WhatsApp interoperability with Signal
WhatsApp interoperability with Signal
Does anyone know where this is at? I thought WhatsApp were being forced by the EU in 2024 to introduce this under the Digital Markets App? I'm googling, but am finding very little info.
It would be great if we could use Signal to communicate with WhatsApp groups. The sooner I can delete WhatsApp the better.
Signal had SMS support and dropped it. I imagine any argument for Whatsapp interoperability would face a similar fate.
Matrix being federated and interoperable from day 1 was pushing for this and there was a blog post on this:
So, Matrix (federated) and XMPP (federated) would also have "metadata leaks". I imagine there would be metadata exchanged between federated servers and in addition the E2EE of XMPP and Matrix is not so good/modern as Signal's. When Signal-Whatsapp interoperability is mentioned, all people is worried about metadata leaks but it seems that concern dissapears when federation of Matrix or XMPP is mentioned.
Apart from that and one very personal opinion, I always connected Matrix to IRC, I mean, it is used more for the groups functionality than for the person-to-person functionality. And IRC was never considered an Instant Messaging alternative. But this is a very personal feel.
So it looks like the problems are on the WhatsApp side. The EU should force them to get the finger out and come up with a proper solution.
Hopefully never. Just stop using whatsapp. Be the change.
When facebook bought whatsapp, I walked through the list of chats I had on whatsapp and asked them what other apps they already used. Most people already used something other than a facebook owned thing or were willing to start.
WhatsApp is ubiquitous in Ireland, if only it was as easy to get away from it. Everything from clubs, schools, kids sport is done via group chats on WhatsApp. Absolutely hate Meta as a company, WhatsApp is the only app I use of theirs and only because they bought it from under us. If we could get proper interoperability, we could use a non WhatsApp app, but it's not looking good so far.
Sounds awful, sorry to hear that
I'd rather my Signal not be federated sigh Facebook at all. I'd be fine downloading a secondary Signal-owned app just for Whatsapp contacts (that way I don't have WhatsApp on my phone), but I do not want my standard Signal traffic routed through Facebook's data-guzzling, privacy-eroding servers.
Why would your signal to signal data be even sent to WhatsApp? Only the signal to WhatsApp and WhatsApp to signal data would go through meta servers... If that's not how it's being designed, it's a failed feature ofc.
I also am waiting for news on this. I think many users lack of an european view. In Europe Whatsapp is a monopoly for Instant Messaging, look at https://www.statista.com/statistics/1005178/share-population-using-whatsapp-europe/. And you do not break a Monopoly with "remove whatsapp and use only signal". I only have 1 contact in Signal, two years ago I had 5 contacts. If I remove Whatsapp, I lack of IM. Period.
Signal has E2EE encryption, Signal collects very few metadata. If they collect very few metadata, they have very few metadata to expose to Whatsapp. If Whatsapp forces them to provide more metadata, they could argue and even ask for arbitration with the European Comission.
But the lack of interest to ever consider the interoperalibity seems to me they are not interested in the european market. They do not want to grow in Europe to become the best privacy-respectful IM solution (with users).
Federating would mean handing off chat metadata to Meta and other for-profit companies in the future.
I don't see how anyone excited to use Signal would like that. It very much defeats the purpose of using Signal.
This is not federation, this is signal being able to send message to a WhatsApp server and WhatsApp being able to interpret it to send it to a WhatsApp user. WhatsApp wouldn't know more than what it already knows when you inevitably need to use the app to reply to your grandma or whatever.
A big plus however is that you can convince friends and family to switch since they would be able to keep chatting with their family and friends, so the entry barrier lowers by a ton.
This is not federation and it is great.
WhatsApp and Signal will likely never integrate, unless Signal itself compromises on its actually effective security policies.
Signal's security and privacy model is not compatible with WhatsApp, and if they made it compatible, that would break what makes Signal secure and private.
That would make most people that use Signal quit using it.
If you have friends or family that won't switch to Signal, then they value convenience over privacy and security, regardless of whether or not they are informed enough or intelligent enough to understand this.
IMO, if you value privacy and security, and your friends/family are unwilling to take 5 minutes to install a different phone app to communicate with you, that is how little they value continuing to have a relationship/contact with you, you are not worth that extremely small amount of effort, you are worth less than this extremely minor inconvenience.
Other people may have different stances on this last bit, but that's mine.
I would like to hear more specific details about the loss of privacy that would require the integration with whatsapp for signal users.
- E2EE would be broken?
- which specific metadata of signal users would be exposed (metadata that is not now required by signal)? less metadata of current whatsapp users would be required?
- integration could be a user option?
Because I see a lot of fear but few details that justify it.
https://www.trustedreviews.com/versus/whatsapp-vs-signal-4309419
Neither WhatsApp nor Signal are realistically vulnerable to EE2E being comprimised by a man in the middle style attack, they use the same standard.
But if your threat model only includes being worried about random or organized hackers, then you must not be worried about your own government, or governments it cooperates with.
In a nutshell, when you send a message or photo, metadata is also sent out. Metadata includes information about when the message was delivered, who it was sent to and more. Metadata is not protected by end-to-end encryption, meaning that while the content of your message is safe, a lot of information can still be gleaned from it.
Signal has developed a technology for protecting metadata called Sealed Sender. This allows for metadata to be hidden, giving you an added level of security and privacy. WhatsApp does know the IP address and technical information showing that the request comes from the WhatsApp app.
Law enforcement can fairly easily figure out your real identity if they have your metadata from enough messages.
Almost all modern, advanced surveillance is built around the analysis of metadata to establish patterns and narrow down the pool of suspects or persons of interest down to actual specific individuals.
WhatsApp stores your metadata.
Signal does not.
What exact kinds of metadata are we talking about?
Well we got the bare minimum basics, which are often enough on their own to narrow down to a person:
IP Address.
Send / Recieve Time of Message.
Rough Estimate of Message Length.
Either Rough or Fine GeoLocation Coordinates.
Then we've got everything else that's connected to the 'Meta'verse:
Phone Number
Profile Name (Usually your Real Name)
Email
Anything you've posted on or linked to a Meta Account (Facebook, Instagram)
Or, potentially anything else!
WhatsApp’s privacy policy describes how personal data shared with Facebook “may include other information identified in the Privacy Policy….or obtained upon notice to you or based on your consent”.
Also, WhatsApp sometimes actually stores your actual messages:
WhatsApp does not store messages, but if a message cannot be delivered immediately, it is kept in an encrypted form on the servers for up to 30 days before it is delivered. If it is not delivered, it is then deleted. It does keep track of how often you use the WhatsApp app and your usage habits whilst in the app.
Signal also does not store its messages, and it will not try and link this phone number to an identity, meaning that it won’t have access to your location, email, or other private information.
Because WhatsApp, in some cases, stores your actual messages, that means they can be legally compelled to decrypt them and reveal them to law enforcement.
Signal does not store your actual messages, and thus cannot be legally compelled to provide something they do not possess.
Finally, Signal is a non profit, WhatsApp is a subsidiary of Meta:
WhatsApp is currently owned by Meta, formerly known as Facebook. Due to this integration and WhatsApp’s privacy policy, your information will be shared in order to help Meta better customise its user’s experiences.
Signal is instead owned by the Signal Technology Foundation, which is a registered non-profit that is run on donations from its users. Due to this, Signal does not need to share its user’s information with third-party apps and it’s unlikely that this will change in the future
MegaCorps have every incentive to make as much money as possible, which means selling and making available as much of your data as possible.
A non profit does not have this built in, contradictory incentive.
...
Even without the actual contents of data being revealed, lets throw in some examples of being an American and using WhatsApp where you are potentially fucked:
You live in a state that criminalizes abortion, or gender affirming care, and you plan and execute a plan of getting an abortion/receiving gender affirming care at a clinic, sending messages before, whilst in transit to, at, and returning from the clinic.
You plan, attend, and coordinate a pro palestinian or pro trans rights, or pro health care reform rally, which has some violent act occur, or perhaps even without that.
...
If Signal integrated with Meta, I mean WhatsApp, this would provide at least that bog standard metadata (which, again, is very often enough to profile and identify a person) and potentially actual msg content to WhatsApp from the Signal user, which would comprimise then Signal user's security... which defeats the entire point of using Signal.
For this not to be the case, Meta would have to agree to switch over to Signal's standards, which they will never do.
EDIT:
If Signal did integrate with Meta, and allow the user to msg a WhatsApp user, it would be leaking your IP every single time you do so, so basically it would have to put a warning on every msg you send that way, similar to Firefox warning you that the website you're trying to visit has no HTTPS or expired security credentials.
There's no point.
The classic tech company approach is embrace, extend, extinguish.
Lemmy and other fediverse people/communities recently learned this the hard way, trying to integrate with Meta and then oh whoops, looks like that'll be a one way relationship.
EDIT 2:
Its basically this meme, just replace 'minority social group' with 'privacy conscious users' (which apparently just actually is a minority social group at this point):
Last I heard Signal wasn't interested in federating with WhatsApp so that initiative basically died before it was born.
It would go against their principles and the mission of the non-profit that runs Signal. They don't store any message data on their servers (unlike WhatsApp), and WhatsApp mines as much data as they can from its users.
How much and to what extent, I can't say, but allowing Signal to federate would essentially let Meta start mining and storing Signal user data. Fuck that noise.
The President of the Signal Foundation (Meredith Whittaker) has commented on this in this podcast episode. Skip to 1:05:45.
I wasn't aware that it was only about Signal. Thought messengers in general must be able to communicate with each other.
Just delete it now. Tell your friends that you're moving because of all the tech oligarchs that just got handed the keys to the government and the economy. Tell your friends that Signal is run by a 501(c)3 nonprofit and actually cares about privacy.
I left Meta products in 2010, and it was one of the best decisions I ever made. You deserve not to "be the product" anymore.
This is pretty close to how I did it.
The "one or the other" thing is a fallacy. You have just one, but they're clearly happy installing stuff like WA - so tell them to install another app. It's not like they have to switch.
If they subsequently come to realise the value of Signal in time, all the better.
If installing both helped you, then perhaps that's a good strategy for some. I'm more of a "leave the abusive relationship and cut ties" kind of person, which is why I don't advocate for both at the same time. People often end up going back to the familiar option, rather than trying something new.
As a side note, that's not what a fallacy is. Fallacies are invalid logical statements, and I didn't make any false statements or present any sort of false dichotomy. A false dichotomy would be if I said something like, "You have to choose between Signal or WhatsApp," which is obviously false because you can choose both.
Though again, that's not something I advocate on purpose, due to the aforementioned issue I have with "being the product," and it is not fallacious or deceptive to exclude the suggestion of installing both in light of that additional premise.
If I understand this document correctly, it would mean that the entire connection somehow gets routed through Meta's servers. I can fully understand the reluctance of other parties, including Signal, to do that, and I wonder how this is actually compliant with the DMA.
You don't understand. This is not for you, the signal user, to speak with WhatsApp users. This is for you to convince them to swap to signal and keep talking to other WhatsApp users. The more people change, the less information will go through meta. Lowering the barrier to swap apps is great.
To send messages, the third-party providers have to construct message protobuf structures which are then encrypted using the Signal Protocol and then packaged into message stanzas in eXtensible Markup Language (XML).
Meta servers push messages to connected clients over a persistent connection. Third-party servers are responsible for hosting any media files their client applications send to Meta clients (such as image or video files). After receiving a media message, Meta clients will subsequently download the encrypted media from the third-party messaging servers using a Meta proxy service.
This is only for messages sent to WhatsApp, right now you are force to use their app to chat with WhatsApp users, which is worse than the proposal.
it requires Whatsapp to open up interoperability with other services if they request that. Signal has already mentioned in the past that they wouldn't be interested.
I don’t know. I’m having a much better time getting friends to move to telegram than signal.
I prefer signal, but they all seem to prefer telegram as an alternative.
I've had a shockingly easy time getting my friends and family to move to signal.
There is literally only one person I have not gotten to move to it and that's because she just has so many contacts who won't leave Facebook.
Now that iPhones have RCS messaging, is something like this still desired? Can't everyone just use RCS instead (assuming that everyone has a somewhat modern phone/OS that supports RCS). Or am I not seeing something here?
The EU would like it, given that very few people here use SMS/RCS still.
Interesting point. Does that mean iPhones and Android can now have a shared group over imessage/whatever it's called in Android? Are those messages encrypted?
I have no idea, but I'm also interested. Thus said, remember that's only inside EU. I remember that Meta said they won't apply this outside EU.