Abstract
European lawmakers have ruled that users on different platforms should be able to exchange messages with each other. Yet messaging interoperability opens up a Pandora’s box of security and privacy challenges. While championed not just as an anti-trust measure but as a means of providing a better experience for the end user, interoperability runs the risk of making the user experience worse if poorly executed. There are two fundamental questions: how to enable the actual message exchange, and how to handle the numerous residual challenges arising from encrypted messages passing from one service provider to another – including but certainly not limited to content moderation, user authentication, key management, and metadata sharing between providers. In this work, we identify specific open questions and challenges around interoperable communication in end-to-end encrypted messaging, and present high-level suggestions for tackling these challenges.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
The discussion around opt-in versus opt-out discovery in messaging interoperability is often compared to email since email addresses are openly discoverable and contactable by anyone. But there are well-recognized social conventions and distinctions among email services that do not exist in the messaging ecosystem. For instance, given two of Alice’s email addresses, “alice.appleton@gmail.com” and “alice.appleton@company.com”, one can reasonably infer which types of communications Alice would like sent to each address without needing to discuss with Alice.
- 4.
Many interface design questions arise here. For now, we focus primarily on privacy concerns in user discovery, and revisit the user experience in Sect. 3.5.
References
Abu-Salma, R., Redmiles, E.M., Ur, B., Wei, M.: Exploring user mental models of end-to-end encrypted communication tools. In: 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI 18) (2018)
Anderson, R.: Security engineering: a guide to building dependable distributed systems. Wiley (2020)
Anderson, R.: Chat control or child protection? arXiv preprint arXiv:2210.08958 (2022)
Arnold, R., Schneider, A., Lennartz, J.: Interoperability of interpersonal communications services-a consumer perspective. Telecommun. Policy 44(3), 101927 (2020)
Azhar, A.: How to regulate Facebook (with Nick Clegg). https://hbr.org/podcast/2021/06/how-to-regulate-facebook-with-nick-clegg (2021)
Barnes, R., Beurdouche, B., Millican, J., Omara, E., Cohn-Gordon, K., Robert, R.: The Messaging Layer Security (MLS) protocol. Internet Engineering Task Force, Internet-Draft draft-ietf-mls-architecture/ (2020)
Cyphers, B., Doctorow, C.: Privacy without monopoly: data protection and interoperability. https://www.eff.org/wp/interoperability-and-privacy (2021)
BEREC: BEREC report on interoperability of Number-Independent Interpersonal Communication Services (NI-ICS) (2022)
Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use pgp. In: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, pp. 77–84 (2004)
Casey Newton: three ways the European Union might ruin WhatsApp. https://www.platformer.news/p/three-ways-the-european-union-might?s=r
Chase, M., Deshpande, A., Ghosh, E., Malvai, H.: SEEMless: secure end-to-end encrypted messaging with less trust. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1639–1656 (2019)
Davidson, A., Pestana, G., Celi, S.: FrodoPIR: simple, scalable, single-server private information retrieval. Cryptology ePrint Archive (2022)
Demmler, D., Rindal, P., Rosulek, M., Trieu, N.: PIR-PSI: scaling private contact discovery. Cryptology ePrint Archive (2018)
Rescorla, E.: Discovery mechanisms for messaging and calling interoperability. https://educatedguesswork.org/posts/messaging-discovery/ (2022)
Ermoshina, K., Musiani, F., Halpin, H.: End-to-end encrypted messaging protocols: an overview. In: Bagnoli, F., et al. (eds.) INSCI 2016. LNCS, vol. 9934, pp. 244–254. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45982-0_22
European Commission: Digital Markets Act. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R1925
European Commission: DMA workshop - The DMA and interoperability between messaging services. https://competition-policy.ec.europa.eu/dma/dma-workshops/interoperability-workshop_en (2023)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, pp. 1–14 (2012)
Kolata, G.: The key vanishes: scientist outlines unbreakable code. https://www.nytimes.com/2001/02/20/science/the-key-vanishes-scientist-outlines-unbreakable-code.html (2001)
Gray, C.M., Kou, Y., Battles, B., Hoggatt, J., Toombs, A.L.: The dark (patterns) side of UX design. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–14 (2018)
Griggio, C.F., Nouwens, M., Klokmose, C.N.: Caught in the network: the impact of whatsapp’s 2021 privacy policy update on users’ messaging app ecosystems. In: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems, pp. 1–23 (2022)
Brown, I.: Private messaging interoperability in the EU digital markets act. https://openforumeurope.org/wp-content/uploads/2022/11/Ian_Brown_Private_Messaging_Interoperability_In_The_EU_DMA.pdf (2022)
IETF: More Instant Messaging Interoperability (MIMI). https://datatracker.ietf.org/wg/mimi/about/
Internet Society: white paper: considerations for mandating open interfaces. https://www.internetsociety.org/wp-content/uploads/2020/12/ConsiderationsMandatingOpenInterfaces-03122020-EN.pdf (2020)
Internet Society: DMA and interoperability of encrypted messaging. https://www.internetsociety.org/wp-content/uploads/2022/03/ISOC-EU-DMA-interoperability-encrypted-messaging-20220311.pdf (2022)
Jain, S., Crețu, A.M., de Montjoye, Y.A.: Adversarial detection avoidance attacks: evaluating the robustness of perceptual hashing-based client-side scanning. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 2317–2334 (2022)
Rosenberg, J.: A Taxonomy for More Messaging Interop (MIMI). https://datatracker.ietf.org/doc/draft-rosenberg-mimi-taxonomy/00/ (2022)
Angwin, J.: Back into the trenches of the crypto wars: a conversation with Meredith Whittaker. https://themarkup.org/hello-world/2023/01/07/back-into-the-trenches-of-the-crypto-wars
Kales, D., Rechberger, C., Schneider, T., Senker, M., Weinert, C.: Mobile private contact discovery at scale. In: USENIX Security Symposium, pp. 1447–1464 (2019)
Kamara, S., et al.: Outside looking. in: approaches to content moderation in end-to-end encrypted systems. arXiv preprint arXiv:2202.04617 (2022)
Kulshrestha, A., Mayer, J.R.: Identifying harmful media in end-to-end encrypted communication: efficient private membership computation. In: USENIX Security Symposium, pp. 893–910 (2021)
Malvai, H., et al.: Parakeet: practical key transparency for end-to-end encrypted messaging. Cryptology ePrint Archive (2023)
Melara, M.: Why making Johnny’s key management transparent is so challenging. https://freedom-to-tinker.com/2016/03/31/why-making-johnnys-key-management-transparent-is-so-challenging/ (2016)
Zuckerberg, M.: A privacy-focused vision for social networking. https://www.nytimes.com/2019/03/06/technology/facebook-privacy-blog.html (2019)
Matrix: matrix specification. https://spec.matrix.org/latest/
Jones, M.: How whatsapp reduced spam while launching end-to-end encryption. https://www.youtube.com/watch?v=LBTOKlrhKXk &ab_channel=USENIXEnigmaConference (2017)
Hodgson, M.: Interoperability without sacrificing privacy: matrix and the DMA. https://matrix.org/blog/2022/03/25/interoperability-without-sacrificing-privacy-matrix-and-the-dma
Hodgson, M.: How do you implement interoperability in a DMA world? https://matrix.org/blog/2022/03/29/how-do-you-implement-interoperability-in-a-dma-world (2023)
Hodgson, M.: The DMA Stakeholder workshop: interoperability between messaging services. https://matrix.org/blog/2023/03/15/the-dma-stakeholder-workshop-interoperability-between-messaging-services (2023)
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: \(\{\)CONIKS\(\}\): bringing key transparency to end users. In: 24th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 15), pp. 383–398 (2015)
Whittaker, M.: https://twitter.com/mer__edith/status/1582808091397005312 (2022)
Whittaker, M.: https://twitter.com/mer__edith/status/1629131348731478017 (2023)
Marlinspike, M.: There is no whatsApp ‘backdoor’. https://signal.org/blog/there-is-no-whatsapp-backdoor/ (2017)
Cardozo, N.: Making it easier to manage business conversations on whatsapp. https://about.fb.com/news/2020/10/privacy-matters-whatsapp-business-conversations/ (2020)
nina-signal: removing sms support from signal android (soon). https://signal.org/blog/sms-removal-android/ (2022)
Nouwens, M., Griggio, C.F., Mackay, W.E.: “Whatsapp is for family; messenger is for friend” communication places in app ecosystems. In: Proceedings of the 2017 CHI Conference On Human Factors in Computing Systems, pp. 727–735 (2017)
McGee, P.: How apple captured Gen Z in the US – and changed their social circles. https://www.ft.com/content/8a2e8442-449e-4dbd-bd6d-2656b4503526 (2023)
Petelka, J., Zou, Y., Schaub, F.: Put your warning where your link is: improving and evaluating email phishing warnings. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, pp. 1–15 (2019)
Pfefferkorn, R.: Content-oblivious trust and safety techniques: results from a survey of online service providers. J. Online Trust Safety 1(2), 14 (2022)
Prokos, J., et al.: Squint hard enough: attacking perceptual hashing with adversarial machine learning (2021)
Reeder, R.W., Felt, A.P., Consolvo, S., Malkin, N., Thompson, C., Egelman, S.: An experience sampling study of user reactions to browser warnings in the field. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–13 (2018)
Rogaway, P.: The moral character of cryptographic work. Cryptology ePrint Archive (2015)
Hurst, R., Belvin, G.: Security through transparency. https://security.googleblog.com/2017/01/security-through-transparency.html (2017)
Cole, S.: Google is begging apple to make life better for green bubbles. https://www.vice.com/en/article/wxngb9/google-is-begging-apple-to-make-life-better-for-green-bubbles (2022)
Santos, C., Rossi, A., Sanchez Chamorro, L., Bongard-Blanchy, K., Abu-Salma, R.: Cookie banners, what’s the purpose? Analyzing cookie banner text through a legal lens. In: Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society, pp. 187–194 (2021)
Scheffler, S., Mayer, J.: SoK: content moderation for end-to-end encryption. arXiv preprint arXiv:2303.03979 (2023)
Schröder, S., Huber, M., Wind, D., Rottermanner, C.: When SIGNAL hits the fan: On the usability and security of state-of-the-art secure mobile messaging. In: European Workshop on Usable Security, pp. 1–7. IEEE (2016)
Lawlor, S., Lewi, K.: Deploying key transparency at WhatsApp. https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/
Gulati-Gilbert, S., Luria, M.: Designing interoperable, encrypted messaging with user journeys. https://cdt.org/insights/designing-interoperable-encrypted-messaging-with-user-journeys/ (2022)
Threema: Cryptography Whitepaper. https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf
Threema: Anonymity - the ultimate privacy protection. https://threema.ch/en/blog/posts/anonymity (2019)
Ralston, T., Hodgson, M.: Matrix message transport. https://datatracker.ietf.org/doc/draft-ralston-mimi-matrix-transport/ (2022)
Tufekci, Z.: In response to guardian’s irresponsible reporting on Whatsapp: a plea for responsible and contextualized reporting on user security (2017). https://technosociology.org/?page_id=1687
Unger, N., et al.: Sok: secure messaging. In: 2015 IEEE Symposium on Security and Privacy, pp. 232–249. IEEE (2015)
Utz, C., Degeling, M., Fahl, S., Schaub, F., Holz, T.: (Un) Informed consent: studying GDPR consent notices in the field. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 973–990 (2019)
Vaziripour, E., et al.: Action needed! helping users find and complete the authentication ceremony in signal. In: SOUPS@ USENIX Security Symposium, pp. 47–62 (2018)
Vaziripour, E., Wu, J., O’Neill, M., Whitehead, J., Heidbrink, S., Seamons, K., Zappala, D.: Is that you, alice? A usability study of the authentication ceremony of secure messaging applications. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 29–47 (2017)
WhatsApp: how whatsapp helps fight child exploitation. https://faq.whatsapp.com/5704021823023684/?locale=en_US
Wiewiorra, L., et al.: Interoperability regulations for digital services: impact on competition, innovation and digital sovereignty especially for platform and communication services. https://www.bundesnetzagentur.de/DE/Fachthemen/Digitalisierung/Technologien/Onlinekomm/Study_InteroperabilityregulationsDigiServices.pdf?__blob=publicationFile &v=1 (2022)
Acknowledgements
We thank Alastair Beresford, Ian Brown, Jon Crowcroft, Phillip Hallam-Baker, Daniel Hugenroth, Alec Muffett, Sam Smith, and Michael Specter for valuable feedback and/or discussions. These contributors do not necessarily agree with the arguments presented here.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Blessing, J., Anderson, R. (2023). One Protocol to Rule Them All? On Securing Interoperable Messaging. In: Stajano, F., Matyáš, V., Christianson, B., Anderson, J. (eds) Security Protocols XXVIII. Security Protocols 2023. Lecture Notes in Computer Science, vol 14186. Springer, Cham. https://doi.org/10.1007/978-3-031-43033-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-43033-6_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-43032-9
Online ISBN: 978-3-031-43033-6
eBook Packages: Computer ScienceComputer Science (R0)