[makomk]

Probably not, but the hilarious thing is that a year or so after attacking Telegram for that, the developers of Signal took a substantial chunk of cash from Google to promote Allo as using Signal Protocol and end to end encryption, even though it's disabled by default so Google can mine your chat history for ad targeting (and enabling it has the inconvenient side effect of disabling your own local chat history).

Basically, it's about the cash. Signal's business model is to convince everyone that their protocol is the only secure one and charge everyone to licence it. If that means promoting non-E2E services that store and mine chat history, that's fine so long as they pay up.

[geofft]

> charge everyone to licence it

What?

The protocol is publicly described. They've blogged about it. I can imagine people being able to reconstruct it from memory.

The first Google result for "signal protocol license" is https://whispersystems.org/blog/license-update/ , clarifying that it's under GPLv3 (i.e., patent grant) with an exception for the App Store. Has anyone paid money to license the protocol? Has Signal asked for money? Is it even possible to give them money for the protocol?

[bad_user]

GPLv3 is cool as open source goes, but is pretty restrictive. Basically you can't link to it and distribute your app without it being open source. A company like Google can probably not use it.

[geofft]

What I meant with GPLv3 is "and they are even willing to grant any patent rights to the general public". I don't know if they hold patents on it, but if they either don't, or are willing to license them freely, then you can implement the protocol from the public documentation of it.

[bad_user]

That's not true. The patents grant in GPLv3 or other licenses (like APL) only holds if you're actually using that project in your work. So either you fork the GPLv3 project, and comply with a compatible license, or you don't have a patents grant.

This is basically why Google could be sued by Oracle, because Dalvik and their class library based on Apache Harmony were not a fork of OpenJDK.

Of course I cannot speak for Signal's protocol. Maybe it has no traps. I'm just commenting on that license. It's a strong license that makes some demands: good fit open source but bad for Google.

[geofft]

Sorry, I am being unclear. I don't mean that GPLv3 gives you a patent grant for all implementations, yes. I mean that the willingness to license code under GPLv3 means that there's an upper bound on how much Open Whisper Systems cares about licensing the protocol for money.

Which brings me back to the original question—why do we think that OWS's pushing of Signal Protocol is about money? Yes, I expect that for Allo they got paid by Google to write and maintain some code. But I don't think that their general claim "Signal Protocol is good crypto for everyone solving this problem" is motivated by money, because so many people solving this problem could use the GPLv3 version.

[kuschku]

> Has anyone paid money to license the protocol?

As Allo is not GPLv3, they obviously got it under another license.

[geofft]

Is Allo using the same code, or a different implementation?

(And it's not so obvious to me. The thing I linked is licensed under GPLv3 + MPL if used on the App Store. You can totally ship an Android app that runs a separate GPLv3 subprocess, and an iOS app that uses it under the terms of the MPL. The GPLv3-subprocess thing is what JuiceSSH does for running Mosh.)