Thoughts

- Reading time: 23 minutes -

Preface

The purpose of these thoughts is to achieve a more conscious perception of statements made, especially about “interoperability” - but also about “federation” - and a more objective argumentation.

Interoperability obligation

There are various reasons why one can support or reject a legal obligation for interoperability between messaging services.

Of course, the market-dominating companies such as Facebook or other large, well-known messenger providers have no interest in opening up their closed systems in any way. But even on the side of the open systems, the issue of interoperability obligation is controversial!

The Monopolies Commission formulates this in its 12th sector report “Telekommunikation 2021: Wettbewerb im Umbruch” (external; PDF):

Interoperability obligations that would enable cross-service communication are to be rejected for number-independent interpersonal telecommunications services such as WhatsApp, Signal, Threema and Wire should currently be rejected, as they would currently cause more disadvantages than advantages for competition. … An asymmetric interoperability obligation for number-independent interpersonal telecommunications services, if it were to become necessary, should be limited to basic functions to be defined, so that competition via innovative additional functions remains possible.

In this respect, I can only agree with the statement “interoperability yes but no interoperability obligation”, because a compulsory “individual opening via DMA” cannot be equated with “general interoperability”. But what is stopping politicians from using existing standards?

Role model function

Politics/administration has a public role model function - but especially when it comes to interoperability in messengers, this is missing. Instead of showing the flag, people speak with two tongues and a comfortable double standard prevails:

Janus-faced interoperability is demanded on the one hand, but on the other hand the same interoperability is rejected in own projects or even consciously excluded from the start. The great thing: Both with the same, pretended reason “more/better data protection”. An example response to this regarding a tender at the state level:

… which is explicitly not desired by us for data protection reasons.

Politicians make it easy for themselves: No systems are used that comply with standards, but rather many different systems that are incompatible with each other. Even in tenders, the point of “interface to the outside world” is often not considered at all or even deliberately excluded out of (unfounded) fear of “data protection”. At the same time, however, with the concrete considerations of the interoperability obligation at the EU level, the service operators are being asked to solve the problem (for the politicians).

Fitting cross-reference: Thoughts on “alternatives to WhatsApp”

No matter which authority, which office or which institution:
Nobody could answer me so far, which data protection-legal points would speak in practice then concretely against interoperability! That is why the finger must be put on this wound and this is where it must be started. After all, everyone uses mail, e-mail, telephone and mobile communications - and everyone involved takes interoperability for granted! So there is probably simply a lack of knowledge or there is misinformation which results in a false picture.

But even functionaries are ultimately only human beings who cannot (or do not want to) jump over their own shadow. For them, too, the convenience of WhatsApp with the automatic uploading of the address book is more important than much else. That’s why they consistently demand from others to change and tinker with the “DMA“ …

Decisions

Countless companies buy messenger services and also in the public sector tax money is sitting loose/being spent for this. So the messenger market is worth billions, there is a lot of money to be made and therefore it is highly competitive. So in marketing (and consequently in decision making) the buzzword “interoperability” is often used and it sounds great. But what is actually behind the marketing slogans?

And does everyone understand the same thing by the term “interoperability”? Because it is often used incorrectly, interpreted differently, or at least stretched very far.

Why?

From the point of view of decision-makers, it is advantageous if decisions can be brought about and made quickly with a clear result. In this respect, it is superficially very helpful to simply adopt advertising statements and also decisions of others for oneself without asking questions. Because “that must have been well considered” and “if they do that, it can’t be wrong for us”.

Unfortunately, as is often the case, it’s not that simple, because every messenger solution has advantages and disadvantages. And among the primary advantages is not that very large organizational units internally use a particular system that works great there - but that is not relevant in the context of interoperability.

What is important, however, is to know whether a messenger system is to be used exclusively as an internal means of communication and work (not accessible to outsiders) or as a general and interoperable communication solution, just like the telephone and e-mail, for example. In other words, as a supplement to the usually public contact data that can be found on websites or business cards:

• Name: …
• Postal address: …
• Telephone no.: …
• E-mail address: …
• Chat address: …

In order to make future-proof decisions, it is therefore important, for example, that interoperability (cross-provider message exchange on the basis of standards) is included in the specifications for invitations to tender. A legal obligation for interoperability (see above), which is currently being considered, would then not be necessary at all.

Fears/apprehensions

In the public discussion, one has the impression that attempts are being made to consciously prevent practicable interoperability by means of pretextual arguments. But this is a huge market with enormous profit opportunities - so this is understandable.

On the one hand, an interoperability of messengers is always seen critically or even rejected, because negative effects are feared. On the other hand (as already described above), politicians would like to introduce interoperability that is good for consumers on a mandatory (but not consistent) basis.

However, when looked at more closely, the fears and anxieties are all substantial and only arise if the same thing is not understood by interoperability. A definition and description of “interoperability” is therefore very important and protects against such misunderstandings.

Unfounded fears related to the use of international protocols (not regarding APIs) can thus be quickly dispelled, because recognized standards are the basis for innovation, offer functional diversity, better data protection and more privacy.
Note: “Better” and “more” does not mean “very good” or “optimal” - here P2P systems are more suitable (but less suitable for the masses). But by the possibility of several chat accounts as well as the use of different server operators (or even own hosting) you have much more control over the accruing metadata and autonomy than with classical “silos”.

Industry/Economy/Politics

In these areas, some (sometimes even messenger providers) fear that …

• that standards would inhibit or even undermine the innovative power of individual market participants (messenger providers).

However, this can be quickly and clearly refuted, because international standards do not delay or even prevent new or further developments, but enable and encourage them in the first place. This is true and undisputed in all areas, not only in information technology. This is the only reason why standards exist. Independent of defined standards, every development company can develop its own functions or even special solutions based on standards (or independently of them).

WhatsApp, for example, is based on the protocol and international standard “XMPP” - nevertheless, further developments (e.g., encryption MLS) or multi-device functionality (message synchronization), phone number independence, multiple chat accounts, availability on mobile devices, etc. are. Features of most modern messengers.

The private sector

Private users, on the other hand, have completely different fears and concerns:

1. Fear of loss of previously cherished and practical functions among users who may have registered specifically with messenger system XY because of this.
   Due to interoperability on the basis of international standards, no reduction in functionality is to be expected. Every provider can develop and implement individual additional functions for his area (e.g. especially for corporate customers) based on standards (HTTPS, IMAP, USB, HDMI, … and also XMPP)!
   Previously existing functions of closed messenger solutions can still be used within this system. This is not endangered by a possible and not mandatory interoperability, because in the end “chat” is nothing else than “e-mail with online functionality”: Even with e-mail there are countless/different applications and many companies that have specialized in software/hardware with various additional functions. Free messengers, like all free software, are particularly suitable for such special developments because of the program code available to all.

2. Fear of unauthorized disclosure of user data to other systems that one would consciously not want to use oneself.
   For example, do you have to tell Facebook your phone number via API to send messages to WhatsApp from outside? That would be fatal.
   By using international protocols, data protection and privacy is neither curtailed nor restricted. An important point here is also data sovereignty: In order to communicate across providers, no data files need to be transferred or matched from provider A to provider B.
   Moreover, by preventing centralized structures, everyone can decide for themselves or, for example, their employer, where their own data (chat accounts, contacts, conversation histories, …) should be located and which data traces they want to leave behind and where.

3. fear of unnoticed spying via assumed gateways in “secure” messengers.
   Interoperability does not mean that systems are broken up. It merely describes the paths that are possible for communication and what the rules are for using these paths. Standardization means “rule agreement” and not the installation of unknown or suspect additional modules. Communication is possible without having chat accounts with other systems.
   By using several separate chat accounts (even with different providers) you can even better protect yourself from unnoticed spying!

4. fear of garbage messages (spam)
   Concerns about the problem of garbage messages (spam) are also mentioned again and again. If server operators use international standards among themselves, however, this does not automatically mean that they will receive more garbage messages as a result. A chat address of user accounts that is anonymous to the outside world is conceivable - at best with an alias address that can be selected by the users themselves. This way, users can decide for themselves whether and how they can be reached. Trash messages are usually only a problem if contact details are made public - as is the case with all other forms of communication. In addition, the setting “Accept/Deny messages from unknowns” also helps here.

---

Explanation Graphic

Does actual interoperability require a public federation or simply interfaces to comply with international standards? Here is a schematic diagram of the principle of how this can look like and be achieved without an interoperability commitment. For all who are concerned with or interested in the systemic/technical realization of interoperability between server operators this should be a basis for discussion - for normal users the consideration of the background in this respect (and thus also the diagram) is not important:

The graphic can also be downloaded as a print file: Interoperabilität.PDF (ca. 0,6 MB)

It should be an aid and discussion basis, in order to find with discussions a common language, which can look then also differently, as represented here - but one avoids misunderstandings!

The following is an attempt to define the two terms …

Federation

By federation we mean the cooperation of different service providers (server operators) of the same system. However, there may be limitations: In contrast to a public federation, there is often only an internal federation, where several servers are connected internally within the organization, but the users cannot communicate externally (see above, e.g. some Matrix instances).

So with federation it is always important to question what is meant and what is possible! Because again and again federation (which one exactly?) is referred to and thus alleged interoperability is promised and diligently advertised.

But federation is not the same as interoperability and federation alone does not bring the interoperability of messenger systems demanded in politics, nor does it help to achieve this goal.

Interoperability

Unlike federation, interoperability is the ability to interchange via standardized interfaces and protocols (and independent of vendors). So whether a service is federated or not, standardized interfaces/protocols must be defined and used to be interoperable. Practical examples that are known are e-mail, Bluetooth, telephony, WWW, paper formats, USB, HDMI, various DIN, etc.

The German Federal Cartel Office (see below) also understands interoperability in the context of chat as “the ability of independent, heterogeneous messaging systems or messenger clients to work together to varying degrees.”

Especially in the messaging market, interoperability (the ability of different providers to work together) is and will become increasingly important. What is known and taken for granted from other forms of communication, such as telephone and e-mail, thanks to public federation based on international standards, does not yet exist for “chat.” Many people have become accustomed to different and mutually incompatible chat systems/messengers.

Ideally, however, a communication system (whether telephone, e-mail or chat) has public interfaces and uses standards for this purpose, so that citizens, customers, suppliers, employees, etc. can communicate with each other regardless of the provider.

International standard?

The IETF (external; Internet Engineering Task Force) is responsible for standardization on the Internet and is internationally recognized. Many standard protocols, such as SMTP for e-mail, are developed here and kept up to date through further developments.

Standard protocols are the publicly agreed and recognized rules for communication.

There is also a standard for chat (XMPP) that can be flexibly extended. Based on this, even special requirements for individual areas (security levels, special encryption, closed areas, special functions) can be implemented as needed, without disturbing the basic, federal function and the free flow of information.

Just … (yes repeat) … as is the case with other forms of communication (mail, telephone, e-mail, or mobile communications).

Future security through standards

A negative example of how standards can be abused is WhatsApp, which used the protocol for its own purposes, modified it for itself and sealed itself off. In this case, this has led to enormous dependencies instead of having future security. A little background information on this:

In a posting (external) by one of the two WhatsApp founders, for example, people asked how to ‘bend’ the server software “ejabberd” for WhatsApp. Of course, this does not show to what extent WhatsApp is still based on it (or the original server code) today, but this background knowledge is interesting nonetheless. In addition, at least Facebook Messenger, Google Talk, KIK Messenger, Zoom and Nintendo were also created on the basis of the XMPP standard.

But only by using public, international standards can multiple investments of taxpayers’ money in different systems be avoided, even in “chat”, and as is true in all areas (construction, development, administration, finance, …):

Recognized standards are the guarantor for innovation and future security!!

Every Euro/Dollar invested in solutions that support and adhere to standards benefits the public, because just as e-mail or telephone do not belong to a single company, the same is true for “chat” - it is (standardized) common property. It is tried and tested and successfully in use. Often even in the background as small examples from the education sector show:

With the learning platform “Moodle” (external) it is possible to send system messages (external) to users also via standardized chat interface. Very commendable. The e-mail accounts for 22,000 teachers in Thuringia are also not just pure e-mail addresses, but also chat addresses at the same time (only hardly any teachers know this).

However, public interoperability through adherence to standards is an essential point, especially for the question of the use of chat systems at public institutions and in citizen communication. After all, it is not only a question of independence, but also of the sensible use of taxpayers’ money.

XMPP with existing services

In the case of an interoperability obligation based on XMPP, ironically it would be Meta/Facebook that would have the easiest time, because WhatsApp was created on the basis of XMPP. The provision of an interface would therefore be technically relatively simple and quick. Messenger/video conferencing systems that include XMPP or have dealt with it in the past:

• WhatsApp: Based on XMPP; the (currently invisible but used) chat address is: ‘+phonenumber@whatsapp.com’ cross-reference.
• Wire: already thought about this in 2019 source (external)
• Jitsi Meet: Also using XMPP for chat function source (external)
• Zoom: “Zoom communications chat is based on the XMPP standard” source (external) The (currently not visible but used) chat address is: ‘username@xmpp.zoom.us’

Bridges

When using bridges to standardized chat, it is even possible to communicate with other systems. But this is only possible to a limited extent in this case, because bridges are quasi limited interfaces that only partially cover a protocol or realize it through shadow users (“puppets”). However, such a bridge is very fragile and can result in errors or fail completely even with small changes to the other system.

Basic functions such as normal messaging usually work reasonably well. However, for more in-depth functions such as the reliable provision of online status, more details of the standard must be integrated.

Things get complicated and almost visionary when entire chat groups or public chat rooms are to function across different proprietary and non-standard systems and then, if necessary, in encrypted form.

Therefore some bridges are rather crutches.

Bridges to WhatsApp

For “bridges to WhatsApp” (or other closed systems), it should be questioned whether they are …

• illegal,
• unofficially tolerated by Meta/Facebook,
• officially approved or
• whether possibly even a reciprocal agreement has been made (is there such a thing?).

Because according to their Terms of Service (external; “terms of service = “TOS”) the following is clearly not allowed:

“Permitted Use of Our Services
You may not, directly or indirectly, or by automated or other means, use or copy, adapt, modify, distribute, license, sublicense, transmit, display, perform, or otherwise exploit or access our Services in any unauthorized or unauthorized manner that burdens or harms us, our Services, systems, users, or others …”

However, since WhatsApp can also be used via web client in the browser, there is a “web interface” that can be exploited for (illegal?) bridges. Nice if you can then once again push the responsibility onto the users … Quite apart from this, you are not independent of WhatsApp, because you still need a phone number to register with WhatsApp / despite this and have an account there to use the web service based on it.

Notes from providers like …

“Using the bridge usually does not result in a block by the provider.”

… are not formulated like this without reason. Without opening the original client from time to time, it is possible that the WhatsApp account and thus also the bridge may no longer work.

Promises

An example of bold and almost dishonest advertising promises of “interoperability” is the marketing of TI-Messenger by the German healthcare system Gematik (external):

“TI-Messenger - The new standard for secure, interoperable instant messaging in the German healthcare system”
”… interoperability - and thus cross-sector and cross-provider exchange …”

Great - interoperability! But what does the company actually mean by this? That’s far back in the concept paper (PDF) (external):

“6.3 TI Messenger federation
The TI Messenger application supports the feddie ein Protokoll nur teilweise abdecken bzw. durch Schattennutzer/„Puppen“ realisieren. Eine solche Brücke ist jedoch sehr fragil und kann schon bei kleinen Änderungen am anderen System Fehler zur Folge haben oder komplett versagen.eration mechanisms of the Matrix protocol to be able to use homeservers and domains of different TI Messenger providers. However, federation is limited to home servers of TI-Messenger providers. Homeservers of other Matrix Messenger providers are excluded.”

“Home servers from other Matrix Messenger providers are excluded.” means: No public federation and no open interoperability in practice. In other words, something quite different from what is repeatedly advertised on the home page and understood as such by unsophisticated readers.

Interoperability is not possible in this way and is not improved by it. So be careful when interoperability is promised!

Often large installations of messenger solutions are intended for purely internal communication and are configured in such a way that no public federation is allowed. Not to mention real interoperability, because theoretically possible interfaces to the standard protocol are often not activated in practice.

Sector inquiry by the German Federal Cartel Office

Interoperability in messengers concerns everyone and is also becoming an issue at the federal level. In 2021, the German Federal Cartel Office conducted a sector inquiry on this. The questionnaire (extern) itself is publicly viewable and some questions are very interesting, especially with regard to standards.

In November, the interim report (external) on the survey was published and the results/recommendations are eagerly awaited.

• Interim Report (external) from 04.11.2022 on the survey
• Final Report (external) from 17.05.2023 mit den Ergebnissen und Empfehlungen

However, fears or even anxieties that interoperability based on standards would endanger/erode data protection or privacy are unfounded!

Because the use of common rules for communication (=interoperability) does not mean that the data is also accessible to everyone. No provider has access to the data and message history of other providers. Such rumors are the result of half-truths or false reports and can only be cleared up by factual information.

Summary/Conclusion

Interoperability is the ability to exchange information independently of providers via standardized interfaces and protocols.

Interoperability exists, for example, when contact data on Internet pages or business cards include the chat address in addition to the postal address, telephone number and e-mail address.

The easiest, fastest, and most cost-effective way to achieve interoperability in messengers on the market is to use products that comply with international standards yourself and, for example, to take this into account and demand it in tenders.

One should be aware:

• “federation” does not automatically mean “public federation!”
• Federation is NOT the same as interoperability!
• If “interoperability” is promised, it must be questioned what is understood by it!
• Interoperability must be public!

Recognized standards are the guarantor for innovation and future security and only the adherence to international standards makes real interoperability possible.

Politics/administration must live up to its public role model function. Still too much is listened to lobbyists and alleged specialists of the software manufacturers with Messengern - digital sovereignty, lastingness and liberty should however also with the Chatten to move in. You don’t have to be an expert!

In the future, it should no longer be “I’m sending you this via WhatsApp/Threema/Signal/…” but, as with e-mail, quite normally “I’m sending you this via chat”.

---

Supplementary information:

• Generally on the topic of “free messengers”
• Freedom + Security = Sustainability
• Recommendations for WhatsApp users
• Quick overview of messenger systems
• and the unique “Overview of comparisons”

Date: 17.05.2023
Rights: CC BY-SA
Autors: Diverse (Initiative Freie Messenger)

---

All articles/thoughts about Messenger:

• Thoughts on “alternatives to WhatsApp”
• Thoughts on interoperability
• Thoughts on Digital Markets Act (DMA)
• Thoughts on end-to-end encryption
• Thoughts on security/pseudosecurity