using random apps that you have no idea about, I think it's a step backward.
The "escape hatch", IMO, is an alternative messenger (like Signal). If Meta makes WhatsApp really bad, people can just switch to Signal. It's infinitely easier than moving away from AWS or the Microsoft Suite. The lock-in effect is really just that people can't be arsed to install it.
I think that the mere existence of Signal already forces Meta to keep WhatsApp relatively good. And to be fair, around me people like WhatsApp better because it has features they want and that Signal doesn't have.