The European Union has recently reached an agreement on a significant competition reform known as the Digital Markets Act (DMA), which will impose strict rules on large tech companies that will have to offer users the ability to communicate with each other using different apps. WhatsApp is one of the companies that will be required to comply with the new regulations outlined in the European Union’s Digital Markets Act. This is because WhatsApp is considered a gatekeeper service since it’s a large tech platform with a substantial user base and falls within the criteria set by the DMA. With the latest WhatsApp beta for Android 2.23.19.8 update, which is available on the Google Play Store, we discovered that WhatsApp is working on complying with the new regulations:

As you can see in this screenshot, WhatsApp is working on a new section dedicated to the new regulations. Since it is still in development, this section is still not ready, it appears empty and it’s not accessible to users, but its title confirms to us that they are now working on it. WhatsApp has a 6-month period to align the app with the new European regulations to provide its interoperability service in the European Union. At the moment, it remains unclear whether this feature will also eventually extend to countries beyond the European Union.

Interoperability will allow other people to contact users on WhatsApp even if they don’t have a WhatsApp account. For example, someone from the Signal app could send a message to a WhatsApp user, even without a WhatsApp account. While this broader network can definitely enhance communication with those people who use different messaging apps and assist those small apps in competing within the messaging app industry, we acknowledge that this approach may also raise important considerations about end-to-end encryption when receiving a message from users who don’t use WhatsApp. In this context, as this feature is still in its early stages of development, detailed technical information about this process on WhatsApp as a gatekeeper is currently very limited, but we can confirm that end-to-end encryption will have to be preserved in interoperable messaging systems. In addition, as mentioned in Article 7 of the regulations, it appears that users may have the option to opt out when it will be available in the future.

Third-party chat support is under development and it will be available in a future update of the app. As always, we will share a new article when we have further information regarding this feature.

  • deadcade@lemmy.deadca.de
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    WireMin, as far as I can tell, is not open source. There’s no way to prove that any of their claims are actually true. Plenty of messaging apps have claimed to be “decentralized” and “end to end encrypted”, but those have been false claims a lot of the time.

    I would suggest you look into Matrix and XMPP, which are actually decentralized protocols rather than a single closed source app. Since they’re open protocols, there’s actual proof of them being decentralized and end-to-end-encrypted.

    Reading through the WireMin privacy policy and ToS, they are making several impossible claims, such as:

    “No user information will be provided to us, not a single bit.”

    As a somewhat tech-savy Matrix user, I can already tell you there’s literally no way for them to not receive user information, simply by having an app on the app or play store, user information gets sent to them for each download. Many functions in the app also cannot work without a publicly accessible server. Things like notifications, or even receiving any messages at all while the client device is behind NAT.

    They even back down on their own statements in that same privacy policy:

    “WireMin collects minimum device information, such as version number, platform, etc.”

    And they clearly say a push notification token is obtained, which requires server infrastructure to use:

    “Occasionally for WireMin App on mobile devices, an additional device notification token (e.g. iOS devices) may be collected, to enable push notifications. Again, that information is collected without exposing user identity or the device’s IP which eliminates the possibility of user tracking.”

    While also claiming it is collected “without exposing user identity or the device’s IP”, which is impossible to do. (iirc) The IP protocol requires source and destination IP addresses to be known on both sides (even if I’m misremembering and it’s not the IP protocol, TCP still does).

    Although I have not dug through the app, to figure out how it works internally, I can assure you it is not “decentralized”, and will go down or at the very least lack basic features as soon as their servers are shut off. Them lying about such a “large” aspect of their platform also makes me heavily question the “E2EE” claim.

    Platforms such as Matrix or XMPP solve most of the issues I noted here by having decentralized servers, but ““centralized”” clients (clients only connect to one server). If any one server goes down, the clients under that server are affected, but the rest of the servers (and thus the rest of the network) is not affected.