Hacker News new | ask | show | jobs
by JoeNr76 1452 days ago
The only questionable part is end-to-end encryption. I don't see how you can make your messaging apps interoperable and have E2E encryption.

Most of the other things: mostly good. Apple and Google need to be taken down a peg or 10.
4 comments
arlort 1452 days ago
You can't, not in a perfectly verifiable way

At some point app A needs to know how to decrypt messages received on app B and/or vice-versa

Nicely designed apps will do so on your device, shady apps will do so on servers, as a consumer you'll have to decide which companies behave and design their apps in a way that is satisfactory to you

But you have to do that to use any app in the first place. If you're using a messaging app it means you trust its developers and how much data they collect and how they handle it. Adding a "how do they handle interoperation" checkbox does not significantly change that calculus imo

(as to how E2E can work with interoperability, with an open API app A will just ping app B's servers in addition to its own and will have its own E2E key as well as B's key. Groups could be more complicated but group encryption is a pretty hard problem anyway and you might just give up and warn your users that cross-platform groups won't be E2EE)

link
ece 1451 days ago
If an app is decrypting on a server instead of your device, it's not E2EE period. It's false advertising to call it E2EE. People can have bridges and such, but you know if you're controlling it or not, or it can just be local.
link
arlort 1451 days ago
Hence the "shady" part
link
dane-pgp 1452 days ago
A simplistic way of achieving this is that you have to download an app called something like "Signal support for iMessage" which is basically a headless version of the Signal app, which makes a local connection to the iMessage app.

Apple would just need to publish an API for connecting to iMessage like that, and Signal would potentially need to allow users to add friends via their iMessage ID rather than their phone number.

link
8note 1452 days ago
For e2e encryption, the end user is the one who is in charge of the keys, no?

If it works today, it should work tomorrow, the only question is how to publish public keys cross-platforn

link
hrnnnnnn 1452 days ago
Couldn't you have the clients send each other their public keys as the first step in the conversation?
link