[bogwog]

> I don't really see how it's possible to mitigate client compromise

Easy: pass laws requiring chat providers to implement interoperability standards so that users can bring their own trusted clients. You're still at risk if your recipient is using a compromised client, but that's a problem that you have the power to solve, and it's much easier to convince someone to switch a secure client if they don't have to worry about losing their contacts.

[xvector]

You seem to think the government wants your messages to be private and would "pass laws" to this effect.

Methinks you put far too much faith in the government, at least from my understanding of the history of cybersecurity :)

[Revolution1120]

Information should certainly be kept confidential, but Chat Control is also necessary.Furthermore, the former is merely rigid laws and regulations, while the latter is used to prevent the Satanists, which is capable of committing all kinds of evil.

[palata]

> Easy: pass laws requiring chat providers to implement interoperability standards so that users can bring their own trusted clients.

In Europe that's called the Digital Markets Act.

[digiown]

That's not permissionless afaik. "Users" can't really do it. It's frustrating that all these legislations appear to view it as a business problem rather than a private individual's right to communicate securely.

[palata]

Right, I get what you mean.

But in a way, I feel like sometimes it makes sense to not completely open everything. Say a messaging app, it makes sense to not just make it free for all. As a company, if I let you interoperate with my servers that I pay and maintain, I guess it makes sense that I may want to check who you are before. I think?

[digiown]

We probably can't make it free for all, but for something like a messaging app, we also need to recognize that it isn't optional to function in society. It should be regulated more like a utility:

- Facebook can still control the identity, but there needs to be a legal recourse for getting banned, and their policies can't discriminate against viewpoints, for example

- The client specs should be open so that an alternate client can be implemented (sort of like how Telegram is currently)

[tptacek]

Telegram isn't E2EE by default in the first place (and isn't E2EE for group messages at all).

[digiown]

I meant the platform openness aspect, that you are allowed to use alternate clients, but the identity is centralized E2EE is largely independent of this choice.

[palata]

> but there needs to be a legal recourse for getting banned

Agreed.

> The client specs should be open so that an alternate client can be implemented

An example that comes to mind is Signal, where they don't want that. They get a lot of criticism for it of course, but I think it the reasoning actually makes sense: in terms of security, allowing third-party clients is a security risk. If your threat model is "people who risk their life using it", it makes sense, right?

Under the EU's Digital Markets Act, WhatsApp is considered a gatekeeper (Signal is not) and has to be open to interoperability. It seems like they do audit the implementations in order to make sure that the security is not too bad. Which makes sense again, but has a cost. For Meta, that's fine. For Signal... I don't know.

Also WhatsApp will - if I understand correctly - make it very clear that you are talking to someone on a third-party client (and again they get a lot of criticism for that). But I think it makes sense... If WhatsApp was so open that every second client was pretty much a spyware, that would defeat the purpose of E2EE messaging.

Not that I strongly disagree, but just saying that it seems... complicated.

[digiown]

I was intending that the alternate client should exist to function as an escape hatch. I fully expect most people will still use the default one, just like how people used the official reddit/telegram client when third party ones were available. The existence of an alternative constrains how much Facebook can enshittify the experience.

E2EE is about secure transport between the endpoints. What happens to the message after the endpoint is not something an app can feasibly enforce. Having control of the clients can at most do things like enforcing deletes, which IMO is not a good idea anyway.

> every second client was pretty much a spyware

Very few people will actually use one since the official app won't be outwardly too hostile, and those who do should be sufficiently discerning.