|
| ▲ | palata 5 hours ago | parent | next [-] |
| The only thing that matter is whether you trust the app or not. - If it is proprietary, you just have to blindly trust it (as is the case with WhatsApp currently: they say it is end-to-end encrypted, but you can't verify). - If it is open source, then some people will want to understand how it works before they trust it. Other will either blindly trust (like for proprietary software) or trust that persons they trust understood how it works and were convinced. > You might as well ask, how does $browser work with HTTPS? Well, exactly. I am interested in how the WhatsApp interop works just as I am interested in how HTTPS works. |
|
| ▲ | odo1242 4 hours ago | parent | prev | next [-] |
| Well, yes. But one could think of a world in which WhatsApp has its own internal protocol and to bolt on third-party support they just decide to represent third party clients as “virtual clients” on the server side, which would be the easiest way to make it work while not having E2EE support. Especially since the feature only exists for legal compliance purposes. (This is not the case, apparently.) |
|
| ▲ | skippyboxedhero 7 hours ago | parent | prev | next [-] |
| I think the suspicion is based on this app being offered in a region whose government is hostile to privacy and this implementation being connected with the strong nativist bent in Europe. The "spec" is not relevant in any way because we have no idea what else is going on. Why was it relevant that these operators must specifically be in the EU? Everyone is just complying with the global spec...but the app provider must be in Europe...okay. |
| |
| ▲ | jeroenhd an hour ago | parent | next [-] | | > Why was it relevant that these operators must specifically be in the EU The integration is only possible because the EU forced Meta's hand. The law only applies to massive digital empires with gatekeeper levels of control. I don't think the EU would mind at all if Meta would permit American companies to interoperate with them. Meta won't just permit it, they have to protect their WhatsApp Business money machine of course. That's also why the feature is only available to EU numbers. Not because BirdyChat hates Australians, but because WhatsApp won't permit them to send messages to numbers from those countries. | |
| ▲ | oblio 6 hours ago | parent | prev [-] | | > region whose government is hostile to privacy Which government? | | |
|
|
| ▲ | Trufa 7 hours ago | parent | prev | next [-] |
| That's not what OP is asking, he's asking how do you have two separate e2e encrypted apps that can interact. |
| |
| ▲ | odo1242 4 hours ago | parent [-] | | Yep. And apparently the answer is they both use the Signal Protocol. |
|
|
| ▲ | TZubiri 7 hours ago | parent | prev [-] |
| I can confirm that you don't know. I can count 3 mistakes here: 1- The client isn't the only thing that matters (There's servers) 2- The client doesn't follow a spec in WhatsApp, there is no spec as it's a private non-interoperable system. 3- Browsers and HTTPS work with an entirely different encryption model, TLS is asymmetric, certificate based and domain based. TLS may be used in Whatsapp to some extent, but it's not the main encryption tool. |
