This is almost too good to actually go through. Protocol transparency, that is to say forcing companies to open up their APIs would be one of the simplest and effective ways to break platform effects and walled gardens.
It shouldn't just be limited to messaging. An internet where everyone can built a client against Facebook's API, or Youtube or what have you and users get actual choice and control about how they consume those services would be a big leap forward.
> It shouldn't just be limited to messaging. An internet where everyone can built a client against Facebook's API, or Youtube or what have you and users get actual choice and control about how they consume those services would be a big leap forward.
Or a wonderful leap backward, in the most positive sense.
In these days of proprietary wall gardens everywhere it might be difficult to remember, but earlier in the Internet that was how things worked. Every protocol was public, documented in RFCs and all implementations were interoperable (barrings bugs/etc, but mostly anyway).
Er, WhatsApp is based on Noise for client server protocol, and Signal protocol for peer to peer encryption. Both were open standards before WhatsApp implemented them.
Yes, but if I remember correctly, one of the things FB internal document dump showed was that API for smaller and bigger players behaved differently. API access won't mean anything, if companies are allowed to pick and choose how it behaves against some IDs.
Beyond privacy concerns, it’s also going to open these and many other services up to an unending wave of SPAM.
So, I wouldn’t assume it’s great for end users without digging into the details. Don’t forget the last time they did privacy regulations they created an unending wave of click yes to accept cookies.
PS: Looking at rapid downvotes I see people disagree, but mandatory interoperability would presumably force them to accept SpamNetwork101, SpamNetwork102 … etc.
I miss the days when I could fire up Pidgin (or Gaim when I started using it) and instantly connect to every IM service I ever needed. Hopefully this is a step back towards that.
Agreed. It genuinely feels like my online experience degraded over the course of the past decade or so, because I am less willing to join a specific walled garden. And then I remember that this is by design. The winner takes his/hers social circle to the winner garden.
Just force monopolistic/abusive/anti-competitive companies to expose API's ; it's not a stretch; they did it for banks (psd2) and it's great for consumers and companies alike. Do it for everything; open systems make the world better. And they can still be monetized; it's not like forcing everyone to open source everything.
Edit: more subtle choice of words to indicate what I meant
As someone who works on a SaaS product, one of our biggest costs is our stable API surface. Internal APIs are essentially free, but for a public API we have to:
- Implement a conversion layer from our internal representation so we can keep it stable.
- Complicate all further feature work because we have to consider how it will affect existing customers of the API.
- Write and maintain documentation for the API.
- Keep the API working even after we no longer use it.
- Maintain multiple versions of the API in parallel.
- Make sure our error messages make sense to people not familiar with our internal systems.
- Be more careful with validation - for our internal APIs it's not the end of the world if a bad request results in a 500 rather than a 400, but it matters a lot for public APIs.
- Be more careful with rate limiting and other defenses against API misuse.
And this is to name just a few. A requirement that everyone expose a public API is pointless if it doesn't include a stability guarantee, and overly burdensome if it does.
Most social media companies' businesses models rely on having complete control over the presentation of content. Forcing them to allow third-party client apps would ruin that, and it's going to be beautiful.
Wow, "just force everyone". This is not freedom. I mean it doesn't feel that wrong because we ware talking about a big corporation, and sure I hate that WhatsApp replaced SMS here here claiming "privacy first, never any ads" but then gets bought by a big anti-privacy, ads-everywhere company. But still, imagine WhatsApp was written and maintained by an individual? Would we be so keen to use terms like "force"? This is all negative in the freedom dimension.
If you want a free, private, modern communication network, build it, don't steal it. In this case we are already very close to having a very nice solution in the form of Matrix. Throw some money and devs for things at Matrix/Element for issues we want to solve there. Push it as a government sanctioned solution. Offer services over Matrix, avoid WhatsApp.
I believe forcing to expose APIs would kill messengers which are built around a single feature (like snapchat).
The idea behind snapchat is that it's hard for users to save images without notifying the opposite party. You wouldn't be able to enforce this with third party clients.
It seems like this is an attempt to destroy the whole idea of a curated platform, though.
iMessage's advantages are a feature of the Apple ecosystem. WANTING it to interoperate with Facebook or whatever is one thing, but legally REQUIRING it seems to me to be very, very dangerous.
The banking API rule isn't that useful, you as a bank customer cannot get access to that bank's APIs, instead you have to go to another company who does have access.
> (fa) allow end users, business users, providers and potential providers of on line social networking services access to and interoperability with the same industry-standard service features that are available or used in the provision by the gatekeeper of any social networking services; minimum interoperability requirements shall be in accordance with the relevant Union legislation or the industry standard, where applicable, by providing open standards, open protocols, including Application Programming Interface;
This annoys me. Rather than robbing Moxie of his vision and forcing Meta to break their business model, why do governments not just lead by example?
Start using Matrix, we all know that the signup process could be easier (among many other things), throw some money and devs at the project with that specific goal. Start offering services over Matrix. Public money, public code. The whole world benefits.
I remember back when MSN/Windows Live Messenger used to be one of the most popular options out there. Even though I used Ubuntu, I could still chat with my friends through the Pidgin messenger. This was all possible through the XMPP interface, which still exists by the way.
It's not just that these new messaging platforms are adding no extra value, they are creating worse experiences, and we're buying into it. You now have to install half a dozen messaging apps just to keep up (WhatsApp, Telegram, Facebook, etc.) . And now we're suddenly talking about reinventing the wheel.
How easy is it to send full quality videos and pictures via XMPP? I feel like the main difference from my Pidgin days and today is that these days there is a metric ton of large media files being sent around.
Short term thinking and focus on new shiny features over long term sustainability. It's a pattern we see repeated in many aspects of society, not just messaging. Combine this with network effects and it ceases to matter that a minority of people have the time and interest to think about the long term, the majority have already made the decision, and your choices are to either be left out, or participate. It's frustrating, but it's one of those things when a large enough sample of the population are living lives which have much bigger problems than messenger lock-ins.
You don't have to. If you say you're only reachable with apps that support XMPP then generally people who care about chatting with you will use that. That's what I have been doing since January last year when WhatsApp changed its ToS.
iMessage and WhatsApp both already have encryption backdoors that escrow the endpoint secret keys or plaintext to cloud services, undermining the end-to-end encryption. That ship has sailed.
Double yes! I had thought for the longest time that a Linux-like open landscape would develop for messaging and social. I no longer believe this is going to be the case. I truly believe we are at a Standard Oil / AT&T moment (as documented would happen by Tim Wu in the Master Switch[1][2]) There is no conceivable way other than politically/legally that big tech will of their own volition lower their drawbridges to span their moats.
This needs to happen. Mandate interop and federation please.
This is a step in the right direction. I'm pretty certain that they will make their open APIs a pain in the ass to work with so that nobody actually uses it but they still comply with the law.
So, I think further revisions of this law will somehow need to take this into account.
IMVHO communication protocols of anything public MUST be open, peering MUST be allowed as a general policy. It's not a matter of scale: communications exists to communicate, not to create walled gardens.
What's the reasoning for that? I think the opposite is true, because open protocols allow a startup to interact with existing users, without needing to overcome the hard barrier of network effects. Closed protocols only help entrenched groups, and are actively harmful to both users and startups.
They could implement EXACTLY the same security requirements via a public-facing API as they do via their existing "private" API. How would that be trading security? lack of obscurity?
Clearly they cant be expected to integrate with any 3rd party, so the expectation is that 3rd parties would integrate with them.
You can do this at present via their private API (as per pidgin, etc) - but thats against their terms of service. It seems this law will prevent them imposing such terms.
So no more security , innovation and progress for EU? Everything including encryption usage and data transfer will be decide by old fat bureaucrats. Forgot to add a pop up window about transferring message to different country and your own 1 billion eurofiats to them.
martin_a|3 years ago
https://news.ycombinator.com/item?id=30799567
Barrin92|3 years ago
It shouldn't just be limited to messaging. An internet where everyone can built a client against Facebook's API, or Youtube or what have you and users get actual choice and control about how they consume those services would be a big leap forward.
jjav|3 years ago
Or a wonderful leap backward, in the most positive sense.
In these days of proprietary wall gardens everywhere it might be difficult to remember, but earlier in the Internet that was how things worked. Every protocol was public, documented in RFCs and all implementations were interoperable (barrings bugs/etc, but mostly anyway).
RenThraysk|3 years ago
A4ET8a8uTh0|3 years ago
Retric|3 years ago
So, I wouldn’t assume it’s great for end users without digging into the details. Don’t forget the last time they did privacy regulations they created an unending wave of click yes to accept cookies.
PS: Looking at rapid downvotes I see people disagree, but mandatory interoperability would presumably force them to accept SpamNetwork101, SpamNetwork102 … etc.
Sakos|3 years ago
A4ET8a8uTh0|3 years ago
kilroy123|3 years ago
pabs3|3 years ago
https://pidgin.im/plugins/
devoutsalsa|3 years ago
tluyben2|3 years ago
Edit: more subtle choice of words to indicate what I meant
Diggsey|3 years ago
- Implement a conversion layer from our internal representation so we can keep it stable.
- Complicate all further feature work because we have to consider how it will affect existing customers of the API.
- Write and maintain documentation for the API.
- Keep the API working even after we no longer use it.
- Maintain multiple versions of the API in parallel.
- Make sure our error messages make sense to people not familiar with our internal systems.
- Be more careful with validation - for our internal APIs it's not the end of the world if a bad request results in a 500 rather than a 400, but it matters a lot for public APIs.
- Be more careful with rate limiting and other defenses against API misuse.
And this is to name just a few. A requirement that everyone expose a public API is pointless if it doesn't include a stability guarantee, and overly burdensome if it does.
grishka|3 years ago
teekert|3 years ago
If you want a free, private, modern communication network, build it, don't steal it. In this case we are already very close to having a very nice solution in the form of Matrix. Throw some money and devs for things at Matrix/Element for issues we want to solve there. Push it as a government sanctioned solution. Offer services over Matrix, avoid WhatsApp.
drstewart|3 years ago
lovingCranberry|3 years ago
ubermonkey|3 years ago
iMessage's advantages are a feature of the Apple ecosystem. WANTING it to interoperate with Facebook or whatever is one thing, but legally REQUIRING it seems to me to be very, very dangerous.
pabs3|3 years ago
tester89|3 years ago
> (fa) allow end users, business users, providers and potential providers of on line social networking services access to and interoperability with the same industry-standard service features that are available or used in the provision by the gatekeeper of any social networking services; minimum interoperability requirements shall be in accordance with the relevant Union legislation or the industry standard, where applicable, by providing open standards, open protocols, including Application Programming Interface;
teekert|3 years ago
Start using Matrix, we all know that the signup process could be easier (among many other things), throw some money and devs at the project with that specific goal. Start offering services over Matrix. Public money, public code. The whole world benefits.
lhopki01|3 years ago
[1] https://www.theverge.com/2022/3/24/22994234/eu-antitrust-leg...
pabs3|3 years ago
https://matrix.org/blog/2018/04/26/matrix-and-riot-confirmed...
V1ndaar|3 years ago
More importantly, who cares about Moxie's (imo crappy) vision? If this were to force him to rethink his stance, that's a plus in my book.
stingraycharles|3 years ago
sonicggg|3 years ago
I remember back when MSN/Windows Live Messenger used to be one of the most popular options out there. Even though I used Ubuntu, I could still chat with my friends through the Pidgin messenger. This was all possible through the XMPP interface, which still exists by the way.
It's not just that these new messaging platforms are adding no extra value, they are creating worse experiences, and we're buying into it. You now have to install half a dozen messaging apps just to keep up (WhatsApp, Telegram, Facebook, etc.) . And now we're suddenly talking about reinventing the wheel.
lotsofpulp|3 years ago
croes|3 years ago
oarsinsync|3 years ago
Short term thinking and focus on new shiny features over long term sustainability. It's a pattern we see repeated in many aspects of society, not just messaging. Combine this with network effects and it ceases to matter that a minority of people have the time and interest to think about the long term, the majority have already made the decision, and your choices are to either be left out, or participate. It's frustrating, but it's one of those things when a large enough sample of the population are living lives which have much bigger problems than messenger lock-ins.
tl;dr: stickers
zaik|3 years ago
You don't have to. If you say you're only reachable with apps that support XMPP then generally people who care about chatting with you will use that. That's what I have been doing since January last year when WhatsApp changed its ToS.
RenThraysk|3 years ago
hestefisk|3 years ago
mfer|3 years ago
sneak|3 years ago
tomrod|3 years ago
Further, the law should specificy that the protocol allows E2EE, and we have traction.
igravious|3 years ago
This needs to happen. Mandate interop and federation please.
[1] https://www.penguinrandomhouse.com/books/194417/the-master-s...
[2] https://www.youtube.com/watch?v=ij76dh_340w
pabs3|3 years ago
https://pidgin.im/plugins/
amelius|3 years ago
shafyy|3 years ago
So, I think further revisions of this law will somehow need to take this into account.
Isinlor|3 years ago
They don't need to change law to address issues.
Specifically:
- article 7: Compliance with obligations for gatekeepers
- article 10: Updating obligations for gatekeepers and
- article 11: Anti-circumvention
dalbasal|3 years ago
Whether or not they succeed at improving choice and reducing centralised power over comms is up to dumb luck, mostly.
mnd999|3 years ago
macinjosh|3 years ago
Step 2: So... the encryption your application uses doesn't work well with other platforms.
Step 3: Everyone must use this one kind of encryption for interoperability with our tracking ser... I mean other platforms.
Step 4. Hey, look at all the stuff these activists are talking about.
Step 5. Gulag for the activists
pier25|3 years ago
https://www.theverge.com/2022/3/24/22994234/eu-antitrust-leg...
kkfx|3 years ago
theshrike79|3 years ago
brap|3 years ago
tsimionescu|3 years ago
On the contrary, the whole point of this law is to make it not just easy, but even possible for alternative messaging providers to compete.
m4lvin|3 years ago
MereInterest|3 years ago
cube2222|3 years ago
AniseAbyss|3 years ago
flenserboy|3 years ago
AniseAbyss|3 years ago
egberts1|3 years ago
supermatt|3 years ago
Clearly they cant be expected to integrate with any 3rd party, so the expectation is that 3rd parties would integrate with them.
You can do this at present via their private API (as per pidgin, etc) - but thats against their terms of service. It seems this law will prevent them imposing such terms.
alexklark|3 years ago
midasuni|3 years ago