Comment on To comply with DMA, WhatsApp and Messenger will become interoperable via Signal protocol
BrikoX@lemmy.zip 8 months agoSignal network is centralized, and they are too small of a player to need to open it up themselves.
Comment on To comply with DMA, WhatsApp and Messenger will become interoperable via Signal protocol
BrikoX@lemmy.zip 8 months agoSignal network is centralized, and they are too small of a player to need to open it up themselves.
DahGangalang@infosec.pub 8 months ago
Right, but with Signal being an open source project, it seems that anyone could (pending license-ability) build an app to interact with the main Signal network. It’s my understanding there’s a few apps on F-Droid that let you do that already.
Thus, Facebook should be able to (at least in theory) build compatibility for the Signal network into their existing messengers.
Is there any part of that I’m missing?
BrikoX@lemmy.zip 8 months ago
The actual DMA compliance needs to be between WhatsApp network and Messenger network. The method is up to them to figure out, and they have chosen Signal protocol. To work with the actual Signal network, those users would have to register on Signal and Meta porting all the data to Signal (with Signal agreement), which would essentially be them switching service instead of being interoperable.
3rd party Signal apps use the same network, so to use it you have to have an account on Signal network. Like I said, it’s a centralized server, so the Signal stores all the data of the users even if they use 3rd party clients. Same way WhatsApp and Messenger stores user data on their end.
DahGangalang@infosec.pub 8 months ago
I suppose the part I seem to be missing: what’s to stop Facebook from setting up a “Signal Server” that then hosts those users on Whatsapp/Messenger?
From there, what happens if Facebook then attempt to integrate those servers into the existing Signal network?
I’m really not sure how information is shared between servers on Signal and am curious if there’s not something at a purely technical level to stop that from happening. I’d imagine there’s some keys that need to be passed around for handling en/decryption which I think is what you’re alluding to, but I want to be clear that that’s what you mean.
BrikoX@lemmy.zip 8 months ago
The most obvious reason is licensing. signalapp/Signal-Server is licensed under AGPL-3 which requires any forks to share their code so that the upstream project can take advantage of all the derivative work if they choose to do so. Facebook prefers to keep everything in-house since they can more easily to hide analytic scripts, trackers, and other tracking technology they spend millions on.
Apart from that, there are technical issue that would need to be solved, since the two services uses different structures. That is possible, but it’s not as simple as running a script.
Facebook does use Signal protocol for their end-to-end encrypted messages which they promised to finally roll out enabled by default soon, but that just makes having full control over the server side tracking more important.
They can’t. Only Signal can do that as they fully control the centralized Signal server. And there aren’t a lot of benefits from a Signal point of view in allowing it. Facebook business and privacy invasive practices is everything Signal stands against, and they would have to eat the cost for all those users.
Messages is just a small part of a messaging platform at bigger scale. While a lot of technical issues can be solved, it doesn’t always make sense to do so.