Skip to main content
SpringerLink
Log in

One Protocol to Rule Them All? On Securing Interoperable Messaging

  • Conference paper
  • First Online:
Security Protocols XXVIII (Security Protocols 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14186))

Included in the following conference series:

  • 203 Accesses

Abstract

European lawmakers have ruled that users on different platforms should be able to exchange messages with each other. Yet messaging interoperability opens up a Pandora’s box of security and privacy challenges. While championed not just as an anti-trust measure but as a means of providing a better experience for the end user, interoperability runs the risk of making the user experience worse if poorly executed. There are two fundamental questions: how to enable the actual message exchange, and how to handle the numerous residual challenges arising from encrypted messages passing from one service provider to another – including but certainly not limited to content moderation, user authentication, key management, and metadata sharing between providers. In this work, we identify specific open questions and challenges around interoperable communication in end-to-end encrypted messaging, and present high-level suggestions for tackling these challenges.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This quotation has been alternately attributed to Roger Needham, Butler Lampson, and Peter Neumann [2, 19], and paraphrased by Phillip Rogaway [52].

  2. 2.

    See https://xkcd.com/927/.

  3. 3.

    The discussion around opt-in versus opt-out discovery in messaging interoperability is often compared to email since email addresses are openly discoverable and contactable by anyone. But there are well-recognized social conventions and distinctions among email services that do not exist in the messaging ecosystem. For instance, given two of Alice’s email addresses, “alice.appleton@gmail.com” and “alice.appleton@company.com”, one can reasonably infer which types of communications Alice would like sent to each address without needing to discuss with Alice.

  4. 4.

    Many interface design questions arise here. For now, we focus primarily on privacy concerns in user discovery, and revisit the user experience in Sect. 3.5.

References

  1. Abu-Salma, R., Redmiles, E.M., Ur, B., Wei, M.: Exploring user mental models of end-to-end encrypted communication tools. In: 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI 18) (2018)

    Google Scholar 

  2. Anderson, R.: Security engineering: a guide to building dependable distributed systems. Wiley (2020)

    Google Scholar 

  3. Anderson, R.: Chat control or child protection? arXiv preprint arXiv:2210.08958 (2022)

  4. Arnold, R., Schneider, A., Lennartz, J.: Interoperability of interpersonal communications services-a consumer perspective. Telecommun. Policy 44(3), 101927 (2020)

    Article  Google Scholar 

  5. Azhar, A.: How to regulate Facebook (with Nick Clegg). https://hbr.org/podcast/2021/06/how-to-regulate-facebook-with-nick-clegg (2021)

  6. Barnes, R., Beurdouche, B., Millican, J., Omara, E., Cohn-Gordon, K., Robert, R.: The Messaging Layer Security (MLS) protocol. Internet Engineering Task Force, Internet-Draft draft-ietf-mls-architecture/ (2020)

    Google Scholar 

  7. Cyphers, B., Doctorow, C.: Privacy without monopoly: data protection and interoperability. https://www.eff.org/wp/interoperability-and-privacy (2021)

  8. BEREC: BEREC report on interoperability of Number-Independent Interpersonal Communication Services (NI-ICS) (2022)

    Google Scholar 

  9. Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use pgp. In: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, pp. 77–84 (2004)

    Google Scholar 

  10. Casey Newton: three ways the European Union might ruin WhatsApp. https://www.platformer.news/p/three-ways-the-european-union-might?s=r

  11. Chase, M., Deshpande, A., Ghosh, E., Malvai, H.: SEEMless: secure end-to-end encrypted messaging with less trust. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1639–1656 (2019)

    Google Scholar 

  12. Davidson, A., Pestana, G., Celi, S.: FrodoPIR: simple, scalable, single-server private information retrieval. Cryptology ePrint Archive (2022)

    Google Scholar 

  13. Demmler, D., Rindal, P., Rosulek, M., Trieu, N.: PIR-PSI: scaling private contact discovery. Cryptology ePrint Archive (2018)

    Google Scholar 

  14. Rescorla, E.: Discovery mechanisms for messaging and calling interoperability. https://educatedguesswork.org/posts/messaging-discovery/ (2022)

  15. Ermoshina, K., Musiani, F., Halpin, H.: End-to-end encrypted messaging protocols: an overview. In: Bagnoli, F., et al. (eds.) INSCI 2016. LNCS, vol. 9934, pp. 244–254. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45982-0_22

    Chapter  Google Scholar 

  16. European Commission: Digital Markets Act. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R1925

  17. European Commission: DMA workshop - The DMA and interoperability between messaging services. https://competition-policy.ec.europa.eu/dma/dma-workshops/interoperability-workshop_en (2023)

  18. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, pp. 1–14 (2012)

    Google Scholar 

  19. Kolata, G.: The key vanishes: scientist outlines unbreakable code. https://www.nytimes.com/2001/02/20/science/the-key-vanishes-scientist-outlines-unbreakable-code.html (2001)

  20. Gray, C.M., Kou, Y., Battles, B., Hoggatt, J., Toombs, A.L.: The dark (patterns) side of UX design. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–14 (2018)

    Google Scholar 

  21. Griggio, C.F., Nouwens, M., Klokmose, C.N.: Caught in the network: the impact of whatsapp’s 2021 privacy policy update on users’ messaging app ecosystems. In: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems, pp. 1–23 (2022)

    Google Scholar 

  22. Brown, I.: Private messaging interoperability in the EU digital markets act. https://openforumeurope.org/wp-content/uploads/2022/11/Ian_Brown_Private_Messaging_Interoperability_In_The_EU_DMA.pdf (2022)

  23. IETF: More Instant Messaging Interoperability (MIMI). https://datatracker.ietf.org/wg/mimi/about/

  24. Internet Society: white paper: considerations for mandating open interfaces. https://www.internetsociety.org/wp-content/uploads/2020/12/ConsiderationsMandatingOpenInterfaces-03122020-EN.pdf (2020)

  25. Internet Society: DMA and interoperability of encrypted messaging. https://www.internetsociety.org/wp-content/uploads/2022/03/ISOC-EU-DMA-interoperability-encrypted-messaging-20220311.pdf (2022)

  26. Jain, S., Crețu, A.M., de Montjoye, Y.A.: Adversarial detection avoidance attacks: evaluating the robustness of perceptual hashing-based client-side scanning. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 2317–2334 (2022)

    Google Scholar 

  27. Rosenberg, J.: A Taxonomy for More Messaging Interop (MIMI). https://datatracker.ietf.org/doc/draft-rosenberg-mimi-taxonomy/00/ (2022)

  28. Angwin, J.: Back into the trenches of the crypto wars: a conversation with Meredith Whittaker. https://themarkup.org/hello-world/2023/01/07/back-into-the-trenches-of-the-crypto-wars

  29. Kales, D., Rechberger, C., Schneider, T., Senker, M., Weinert, C.: Mobile private contact discovery at scale. In: USENIX Security Symposium, pp. 1447–1464 (2019)

    Google Scholar 

  30. Kamara, S., et al.: Outside looking. in: approaches to content moderation in end-to-end encrypted systems. arXiv preprint arXiv:2202.04617 (2022)

  31. Kulshrestha, A., Mayer, J.R.: Identifying harmful media in end-to-end encrypted communication: efficient private membership computation. In: USENIX Security Symposium, pp. 893–910 (2021)

    Google Scholar 

  32. Malvai, H., et al.: Parakeet: practical key transparency for end-to-end encrypted messaging. Cryptology ePrint Archive (2023)

    Google Scholar 

  33. Melara, M.: Why making Johnny’s key management transparent is so challenging. https://freedom-to-tinker.com/2016/03/31/why-making-johnnys-key-management-transparent-is-so-challenging/ (2016)

  34. Zuckerberg, M.: A privacy-focused vision for social networking. https://www.nytimes.com/2019/03/06/technology/facebook-privacy-blog.html (2019)

  35. Matrix: matrix specification. https://spec.matrix.org/latest/

  36. Jones, M.: How whatsapp reduced spam while launching end-to-end encryption. https://www.youtube.com/watch?v=LBTOKlrhKXk &ab_channel=USENIXEnigmaConference (2017)

  37. Hodgson, M.: Interoperability without sacrificing privacy: matrix and the DMA. https://matrix.org/blog/2022/03/25/interoperability-without-sacrificing-privacy-matrix-and-the-dma

  38. Hodgson, M.: How do you implement interoperability in a DMA world? https://matrix.org/blog/2022/03/29/how-do-you-implement-interoperability-in-a-dma-world (2023)

  39. Hodgson, M.: The DMA Stakeholder workshop: interoperability between messaging services. https://matrix.org/blog/2023/03/15/the-dma-stakeholder-workshop-interoperability-between-messaging-services (2023)

  40. Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: \(\{\)CONIKS\(\}\): bringing key transparency to end users. In: 24th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 15), pp. 383–398 (2015)

    Google Scholar 

  41. Whittaker, M.: https://twitter.com/mer__edith/status/1582808091397005312 (2022)

  42. Whittaker, M.: https://twitter.com/mer__edith/status/1629131348731478017 (2023)

  43. Marlinspike, M.: There is no whatsApp ‘backdoor’. https://signal.org/blog/there-is-no-whatsapp-backdoor/ (2017)

  44. Cardozo, N.: Making it easier to manage business conversations on whatsapp. https://about.fb.com/news/2020/10/privacy-matters-whatsapp-business-conversations/ (2020)

  45. nina-signal: removing sms support from signal android (soon). https://signal.org/blog/sms-removal-android/ (2022)

  46. Nouwens, M., Griggio, C.F., Mackay, W.E.: “Whatsapp is for family; messenger is for friend” communication places in app ecosystems. In: Proceedings of the 2017 CHI Conference On Human Factors in Computing Systems, pp. 727–735 (2017)

    Google Scholar 

  47. McGee, P.: How apple captured Gen Z in the US – and changed their social circles. https://www.ft.com/content/8a2e8442-449e-4dbd-bd6d-2656b4503526 (2023)

  48. Petelka, J., Zou, Y., Schaub, F.: Put your warning where your link is: improving and evaluating email phishing warnings. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–15 (2019)

    Google Scholar 

  49. Pfefferkorn, R.: Content-oblivious trust and safety techniques: results from a survey of online service providers. J. Online Trust Safety 1(2), 14 (2022)

    Google Scholar 

  50. Prokos, J., et al.: Squint hard enough: attacking perceptual hashing with adversarial machine learning (2021)

    Google Scholar 

  51. Reeder, R.W., Felt, A.P., Consolvo, S., Malkin, N., Thompson, C., Egelman, S.: An experience sampling study of user reactions to browser warnings in the field. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–13 (2018)

    Google Scholar 

  52. Rogaway, P.: The moral character of cryptographic work. Cryptology ePrint Archive (2015)

    Google Scholar 

  53. Hurst, R., Belvin, G.: Security through transparency. https://security.googleblog.com/2017/01/security-through-transparency.html (2017)

  54. Cole, S.: Google is begging apple to make life better for green bubbles. https://www.vice.com/en/article/wxngb9/google-is-begging-apple-to-make-life-better-for-green-bubbles (2022)

  55. Santos, C., Rossi, A., Sanchez Chamorro, L., Bongard-Blanchy, K., Abu-Salma, R.: Cookie banners, what’s the purpose? Analyzing cookie banner text through a legal lens. In: Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society, pp. 187–194 (2021)

    Google Scholar 

  56. Scheffler, S., Mayer, J.: SoK: content moderation for end-to-end encryption. arXiv preprint arXiv:2303.03979 (2023)

  57. Schröder, S., Huber, M., Wind, D., Rottermanner, C.: When SIGNAL hits the fan: On the usability and security of state-of-the-art secure mobile messaging. In: European Workshop on Usable Security, pp. 1–7. IEEE (2016)

    Google Scholar 

  58. Lawlor, S., Lewi, K.: Deploying key transparency at WhatsApp. https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/

  59. Gulati-Gilbert, S., Luria, M.: Designing interoperable, encrypted messaging with user journeys. https://cdt.org/insights/designing-interoperable-encrypted-messaging-with-user-journeys/ (2022)

  60. Threema: Cryptography Whitepaper. https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf

  61. Threema: Anonymity - the ultimate privacy protection. https://threema.ch/en/blog/posts/anonymity (2019)

  62. Ralston, T., Hodgson, M.: Matrix message transport. https://datatracker.ietf.org/doc/draft-ralston-mimi-matrix-transport/ (2022)

  63. Tufekci, Z.: In response to guardian’s irresponsible reporting on Whatsapp: a plea for responsible and contextualized reporting on user security (2017). https://technosociology.org/?page_id=1687

  64. Unger, N., et al.: Sok: secure messaging. In: 2015 IEEE Symposium on Security and Privacy, pp. 232–249. IEEE (2015)

    Google Scholar 

  65. Utz, C., Degeling, M., Fahl, S., Schaub, F., Holz, T.: (Un) Informed consent: studying GDPR consent notices in the field. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 973–990 (2019)

    Google Scholar 

  66. Vaziripour, E., et al.: Action needed! helping users find and complete the authentication ceremony in signal. In: SOUPS@ USENIX Security Symposium, pp. 47–62 (2018)

    Google Scholar 

  67. Vaziripour, E., Wu, J., O’Neill, M., Whitehead, J., Heidbrink, S., Seamons, K., Zappala, D.: Is that you, alice? A usability study of the authentication ceremony of secure messaging applications. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 29–47 (2017)

    Google Scholar 

  68. WhatsApp: how whatsapp helps fight child exploitation. https://faq.whatsapp.com/5704021823023684/?locale=en_US

  69. Wiewiorra, L., et al.: Interoperability regulations for digital services: impact on competition, innovation and digital sovereignty especially for platform and communication services. https://www.bundesnetzagentur.de/DE/Fachthemen/Digitalisierung/Technologien/Onlinekomm/Study_InteroperabilityregulationsDigiServices.pdf?__blob=publicationFile &v=1 (2022)

Download references

Acknowledgements

We thank Alastair Beresford, Ian Brown, Jon Crowcroft, Phillip Hallam-Baker, Daniel Hugenroth, Alec Muffett, Sam Smith, and Michael Specter for valuable feedback and/or discussions. These contributors do not necessarily agree with the arguments presented here.

Author information

Authors and Affiliations

  1. University of Cambridge, Cambridge, UK

    Jenny Blessing & Ross Anderson

  2. University of Edinburgh, Edinburgh, UK

    Ross Anderson

Authors
  1. Jenny Blessing
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ross Anderson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jenny Blessing .

Editor information

Editors and Affiliations

  1. University of Cambridge, Cambridge, UK

    Frank Stajano

  2. Masaryk University, Brno, Czech Republic

    Vashek Matyáš

  3. University of Hertfordshire, Hatfield, UK

    Bruce Christianson

  4. Memorial University of Newfoundland, St. John’s, NL, Canada

    Jonathan Anderson

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Blessing, J., Anderson, R. (2023). One Protocol to Rule Them All? On Securing Interoperable Messaging. In: Stajano, F., Matyáš, V., Christianson, B., Anderson, J. (eds) Security Protocols XXVIII. Security Protocols 2023. Lecture Notes in Computer Science, vol 14186. Springer, Cham. https://doi.org/10.1007/978-3-031-43033-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-43033-6_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-43032-9

  • Online ISBN: 978-3-031-43033-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation