82 comments

[ 3.0 ms ] story [ 150 ms ] thread
Can't wait for this to land on the iPad. I despise WhatsApp with a passion but it's an undeniable reality in large parts of the world, including here in India, so I might as well use it where I find convenient.
They only have to make it work as good as the Signal iPad app.
doesn't seem to be a difficult challenge for facebook.
If only signal put the same functionality into Android tablets
Why only tablets? Why not all devices?

For example, I'd like to be able to use Signal on both my main phone and my second phone using the main phone number.

I don't exclude what you want. I want what iPads without SIM have.

Second SIM bound to same identity isn't the same as non SIM adjunct device support.

Exactly. I don't even want that Signal knows about the second SIM, I want to be able to use it in another device, regardless if it has own SIM or not.
Why do you despise it so much?

I use both WhatsApp and telegram and to be honest in daily use they might as well be the same app.

Other than the fact that it's owned by Facebook, I don't see any issues.

Telegram has better tools for larger chats (bots, moderation etc).

For 1-1 or smaller chats they're mostly interchangeable except for Telegram's better support for multiple devices.

It would be great if WhatsApp group chats would allow a participant to mute another participant. I want to hide the antivax messages posted by a crazy parent in my kid's school group.
Does Telegram have proper E2E encryption for chats by default?
no and it is not even available for multi-device and group chat
It makes sense because you shouldn't want messaging app's backend to transfer your device specific private encryption key across all your registered devices.
Nope, but I come from an IRC background so having unencrypted chats is perfectly normal. YMMV.

I've been chatting in unencrypted channels since the mid 90's so I don't exactly see E2EE as a hard requirement.

I'll switch my family chat to Signal or whatever as soon as I can add my home automation bot in there without some weird hacks or custom clients. The current implementation is a glorified Curl call for Discord and maybe 20 lines of Python for Telegram.

Not on by default for 1 to 1 chat but it (Secret Chat) is optional, drawback is that the end-to-end encrypted conversation stays only on the devices initially it was initiated, because the encryption keys stay only on those 2 devices.

For Telegram Group Chat - it is not end-to-end encrypted, Telegram uses distributed infrastructure approach to protected data not covered by End-to-End encryption. I wouldn't consider WhatsApp's Group Chat end-to-end encrypted.

(comment deleted)
> Other than the fact that it's owned by Facebook, I don't see any issues.

That's a pretty big issue for me - whilst the original team were in place, I had a degree of trust for them, but since their departure (and the stories as to why), I trust it less and less.

Unfortunately, for me and everyone I know - it's either iMessage or Whatsapp (depending on your choice of phone).

> the fact that it's owned by Facebook

It's a pretty big issue, y'know.

The last time I used it they made it pretty difficult to use without giving them access to my address book, which made it a nonstarter. It's one thing for me to decide to give up my own privacy, another thing to fork over the data of everyone I ever met.
Telegram is miles ahead of WhatsApp. They are basically copying functions from it, but in a lazy way. Apart from being owned by one of the worst corporations created in human civilization, WA is a really annoying piece of software, inflexible and generally worse than Telegram, which is a joy to use.
I'm already able to use it on the iPad.

Just went to web.whatsapp.com and made it a home screen shortcut in Safari.

Does it give you notifications?
Proper webapps give notifications.
I tried it, but had to opt out again.

4 devices is not enough, and it changes the end to end key for every device change so now i have to meet up and sync that again.

What is the threat model that checking keys in person solve? I suppose something like a nation state attacker performing MITM at the point when the keys are exchanged. But it does not protect against WhatsApp, right?
There's one thing that I don't understand about checking keys in person. Since it's closed source, how do we know that WhatsApp is actually doing what they say they do?

You have to trust them that "if the keys are the same in-person, then you're safe". But it's completely up to their implementation which we have no clue of.

You're right. Although if you use any modern smartphone at all this is true for every single software you are running. Apple's store or Play store might be MITM'ing every single app on your phone and you would never know.
Sure, you have to have some trust. Even if you had access to the source, you wouldn’t know that the OS on the phone does what it claims. Then even if you audit and compile the OS from scratch, you also need to audit and compile from scratch the compiler. This is a long process, because you need to bootstrap the compiler compiling somehow. After all that work, you still can’t be sure. Because you also need to build your own semiconductors. You don’t really know that your CPU is doing what it claims, or that there isn’t a secret radio chip embedded into your RAM.

You need to trust a lot of people to have any sanity. Adding WhatsApp on top of a pile of hundreds of companies isn’t that extreme.

Yes, i agree with you. Which is why I personally never bother checking the codes in person because I just trust WhatsApp
Because at the end of the day it is based on phone numbers you have to check those keys even if all of the software is secure, because people only rent phone numbers and they are even awkwardly easy to steal by sweet talking the carrier into letting you do a number port.
SIM clone, mostly. SS7 security is not so much lacking, as missing.
Another limitation is that you can't pin chats on desktop/web.
this is possible (use daily, verified again right now).

There's a drop-down menu underneath the last-message received timestamp in the list of chats.

It's not possible in the beta app
This is still pretty pointless if you need your phone to log in. If your phone is lost then you still can't get to your messages unless you logged in previously.
It's still the very least to even consider WhatsApp a useable aim app in 2021
It’s a good improvement over the old situation for day-to-day usage, though.
It seems new devices are only able to access history up to three months before the first access. I'd probably give up e2e for a cloud/desktop searchable chat history. Love that I can easily lookup old chats in google talk/hangouts from the gmail webapp. Saved me plenty of times I needed some important information without any backup except vaguely remembering talking about it in chat with my partner.
Element gives you infinite desktop searchable chat history for e2ee chats
it would be great if you could choose an IM platform for its features, unfortunately you have to stick with what your contacts use
Matrix does have great bridging support so it is maybe the way out. With 2 bridges I've reduced myself to 2 chat apps (Matrix + the occasional SMS) which I am very happy with.

It obviously isn't the final solution, but gives me a consistent interface across networks while I slowly grow my Matrix-native network.

Did you experience any quirks or problems using the bridges for WhatsApp? Are you running a matrix bridge instance on a personal cloud instance?
I'm not using a WhatsApp bridge so I can't comment on that bridge specifically. Few of my contacts are on that so I was able to drop it.

I am self-hosting a Facebook bridge and Hangouts/Google Chat bridge amd using a hosted Telegram bridge.

> If you don’t use your phone for over 14 days, your linked devices will become disconnected.

I hope this is just for beta (and I assume they mean use WhatsApp on the phone) because otherwise it's just seems like a gotcha.

[Edit] Also this is one of those hateful sites which offers "manage your cookies" and all you get is how to clear cookies in the browser. That's not the idea.

That's why I recommend [Cookie Autodelete](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete) + [I don't care about cookies](https://www.i-dont-care-about-cookies.eu/). It auto-accepts all cookie notices and then deletes them when I close the tab (or after a few seconds/minutes), with the option to add exceptions to sites where you actually need cookies.
Ah, that's a neat solution. But I was on Android at the time, so a bit more tricky. Also building s whitelist would be essential. Thinks ... maybe I could mine my bookmarks ...
Still no tablets. Why is that?
It works just fine on tablets, just get the apk through Aurora, apkmirror, or something similar.
You can sideload the apk and activate it using another phone with a valid sim card. Even if it is a feature phone.
Multi device or not it’s still impossible to have a shared / imported history between iOS and Android, it’s impossible to export chat history, etc.

Sure some people don’t find their chat history valuable. I do though and so do many others, it contains valuable information and memories. Is it the end of the world if it disappears? No, but it still sucks.

One day we will have a popular open protocol and client for instant messaging. One day…

That last sentiment would be very nice indeed, but I fear this is what we'll get instead:

https://xkcd.com/927/

XKCD should make a comic about pre-emptively 927'ing any suggestion to improve something.
It doesn't mean don't bother improving something, just don't expect everyone to switch to it.
Having hardly anyone switch to a new standard when there are existing ones could actually be considered a good thing. The problem comes when the new standard is promoted, inevitably fails to become dominant and ends up making the problem worse.

Note that sometimes new standards are promoted specifically to destroy an existing open standard. The trick is to push hard for the new standard until it gets sort of popular and then back off. Adjust as required to keep things balanced.

Closed IM protocols aren’t standards so this doesn’t really apply. There’s only three realistic “standards” in instant messaging: irc, xmpp and matrix. IRC is essentially dead, xmpp is on its last leg and mostly irrelevant, and matrix is very promising just not popular enough yet.
> xmpp is on its last leg

Why? Unlike Matrix it's actually an Internet Standard.

It's had about 20 years to hit the bigtime, I think we can safely say it's not going to happen.
So what is the bigtime open messaging standard?
there isn't any.

But if I would have to bet on a standard which could become it right now, then it would be Matrix.

It convinces when it comes to adoption, concept, features and growth.

A mere protocol will never "hit the bigtime" without some compelling (non-protocol) reason. It's unfortunate that businesses choose to build silos time and time again, but that's where we are - it's not an issue that can be solved at the protocol level.

Should this be fixed (e.g. through regulation), XMPP is absolutely a sound choice - given, as you say, its 20 years of experience, evolution and deployment track record.

honestly, given the current adoption, growth and state of the ecosystem, I don't think it is.

In theory, you could achieve with it what Matrix achieves, but it would probably be more feasible to start from scratch - like Matrix did

That said, I see how it currently has advantages when it comes to resource consumption as well as internal deployment to centralized services.

XMPP is widely deployed and it's the backbone of WhatsApp, you don't see a lot of servers that openly federate XMPP because there's little business incentive to do so.
Xmpp can continue being a server side protocol all you want, it doesn’t make it a user facing protocol. So in terms of federated or at least cross compatible IM clients it’s irrelevant.
Doesn't Apple implement XMPP for iMessage as well?
> it’s impossible to export chat history

There has been a "Chat export" option for years. I even exported a chat of mine and ran it through some sentiment analysis for fun.

> shared / imported history between iOS and Android

Yeah this is perplexing. Android to android it works fine. The moment you throw Ios into the mix it gets complicated.

My understanding is that WhatsApp uses a different database between android and iOS and I guess they never figured out a good UX for converting between them. It’s shockingly ridiculous for something owned by Facebook.
Just another day in the walled garden.
> There has been a "Chat export" option for years. I even exported a chat of mine and ran it through some sentiment analysis for fun.

You've to do it manually for every chat, and it lacks all media. From the context of preserving your chat history, it's just marginally better than having nothing.

> There has been a "Chat export" option for years.

Except where they disable it, like in Germany (but haven't followed up on that story if it was resolved)

edit: seems to no longer be the case, time to run some backups!

We have (had?) IRC, it was basic but compared to the era it thrived in it was way better than what we have today, compared to what's possible today.
I don't know much about IRC, but isn't it about group chats, as opposed to instant messaging? Sure, it might be possible to have instant messages, but is that possible over server boundaries?
I recently did this (Edit: import) via sqlite for somebody, the iOS->Android direction, but with knowledge about both databases schema you can go both ways. Whatsapp also has the I->A route in beta for some time too?

There are some preconditions, it's not the easiest, but "no 3rd party" required so to speak

> One day we will have a popular open protocol and client for instant messaging. One day…

We have. It's called Matrix.

This is a very welcome feature. However I don't get why they did not do this from the start? They kept crying "It is absolutely impossible because Whatsapp is E2E." And now they just go ahead and implemented it? Either they were lying then, or they are lying now.
I honestly don't understand why anyone cares about this so much: how often usb your phone out of batteries and without Internet but you have another device with both Internet and power? I have already been using WhatsApp without issue from my desktop using their downloadable apps for years.

The current architecture is great: I have a single source of trust holding my encryption keys and a single place where I know all of my chats are being archived so I in turn have a single place I can backup and know I have a fully consistent history.

You know what I do want? I just want them to make their desktop app work on iPads and iPhones, so I can use my other phone or--and this seems like it should be "big" for a lot of people (and even sounds like the actual use case at least one person in this thread is excited about)--a tablet to access my account and full chat history.

This doesn't require any changes to their architecture, nor does it require them to do any complex encryption shenanigans they didn't already figure out; it doesn't break the "single source of truth" maxim that WhatsApp currently is best-of-breed at, and particularly for tablets it should be easy as AFAIK their desktop app is just an Electron app anyway: it couldn't take more than a week to port it!

And once you get the desktop app running on other phones, I claim you have solved at least 90% of the actual use cases people have had for "multi-device" for years.

The only case it doesn't handle, again, is the case where my phone is out of either battery or Internet and yet I have another device that has both... which is so rare in the lives of most of the people I know as to call into question the importance of waiting years to satisfy the 90% case of "I just want to use my iPad or my other phone to access my account while my normal phone is downstairs or at home or in my pocket... with Internet and power".

And OK: I know someone is going to now whine "well I had that situation come up once" or even "that happens to me all the time", but I want you to really sit back and think how often that happens, how likely it was, how common it is, and how avoidable it could be... I claim you would have to admit it is actually at best kind of a "you thing" that you have somehow have Internet access and power that you can't share with your phone.

As remember, and it sucks that I feel a need to underscore this: the current WhatsApp desktop experience doesn't require you to ever touch your phone. I am not claiming "just use your phone": I am saying that if the desktop "remote access to your account" app were running on your iPad and your other phones, it would almost certainly cover almost every use case you have...

...and that WhatsApp could have easily done that years ago, but for some reason they chose not to, which makes absolutely no sense to me as it is clearly trivial to do (and in fact people have built third party apps from scratch to do it over the same protocol with tiny teams of probably one person, and yet WhatsApp so far had not).

And if you haven't tried the desktop experience of WhatsApp: do it! It is actually really awesome. I am certainly not claiming it is perfect, and I am sure someone is itching to tell me of the time the app spazed our and all the chats appeared in the wrong order or it refused to connect to their phone until they re-paired it... but if you honestly compare it to pretty much any other chat app's desktop experience, I think you will have to admit that it is at least as good as even the best of them, with the only limitation hat your phone technically has to be "on" somewhere (which I will again claim is a minor inconvenience as you probably want your phone to be on for a number of non-WhatsApp reasons).

The only thing about it that actually limited use cases people seem to common...

(comment deleted)
biggest bullshit in history. just let me put the same number into the app on multiple devices, what the fuck is the problem here