#messaging

berternste2@diasp.nl

‘Encryption is deeply threatening to power’: Meredith Whittaker of messaging app Signal

The Guardian

The woman in charge of the secure communication channel remains implacably opposed to the ‘disease’ of surveillance – and concerned about the sharing of personal data.

(Text continues underneath the photo.)

Photo of Meredith Whittaker
Meredith Whittaker: ‘We will hold the line.’

Surveillance, she says, was a “disease” from the very beginning of the internet, and encryption is “deeply threatening to the type of power that constitutes itself via these information asymmetries”. All of which means that she doesn’t expect the fight to end any time soon. “I don’t think these arguments are in good faith. There’s a deeper tension here, because in 20 years of the development of this metastatic tech industry, we have seen every aspect of our lives become subject to mass surveillance perpetrated by a handful of companies partnering with the US government and other ‘Five Eyes’ agencies to gather more surveillance data about us than has ever been available to any entity in human history. (...)

The criticisms of encrypted communications are as old as the technology: allowing anyone to speak without the state being able to tap into their conversations is a godsend for criminals, terrorists and paedophiles around the world.

But, Whittaker argues, few of Signal’s loudest critics seem to be consistent in what they care about. “If we really cared about helping children, why are the UK’s schools crumbling? Why was social services funded at only 7% of the amount that was suggested to fully resource the agencies that are on the frontlines of stopping abuse?” (...)

“Signal either works for everyone or it works for no one. Every military in the world uses Signal, every politician I’m aware of uses Signal. Every CEO I know uses Signal because anyone who has anything truly confidential to communicate recognises that storing that on a Meta database or in the clear on some Google server is not good practice.” (...)

Complete article

Tags: #messaging #messaging_app #message_app #whatsapp #signal #facebook #meta #google #alphabet #privacy #surveillance #mass_surveillance #surveillance_capitalism #surveillance_advertising #privacy #data #data_mining #personal_data

danie10@squeet.me

Ayoba is an all-in-one chat, call, and social media app that has over 30 million active monthly users mostly in Africa

Woman in a yellow dress with arm outstretched holding a phone showing a chat messaging app on the screen.
This is probably the app that Elon Musk wants X to be… Ayoba has chats, voice calling, channels, music, games, money transfers (MoMo – only available currently in Ghana, Uganda, Congo B and Cameroon), and various 3rd party services. It runs on Android and iOS. Ayoba is owned and managed by Simfy Africa Pty Ltd, based in Cape Town, South Africa.

The app is apparently based on XMPP and WebRTC technologies, but all of that is deeply embedded within the app, so the user experience is all within Ayoba. The messaging is fully end-to-end-encrypted.

They have a partnership with MTN, which is Africa’s largest cellular network and this partnership provides some really interesting value-adds such as MTN subscribers not paying for data to use the app, and any non-Ayoba MTN subscribers can receive and reply for free using SMS text messages. The zero-rated data usage for MTN users is stated to be for “a promotional period and may be subject to a fair usage policy”.

However, there are some probable cons such as voice calls within the app to another Ayoba contact being charged for as a standard cellular voice call (no other chat app I know of does this, they use standard data). Elsewhere, it is stated “Note that voice and video calls will consume a user’s data” so maybe data can be used, but it is not part of the MTN zero-rated data.

The other con is the privacy policy does state (from the Android data safety policy) that information such as precise location is used for analytics, and that phone number, app interactions, and Device ID can be shared for analytics and advertising and marketing. So, in this regard it is not as private as XMPP and some other messengers. It is likely that this, along with the MTN partnership, is what funds and sustains the app.

Ayoba is highly localised and tailored for African consumer needs, supporting 22 relevant languages. Users can send and receive encrypted messages, share photos, videos, files, and voice notes and can also subscribe to live channels. Family-friendly localised content is available through curated channels aimed at entertaining, educating and empowering communities.

Channels though are a big part of Ayoba, with over 150 channels, providing the latest in sports, fashion, beauty, news, comedy, health, entertainment, education, empowerment and more. All free to use. The content is updated daily, and is available in English, French, Arabic and select local languages including isiZulu, Kinyarwanda and more.

The app is just over 4 years old, and to have reached 30 million active users in that time, it quite an achievement. This is probably due to MTN’s reach across Africa, and the strong focus on African culture and languages.

Although the app is based on open-source XMPP it does not state it has any interactivity with the larger global XMPP user base, nor any form of federating with the Fediverse.

Ayoba’s big focus going forward from October 2023 will be on gaming and advancing its integrated ecosystem development approach revolving around the MicroApps vertical. With this, they are already way ahead of Musk’s X.

See https://www.ayoba.me/
#Blog, #africa, #Ayoba, #messaging, #technology

danie10@squeet.me

WordPress.com owner buys all-in-one messaging app Texts.com for $50M

Ten icons representing messenger services such as WhatsApp, X, Telegram, Slack, iMessage, etc, with a caption overlaying them saying "All of your messages".
The app brings all your messaging apps together in a single dashboard, including iMessage, Slack, WhatsApp, Instagram, Telegram, Messenger, LinkedIn, Signal, Discord and X, with plans for more in the future, a company blog post announced.

Though other companies have tried to do something similar — like Beeper — Texts.com offers end-to-end encryption of your chats and other features users have always wanted, like the ability to schedule messages at a time that’s convenient for the recipient, not just for you. In addition, you can mark messages as unread even on services that don’t offer that feature, allowing you to remember to check that message again when you return, as well as get summaries of long group chats you’ve missed.

It is certainly a similar approach to Beeper, but different. Beeper dropped their charge per month whilst this service is still $15 pm. The service has iMessage but only on macOS – whilst Beeper offers iMessage across all platforms. However, that is another difference in that Beeper does break the E2EE for iMessage, with that virtual Mac in the middle, which you have the password to.

Beeper also includes full iMessage use on Windows, Linux, and Android phones, and also has Google Chat and Google Messages (SMS/RCS). The other services are the same minus IRC.

Right now, they support iMessage (only on macOS), SMS (with iMessage), WhatsApp, Telegram, Signal, Messenger, Twitter, Instagram, LinkedIn, IRC (IRC is really interesting!), Slack and Discord DMs. Texts app runs on macOS, Windows and Linux. Texts for iOS is under development and Android is on the roadmap.

I’m not sure how they’re doing Signal and WhatsApp still with the E2EE intact. They mention an in-house Texts Platform SDK for the integration, but unless they are independently audited, or their code is open, we can only take their word for the full E2EE. Their privacy policy does state, however: “The App also preserves end-to-end encryption of your messages if supported by your Messaging Service”. Maybe WhatsApp and Signal don’t support this? I do think that Beeper was a lot more forthcoming about exactly how they manage each service. They also say your messages don’t touch their servers – that implies everything is in the client app i.e., a 3rd party WhatsApp inside the Texts app. But it also means no iMessage at all then for Android or non-macOS platforms.

Whilst we have no real approved global open messaging standard (no, not SMS as no encryption at all), and whilst the likes of Tim Cook insist on their own walled garden for iMessage (they could have just included Android iMessage apps) we’re going to have lots of disconnected messaging services. So, it is still good to see more options like this appearing, as clearly users do want to integrate their messaging more. The fact is the whole world is just not going to be on one messaging service.

See https://techcrunch.com/2023/10/24/wordpress-com-owner-buys-all-in-one-messaging-app-texts-com-for-50m/
#Blog, #interoperability, #messaging, #technology

danie10@squeet.me

WhatsApp will likely set the global standard for messaging interoperability: This is Why and possibly What

Blue Signal circle logo on the left, with green WhatsApp logo with telehone handset in middle, and on the right is the blue Telegram logo with a white paper aeroplane depicted in the logo
The world already has quite a few good open-source, E2EE and secure messaging protocols like XMPP, Signal, MTProto, Wickr, Wire, and more. But none have ended up dominating across messaging apps. Also, there is no defined W3C open standard for messaging, like there is ActivityPub for social networking interoperability.

We now have the situation (a good one actually) that the EU is forcing WhatsApp to interoperate with other messaging platforms. That means WhatsApp must offer interconnectivity using some protocol. But that protocol was not defined by the EU, and there is no open standard recommended by a standards body yet (seems W3C is still busy developing its recommendation for WebRTC as a messaging API [which Facebook Messenger and Google Hangouts use] but that was not really created for this type of purpose, as I gather it was more intended for web applications).

In summary on the ‘Why’, WhatsApp can’t be expected to create a separate protocol API for every messenger out there, so they must choose one that others can also adopt and use. In the absence of an international standard, WhatsApp must make a choice, and because WhatsApp is by far the biggest messaging platform on this planet, what they decide to use will be adopted by many other messaging platforms as either their primary or secondary protocol as well. That in turn (should) allows them to interoperate with each other too, thereby effectively creating a common messaging standard through popular usage.

So, ‘What’ could WhatsApp decide on? Well, I’m speculating that as they already built WhatsApp using the modified Signal protocol, that it would make the most sense for them to actually adopt that. The API they expose would just have to be a standard Signal protocol. The Signal protocol would likely mean the least effort for WhatsApp, and it is very well established as a secure E2EE messaging protocol already.

Of course, WhatsApp may also take the low road approach out of spite, and just for compliance purposes, adopt something that uses plain open text like SMS, and limit it to the EU region only.

Neither iMessage nor RCS really qualify for use as they are both limited to separate OS ecosystems. Although an approach taken like Beeper did, with transparently using Matrix rooms and bridges could work, I don’t think WhatsApp will follow that approach as it is more complex than just exposing a standard messaging API, for others to do the work on connecting to. There is nothing wrong with XMPP and the other protocols, but I’m still thinking WhatsApp will stick to what they are more familiar with, and has the least effort involved.

If Apple had adopted RCS, then it may have been a different story, as RCS may have then made sense as it is designed for secure E2EE instant messaging with presence indication, etc. Or if Apple had opened iMessage up to Android, but now I’m just dreaming…

I am eager to witness WhatsApp’s next move, as it will usher in a new age of cross-platform communication for everyone. Currently, most ‘open’ messaging platforms remain isolated, because they have not gained widespread adoption by other parties, despite being open. WhatsApp has an opportunity to change that, thanks to the European Union.
#Blog, #interoperability, #messaging, #technology, #whatsapp

bliter@diaspora-fr.org

#OliverAnthony with #JordanPeterson: #Art, #Commerce, and the #Religious | EP 382

top

Dr. Jordan B. Peterson and breakout #musician Chris Lunsford, better known by his stage name Oliver Anthony, #discuss the balance between #vision and efficiency in #artistic and commercial endeavors, why Chris’ hit song “Rich Men North of Richmond,” has resonated so broadly and so quickly, the way honest #expression through #music can combat #demoralization, how #politics have become confused with the sacred, and what we can do to restore each to their proper order.

Oliver Anthony, real name Christopher Anthony Lunsford, is an #American #country/ #folk musician from #Farmville, #Virginia. He just recently went #viral for his #anthem #song, “Rich Men North of Richmond” – which has resonated across the country for its #messaging about #Washington D.C. and the #state of #poverty and #mental #health in the #broader U.S.. Chris has stated his politics as being right down or near the center, though already tribalism has attempted to take hold of or alternatively reduce/dismiss him, all the while “Rich Men” has amassed nearly 60 million views on YT in just over a month, and trended the billboard charts (Hitting number one more than once) since its release. Chris named his YT channel Oliver Anthony Music after his grandfather, whom he has described as a “real 1930’s Appalachian man.” Since his song's virality, he has already been offered – and turned down – an 8 million dollar recording contract, and is making waves as a truly authentic artist both in performance and practice.

https://www.youtube.com/watch?v=UEWH2hnmfzc

tom_s@friendica.ambag.es

The U.K. Government Is Very Close To Eroding Encryption Worldwide

The #U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the #privacy of people around the world. The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British #government the ability to force #backdoors into #messaging services, which will destroy #end-to-end encryption. No amendments have been accepted that would mitigate the bill’s most dangerous elements.

https://www.eff.org/deeplinks/2023/07/uk-government-very-close-eroding-encryption-worldwide

danie10@squeet.me

Google throws its weight behind yet another messaging standard: This time though it is the IETF’s MLS standard

Green patterned background with words "Google Chat" repeated over and over again
Yes I know, the words Google, Messaging and Standards, all diverge in different directions and visions, and which often overlap. I have no clue what Google’s own current latest messaging app is even called.

Google has announced its support though for the RFC 9420 specifications of the Internet Engineering Task Force’s (IETF) new Messaging Layer Security (MLS) standard. According to Google, the latest specification allows for interoperability across messaging services (WhatsApp, Messenger, Google Messages, etc.) and operating systems at scale. The company also promises to make its implementation open source, and available to app developers through the Android code base.

If lawmakers and market regulators get behind the standard as well, Google is confident MLS can become the de-facto protocol across apps, thereby ensuring every app developer isn’t busy maintaining proprietary end-to-end encryption (E2EE) protocols.

So, despite Google’s involvement, the world does very much need an interoperable E2EE protocol as we are just seeing more and more islands of apps that don’t talk to each other at all. I know I sound like a stuck record about e-mail standards, but imagine if Gmail users could only send e-mail to other Gmail users?

The ideal world would be much like e-mail (but more modern) in that you choose any provide or app, and are able to communicate securely to other users who have chosen their own provider and app to use. An example could be like the Fediverse, which is based on the W3C’s open standard ActivityPub social networking protocol. You could be on the Mastodon network using one of its many apps, and I could be on say Pixelfed network using one of its apps. We can still follow each other, comment, and reply to posts etc as there is a common open protocol connecting us.

Watching what is happening with Twitter, Reddit, and others, the need is becoming ever more urgent to have established common protocols that even Apple complies with. Otherwise, we are going to face an ever-increasing fragmentation of instant messaging systems. It’s not in our interests to have a single messenger only that everyone has to use. We need to have choices and options, but be able to interconnect securely.

Let me leave you with a sobering thought… imagine if decades old e-mail were to be replaced with something updated, and with all the power players on the market we’d end up with Meta’s version of e-mail, Apple’s version, Google’s version, and more, and company X won’t just be able to send an e-mail to company Y any more.

We need standards bodies to move faster with establishing standards, and for them to be flexible enough to evolve with newer improvements. We can’t leave this up to Big Tech to do. I’m so tempted now to mention Microsoft’s OOXML “standard” but I’m biting my tongue very hard.

See https://www.androidpolice.com/google-backs-mls-standard-e2ee-everywhere/
#Blog, #messaging, #MLS, #openstandards, #technology

danie10@squeet.me

Databag is an open-source self-hosted messaging service with Android and iOS client apps

Databag screenshot
You host your own service, which can also federate with other Databag nodes. It is Public-Private key based identity (not bound to any blockchain or hosting domain) and End-to-End encrypted (the hosting admin cannot view sealed topics, default unsealed).

This is not a service for finding friends in your contact list. You, or your organisation, hosts the service, and has completely private and secure chatting amongst yourselves.

Another use-case may be if you are visiting a foreign country which blocks many public messenger services. This app would connect back to your private server, which is very unlikely to have been blocked.

See https://github.com/balzack/databag
#Blog, #messaging, #opensource, #privacy, #selfhosted, #technology

beaubobobonobo@diaspora.psyco.fr

A group of #Swiss researchers have published an impressive #securityanalysis of #Threema.

"We provide an extensive #cryptographic analysis of Threema , a Swiss-based #encrypted #messaging application with more than 10 million users and 7000 corporate customers. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols. [...]"
#cybersecurite #Ibexprotocol
https://securityboulevard.com/2023/01/security-analysis-of-threema/