“Signal to Enable Interoperability Between WhatsApp and Messenger for DMA Compliance”

Meta today is offering more details about how it plans to make its messaging apps, WhatsApp and Messenger, interoperable with third-party messaging services, as required by the new EU law, the Digital Markets Act (DMA). In addition, Meta now says it will ask third parties to use the Signal protocol, though it may make exceptions to this in the future. Meta’s messaging clients will download the encrypted media from the third-party messaging servers using a Meta proxy device, it notes. But that solution will require third parties to agree to additional protections to keep Meta’s users safe from spam and scams. In addition, Meta says that third-party providers will need to sign an agreement with Meta or WhatsApp before it will enable interoperability.

Meta Inc. has released further information about its plans to comply with the new EU law, the Digital Markets Act (DMA), which requires messaging apps like WhatsApp and Messenger to be interoperable with third-party services. In an effort to combat spam and scams, engaging with third-party chats on these apps will be optional for users. Previously, Meta had mentioned that third parties would have to sign an agreement but had not revealed the specific details it would include. However, today, Meta made clear that it will require third parties to use the Signal protocol, with a few exceptions that must meet the same security standards.

The company emphasizes the advantages of Signal, which is already utilized by WhatsApp and Messenger for encryption. While Messenger is gradually implementing end-to-end encryption (E2EE) as the default, WhatsApp has been using it since 2016. Meta views Signal as the “current gold standard” for E2EE chats and expresses a preference for third parties to also utilize this protocol.

To explain how this encryption will work, Meta provides the technical details of the process. Third parties would use Signal to encrypt message protobufs (Protocol Buffers), which is a series of key-value pairs, and then package them into message stanzas (a push mechanism) using XML. Meta’s servers would then push these messages to connected clients via a persistent connection.

Additionally, the responsibility of hosting any image or video files sent by client apps will fall on the third parties when connected with Meta. Meta’s messaging clients will obtain the encrypted media from the third-party messaging servers through a Meta proxy device.

These details are crucial for Meta’s messaging app users, especially those of WhatsApp who have been using E2EE as the default for years, as they want assurance that their conversations will remain secure despite the changes brought by the DMA.

However, Meta does hedge its statement by acknowledging that while it has developed a secure solution using Signal to safeguard messages in transit, it cannot guarantee what a third-party provider will do with the sent or received messages. This suggests that Meta may use the argument that third-party messaging interoperability may be less secure as a means of keeping its users engaged only with Meta’s messaging services.

The company’s blog post also reveals that this solution builds on Meta’s existing client/server architecture and is the best option, as it lowers obstacles for new participants. However, this also places Meta as the one dictating the rules and determining how interoperability will work. Meta states that this method will improve reliability due to its infrastructure already handling over 100 billion messages daily. Nevertheless, the company acknowledges that a different approach that eliminates the requirement for third parties to implement WhatsApp’s client-to-server protocol by adding a proxy between their client and the WhatsApp server is possible. However, this solution would require third parties to agree to additional safeguards to ensure Meta’s users are protected from spam and scams.

Moreover, Meta points out that third-party providers must sign an agreement with the company or WhatsApp before interoperability can be enabled. WhatsApp’s Reference Offer for third-party providers is being published today, and the Reference Offer for Messenger will be released soon.

Avatar photo
Zara Khan

Zara Khan is a seasoned investigative journalist with a focus on social justice issues. She has won numerous awards for her groundbreaking reporting and has a reputation for fearlessly exposing wrongdoing.

Articles: 806

Leave a Reply

Your email address will not be published. Required fields are marked *