November 15, 2024
Whatsapp

Europe’s Digital Markets Act requires interoperability between popular messaging apps. But experts warn encryption could be compromised.

The newest law designed to rein in Big Tech aims to make all your favorite messaging apps work seamlessly together. Sounds great, right? Well, we have some bad news.

Every day, billions of messages are sent using end-to-end encryption. Millions of people use iMessage, WhatsApp, and Signal to chat with friends, family, and colleagues, and those conversations are all automatically protected by strong encryption. But it’s not possible to send a message from one encrypted app to another. If you use Signal and your friends only use WhatsApp, someone has to compromise.

Under the European Union’s wide-ranging Digital Markets Act (DMA), which European lawmakers approved last week and is expected to be implemented this year, the owners of messaging apps will be required to make them interoperable if another company requests that they do so. As a result, the largest messaging platforms—including WhatsApp, Facebook Messenger, and iMessage, which the DMA designates as gatekeepers—will have to open up to rivals.

“Users of small or big platforms would then be able to exchange messages, send files, or make video calls across messaging apps, thus giving them more choice,” the lawmakers said in an announcement. Under the plans, Signal could ask to work with Messenger, for instance. Or Meta could request that WhatsApp be made compatible with iMessage—a logistical challenge even if Meta and Apple weren’t actively feuding, but one EU lawmakers say is worth solving.

Proponents of interoperability say the law will give consumers more choice and will allow third-party clients to build out extra functions. And while MEP Andreas Schwab, the lead negotiator for the DMA, says that the politicians are not looking to weaken encryption, cryptography experts are concerned the proposals will not be technically possible without compromising end-to-end encryption, potentially putting those billions of messages we send each other every day at risk.

While end-to-end encryption has become seamless for people using messaging apps, no two apps implement encryption identically. WhatsApp uses a custom version of the Signal encryption protocol, for example, but users still can’t message each other across the apps. And while Apple’s iMessage is interoperable with SMS, these standard text messages aren’t encrypted.

Many cryptographers and security experts have already pointed out flaws in Europe’s plan. “Interoperable E2EE [end-to-end encryption] is somewhere between extraordinarily difficult and impossible,” Steve Bellovin, one of the world’s leading cryptographers and a former chief technologist at the Federal Trade Commission, tweeted on Friday.

“When you start talking about different companies exchanging encrypted communications with one another, there are many serious considerations here that are extremely difficult to resolve,” says Nadim Kobeissi, an applied cryptographer and founder of decentralized publishing platform Capsule Social. “It is very likely that there will be a serious degradation of the cryptographic techniques that will be necessary in order to accommodate this proposal,” Kobeissi says.

The proposals put forward as part of the DMA—which has yet to be fully published—don’t include technical details on how interoperability would work, but officials say the changes should be rolled out over a number of years. Basic features such as messages between two people should be implemented three months after a tech company is asked to provide them; audio and video calls have a four-year deadline.

“Making end-to-end encrypted messaging apps interoperable is technically challenging and creates real risks for privacy, safety, and innovation,” Will Cathcart, Meta’s head of WhatsApp, said in a statement. “Changes of this complexity risk turning a competitive and innovative industry into SMS or email, which is not secure and full of spam,” he says. In an interview with tech journalist Casey Newton, Cathcart said the move could cause misinformation problems and moderation issues for WhatsApp. “I have a lot of concerns around whether this will break or severely undermine privacy, whether it’ll break a lot of the safety work we’ve done that we’re particularly proud of, and whether it’ll actually lead to more innovation and competitiveness,” he said.

Apple did not respond to a request for comment about encryption but said it has general concerns that parts of the DMA will create “unnecessary privacy and security vulnerabilities.” Signal did not respond to a request for comment.

Not everyone is against interoperability and end-to-end encryption. Matrix, a nonprofit that’s building an open source standard for encryption, has published multiple blog posts outlining how it believes the EU’s proposals could work. “The main challenge is the trade-off between interoperability and privacy for gatekeepers who provide end-to-end encryption,” the team behind Matrix say.

There are broadly two routes that could allow encryption to work across apps operated by different companies. The first involves tech companies allowing access to APIs that connect to their messaging services—this is the option Schwab and lawmakers are leaning toward. The second involves more radical change: All companies would have to adopt and implement one universal encryption standard.

Neither is easy.

Connecting to an open API could involve a company using a “bridge” that joins the two platforms together. Signal would, for instance, have to implement multiple bridges if it wanted to work with different apps. “Every device has to speak every language, but at least users have the building blocks to get at each other’s messages, rather than then being arbitrarily locked away by the gatekeepers,” Ian Brown, a visiting professor at Fundação Getulio Vargas Law School in Rio de Janeiro, wrote for Interoperability News.

Using a bridge would involve decrypting messages, potentially on someone’s device, and then making them appear in the destination app. Removing the end-to-end encryption would open up a new layer that could be attacked by hackers or malicious actors. “How do you guarantee that the things sitting next to your messaging app are benevolent and not malicious,” says Robin Wilton, director of internet trust at the Internet Society. Kobeissi adds that it’s unclear under the proposals who would manage the exchange of public encryption keys and how cryptographic metadata would be shared between companies. If Signal and iMessage become interoperable, which one changes its encryption to match the other?

One of the biggest unanswered questions is how interoperability would ensure you are chatting with the people you think you are. People use different usernames on each platform, and not knowing who someone is could lead to identity issues, explains Alan Duric, cofounder of encrypted messaging app Wire. “If you’re communicating across Wire and WhatsApp, how can the Wire user be certain that the person they are talking to on WhatsApp is authentic?” he says. “How can they be sure the person they’re talking to is even using WhatsApp at all?” Duric says this can be combated by verifying each user’s identity, which can then help reduce abuse and spam.

Those in favor of interoperability say the best way to do this would be for all companies to adopt one encryption standard and stick to it. These standards already exist—for instance, the Matrix messaging protocol, the XMPP standard, and the upcoming Messaging Layer Security. “If every player in the field—so the gatekeepers but also the smaller player—all connect to the same standard, it ends up being a big glue between the different services,” says Amandine Le Pape, a cofounder of the Matrix standard. This would avoid companies implementing APIs via a piecemeal process, although this isn’t what the European Union has opted for at the moment. “The DMA is just the first step,” Le Pape says.

Getting all messaging apps to use one standard would be a significant, time-consuming challenge. “Potentially, you could just have a situation where everyone switches to Matrix,” Kobeissi says. “But Matrix is a fundamentally different security architecture, not just from an end-to-end encryption perspective, but also from a threat modeling perspective.” Each app faces different potential attacks against it—based on its user base and operations—so moving to one model would require companies to reassess how their users could be compromised.

Companies would have to rebuild their entire encryption systems and change multiple features in their apps, a process that could take years. Take Meta: In 2019, the company said it was going to make Instagram DMs and Messenger end-to-end encrypted by default and integrate their infrastructure with WhatsApp. Three years later, the company is still trying to untangle its systems and add safety features. The transition has been harder than expected—and Meta controls all of the technology involved.

Ultimately, how much companies change may come down to the technical realities and the degree of pressure the European Commission, which will enforce the DMA, puts on them. Like GDPR, the DMA could lead to multimillion-dollar fines for businesses that don’t comply. However, GDPR has been poorly enforced—including a provision that says people should be able to transport their data from one app to another. Tech companies may have no choice if the European Commission enforces the DMA—but that could be the least of their worries.

Wired.co.uk

683 thoughts on “Forcing WhatsApp and iMessage to work together is doomed to fail

  57. Cautions. Everything information about medication.
    ed pills
    Prescription Drug Information, Interactions & Side. Comprehensive side effect and adverse reaction information.

    Reply

  89. Definitive journal of drugs and therapeutics. Some are medicines that help people when doctors prescribe.
    cost of tadalafil
    Best and news about drug. Prescription Drug Information, Interactions & Side.

    Reply

  138. mexican border pharmacies shipping to usa [url=http://mexicopharm.pro/#]mexican mail order pharmacies[/url] mexican mail order pharmacies

    Reply

  140. medication from mexico pharmacy [url=http://mexicopharm.pro/#]mexican border pharmacies shipping to usa[/url] mexico pharmacies prescription drugs

    Reply

  164. When deciding to take advantage of a no deposit bonus, it is important to be aware of any time limits associated with the bonus funds or winnings. Often times, these bonuses come with restrictions that require players to use the bonus funds within a certain period of time, or else any remaining money will be forfeited. It is important to understand these limitations prior to taking advantage of a no deposit bonus, so that you do not miss out on any potential winnings. If you want to opt for the best, a select few €10 no deposit bonus casinos may have these bonuses contribute up to 50% in table games. Claiming a no deposit bonus is simple and easy. All you need to do is register an account with an online casino, and the bonus will be credited to your account instantly. You can then use the bonus to play games or bet on sports without having to make a deposit. However, it is important to read the terms and conditions associated with the bonus before claiming it, as bonuses may come with wagering requirements or other restrictions.
    http://mall.thedaycorp.kr/bbs/board.php?bo_table=free&wr_id=247421
    Some no deposit promotions require an online casino promo code before you can collect your bonus and start playing. Casinos sometimes use codes to gauge traffic and help them create promotions later on for new and existing players. The point of a no deposit bonus code is to try out an online casino with bonus cash rather than your own money. But how can you know if an online casino is the best if you don’t try out more than one? There’s no restriction in the US on claiming every no deposit bonus code available to you. However, you’ll need to complete the playthrough requirements in a specified time frame or risk losing the bonus, so we recommend using the entire bonus before moving on to the next no deposit casino. Otherwise, there’s no reason not to claim them all.

    Reply

  369. In this classic game where everything is made out of blocks, you are free to do whatever you like. You can just build, survive, destroy, ect. (Learn more about Minecraft). Minecraft teaches you the essentials of building circuits, and buildings that are protected from other players, and mobs (bad guys). It is even being used by thousands of architects to build and model houses. With Pax Augusta Game,your dream will come true! However, if you don’t have the time to play SimCity or Cities: Skylines, why not try a browser-based city building alternative? Online city-building games may not have the same depth as SimCity, but they’re great fun nonetheless. Rise of Cultures – Build your city, unlock old civilizations and fight strategic battles! City building games are one of the popular sub-genres in gaming because of their casual and somewhat laid-back mechanics. Unlike high-intensity games, it is the type that you would want to take out when you just want to chill. City-building games don’t require you to jam those controls to win but will challenge the hell out of your creativity.
    http://tecmall.co.kr/bbs/board.php?bo_table=free&wr_id=5991
    Download June’s Journey: Hidden Objects on PC with BlueStacks and embark on a thrilling mystery adventure. Use your sharp eyes to find the hidden objects in each area. Uncover hidden clues and intriguing information that will lead you to the truth behind a fascinating mystery. Size: 142.15 MB On the complete opposite side of the tonal spectrum, Hidden objects of Eldritchwood is a mysterious fantasy narrative where the intrigue hinges entirely on your ability to find popcorn and guitars at a carnival. The gameplay is once again made up of finding randomized objects concealed within detailed pictures, with unnecessarily ominous music, before being transferred to a hub map where you select the next puzzle. The production value for this game is almost strangely high, with the first cutscene featuring a reasonably realistic, albeit brief, car-driving sequence that seemed almost out of place. This one is worth checking out simply for the aesthetic design, with satisfactory gameplay included.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News

Access-Bank

The Access Bank (UK) Limited to Acquire Mauritius-based AfrAsia Bank Limited

November 14, 2024 6
IMG-20241112-WA0002

AMGA 2024: Local Organizing Committee unveils Nigerian Music Icon Olamide as Brand Ambassador

November 14, 2024 2