So, Matrix (federated) and XMPP (federated) would also have “metadata leaks”. I imagine there would be metadata exchanged between federated servers and in addition the E2EE of XMPP and Matrix is not so good/modern as Signal’s. When Signal-Whatsapp interoperability is mentioned, all people is worried about metadata leaks but it seems that concern dissapears when federation of Matrix or XMPP is mentioned.

Apart from that and one very personal opinion, I always connected Matrix to IRC, I mean, it is used more for the groups functionality than for the person-to-person functionality. And IRC was never considered an Instant Messaging alternative. But this is a very personal feel.

Best of luck also for your next fork. Please share with us your improvements in metadata privacy.

It is easy, even if interoperability is enabled, do not send messages out of Signal. It would be your option. But other people with non military-grade privacy requirements could benefit of improved privacy when it sends messages to whatsapp users from signal app because signal app is foss and signal would enforce better security and privacy than whatsapp app. Signal would gain traction and it could reach more people willing to abandon Meta and corps.

So, we had people who loved to send unencrypted SMS messages with Signal. And now we have people who opposes to send encrypted E2EE messages because they could leak supposedly a lot of metadata such as “when the message was delivered, who it was sent to and more” and it would be the end of privacy in Signal.

We should not forget that this only happens if you send messages out of Signal. This would be optional for every user of Signal.

Interoperatibility is the CORE of Internet. Silos are contrary to the idea of Internet. This is an opportunity to interconnect systems, to boost innovation and to give the opportunity to signal and others to gain users, which is now almost impossible with the current monopoly of whatsapp in Europe.

I imagine all the extremist of privacy in Signal with a Proton email account. And I imagine them only sending/receiving emails from other Proton email accounts. Sending to SPAM or to the delete folder every other email because other emails do not achieve the privacy requirements of Proton. In fact, the only real good solution for privacy with Email is to delete the Email account.

I would like to hear more specific details about the loss of privacy that would require the integration with whatsapp for signal users.

• E2EE would be broken?
• which specific metadata of signal users would be exposed (metadata that is not now required by signal)? less metadata of current whatsapp users would be required?
• integration could be a user option?

Because I see a lot of fear but few details that justify it.

I also am waiting for news on this. I think many users lack of an european view. In Europe Whatsapp is a monopoly for Instant Messaging, look at https://www.statista.com/statistics/1005178/share-population-using-whatsapp-europe/. And you do not break a Monopoly with “remove whatsapp and use only signal”. I only have 1 contact in Signal, two years ago I had 5 contacts. If I remove Whatsapp, I lack of IM. Period.

Signal has E2EE encryption, Signal collects very few metadata. If they collect very few metadata, they have very few metadata to expose to Whatsapp. If Whatsapp forces them to provide more metadata, they could argue and even ask for arbitration with the European Comission.

But the lack of interest to ever consider the interoperalibity seems to me they are not interested in the european market. They do not want to grow in Europe to become the best privacy-respectful IM solution (with users).

There are only problems with a bunch of applications that recently decided to use Play Integrity API not with every banking app nor Netflix.

This is the list: https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos

In fact those applications should not work with Lineage unless Play Integrity API is patched/cracked someway in Lineage.

In this case, thanks to regulation, it seems GrapheneOS team is talking with European Commission about this problem with Play Integrity API https://fosstodon.org/@GrapheneOS@grapheneos.social/113623767380032309 and the only hope is a movement of the regulator against this policy of Google.

It runs in Lineage? Lineage is certified by Google Play Integrity API (I doubt it)? or Lineage tricks Google Play Integrity API?

If you install GrapheneOS, you do not need root, so GrapheneOS is in control of the phone not the user. The key here is if GrapheneOS is secure enough to be certified by Google Play Integrity API. is it security or other issue? perhaps Google is not supporter of FOSS ROMs, perhaps it is not fun of how GrapheneOS removes permissions to Google Apps, …

If it is not security, this is a kind of monopoly to control which ROMs are allowed to run apps.

the problem here is not the banks or apps, the problem is Google Play Integrity API, which is supposed to enforce to run apps in secured phones and it is used to ban secured ROMs such as GrapheneOS and it allows to run apps on outdated phones without security patches.