Does anyone know which apps support MLS? I'm cautious about this. Google used to support XMPP before moving away to their proprietary protocol. That's not to say XMPP was a good protocol (far from...
Want to message a group chat and have it securely and seamlessly appear on other people’s devices in their preferred chat apps?
Does anyone know which apps support MLS?
I'm cautious about this. Google used to support XMPP before moving away to their proprietary protocol. That's not to say XMPP was a good protocol (far from it). But it was the start of most companies moving to their own proprietary protocols resulting in the fractured messaging space we have today.
On top of this, Google is arguably part of the reason why RCS hasn’t supplanted SMS/MMS. The RCS standard itself doesn’t call for encryption at all, it’s only Google RCS that has that feature, and...
On top of this, Google is arguably part of the reason why RCS hasn’t supplanted SMS/MMS.
The RCS standard itself doesn’t call for encryption at all, it’s only Google RCS that has that feature, and up until now they’ve displayed no interest in making their encryption extension public and free to use, likely because they want to either license it or act as a central hub, effectively turning the protocol into a closed service.
I’m sure Apple has their own interests in mind too in not getting on board with RCS, but the standard being unencrypted unless Google inserts themselves I’m sure completely kills any interest they might’ve had.
Google is in fact one of the biggest proponents, especially in the early days. There's two things holding RCS back as a full replacement of SMS: Of course, Apple refusing to use it is a big one in...
Google is in fact one of the biggest proponents, especially in the early days.
There's two things holding RCS back as a full replacement of SMS:
Of course, Apple refusing to use it is a big one in the US.
And speaking of the US, a bigger reason for the lack of replacement might be.. it already happened, tbh. It's just that by and large nobody could care any less because it's been 10+ years since someone sent a text mesasge in most countries.
I just went and checked. Not a single one of my frequent contacts I would not be writing RCS messages to. But at the same time, why would I ever do that? We talk on other messengers, and have since the early days of smartphones. SMS is long replaced, just not by RCS.
It has automatic fallback to plain-text from encrypted when a legacy phone is targeted — effectively making the whole thing security theater. I very much don’t want anyone adapting such a bad...
It has automatic fallback to plain-text from encrypted when a legacy phone is targeted — effectively making the whole thing security theater.
I very much don’t want anyone adapting such a bad standard, we are better off within many different, but secure walled gardens. Especially that using more messenger apps is not a showstopper.
Isn't that part being resolved by Google signing onto this? I'd certainly like more clarity on this, but presumably whatever encryption they're using now that isn't MLS would be replaced with MLS....
On top of this, Google is arguably part of the reason why RCS hasn’t supplanted SMS/MMS.
Isn't that part being resolved by Google signing onto this?
Meaningful interoperability would require major companies to back the same standard, and MLS now seems to have one of the biggest ones on its side. Google also supports the carrier-backed end-to-end encrypted messaging system known as RCS. For a while, RCS didn’t have proper security for group chats, but Google is now releasing a version that does (which doesn’t use MLS).
I'd certainly like more clarity on this, but presumably whatever encryption they're using now that isn't MLS would be replaced with MLS. In that case, adopting this standard would potentially resolve or alleviate the issue you mentioned above about Google controlling the encryption. It would still require Apple to add in support for RCS with this MLS encryption to make it interoperable with Google, which of course they don't want to, but making everything open and not controlled by Google would in theory give less leverage to Apple in terms of refusing to support it.
My guess is that Google would consider it to be a major win if they could agree on a messaging protocol with Apple that does end-to-end encryption. And if were a European standard too, mandated by...
My guess is that Google would consider it to be a major win if they could agree on a messaging protocol with Apple that does end-to-end encryption. And if were a European standard too, mandated by law? That would be great. If they got that, encryption-hostile countries like the UK would probably have to go along with it.
Sure, interoperating with everyone else would be nice too, but like with browser standards, it's the major vendors that count.
RCS was an attempt to get telephone companies on board with something better than SMS, but national telephone companies tend not to be big on encryption (or at least, not in all countries), while Apple is.
Apple has absolutely ZERO incentive to cooperate with other messaging protocols outside of iMessage. I’ve got a kid in middle school and all the kids who started the year with androids ended the...
Apple has absolutely ZERO incentive to cooperate with other messaging protocols outside of iMessage. I’ve got a kid in middle school and all the kids who started the year with androids ended the year with iPhones so they could all be included in the blue bubbles. Apple is well aware that iMessage is a huge selling point for their phones in the US and they have little, if any, reason to even look at anyone else’s stuff.
Quick edit: I’ve actually seen it pointed out before that Apple probably prefers SMS remain the default so communicating outside of iMessage is that much more painful.
That’s strictly a US self-made problem. Other countries didn’t get unlimited SMS plans for longer, plus often had non-ASCII alphabets, making SMS utterly bad (I had to remove accents from my text...
That’s strictly a US self-made problem. Other countries didn’t get unlimited SMS plans for longer, plus often had non-ASCII alphabets, making SMS utterly bad (I had to remove accents from my text after having written it to not send two SMSs instead of one), so a (healthy) culture for internet-based messengers developed. Also, iphones were generally less accessible in poorer countries, but still today they have nowhere near the ratio as they have in the US. So while Apple is definitely not unhappy with the situation, I do think that they are not in the wrong in any way.
With that said, I don’t try to diminish your kids’ problem, it is a real problem for them largely outside of their control. But one should note that it is not universal.
One on the Main advantages iPhones held over Android is the ability to message full quality photos and videos. As RCS becomes more common on Androids (I just got it by surprise recently) that...
One on the Main advantages iPhones held over Android is the ability to message full quality photos and videos. As RCS becomes more common on Androids (I just got it by surprise recently) that advantage is going to shrink. If enough kids in a group have Androids you'll start seeing migration in that direction. Distinctly customer hostel position of not allowing wanted services like RCS might become a liability.
Which really is one of Apple's corporate traits: starting a policy for good reasons and then not letting it go when it's obsolete. Lighting chargers, firewire, one button mouse etc.
One thing I could see limiting RCS popularity is the quality of the apps… Google’s will be fine I’m sure, but phone vendors sometimes have a weird need to bundle their own apps in place of...
One thing I could see limiting RCS popularity is the quality of the apps… Google’s will be fine I’m sure, but phone vendors sometimes have a weird need to bundle their own apps in place of Google’s, the quality of which is hit or miss.
That’s not as big of a deal for something as simple as SMS/MMS, but RCS is more complex which increases likelyhood of hiccups with interoperability, apps not perfectly adhering to spec, etc. In that regard it’ll never be able to compete with iMessage, WhatsApp, FB Messenger, etc.
Androids can as well through a litany of data-based messengers (fb messenger, whatsapp, telegram, signal, matrix). iMessage is just one such thing, none of these are SMS/MMS.
Androids can as well through a litany of data-based messengers (fb messenger, whatsapp, telegram, signal, matrix). iMessage is just one such thing, none of these are SMS/MMS.
Perhaps. And I hope they do. I think the next iPhone and its implementation of USB-C will show how much (and in what way) they’re going to comply with EU rules.
Perhaps. And I hope they do. I think the next iPhone and its implementation of USB-C will show how much (and in what way) they’re going to comply with EU rules.
Does the EU have any interest in iMessage or SMS? I was under the impression this might not be something that has a lot of support in the EU because SMS isn't really a popular method of...
Does the EU have any interest in iMessage or SMS? I was under the impression this might not be something that has a lot of support in the EU because SMS isn't really a popular method of communication in most places outside the US.
What makes you say that XMPP is far from a good protocol? It's not really had as much success as I'd like in terms of federated chat (but that seems to largely not be an issue with the protocol),...
What makes you say that XMPP is far from a good protocol? It's not really had as much success as I'd like in terms of federated chat (but that seems to largely not be an issue with the protocol), but it sees a lot of use behind the scenes. I don't have too much experience with the protocol itself, but it is pretty cool how insanely extensible it is (albeit, this is a bit of a double-edged sword).
It was sort of my impression that it lacked more modern features in chat. Or maybe at least at the time. It was kinda like comparing IRC to Discord as it is now. But I just did a search and it...
It was sort of my impression that it lacked more modern features in chat. Or maybe at least at the time. It was kinda like comparing IRC to Discord as it is now. But I just did a search and it seems like it has a lot more extensibility now. At the time it seemed like sending pictures (or gifs?), voice calls, were difficult to implement with XMPP.
A decade ago I was running pidgin, where XMPP let me connect to AIM, Google Hangouts, and Facebook Messenger... it could also easily connect to IRC, which actually let you connect to Twitch chat. And you could run scripts for anything and everything... ahhhh golden days. lol.
The XMPP protocol is actually really cool for how extensible it is, but the problem is that you need client support for pretty much everything user facing. XMPP servers tend to be pretty stupid...
The XMPP protocol is actually really cool for how extensible it is, but the problem is that you need client support for pretty much everything user facing. XMPP servers tend to be pretty stupid simple, and they pretty much just pass on stanzas to clients. There's very little about chat baked into the core of XMPP, and a lot of functionality is built in extensions called XEPs...
Ultimately XMPP is actually trivial to extend to do whatever you want to do (you basically just make up your own XML tags), but you need clients to build support for whatever extension you make (which maybe complicates federation / people using a variety of clients). I wouldn't really call this a problem with the protocol, but there ARE some kind of weird social problems around XMPP that result from this. E.g., from sitting in XSF (XMPP Standards Foundations) channels it seems like a lot of implementers are kind of user hostile and scoff at certain features as unnecessary and a fad. In some cases they're probably right, but they are also features that people want and some of which are important to people's workflows... For instance, there was a lot of scoffing at emoji reactions, but I find it's really useful to be able to just give a message a thumbs up, especially in a work environment (fwiw, there's some support now https://xmpp.org/extensions/xep-0444.html / https://dino.im/blog/2023/02/dino-0.4-release/ but it's not supported by every client, so you can't trust that people will receive them).
The other big problem with XMPP in the sense of being a federated chat platform is just that the client situation is a bit of a mess... It'd be really REALLY nice if there was a good client that supported a good amount of extensions and it was available on every platform, but as it stands every platform has a completely separate client. Most clients are pretty good (I really like dino, and conversations is amazing on Android)... But the situation can be a little more grim on iOS (siskin is quite good, but there's still some issues with encrypted push notifications for my use case). It's getting a lot better, and the snikket project seems to have the goal of addressing a lot of these concerns by providing a fairly consistent experience everywhere and good support for the XEPs people want.
So, yeah, I'm far from an expert, but my impression is that for the most part the XMPP protocol is actually quite good, and that it works really well for basic chat these days. The fact that the protocol is so extensible means you can have some compatibility issues where certain clients don't support certain things, but I think that's actually an advantage of the protocol. That's not to say it doesn't cause problems, and I think the XSF needs to do a better job of nailing down a collection of XEPs that are actually important for a good core chat experience (I think there's some work being done on this, and it's kind of part of snikket too). It is slowly getting better.
I think that all might make XMPP sound worse than it is --- what's the deal with this chat protocol that needs a bunch of extensions to work for chat? But I think it's just that XMPP isn't really just a "chat protocol", and it's sort of a lower level base to build other stuff on top of. It's kind of the TCP/IP of messaging (not just chat) that can be extended easily for whatever your application is. This makes it something that you can use to build a solid federated chat platform with, but you need some agreement over the extensions for supporting things like threads and message reactions and stuff.
Want to message a group chat and have it securely and seamlessly appear on other people’s devices in their preferred chat apps? That’s the future European regulators are pushing for: to get tech companies to implement an end-to-end encryption system that allows users to securely message between platforms.
Meaningful interoperability would require major companies to back the same standard, and MLS now seems to have one of the biggest ones on its side. Google also supports the carrier-backed end-to-end encrypted messaging system known as RCS. For a while, RCS didn’t have proper security for group chats, but Google is now releasing a version that does (which doesn’t use MLS).
...
The MLS protocol is developed by a standards organization called the Internet Engineering Task Force (IETF). The body just approved publication of MLS specification (RFC 9420) in March and has previously tested draft versions in Webex and RingCentral chats.
Google is moving to place its MLS implementation open sourced into Android’s codebase but did not say when this would happen. It also did not specify how or if RCS messages, which Google has outwardly championed for more than a year, will work with the MLS-based encryption. Google continues to shame Apple for not supporting RCS, which is now available to more than 800 million Android users. It remains to be seen if other tech companies will “get the message” with MLS.
Want to message a group chat and have it securely and seamlessly appear on other people’s devices in their preferred chat apps? That’s the future European regulators are pushing for: to get tech companies to implement an end-to-end encryption system that allows users to securely message between platforms.
This doesn't sound quite right to me. MLS doesn't appear to be a messaging protocol, but a security layer, akin to TLS. I don't suppose we have anyone familiar with it here?
This doesn't sound quite right to me. MLS doesn't appear to be a messaging protocol, but a security layer, akin to TLS. I don't suppose we have anyone familiar with it here?
You’re 100% right. The actual announcement from IETF directly compares it to TLS: It’s essentially a standard that can be used with many different services. It doesn’t make the services themselves...
MLS builds on the best lessons of the current generation of security protocols. Like the widely used Double Ratchet protocol, MLS allows for asynchronous operation and provides advanced security features such as Post-Compromise Security. And, like TLS 1.3, MLS provides robust authentication, and its security properties have been verified by formal analyses.
It’s essentially a standard that can be used with many different services. It doesn’t make the services themselves interoperable, it just standardizes their encryption, which could potentially make encrypted inter-service communication easier to implement.
A better title would be something like “Google Messages signs onto cross-platform encryption standard for group chats”.
It does seem to be the hard part, though? Writing a parser for text-based group chat protocol doesn't seem like it would be hard to do, even if it's a different protocol than the one you would...
It does seem to be the hard part, though? Writing a parser for text-based group chat protocol doesn't seem like it would be hard to do, even if it's a different protocol than the one you would have picked.
I think the hardest part has nothing to do with coding. It’s not the data that’s difficult, it’s the people. It’s all political. Getting a bunch of billion dollar companies to agree to a) share...
I think the hardest part has nothing to do with coding. It’s not the data that’s difficult, it’s the people. It’s all political. Getting a bunch of billion dollar companies to agree to a) share their data and b) come up with a standard way to share said data is extremely difficult. Each company will have their own priorities to push and getting them all to agree will be a nightmare.
Designing a good encryption protocol actually is considered hard, though. Programmers are heavily discouraged from inventing their own. Cellphone and WiFi encryption had lots of bugs. Getting...
Designing a good encryption protocol actually is considered hard, though. Programmers are heavily discouraged from inventing their own. Cellphone and WiFi encryption had lots of bugs.
Getting political buy-in from nations and large companies is also hard, in a different way.
You're right that currently it doesn't, but I think this announcement is supposed to be about the future. Europe is figuring out what they want their messaging standard to be, and Google is...
You're right that currently it doesn't, but I think this announcement is supposed to be about the future. Europe is figuring out what they want their messaging standard to be, and Google is saying, let's use this RFC for the encryption.
Does anyone know which apps support MLS?
I'm cautious about this. Google used to support XMPP before moving away to their proprietary protocol. That's not to say XMPP was a good protocol (far from it). But it was the start of most companies moving to their own proprietary protocols resulting in the fractured messaging space we have today.
On top of this, Google is arguably part of the reason why RCS hasn’t supplanted SMS/MMS.
The RCS standard itself doesn’t call for encryption at all, it’s only Google RCS that has that feature, and up until now they’ve displayed no interest in making their encryption extension public and free to use, likely because they want to either license it or act as a central hub, effectively turning the protocol into a closed service.
I’m sure Apple has their own interests in mind too in not getting on board with RCS, but the standard being unencrypted unless Google inserts themselves I’m sure completely kills any interest they might’ve had.
Google is in fact one of the biggest proponents, especially in the early days.
There's two things holding RCS back as a full replacement of SMS:
I just went and checked. Not a single one of my frequent contacts I would not be writing RCS messages to. But at the same time, why would I ever do that? We talk on other messengers, and have since the early days of smartphones. SMS is long replaced, just not by RCS.
Exactly, everywhere outside of the US SMS messages are just 2FA codes and reminders about appointments from companies.
It has automatic fallback to plain-text from encrypted when a legacy phone is targeted — effectively making the whole thing security theater.
I very much don’t want anyone adapting such a bad standard, we are better off within many different, but secure walled gardens. Especially that using more messenger apps is not a showstopper.
Isn't that part being resolved by Google signing onto this?
I'd certainly like more clarity on this, but presumably whatever encryption they're using now that isn't MLS would be replaced with MLS. In that case, adopting this standard would potentially resolve or alleviate the issue you mentioned above about Google controlling the encryption. It would still require Apple to add in support for RCS with this MLS encryption to make it interoperable with Google, which of course they don't want to, but making everything open and not controlled by Google would in theory give less leverage to Apple in terms of refusing to support it.
My guess is that Google would consider it to be a major win if they could agree on a messaging protocol with Apple that does end-to-end encryption. And if were a European standard too, mandated by law? That would be great. If they got that, encryption-hostile countries like the UK would probably have to go along with it.
Sure, interoperating with everyone else would be nice too, but like with browser standards, it's the major vendors that count.
RCS was an attempt to get telephone companies on board with something better than SMS, but national telephone companies tend not to be big on encryption (or at least, not in all countries), while Apple is.
Apple has absolutely ZERO incentive to cooperate with other messaging protocols outside of iMessage. I’ve got a kid in middle school and all the kids who started the year with androids ended the year with iPhones so they could all be included in the blue bubbles. Apple is well aware that iMessage is a huge selling point for their phones in the US and they have little, if any, reason to even look at anyone else’s stuff.
Quick edit: I’ve actually seen it pointed out before that Apple probably prefers SMS remain the default so communicating outside of iMessage is that much more painful.
That’s strictly a US self-made problem. Other countries didn’t get unlimited SMS plans for longer, plus often had non-ASCII alphabets, making SMS utterly bad (I had to remove accents from my text after having written it to not send two SMSs instead of one), so a (healthy) culture for internet-based messengers developed. Also, iphones were generally less accessible in poorer countries, but still today they have nowhere near the ratio as they have in the US. So while Apple is definitely not unhappy with the situation, I do think that they are not in the wrong in any way.
With that said, I don’t try to diminish your kids’ problem, it is a real problem for them largely outside of their control. But one should note that it is not universal.
One on the Main advantages iPhones held over Android is the ability to message full quality photos and videos. As RCS becomes more common on Androids (I just got it by surprise recently) that advantage is going to shrink. If enough kids in a group have Androids you'll start seeing migration in that direction. Distinctly customer hostel position of not allowing wanted services like RCS might become a liability.
Which really is one of Apple's corporate traits: starting a policy for good reasons and then not letting it go when it's obsolete. Lighting chargers, firewire, one button mouse etc.
One thing I could see limiting RCS popularity is the quality of the apps… Google’s will be fine I’m sure, but phone vendors sometimes have a weird need to bundle their own apps in place of Google’s, the quality of which is hit or miss.
That’s not as big of a deal for something as simple as SMS/MMS, but RCS is more complex which increases likelyhood of hiccups with interoperability, apps not perfectly adhering to spec, etc. In that regard it’ll never be able to compete with iMessage, WhatsApp, FB Messenger, etc.
Androids can as well through a litany of data-based messengers (fb messenger, whatsapp, telegram, signal, matrix). iMessage is just one such thing, none of these are SMS/MMS.
Yes, that's been true so far, but if the EU leans on them hard enough, perhaps they will change their mind?
Perhaps. And I hope they do. I think the next iPhone and its implementation of USB-C will show how much (and in what way) they’re going to comply with EU rules.
Does the EU have any interest in iMessage or SMS? I was under the impression this might not be something that has a lot of support in the EU because SMS isn't really a popular method of communication in most places outside the US.
What makes you say that XMPP is far from a good protocol? It's not really had as much success as I'd like in terms of federated chat (but that seems to largely not be an issue with the protocol), but it sees a lot of use behind the scenes. I don't have too much experience with the protocol itself, but it is pretty cool how insanely extensible it is (albeit, this is a bit of a double-edged sword).
It was sort of my impression that it lacked more modern features in chat. Or maybe at least at the time. It was kinda like comparing IRC to Discord as it is now. But I just did a search and it seems like it has a lot more extensibility now. At the time it seemed like sending pictures (or gifs?), voice calls, were difficult to implement with XMPP.
A decade ago I was running pidgin, where XMPP let me connect to AIM, Google Hangouts, and Facebook Messenger... it could also easily connect to IRC, which actually let you connect to Twitch chat. And you could run scripts for anything and everything... ahhhh golden days. lol.
The XMPP protocol is actually really cool for how extensible it is, but the problem is that you need client support for pretty much everything user facing. XMPP servers tend to be pretty stupid simple, and they pretty much just pass on stanzas to clients. There's very little about chat baked into the core of XMPP, and a lot of functionality is built in extensions called XEPs...
Ultimately XMPP is actually trivial to extend to do whatever you want to do (you basically just make up your own XML tags), but you need clients to build support for whatever extension you make (which maybe complicates federation / people using a variety of clients). I wouldn't really call this a problem with the protocol, but there ARE some kind of weird social problems around XMPP that result from this. E.g., from sitting in XSF (XMPP Standards Foundations) channels it seems like a lot of implementers are kind of user hostile and scoff at certain features as unnecessary and a fad. In some cases they're probably right, but they are also features that people want and some of which are important to people's workflows... For instance, there was a lot of scoffing at emoji reactions, but I find it's really useful to be able to just give a message a thumbs up, especially in a work environment (fwiw, there's some support now https://xmpp.org/extensions/xep-0444.html / https://dino.im/blog/2023/02/dino-0.4-release/ but it's not supported by every client, so you can't trust that people will receive them).
The other big problem with XMPP in the sense of being a federated chat platform is just that the client situation is a bit of a mess... It'd be really REALLY nice if there was a good client that supported a good amount of extensions and it was available on every platform, but as it stands every platform has a completely separate client. Most clients are pretty good (I really like dino, and conversations is amazing on Android)... But the situation can be a little more grim on iOS (siskin is quite good, but there's still some issues with encrypted push notifications for my use case). It's getting a lot better, and the snikket project seems to have the goal of addressing a lot of these concerns by providing a fairly consistent experience everywhere and good support for the XEPs people want.
So, yeah, I'm far from an expert, but my impression is that for the most part the XMPP protocol is actually quite good, and that it works really well for basic chat these days. The fact that the protocol is so extensible means you can have some compatibility issues where certain clients don't support certain things, but I think that's actually an advantage of the protocol. That's not to say it doesn't cause problems, and I think the XSF needs to do a better job of nailing down a collection of XEPs that are actually important for a good core chat experience (I think there's some work being done on this, and it's kind of part of snikket too). It is slowly getting better.
I think that all might make XMPP sound worse than it is --- what's the deal with this chat protocol that needs a bunch of extensions to work for chat? But I think it's just that XMPP isn't really just a "chat protocol", and it's sort of a lower level base to build other stuff on top of. It's kind of the TCP/IP of messaging (not just chat) that can be extended easily for whatever your application is. This makes it something that you can use to build a solid federated chat platform with, but you need some agreement over the extensions for supporting things like threads and message reactions and stuff.
I only vaguely remember XMPP, but all memories are negative. Everything was difficult to implement with XMPP. Possible, but frustrating.
From the article:
...
Isn't Britain pushing for the exact opposite?
Yeah but the tories probably count it as a plus that they're once again doing something the exact other way than the EU does.
This doesn't sound quite right to me. MLS doesn't appear to be a messaging protocol, but a security layer, akin to TLS. I don't suppose we have anyone familiar with it here?
You’re 100% right. The actual announcement from IETF directly compares it to TLS:
It’s essentially a standard that can be used with many different services. It doesn’t make the services themselves interoperable, it just standardizes their encryption, which could potentially make encrypted inter-service communication easier to implement.
A better title would be something like “Google Messages signs onto cross-platform encryption standard for group chats”.
It does seem to be the hard part, though? Writing a parser for text-based group chat protocol doesn't seem like it would be hard to do, even if it's a different protocol than the one you would have picked.
I think the hardest part has nothing to do with coding. It’s not the data that’s difficult, it’s the people. It’s all political. Getting a bunch of billion dollar companies to agree to a) share their data and b) come up with a standard way to share said data is extremely difficult. Each company will have their own priorities to push and getting them all to agree will be a nightmare.
Designing a good encryption protocol actually is considered hard, though. Programmers are heavily discouraged from inventing their own. Cellphone and WiFi encryption had lots of bugs.
Getting political buy-in from nations and large companies is also hard, in a different way.
That may be the case, but the idea the article is pushing is saying that this is going to make Google Messages interoperable. It is not.
You're right that currently it doesn't, but I think this announcement is supposed to be about the future. Europe is figuring out what they want their messaging standard to be, and Google is saying, let's use this RFC for the encryption.