WhatsApp interoperability with Signal
WhatsApp interoperability with Signal
Does anyone know where this is at? I thought WhatsApp were being forced by the EU in 2024 to introduce this under the Digital Markets App? I'm googling, but am finding very little info.
It would be great if we could use Signal to communicate with WhatsApp groups. The sooner I can delete WhatsApp the better.
Federating would mean handing off chat metadata to Meta and other for-profit companies in the future.
I don't see how anyone excited to use Signal would like that. It very much defeats the purpose of using Signal.
Okay, hear me out, but I think it's actually beneficial.
Your content itself is encrypted, e2e so u don't need to worry about that.
The signal protocol has recently introduced sealed sender. sealed sender is completely useless if all communications are going through a centralised server, such as the signal server (You can deanonimise senders easily). If the traffic travels across multiple servers with sealed sender, then it is theoretically impossible to reveal who the sender is unless you have communications with that other server give u info on who the sender was. So if you trust signal not to be collecting your metadata, then you must also trust them, not to be giving your metadata to metadata.
This is not federation, this is signal being able to send message to a WhatsApp server and WhatsApp being able to interpret it to send it to a WhatsApp user. WhatsApp wouldn't know more than what it already knows when you inevitably need to use the app to reply to your grandma or whatever.
A big plus however is that you can convince friends and family to switch since they would be able to keep chatting with their family and friends, so the entry barrier lowers by a ton.
This is not federation and it is great.
The benefit would be the ability to chat with those refusing to move away from WhatsApp without having to use the Whats App. I get why they aren't going for it, but I guess it could be handy.
I'd rather my Signal not be federated sigh Facebook at all. I'd be fine downloading a secondary Signal-owned app just for Whatsapp contacts (that way I don't have WhatsApp on my phone), but I do not want my standard Signal traffic routed through Facebook's data-guzzling, privacy-eroding servers.
Why would your signal to signal data be even sent to WhatsApp? Only the signal to WhatsApp and WhatsApp to signal data would go through meta servers... If that's not how it's being designed, it's a failed feature ofc.
Isn't the whole point of E2E encryption that it doesn't matter. And since signal has recently implemented sealed sender. Sending your communication to someone on a Facebook server might actually be more secure.
Last I heard Signal wasn't interested in federating with WhatsApp so that initiative basically died before it was born.
It would go against their principles and the mission of the non-profit that runs Signal. They don't store any message data on their servers (unlike WhatsApp), and WhatsApp mines as much data as they can from its users.
How much and to what extent, I can't say, but allowing Signal to federate would essentially let Meta start mining and storing Signal user data. Fuck that noise.
The President of the Signal Foundation (Meredith Whittaker) has commented on this in this podcast episode. Skip to 1:05:45.
I wasn't aware that it was only about Signal. Thought messengers in general must be able to communicate with each other.
Matrix being federated and interoperable from day 1 was pushing for this and there was a blog post on this:
So, Matrix (federated) and XMPP (federated) would also have "metadata leaks". I imagine there would be metadata exchanged between federated servers and in addition the E2EE of XMPP and Matrix is not so good/modern as Signal's. When Signal-Whatsapp interoperability is mentioned, all people is worried about metadata leaks but it seems that concern dissapears when federation of Matrix or XMPP is mentioned.
Apart from that and one very personal opinion, I always connected Matrix to IRC, I mean, it is used more for the groups functionality than for the person-to-person functionality. And IRC was never considered an Instant Messaging alternative. But this is a very personal feel.
So it looks like the problems are on the WhatsApp side. The EU should force them to get the finger out and come up with a proper solution.
I also am waiting for news on this. I think many users lack of an european view. In Europe Whatsapp is a monopoly for Instant Messaging, look at https://www.statista.com/statistics/1005178/share-population-using-whatsapp-europe/. And you do not break a Monopoly with "remove whatsapp and use only signal". I only have 1 contact in Signal, two years ago I had 5 contacts. If I remove Whatsapp, I lack of IM. Period.
Signal has E2EE encryption, Signal collects very few metadata. If they collect very few metadata, they have very few metadata to expose to Whatsapp. If Whatsapp forces them to provide more metadata, they could argue and even ask for arbitration with the European Comission.
But the lack of interest to ever consider the interoperalibity seems to me they are not interested in the european market. They do not want to grow in Europe to become the best privacy-respectful IM solution (with users).
WhatsApp and Signal will likely never integrate, unless Signal itself compromises on its actually effective security policies.
Signal's security and privacy model is not compatible with WhatsApp, and if they made it compatible, that would break what makes Signal secure and private.
That would make most people that use Signal quit using it.
If you have friends or family that won't switch to Signal, then they value convenience over privacy and security, regardless of whether or not they are informed enough or intelligent enough to understand this.
IMO, if you value privacy and security, and your friends/family are unwilling to take 5 minutes to install a different phone app to communicate with you, that is how little they value continuing to have a relationship/contact with you, you are not worth that extremely small amount of effort, you are worth less than this extremely minor inconvenience.
Other people may have different stances on this last bit, but that's mine.
I would like to hear more specific details about the loss of privacy that would require the integration with whatsapp for signal users.
- E2EE would be broken?
- which specific metadata of signal users would be exposed (metadata that is not now required by signal)? less metadata of current whatsapp users would be required?
- integration could be a user option?
Because I see a lot of fear but few details that justify it.
https://www.trustedreviews.com/versus/whatsapp-vs-signal-4309419
Neither WhatsApp nor Signal are realistically vulnerable to EE2E being comprimised by a man in the middle style attack, they use the same standard.
But if your threat model only includes being worried about random or organized hackers, then you must not be worried about your own government, or governments it cooperates with.
In a nutshell, when you send a message or photo, metadata is also sent out. Metadata includes information about when the message was delivered, who it was sent to and more. Metadata is not protected by end-to-end encryption, meaning that while the content of your message is safe, a lot of information can still be gleaned from it.
Signal has developed a technology for protecting metadata called Sealed Sender. This allows for metadata to be hidden, giving you an added level of security and privacy. WhatsApp does know the IP address and technical information showing that the request comes from the WhatsApp app.
Law enforcement can fairly easily figure out your real identity if they have your metadata from enough messages.
Almost all modern, advanced surveillance is built around the analysis of metadata to establish patterns and narrow down the pool of suspects or persons of interest down to actual specific individuals.
WhatsApp stores your metadata.
Signal does not.
What exact kinds of metadata are we talking about?
Well we got the bare minimum basics, which are often enough on their own to narrow down to a person:
IP Address.
Send / Recieve Time of Message.
Rough Estimate of Message Length.
Either Rough or Fine GeoLocation Coordinates.
Then we've got everything else that's connected to the 'Meta'verse:
Phone Number
Profile Name (Usually your Real Name)
Email
Anything you've posted on or linked to a Meta Account (Facebook, Instagram)
Or, potentially anything else!
WhatsAppβs privacy policy describes how personal data shared with Facebook βmay include other information identified in the Privacy Policyβ¦.or obtained upon notice to you or based on your consentβ.
Also, WhatsApp sometimes actually stores your actual messages:
WhatsApp does not store messages, but if a message cannot be delivered immediately, it is kept in an encrypted form on the servers for up to 30 days before it is delivered. If it is not delivered, it is then deleted. It does keep track of how often you use the WhatsApp app and your usage habits whilst in the app.
Signal also does not store its messages, and it will not try and link this phone number to an identity, meaning that it wonβt have access to your location, email, or other private information.
Because WhatsApp, in some cases, stores your actual messages, that means they can be legally compelled to decrypt them and reveal them to law enforcement.
Signal does not store your actual messages, and thus cannot be legally compelled to provide something they do not possess.
Finally, Signal is a non profit, WhatsApp is a subsidiary of Meta:
WhatsApp is currently owned by Meta, formerly known as Facebook. Due to this integration and WhatsAppβs privacy policy, your information will be shared in order to help Meta better customise its userβs experiences.
Signal is instead owned by the Signal Technology Foundation, which is a registered non-profit that is run on donations from its users. Due to this, Signal does not need to share its userβs information with third-party apps and itβs unlikely that this will change in the future
MegaCorps have every incentive to make as much money as possible, which means selling and making available as much of your data as possible.
A non profit does not have this built in, contradictory incentive.
...
Even without the actual contents of data being revealed, lets throw in some examples of being an American and using WhatsApp where you are potentially fucked:
You live in a state that criminalizes abortion, or gender affirming care, and you plan and execute a plan of getting an abortion/receiving gender affirming care at a clinic, sending messages before, whilst in transit to, at, and returning from the clinic.
You plan, attend, and coordinate a pro palestinian or pro trans rights, or pro health care reform rally, which has some violent act occur, or perhaps even without that.
...
If Signal integrated with Meta, I mean WhatsApp, this would provide at least that bog standard metadata (which, again, is very often enough to profile and identify a person) and potentially actual msg content to WhatsApp from the Signal user, which would comprimise then Signal user's security... which defeats the entire point of using Signal.
For this not to be the case, Meta would have to agree to switch over to Signal's standards, which they will never do.
EDIT:
If Signal did integrate with Meta, and allow the user to msg a WhatsApp user, it would be leaking your IP every single time you do so, so basically it would have to put a warning on every msg you send that way, similar to Firefox warning you that the website you're trying to visit has no HTTPS or expired security credentials.
There's no point.
The classic tech company approach is embrace, extend, extinguish.
Lemmy and other fediverse people/communities recently learned this the hard way, trying to integrate with Meta and then oh whoops, looks like that'll be a one way relationship.
EDIT 2:
Its basically this meme, just replace 'minority social group' with 'privacy conscious users' (which apparently just actually is a minority social group at this point):
Just delete it now. Tell your friends that you're moving because of all the tech oligarchs that just got handed the keys to the government and the economy. Tell your friends that Signal is run by a 501(c)3 nonprofit and actually cares about privacy.
I left Meta products in 2010, and it was one of the best decisions I ever made. You deserve not to "be the product" anymore.
Unfortunately this doesn't actually work. Even if people do try Signal, they see they only have one or two contacts, and they go back to WhatsApp.
I got my entire Snapchat gc (15 people) and a little more to switch. The key isn't dropping an announcement of "hey I'm moving", you talk to each person individually; starting with the most likely to switch. Then go up the line, share who you've already got to join if you're met with resistance. if you save the most difficult people for last, telling them almost everyone else is already there is usually enough.
If someone along the way has refused to move for the time being, you can revisit them later after you've got more people to move. I didn't 100% nail my judgement of who would and who wouldn't, but I was able to go back and revisit those who didn't.
If you can, reach out to people in person; I got a few this way. You have to express that you will not be accessible otherwise and will only be present on signal moving forward. It helps if you have a reputation for following through :3
Likely not everyone is going to move over. I've accepted that there's some people I probably won't end up talking to ever again. I've got my main group over, the ones that actually respect that I want more security (and less clown-show shit that Snapchat has)
Human nature wants to stay put, you have to have some strategy or it won't work.
Also a lot of people are pissed at Meta for lobbying for TikTok's ban. Use that with the relevant people, if applicable
So they either keep Signal around and be able to talk to you, or they don't. They don't need to stop using WA to use Signal.
If they don't want to do that, it'd mean that you would have to keep WA around for the one or two contacts you have there (and only there), which is somewhat comparable, actually, if you disregard the "but meta is short for metastasis, actually" bit.
Which one of the two it ends up being is between you and your contacts.
This is pretty close to how I did it.
The "one or the other" thing is a fallacy. You have just one, but they're clearly happy installing stuff like WA - so tell them to install another app. It's not like they have to switch.
If they subsequently come to realise the value of Signal in time, all the better.
If installing both helped you, then perhaps that's a good strategy for some. I'm more of a "leave the abusive relationship and cut ties" kind of person, which is why I don't advocate for both at the same time. People often end up going back to the familiar option, rather than trying something new.
As a side note, that's not what a fallacy is. Fallacies are invalid logical statements, and I didn't make any false statements or present any sort of false dichotomy. A false dichotomy would be if I said something like, "You have to choose between Signal or WhatsApp," which is obviously false because you can choose both.
Though again, that's not something I advocate on purpose, due to the aforementioned issue I have with "being the product," and it is not fallacious or deceptive to exclude the suggestion of installing both in light of that additional premise.
Signal had SMS support and dropped it. I imagine any argument for Whatsapp interoperability would face a similar fate.
If I understand this document correctly, it would mean that the entire connection somehow gets routed through Meta's servers. I can fully understand the reluctance of other parties, including Signal, to do that, and I wonder how this is actually compliant with the DMA.
You don't understand. This is not for you, the signal user, to speak with WhatsApp users. This is for you to convince them to swap to signal and keep talking to other WhatsApp users. The more people change, the less information will go through meta. Lowering the barrier to swap apps is great.
To send messages, the third-party providers have to construct message protobuf structures which are then encrypted using the Signal Protocol and then packaged into message stanzas in eXtensible Markup Language (XML).
Meta servers push messages to connected clients over a persistent connection. Third-party servers are responsible for hosting any media files their client applications send to Meta clients (such as image or video files). After receiving a media message, Meta clients will subsequently download the encrypted media from the third-party messaging servers using a Meta proxy service.
This is only for messages sent to WhatsApp, right now you are force to use their app to chat with WhatsApp users, which is worse than the proposal.
I think that's only the case for people on a meta client. I would assume for people on a signal client get their requests proxied to meta via a signal server.
I'm looking forward to the day when I confederate my own fucking messaging server. But I doubt that'll ever come.
I think a lot of the fediverse should introduce Matrix as part of their deployment for private messages directly.
Signal declined, despite the EU bending over backwards and handing them the chance on a silver platter to become relevant.
IMO it's a mistake, like getting rid of SMS support was (which is far less secure than WhatsApp yet Reddit/Lemmy seem to be angry about that but glad about lack of WhatsApp interoperability?? I guess it's because Americans don't really use WhatsApp so it's not a big deal to them, whereas SMS is).
It would have been an amazing opportunity to help those that want to use Signal actually use it.
Yes, I'm aware Meta scrapes what metadata they can from messages, but if you make this clear in Signal when you talk to a WhatsApp user then I don't see the issue, after all it's what they did for SMS chats yet everybody loved that feature!
People trying Signal because it's compatible with WhatsApp that everybody uses would lead to more Signal-to-Signal chats, and that's a good thing.
The Signal foundation seems to care more about being ideologically pure for its 10 users than they do about making a small compromise that leads to far more users and far more Signal-to-Signal chats. It seriously disappointed me, and I stopped my Β£10 monthly donation hearing that bad news. I was so invested in Signal because I thought it was a great app, but there's no point of financially supporting the growth of an organisation that vehemently rejects growth, I was throwing my money away.
I went from having 10 contacts on Signal down to just one after the SMS purge. I want to use this app but it's pointless. Nobody wants to use an app that nobody uses, and Signal doesn't seem to want any users either.
Frankly, I don't buy their excuse. If they were truly that ideologically pure about absolute privacy, they'd never have added SMS support in the first place! And they wouldn't have tied accounts to phone numbers either!
I think the reason they ditched SMS was down to development costs. Maintaining that functionality, as well as building RCS support, is far more expensive than simply cutting the feature out and trying to salvage some "it's about privacy!" PR. I think the same is true for WhatsApp integration.
E: I knew this would start getting heavily downvoted once the Americans started logging on. Please try to understand that WhatsApp is big in much of the world. Everybody uses it. My bank wouldn't let me take out a mortgage without WhatsApp. That's how ingrained it is. Being able to use Signal and still receive messages from people would go a long way in getting people to install the app.
People trying Signal because it's compatible with WhatsApp that everybody uses would lead to more Signal-to-Signal chats, and that's a good thing.
75% of my signal contacts would delete signal and just use whatsapp if interOp happened... I've already slowly lost 1 or 2 contacts a year because i'm the only one they know on signal and they either gave up or forgot to reinstall when they got a new phone
The 75% of your contacts you describe sound like they installed Signal only to talk to you or at most a handful of people, while most of their social circle is on WhatsApp. These people are trapped on WhatsApp exactly because there is no interoperability.
Ok, that's your guess.
90% of my contacts did leave Signal because of the SMS removal. And that's SMS, which nobody uses.
People being able to use Signal without being cut off from the world would be massive in terms of getting people to use signal. Which like I said, would mean more Signal-to-Signal chats, which would bring more and more people to signal once they see that it's an actual worthwhile platform.
People trying Signal because it's compatible with WhatsApp that everybody uses would lead to more Signal-to-Signal chats
would it, though? why would anyone move away from Whatsapp if they could talk to Signal users without switching apps?
would it, though
Yes? 100% it would?
A fair amount of people don't want to use WhatsApp, but they have no real choice because it's practically a requirement for living in modern society.
If you make it so they can still chat to people on WhatsApp, they can go to Signal without worrying about that.
why would anyone move away from Whatsapp if they could talk to Signal users without switching apps?
Why would anybody play games on Linux via proton if they could just stay on Windows? Because they don't like Windows.
Like I said above, plenty of people don't like Meta, they use WhatsApp because there's no real choice. Offer them a choice, and more will take the plunge.
And why would anybody move to Signal if they can't talk to anybody?
The massive drop in users after getting rid of SMS support shows that people are willing to use Signal if they can still talk to people, but aren't willing to use it when they can't.
Would they? Signal could make this a choice per user. As in, you as a signal user don't enable it so they can't msg you, but they can enable it from signal to talk to you and their social circle all at once.
I doubt it would lead to more signal-to-signal chats. With interoperability, they would be handing off their data to Meta, at which point users will just keep using WhatsApp as most are today.
If getting away from Meta and other for-profit companies is no more, what will be the selling point of Signal?
How could it not lead to more Signal-to-Signal chats?
The biggest problem with signal is that nobody uses Signal. Everybody uses WhatsApp.
If you make it so people can switch to signal without it completely cutting you off from the world, then more people will use it, which will lead to more Signal-to-Signal chats, which will lead to signal becoming widespread enough that people shift from WhatsApp.
Yeah I also found that decision to be really disappointing. Before you could just use Signal for all your messaging and it would smartly use its own protocol if you both had accounts. Now it's relegated to dedicated Signal users, which yeah I've got like 4 contacts left.
Signal declined,
Signal's management is similar thing that Google did to mozilla.
They are there to keep freedom enjoyers occupied and feeling like we are sticking to daddy and owner class but in reality is a psyop. As long as edge lord are busy jerking them selves off, it is working.
Current signal management is there to ensure that signal never goes mainstream.
Obviously still use them as that's they the best current offering once balanced for ease of recruitment.
We need something better though and I am always on look out.
Matrix and SimpleX are on my radar but let's what market decides.
Hopefully never. Just stop using whatsapp. Be the change.
When facebook bought whatsapp, I walked through the list of chats I had on whatsapp and asked them what other apps they already used. Most people already used something other than a facebook owned thing or were willing to start.
WhatsApp is ubiquitous in Ireland, if only it was as easy to get away from it. Everything from clubs, schools, kids sport is done via group chats on WhatsApp. Absolutely hate Meta as a company, WhatsApp is the only app I use of theirs and only because they bought it from under us. If we could get proper interoperability, we could use a non WhatsApp app, but it's not looking good so far.
Sounds awful, sorry to hear that
it requires Whatsapp to open up interoperability with other services if they request that. Signal has already mentioned in the past that they wouldn't be interested.
I donβt know. Iβm having a much better time getting friends to move to telegram than signal.
I prefer signal, but they all seem to prefer telegram as an alternative.
I've had a shockingly easy time getting my friends and family to move to signal.
There is literally only one person I have not gotten to move to it and that's because she just has so many contacts who won't leave Facebook.
I have no idea, but I'm also interested. Thus said, remember that's only inside EU. I remember that Meta said they won't apply this outside EU.
Now that iPhones have RCS messaging, is something like this still desired? Can't everyone just use RCS instead (assuming that everyone has a somewhat modern phone/OS that supports RCS). Or am I not seeing something here?
The EU would like it, given that very few people here use SMS/RCS still.
Interesting point. Does that mean iPhones and Android can now have a shared group over imessage/whatever it's called in Android? Are those messages encrypted?