Personal Introductions

This is the kind of essay which — hopefully — will draw people who ask “who is this author, and what are his interests?” — so I thought I’ll spend a moment up front to explain.

I’m Alec, and since approximately 1990 I have worked to highlight, combat or change laws which seek to restrict public access to cryptography in various forms. In that time, I have spent about 20 years working for “Silicon Valley” companies. Also, from 2011-20 I spent a little over 8 years as a member of the Board of Directors of the Open Rights Group, which to Americans is most easily explained as “The British EFF equivalent, but lacking all the lovely funding and consequent lush spending”. During that same period I also spent a little over 3 years working for (then) Facebook, wherein I built two impactful projects related to end-to-end encryption.

In 2019 I met the most amazing person in my life, in 2020 during “lockdown” I was furloughed and laid-off from my most recent job, and I seized this all as an opportunity to radically change. I quit work to become a full-time father, so I have no paymaster, negligible stock, and am answerable only to my partner and my beautiful 9 month old daughter; in particular I want her to grow up with the benefits of end-to-end encryption which I have spent much of my life attempting — and continuing — to foster.

What was “Ma Bell”, and how did it compare to the British Telecom monopoly?

So from 1877 to 1983 the United States phone system was essentially one company, the Bell System (ref: Alexander Graham Bell) and known to the public with the pet name of “Ma Bell” — which for British readers was similar to “Auntie Beeb” being the pet name of the BBC, and in many respects being similarly ubiquitous and monopolistic/impactful upon national culture.

Like all telco and (eventually) cable providers, there was an element of natural monopoly to the operations of Ma Bell — to be connected to the phone network required hauling a wire to your house, and once the wire was laid the householder was somewhat in thrall to the company which “gatekept” (is that a word?) access to, and use of, that wire. It was practically uneconomic for competitors to speculatively lay competitive wires, especially if the incumbent could use predatory pricing to prevent it being profitable.

By comparison in the UK in 2006 the challenges of a formerly-state-backed telco “vertical monopoly” — where BT/British Telecom owned both the wires to people’s homes, and also provided the services over them — were (partially, incompletely, better-than-nothing) solved by “deregulating the local loop”, or in other words separating the companies which provided telco services from those which owned the wires to people’s houses. This enabled multiple companies and service differentiation amongst telco providers, albeit mostly on top of the “same old wiring” as before — but the British strategy afforded space for independent telcos to grow, and eventually to invest in their own (e.g.) fibre networks, to become “real” competitors.

But back in the USA in 1984, the US Government — in partnership with Bell itself — took a different approach: Bell was split into regional chunks (The “Baby Bells”) and the ownership of the local loop was left in the hands of each respective chunk. In part this was driven by the US model of free local calls being subsidised by the high cost of “long distance” calls which the Baby Bells hoped to arbitrage amongst themselves. This rapidly became unsustainable with the rise of the Internet where calls to your ISP were local (and therefore free) but the Internet itself could be used to make free long-distance calls (e.g. via early Skype)

The whole US telco universe gradually collapsed into the mess as it exists today, alleviated by a change of model (and therefore: change of billing) to support cellphones and mobile data plans; the costs of these the USA are typically eye-watering in comparison to Europe.

But at least a monopoly had been broken up, yeah? That must be good.

What is “Ma Zuck”?

This essay is a personal opinion, so I’ll be blunt about my prejudices: I believe that the European Union has a longstanding issue with the fact that none of the “big tech” company platforms are actually European.

In particular the EU frets that none of Google, Apple, Meta (formerly Facebook) and Amazon — and these names will come up a lot, so for this essay let’s call these GAMA for short, although arguably we could also include Snap, Slack, Discord, Twitch (Amazon), Pinterest and LinkedIn (US), TikTok (China) or Telegram, VKontakte, or OdnoKlassniki (all Russia) — are successful, but for some reason Europe is not a font of engaging social networking platforms… with the possible exception of Britain’s OnlyFans.

“Professional” LinkedIn competitors like Germany’s XING and France’s Viadeo seem to be the best that Europe can deliver, possibly by standing on top of actual, human social networks in each country.

Aside: UK politicians generally do not care about the UK’s lack of sovereign representation amongst major social platforms, other than that some are deeply envious of Nick Clegg for getting a well-paid job at Facebook, whilst others practically lust after as-yet-untapped surveillance possibilities which social networks present — but more on that, later.

This is not to say that GAMA are in some way innocent victims who don’t deserve stringent oversight of (say) data protection, or of being slapped for actual “cartel” behaviour, or of illiberal app-store censorship, or of attempts to buy-out ostensible competitors — but the EU in particular are now preaching a variant of the antitrust rhetoric which the US Government applied to Bell in the 1980s: that sheer numbers of the users of the platform equates to some sort of “dominance” which inherently inhibits the creation of competition.

Again, this is personal opinion: but I believe that this position does not stand critical scrutiny. There is no dangling physical connection your phone, no expensive-to-install loop of wire, and users can and do freely install (and uninstall) applications at the merest whim. The success of an application is largely dependent upon the value that it offers to the people who download it, in complex combination with: fashion, fun, luck, and timing. See the history of Wordle for example.

But in the EU this smells too much like pseudo-meritocratic, laissez-faire, unregulated free-marketism to be allowed, so instead their focus is upon “fixing” the biggest player and therefore the biggest target in this space: Mark Zuckerberg’s Facebook.

Hence, by analogy, “Ma Zuck”.

But, but, but, Facebook has everybody and it’s huge! That’s a monopoly!

Let’s play devil’s advocate for a moment: from 2004 to 2013 there was a Dutch social network called Hyves which was a contemporary of early Facebook, and which grew to an ostensible 10.6 million users — although this number includes duplicate, inactive and fake accounts, it is still large compared to the 16 million Dutch population of the time.

Should Hyves still exist? Answer: who knows, who cares? Maybe it should, but there’s no obvious obligation that it should. In a global Internet, any narrow focus upon being “Dutch” is a limiting constraint to a small market, rather than an enabler for a big one. Userbases don’t generally constrain themselves to exist within an appellation d’origine contrôlée, and successful software is generally not written in the expectation that they should.

Is the death of a “national” social network, unfair? I don’t believe so. Nationality is irrelevant to death of services. The Internet has a litany of social spaces which have collapsed — TheWELL, USENET, AOL, Geocities, Myspace, LiveJournal, GooglePlus — and in fact Hyves’ collapse, not long after being bought-out by a large newspaper group, is probably a sign of a healthy market in innovation and relevance to the user. There are healthy provisions for classified ads in Europe, irrespective of Facebook Marketplace. (nb: the EU possibly disagree) There are entire social networks based around curtain-twitching in spite of Facebook Groups. To claim that Facebook’s popularity is a barrier to innovation does not make it so, nor does it speak terribly well of one’s ability to innovate.

And, in any case, Facebook simply hasn’t collapsed yet; it may well do, even sooner than you think.

So what’s the big idea of messenger “interoperability”?

The proposal is basically this:

• there are people
• people have phones
• these phones have “messenger apps” which are of course all basically the same
• but people using [any large messenger app] are in thrall to that app and cannot move off-of it because of a long loop of telephone cable which binds them “network effects” which “lock them in” anti-competitively
• so therefore any substantially large messenger app must be forced to be able to message any other[*] — because such will break up this barrier to client entry
• [*]…or possibly vice-versa; in fact there is still substantial confusion on this point, which I believe makes the matter especially ripe for discussion whilst the politicians still have space to fix their shit

Rather than explain further, let me cite some relevant quotes clipped from various articles:

---

(1) As reported by TechCrunch, EU lawmakers have agreed that the major messaging apps available in Europe will have to “open up and interoperate with smaller messaging platforms.” In other words, Europe wants an iMessage or WhatsApp user to be able to send messages to a Signal user, or any other combination of apps you can think of.

(2) Email is purposely universal in nature. I can send you an email without knowing which email platform or app you use. You might receive my email in Apple Mail on your iPhone, in Spark on your Mac, in Outlook on your PC, on the web interface for Gmail – or hundreds of other options. I don’t need to either know or care: I just send you an email, and you receive it. But if I want to send you an instant message, I need to know which apps you use. I mean, I can use your phone number without caring whether you receive it as an SMS or an iMessage, but that’s about it. Otherwise I need to know which apps you have, and which ones you actually read. Messaging interoperability is the idea that instant messaging should be like email. We can each use our preferred service and app, while still being able to communicate with each other. So I might use Telegram, and you might receive it in WhatsApp. Your mom may send you a Facebook Message, and you might receive it in iMessage. Like email, we would send the message to the person, not the service.

(3) At the moment, getting access to iMessage’s features on non-Apple devices is a complete pain. In fact, getting access to any messaging platform’s features outside of its native apps can range from difficult to almost impossible. Whether it’s Facebook Messenger, WhatsApp, or Signal, in every case, the services’ developers want you to stick to their own software to message on their platforms. But new rules announced by the European Union last week could pave the way for the barriers around these walled platforms to be dismantled. The new Digital Markets Act (DMA) includes a clause that says large messaging services could be compelled by other companies to offer interoperability with their platforms. It wouldn’t force Apple to make iMessage for Android, but it could allow another company to demand Apple open up its messaging service and then produce a third-party Android client with relative ease.

---

Would this “interoperability” work as proposed?

Again, this entire essay is an opinion piece, and this is my opinion:

What I see from the above is… a bunch of people who want messenger apps to be like email used to be. I get that. I understand it. I recognise it. I even remember it, including the converse of using email as we would now a messenger application, back in 1987.

But I believe that’s not how the world works any more — at least not for anyone under 30.

If you’re a backend engineer nowadays, you are probably into “containerisation” in a big way: this means Docker, Kubernetes, LXC, Hyper-V, Lambda. For security, efficiency, and the ability to reason about the scale of your enterprise, all your core functionality is bundled up into little “containers” and you cookie-cut them into existence and dispose of them when you don’t need them any more.

Hot tip: people do the same on the front end nowadays.

E-mail isn’t email any more, it’s the GMail app or the GMail webmail portal. Or “Outlook”.

Person wants TikTok? They download TikTok.

Person wants Instagram? They download Instagram.

Person wants WhatsApp? They download WhatsApp.

Android user wants iMessage? They’re screwed, and frankly perhaps the EU should be beating up Apple about not providing an iMessage application on Android, rather than “allow another company to demand Apple open up its messaging service and then produce a third-party Android client with relative ease“ — as the quote above has it.

After all, if you can get Microsoft Office for Macintosh, and iTunes for Windows, it can’t be insurmountable to Apple to build a properly integrated native iMessage app, even if on Android they do lack the benefit of the iPhone Supposedly Secure Enclave, Apple themselves will certainly do a better iMessage for Android, and and deliver better security than an enthusiastic “third party” would. Anyone who disagrees should try editing a Word document in OpenOffice, or an OpenOffice document in Word. We hate to admit it, but the truth is that interoperability (and data format portability) sucks.

So this is getting towards my point:

“apps” are no longer “clients”, instead they are shrink-wrapped “containers” of modern end-user expectation and experience, as product offerings in their totality

Experiences like:

• Instagram was launched to share pictures of aspirational lunches
• WhatsApp mushroomed because SMS and MMS was too expensive in Asia
• TikTok (or: Douyin) exists for people to play with sounds and lipsync and reactions and filters
• Signal was launched for people who want nations-state-resistant levels of privacy, integrity and discretion
• SnapChat was launched to enable clubbers to send ephemeral lewd pictures to each other in ways which minimise consequential impact

These are not Yahoo/AIM “messenger app”-replacements to be interconnected willy-nilly with open-source and credentials and sticky-tape and wet string; instead by and large these are “user experiences based around messaging”, and each is pretty-much distinct from any other in form and intent.

The example of SnapChat in the above is particularly illustrative of what would happen under enforced “interoperability”: in 2014 a third-party “Snap” client was discovered to have been saving content that was meant to be delivered, shown, and ephemerally disposed of:

---

“We can confirm that Snapchat’s servers were never breached and were not the source of these leaks. Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed.” 

According to Business Insider, the “third-party app” in question is reportedly SnapSaved.com, a web client compatible with Snapchat that allowed users to store photos and videos sent from Snapchat online. Unfortunately, the site was storing all the “private” Snapchats on a web server, along with the usernames of senders. The site SnapSaved.com was removed several months back, and no longer exists.

This whole episode is of particular worry to Snapchat users since the photo and video messaging service’s claim to fame is that the sent file self-destructs after viewing—not in the Mission: Impossible sense, but that it disappears from one’s mobile device and is scrubbed from Snapchat’s company servers. Because of its “self-destruct” reputation, the app is a popular tool among youngsters for transmitting sexually explicit material. Snapchat claims that 50 percent of its users are between 13-17 years of age, this potentially brings “The Snappening” into child pornography territory.

https://www.thedailybeast.com/the-snappening-is-real-90000-private-photos-and-9000-hacked-snapchat-videos-leak-online writing in 2014

---

Of course it’s possible to read the above and solve the problem by exclaiming “Snap should not exist!” — but then:

• Why should any particular software exist? And
• Who are you to decide what is and is-not “valid” software? And
• Who are you to unilaterally invalidate a user experience from which other people derive value?

Perhaps you could attempt the last one if you are a politician operating under a banner of “protecting democracy”, but all of “democracy” is actually a high bar to meet, especially when there is consequential impact upon privacy, and security, and liberty to code.

The “Snappening” was a failure of the Snap user experience to be closed enough — which is a hard thing to hear or accept if in the next moment you are going to swing around and say that platforms are “walled gardens” and we need them to be interoperable in order to tear down those walls for some unspecific or hypothetical benefit.

Sometimes — increasingly often — the whole point of a platform is to be a walled garden, and that’s okay.

Snap now talk about “Privacy by Product”. Signal (under Moxie) have made a virtue of building a walled garden, but nobody is beating up on them because they are not yet big, rich & successful … and absolutely nobody wants to ask “what happens if and when Signal becomes big, rich & successful?” — because perhaps “worthy” apps are not permitted to become big, rich & successful in Europe?

In case I have not made myself clear enough, here’s a potentially dangerous analogy — some people might try calling it a “straw man” but as I have already made my point above, this section exists only to amplify or assist existing understanding. If you’re at all worried or confused by analogy or metaphor, or are apt to overanalyse such in pursuit of a “win”, just skip down to the next “separator line” to avoid it:

If you are the sort of person to go to McDonalds at all, you generally don’t go there in pursuit of “a great hamburger”, instead you go there for a “Big Mac and Fries”, and a likely promise of some consistency and hopeful hygiene in delivering those things. You go there with fixed expectations, not in pursuit of surprising gourmet creativity.

This — fixed expectations of experience — is the modern “app” or “product experience”.

And if you’re the sort of person to never set foot™ in a McDonalds for various ethical reasons — for instance wages, regional lack of trade unions, or negative impact on local culture — you might propose to trying changing them by forcing them to interoperate with local restaurants, so that you can walk into the McDonalds but still order sushi from the place over the road. Surely that will open customers’ eyes to some new alternatives, no?

No, I think not. I think most people who walk into McDonalds will still order Big Macs, and if they want sushi they will walk instead into the Sushi restaurant where they can have a proper “sushi experience”. A few creative, tinkering people will attempt cross-ordering “because they can” — but not enough for the project to be considered a “success”, and it’s likely that they will in the end just write trite little twitter threads and blogposts about how terrible everything is and how McDonalds must be punished harder because the result is not what they expected — even though it’s entirely what they asked for.

---

Doubtless there are still people today who download generic email applications to their phone and then spend even further time setting up IMAP or POP and passwords on tiny keyboards, tweaking “attachment retrieval size limits” and polling intervals; but generally most people don’t have time for that sort of thing in the so-called “messaging” space unless they are:

• People who want their free and libre messenger clients to be able to communicate with Facebook Messenger even if their client doesn’t support “disappearing” messages sent by friends. Nor GIFs. Nor Reactions. Nor the latest emoji. Nor “message read” indicators. Nor PDF attachments. But all that’s okay because none of the above are relevant to “real communication” which somehow always happens in plain ASCII.
• People who want their WhatsApp and their Telegram tunnelled over their Matrix so that instead of being at risk of “surveillance capitalism” they can put their trust in a bunch of fellow geeks running a “federated” server. Because you can trust your friends, right?
• Or… politically-minded people — politicians, journalists, technologists — who believe that by being different they are striking a blow against corporate monopoly power, inspiring and enabling a new generation to download free software and tinker endlessly and delightedly with settings, patches, updates and API Keys and credentials. Not to mention enabling lots of lovely, election-friendly lawsuits and huge coffer-filling fines when everything turns out to not be what they expected, even though it’s entirely what they asked for.

To restate what I have written above: sometimes the latter people may have a point about monopoly power, about cartels and predatory behaviour, sure; but in this specific instance – in the instance where they are trying to force “interoperability” here and now, upon any sufficiently large messenger application, they are (a) setting a dangerous precedent for regulation of software function and (b) through delay and confusion are actually causing more harm than good to the causes of online privacy & security.

A change of tack…

Because it’s monday and I have parental duties to deliver, I want this essay to ship reasonably soon, so I’ll switch to a pseudo-Platonic “FAQ” format, and attempt to “inquisit” myself. If I miss any criticisms of myself, let me know in the comments below and I’ll fill them out between feeding baby and various naps.

But Alec, you’re misrepresenting the goals of “interoperability”!

Messenger interoperability in the Digital Markets Act has been launched to “hurt big monopolies” without regard to the impact upon their ability to shape product user experiences — and I believe that doing this is harmful and impacts user value.

Evidence that the goal is political rather than functional, includes this white paper from Professor Ian Brown, one of the loudest exponents of interoperability:

Abstract: Interoperability is a technical mechanism for computing systems to work together – even if they are from competing firms. An interoperability requirement for large online platforms has been suggested by the European Commission as one ex ante (up-front rule) mechanism in its proposed Digital Markets Act (DMA), as a way to encourage competition. The policy goal is to increase choice and quality for users, and the ability of competitors to succeed with better services. The application would be to the largest online platforms, such as Facebook (social media and instant messaging), Google (search and Android), Amazon (marketplace), Apple (iOS), and operating system ancillary services, such as payment and app stores. This report analyses up-front interoperability requirements as a pro-competition policy tool for regulating large online platforms, exploring the economic and social rationales and possible regulatory mechanisms. It is based on a synthesis of recent comprehensive policy reviews of digital competition in major industrialised economies, and related academic literature, focusing on areas of emerging consensus while noting important disagreements. It draws particularly on the Vestager, Furman and Stigler reviews, and the UK Competition and Markets Authority’s study on online platforms and digital advertising. It also draws on interviews with software developers, platform operators, government officials, and civil society experts working in this field.

This approach is clearly one of “start with ‘pro-competition’ regulation and work backwards to justify it with a bunch of wishful thinking” — without considering (without understanding?) the nature of what is proposed to be regulated.

That Ian and others do not understand apps as “shrink-wrapped containers of modern user experience” is further evidenced with this blogpost related to the above white paper:

Interoperability is the online equivalent of interconnection that the EU imposed on the telecoms sector in the early 1990s, and was fundamental to the successful opening up of these markets to competition. Interoperability has been fundamental to competitive communications markets since their inception, and underlies many technologies today, including email, digital TV, and indeed the Internet itself. Users can exchange calls, text messages and e-mails irrespective of their phone, network or e-mail service.

[…deletia…]

These major companies are piggy-backing on decades of interoperability, baked into the Internet, to provide their own, non-interoperable services. In the same way that the Internet’s interoperability led to unprecedented innovation and consumer benefits, introducing interoperability on these markets would bring innovation and consumer benefits to users of these — currently monopolised — services.

Ian (and Douwe, above) clearly are coming from a perspective where “all messengers exist for equal delivery of text messages” in the same way that “all telephones are for voice conversations”. But this is not the case any more: apps nowadays are about communication within the framework of a special user experience.

But worse: where is it written that just because (“piggy-backing on decades”) TCP/IP is interoperable and well-tested, that immediately means that Tinder or Grindr applications must be interoperable with WhatsApp?

Why does something “baked into the internet” mean that SnapChat must open itself to another “Snappening” leak of non-consensual image sharing via third-party apps?

Why does this mean that we are not allowed to want “walled gardens” around our data?

Isn’t the whole point of innovation to stand on top of features like that? And perhaps compartmentalisation of data within app “walled gardens” can be what some people actually value?

Certainly people in some industries — like sex work — have been on occasion unpleasantly impacted by surprise interoperability; so if anything the EU should perhaps be focused upon preventing interoperability, to enable people to reason more easily about their threat exposure.

But Alec, Facebook “locks up” our data! It tracks our metadata!

Oh, because I am an end-to-end encryption nerd, this one is a delight. Alex Stamos made this observation, and I agree with him:

https://twitter.com/alexstamos/status/1507366543360897028

…and I am deeply aware that the next impact of that size will be the E2EE-conversion of Facebook Messenger, a project that I do not believe deserves to be derailed in pursuit of “interoperability” in the hope that doing so will “bust corporate power” — power that is sometimes attributed to Facebook “locking up your data”.

Because the apps that I am interested in are (or, in Messenger’s case, will be) end-to-end encrypted, then my data only exists on my devices, and upon the devices of people with whom I am communicating. My data is “consolidated” on my phone, and ideally stored there in a secure manner, safe from tampering by other installed apps. End-to-end encryption makes me practically sovereign over my data, and any “locking up” is all my own doing — at least, so long as I am not coerced into doing something foolish like “backing up my messages in cleartext to ‘the cloud’”.

But if we are worried about data, then interoperability will proliferate metadata well beyond existing bounds, so that the passage of messages that once were held within the little hard-to-MLAT walled-gardens which WhatsApp provided to Alice & Bob, will now be open — and offer a rich surveillance surface — to any arbitrary third party clients which Alice or Bob might be convinced to adopt in addition to the obligate WhatsApp.

This offers so much more opportunity for tracking of the sort enjoyed by state intelligence agencies.

And here’s another scenario: how about that WhatsApp is forced to “open up APIs”, and Telegram decides to implement a “interoperable” client as part of Telegram; and then Telegram starts aggressively upselling itself to move (e.g.) Iranian activists out of end-to-end encrypted Signal-protocol WhatsApp chats, into Telegram ones.

Is this a desirable outcome? I don’t think so — but perhaps the EU believes that people should be offered the opportunities to be surveilled, self-incriminated, and even arrested?

But Alec, interoperability won’t complicate the user experience!

This is a quick one: both WhatsApp and Signal make clear promises to their users, along the lines of:

“we guarantee that every conversation this app is end-to-encrypted, and we have crafted the user experience and curated our apps to deliver that guarantee“

For instance, here; and I would be interested to know what part of that message could ever be simplified by mandating the addition of “interoperability” to those platforms?

I am confident that the answer is “none of it”; the best that interop can hope for in terms of “not complicating the user experience”, not “imposing cognitive load”, not “confusing people” — is to “break even”; and it won’t “break even”:

But Alec, Interoperability is easy!

Back in early 2019, Facebook announced an initiative to build interoperability amongst its primary platforms: Facebook, Instagram, WhatsApp, and Messenger. Civil Society was certain this was a bad thing. There were even talks of injunctions against it.

We are now 4 months into 2022, and Meta still hasn’t delivered internal interoperability, even explaining last year that this stuff is kinda hard to do and hard to get right. Articles deride Meta for delays to end-to-end encryption for Messenger. And now the EU and civil society is calling for all of GAMA to be interoperable, even for tiny startup clients, and for it to happen in quite short timeframes like months-to-a-few-years.

What I sense from this is a lack of consistency in “civil society” wants, and a lack of realistic timeframes in EU demands. Combined they make a heady but toxic brew — but clearly ripe for creating lawsuits and huge fines. Who would benefit from those?

But Alec, all they have to do is open-up some APIs!

SnapChat had private APIs — which is not to recommend for security — that were reverse-engineered and taken advantage of by third party apps; if your value proposition involves keeping a protective wall around user data, being forced to actively open your APIs to third parties is likely to result in bad things happening.

“…oh look, what are the EU proposing to force platforms to do?”

But Alec, it’s possible to do end-to-end encryption in an interoperable manner! There are many common protocols out there, not to mention new standards like MLS!

Oh god, this. Yes, you win, I raise my hands, I wave a white flag, I give up! Of course if you burned to the ground all extant messenger-like solutions and forced them to adopt a single protocol with a single means to encrypt data and with a single means to represent semantic value such as: reactions, replies, read-receipts, GIFs, disappearing messages, images, attachments, links, and thumbnails, then of course you could have interoperable end-to-end encryption.

But you will also have destroyed all diversity in messaging, and that sucks.

As an aside: MLS is a fine effort. I was at one of the first few kickoff meetings, and I know several people who participate in the effort. But if you load up the specification and go looking for word-stems like: replies, replies, attach — you won’t find anything. All that stuff has been at the whim of platform innovation for 10 to 20 years, perhaps more.

Ian Brown, having detected argumentation from me and others in this direction (viz: “interoperability harms extant and future end-to-end encryption”) has published a handwaving counter-essay which essentially boils down to “all we need to do is do this properly, and everything will be fine and maybe we’ll achieve these benefits.”

This argument is still no better than “many, perhaps most cars use gasoline/petrol and drive on the road, so with a little effort we could harmonise them to all drive on the right and for them all to use the same engine and parts” — viz: it’s true, but unrealistic and best not started as an effort from where we actually are.

But Alec, Matrix is wonderful!

Yes it is, and so are Briar, and RicochetRefresh and a host of other distributed or decentralised solutions for messaging; but none of this means that the solutions they’re offering will scale for use by three billion people; let alone some presumption that for some reason they should be adopted by everyone due to European political “fiat” rather than, you know, by actually succeeding at growing in the marketplace.

But Alec, anything that Hurts Facebook is good!

But is “Hurting Facebook” more important than giving people end-to-end encryption? As I recently wrote to one of my peers in this industry:

Again, I take this position and I defend it because I believe in delivering the maximum amount of straightforward and well-implemented E2EE for the maximum number of people in the shortest time frame.

Those people, such as [yourself and others] who push for “E2EE is great, yes, but shouldn’t it also be interoperable E2EE, because monopoly-busting is important?” — are kicking the can further down the road, and in the process also massively risk both (1) extant work by Meta towards the E2EE goal, and (2) emplacing legislation which impacts everyone and says “when your software gets to be too successful, you have to drill holes in its security offering, because we the legislators say so.”

As someone who similarly formerly laboured against US legal restrictions upon “maximum key lengths”, I wonder why that latter does not disturb you more? I suspect that the answer is that you don’t believe in the curated client experience being part of a platform’s offering, but there may be more to it than that.

Intermission…

There’s clearly more that needs to be said/written on this topic, but I need to go feed the baby; any further commentary or response to questions will be posted in a followup posting.

---

…