Or maybe something like… the existing IETF standard for IM: XMPP. With plenty of implementations, support across the globe, servers that can scale up to millions of sessions.
Conversations is the only decent XMPP client, and server XEP support is a mess. Its unusable for normal people if you want to use any kind of advanced features.
I concur, tried to adopt it at dayjob when HipChat closed, but it was impossible. Conversations IM client is alright, but we couldn't find a client for IOS that just worked. It's mission impossible.
I hope they go for Matrix, like France did, but I get a feeling they'll be hit hard by NIH.
Yeah, iOS XMPP client support does seem to be the issue. Riot gets cross platform support from electron. Perhaps the world needs an electron based XMPP client...
One relatively low effort path for a government might be to simply adopt something like Chatsecure and fix it.
It would be perfectly fine for the Indian gov to fork Conversations and deploy their own XMPP servers, thereby not having to worry about sever XEP support.
Matrix has shown in the past that it has had issues scaling to the demand. XMPP has shown in real life cases that it can scale to millions of simultaneously connected users.
I'm not saying that Matrix is bad, or that XMPP is definitely better, but the facts are there and we'd better stick to that than hold on how we feel about each piece of technology.
It seems like you want to suggest that Matrix is not secure - as others pointed out already the bug that was reported about has nothing to do with matrix and was fixed quickly.
Also you do not seem to understand that bugs and resulting security problems are something that happen every day - and get fixed quickly, usually, after discovery. This is what they mean when domain experts say things like "security is a process".
Also here we see a perfect example of why you want to use open source software for all governmental software: after a bug was found your admins can see the code changes and understand, if the bug still exists or not. Even more, only with open source software your admins and developers can read the code and search for bugs, too! This is what makes open source software a very good idea!
You are welcome to the world of free and open software, and after some reading about the basic principles I am sure you will understand why open source software is used by so many companies and organizations around the world.
BTW re the website you pointed to: I see a very annoying, totally absurd cookie dialog that makes me click at least five times and still does not give me a choice to not accept cookies at all. Please do not link to that website until they wake up and stop insulting visitors with this UI nightmare and learned that nobody needs to set cookies to publish content. Also this is not a website a pro developer would ever read or point to - always prefer to point to the primary source of information.
The goal was to provide a secure whatsapp alternative for he French administration.
They failed the "secure" part - nothing else matters, and that does not mean that rolling your own should be discouraged - it means that these things are hard, and chances are your pet project will be less secure than established systems.
> Please do not link to that website until they wake up and stop insulting visitors with this UI nightmare
Had I known that this happend for your UA, I would not have - worked like a charm on my side.
Thank the French for that, who are the main reason behind the EU legislation about Cookies.
> Also this is not a website a pro developer would ever read or point to
Gatekeeping, are we? "Pro developers" don't waste time searching for some obscure original source for a meaningless online discussion - they pick the first result of their favorite search engine.
> Thank the French for that, who are the main reason behind the EU legislation about Cookies.
This again is wrong. The problem originated by publishers who track users and disrespect their privacy for many years.
The regulation that happened after a very long time of people urging governments to do something about that, makes this initial problem better visible.
Still it is important to understand: no cookies are needed at all for publishing content.
The cookie situation has been exacerbated exactly because of the cookie law. Previously I could just block cookies client-side (like any sane user avoiding cookies would) and every site worked just fine. However, after the cookie regulation, numerous sites just straight up started to block access _unless_ you accept their cookies.
Cookie regulation is one of the best examples of how governments meddling into tech has backfired.
It would have been a much better idea to launch a public awareness campaign about cookies and their client-side blocking, or even provide patches to open source browsers to have a better UX for blocking cookies by default.
The only regulation that should have been passed (if any), would have been to allow access (to static content) despite blocking of cookies client-side.
Publishers can show a cookie-free site to all visitors and offer a cookie opt-in for some kind of added value, e.g. "more information for membership".
There is no governmental force pushing anybody to produce a website that diplays a "cookie dialog" even before you see what that site is about or if you like it. You are producing a false and absurd story of "governments meddling into tech produces cookie dialogs".
What I was getting at was that while yes, publishers can show a cookie-free site, many of them stopped doing exactly that. This started happening around the time the cookie regulation was implemented.
Had the regulation at least forbade this behavior, we most likely wouldn't be in this situation.
However, thinking back, I guess it's fair to say that publishers might have implemented this blocking behavior if the governments would only have done a public awareness campaign. In this case, only a minimum set of regulations (ban force acceptance of cookies for static content) would suffice as well.
WhatsApp probably has bugs like these discovered on a monthly basis, that we never even hear about.
The only time we hear about bugs with non OS software is when there is a masssive breach, FB initially reveals it only affects a small number of people, a few weeks later quietly revised that to a few 10s of million, and then a couple of months later buried somewhere that it was actually hundreds of millions of users affected.
Does not look like it. Looks like they found a flaw and fixed it. And this sort of thing, using open source project and building custom projects for private communication between private entities makes perfect sense. Anyone would be a fool to use Whatsapp for any conversations you don't want private companies and Western governments to have access to.
An interesting aside: In 1998, India tested its nuclear weapons (Pokhran-II [1]). Almost immediately, US imposed sanctions. One of the terms of the sanction?
"Bar the export of certain defense and technology material" [2].
I can't find a source but I do remember that IE used to ship with reduced encryption.
Perhaps we have learnt some lessons since then :-)
This is why my hair stands up every time we have the "backdoored encryption" discussion -- we had, and probably still have, people in positions of power that think of encryption as something that should be regulated on the order that guided missiles are.
As a technologist, I agree with your view.
But in cases like sanctions, I think the "Let me show who has the power" mentality takes over.
So, a country (say USA) can pressure its companies (like Microsoft in 1998) to stop providing some features/services/products to have some leverage over the sanctioned country. The unfortunate pattern in history has been that politics wins over rationality.
Do you have some reference to something that suggests that this is what actually happened? I don't think the US government made Microsoft put weak encryption in export versions of IE because India tested a nuke.
I think you can't find it because it just didn't happen that way and you're misremembering something. The export-crippled cryptography in browsers was a real thing but it got there before the Indian nuclear test and for other reasons.
Why don't they just support the growth of their own homegrown "WhatsApp"?
With government support and financial support, india could easily have an indian "whatsapp". WhatsApp isn't technological sophisticated. It's simply a large network. With government/business "tweaking", india could help their own "whatsapp" company take over much of that market from facebook.
Why hand the entire indian market over to facebook and zuckerburg?
There is no reason why large and significant markets shouldn't be dominated by local businesses. Not to say whatsapp should be banned from india, but it's only the incompetence of government/business that cedes their market to foreign companies. This also applies to the EU. It's insane to me that the EU doesn't have their own google, facebook, etc.
Not that I like TCS or Infosys, but why does everyone appear to hate them so much? If most organisations appear to go with them, is it because they lack market options at what they offer?
On the other hand ,Wouldn’t some other govt sub-org like CDAC etc might get to build this via NIC or whomsoever supervises this?
In one word, cost! But you get what you pay for and it shows in the quality of the work. The engineers are just fresh out of college and are given titles like junior dev or senior dev rather quickly to retain them. This combined with fake resumes compound the problem where a solution to any problem is simply reboot the computer. CDAC/NIC are even worse -- just go see the state of some state-run sites, they've got people that are stuck in the past, can't be fired and won't change things because hey, why change things when you will get paid nonetheless!
Its scary how prevalent Whats App is in India. A lot of official communication happens over WhatsApp. So it makes sense to move sensitive communication over something homegrown and outside jurisdiction of foreign government. But Indian government does not have a very good track record in terms of cyber security so an actual secure implementation seems pretty far off.
OMG your username :) I love that place. It is absolutely scary when government officials in India ask you for your sensitive information to be sent through WhatsApp and when you can't suggest them an alternative way or say them no.
There are suggestions of starting with lots of other non-open source platforms here, but no mention of Signal. That's downright odd. WhatsApp is a fork of Signal. Why on earth wouldn't you just use Signal as your base? After all Signal open sources everything.
That aside, it's a bit of a mystery why anyone would choose a proprietary app whose owner could be in cahoots with anybody and you would never know over an open source app, given the entire point of the exercise to ensure your communications private. Facebook is even talking about monetising WhatsApp chats, and governments are talking about forcing Facebook to store the chats so they can be retrieved with a suitable warrant. Yet people still choose use these apps for private communications. Such is the power of the marketing dollar, I guess.
The Indian Government is extremely inept at assessing at technological needs. Aadhar is a good example of what came out of the Indian Government (technically Nilekani & Co.).
The pathetic Indian Government websites would show you what they are capable of when designing a product that is supposed to work for Millions/Billions of people. They are just going to line up TCS or Wipro's pockets because that's the cheapest and also the crappiest.
I hope they commission a project to build this completely indigenously to be built from scratch and set the scale requirements high enough to scale to 100million+ people in a single private organization along with stringent sufficiently future proof security requirements.
India has a very large base of software engineers, security researchers and local cloud builders that would love to contribute to such a project.
China has learned a lot from not adopting all the US
products and implementing their own product and in
some ways we see things they did, that our products
had not done yet.
The monoculture that the digital hegemony of a few
multi national corporations creating the only viable
solutions is not healthy.
Making something like a government chat system, might
be the seed for creating a public system.
Does it matter? Routing text is a solved problem and not particularly hard at any scale.
The interesting parts for any potential implementation only pertain to things like workflow, integrations to existing applications and services and regulatory requirements (export, backup etc) - from that end, Erlang is not a great option.
Are Erlang engineers hard to find in India? They have a small but solid base in the UK, but the UK also hosts a few tech companies and I think a couple of the inventors and major contributors to the language, so it might just be an outlier.
"The rationale behind the move is to cut reliance on foreign entities, the report said, a concern that has somehow manifested amid U.S.’s ongoing tussle with Huawei and China."
These are the kinds of damage that the US is facing that has gonna have severe adverse effects, that will not show up before the next elections, so the current US administration doesn’t care. Other stuff would be that it’s likely that US companies will not even be considered in the future by governments and companies for products, where in the past, the likes of an IBM or Oracle would be the front runner.
Yeh, I understand. My comment was half tongue-in-check and half a pity that future historians won't have a look into internal communications of this sort.
