SIliconANGLE: Meta’s Facebook finally supports end-to-end message encryption

The importance of end-to-end encryption of digital messages is getting new attention with the announcement that Meta Platforms Inc.’s Facebook will partly add the feature to its Messenger product now, and eventually for all use cases such as group chats by year-end.

It’s an important step, since E2EE, as it’s known for short, is a critical method of providing secure communication that keeps outside parties from accessing data while it’s transferred between systems or devices. But the announcement isn’t the whole story, either, because Facebook is playing catch-up with many of its competitors, such as Signal and Telegram, which have offered E2EE messaging products for years now.

You can read my analysis for SiliconANGLE here.

Time for some privilege management

Working in infosec, we use the term “privilege access management” to refer to security tools that determine which users have what kinds of rights to access particular applications, devices and networks. But when I read this recent Protocol story (that is the name of the online pub, btw) about a tech writer who turned down a potential job with a software firm because they were using Teams (that is the name of the Microsoft software, btw), I had to stop and think about this.

This is what the Great Resignation has come to? Granted, I am not a big fan of Teams but heck, that would not be a dealbreaker when I would consider joining a company.  At least they aren’t using AOL IM, which was the messaging standard — even for corporations — back in 2006 when I wrote this story for the NY Times.

But still. I guess in these days where it is a job seeker’s market, you don’t have to check your privilege at the Teams web portal, to inelegantly coin a new phrase.

Back in the olden times — say the early 90s — people who wanted to use Macs had trouble getting them purchased for their corporate desktop or laptop of choice. Thankfully we have all moved on from that era. So I guess it was only a matter of time before someone, as misguided as the dude in the Protocol story, would vote with his feet or keyboard or whatever and seek employment elsewhere.”The vibes are off.” What, is he also a music critic?

Now, being a member of the tech writing community I am embarrassed about this. And unlike the Mac/Windows dichotomy of yore, we are talking about the software this potential privileged person will use to connect to his peers. And a collaborative piece of software: this is something that everyone has to use to derive value.

Remember how tech companies used to lure candidates by having free food prepared by on-site chefs, well tricked-out workout rooms, and snack closets that could compete with Trader Joes? Now I guess this means that companies will have to offer Slack safe spaces now (or whatever piece of software offends the next potential new hire). It is a sad day indeed for all of us.

What’s up with WhatsApp privacy (Avast blog)

Last month, I wrote about the evolution of Instant Messaging interoperability. Since posting that article, the users of WhatsApp have fled. The company (which has been a subsidiary of Facebook for several years now) gave its users an ultimatum: accept new business data sharing terms or delete their accounts. For some of its billion global users, this was not received well, especially since some of your data would be shared across all of Facebook’s other operations and products. The change was indicated through a pop-up message that requires users to agree to the changes before February 8. The aftermath was swift: tens of millions of users signed up for either Signal or Telegram within hours of the news.

If you are interested in getting more of the details and my thoughts about whether to stay with WhatsApp or switch to Telegram or Signal, you should take a gander over on the Avast blog and read my post.

WhatsApp pushed off the change until May, which was probably wise. There was a lot of bad information about what private data is and isn’t collected by the app and how it is shared with the Facebook mothership. For example: while the change deals with how individuals interact with businesses, Facebook has and will continue to share a lot of your contact data amongst its many properties. What this whole debacle indicates though is how little most of us that use these IM apps every day really understand about how they work and what they share. My Avast blog tracks down the particular data elements in a handy hyperlinked reference chart.

The problem is that to be useful your IM app needs to know your social graph. But some apps — such as Signal — don’t have to know much more than your friends’ phone numbers. Others — such as Facebook Messenger — want to burrow themselves into your digital life. I found this out a few years ago when I got my data dump from Facebook, and that was when I deleted the standalone smartphone app. I still use Messenger from my web browser, which is a poor compromise I know.

Speaking of downloading data, I requested my data privacy report from WhatsApp and a few days later got access. There are a lot of details about specific items, such as my last known IP address, the type of phone I use, a profile picture, and various privacy settings, This report doesn’t include any copies of your IM message content, and was designed to meet the EU GDPR requirements. I would recommend you request and download your own report.

One of the sources that I found doing the research for my blog post was from Consumer Reports that walked me through the process to make WhatsApp more private. You can see the appropriate screen here. Before today, these items were set to “everyone” rather than “my contacts” — there is a third option that turns them off completely. This screen is someplace that I never visited before, despite using WhatsApp for years. It shows you that we have to be vigilant always about our privacy — especially when Facebook is running things — and that there are no simple, single answers.

Never before have we so many choices when it comes to communicating: IM, PSTN, IP telephony and web conferencing. We have shrunk the globe and made it easier to connect pretty much with anywhere and anyone. But the cost is dear: we have made our data accessible to tech companies to use and abuse as they wish.

Instant Messaging interoperability is still a big ask

Back in 2006, I wrote various articles about the interoperability of instant messaging (IM) among various proprietary systems. Back then, we had the likes of AOL IM, Skype (before being acquired and perverted by Microsoft), Google Talk (before being perverted by Google into its Hangouts) and Apple’s iChat (before being perverted into iMessage). This was before WhatsApp and various Chinese products were even created and are now the default IM and telecom tools that are used by millions.

Back then, the major messaging tool was SMS. But in the US, it was only after 2000 when the various cellular providers could exchange messages across the different cellular provider networks. Fortunately, the EU had led the way in figuring out that their systems had to talk to each other, largely thanks to a single cellular standard that was then adopted around the world.

Today we have the beginnings of a new interoperability effort, once again being pushed by the EU digital regulators. This time it is under a new series of laws, one of them called the Digital Services Act. The idea is to force the various IM vendors into playing nice with each other. While the proposed EU regs haven’t yet been set, they are concerned about the concentration of power and market share by Facebook.

If the EU is going to solve IM interop, they will need to look at various dimensions, as I first defined them back in 2006:

  • Text messaging, of course, among the various IM networks (as well as among the SMS networks too) — both in 1-to-1 and among various groups,
  • File transfer, the ability to move digital files, such as documents and photos, from one IM network to another,
  • Multi-party video and audio conferencing, with participants connecting to different IM networks,
  • Audio chats, similar to regular one-to-one phone calls, and
  • Chat, messaging and voice mail recording features too.

Granted, that is a big ask. But if we are going for interop, we might as well stake out the territory.

Most of the products that I mentioned back in 2006 have changed significantly as I hinted at in my introduction. They were designed in an era when interop wasn’t even thought of as a possibility. The sad reality is that it still isn’t.

As I said, the genesis of today’s IM interop is simple: Facebook now owns everything, and it is time to make a more level playing field. What the capital markets couldn’t accomplish, we will now have government to the rescue. Does anyone think this is going to work? But don’t despair, let’s look at what is happening with Microsoft. Their Teams product has begun to move in the right direction by working with ways to interop with Webex video conferencing equipment. This is because Teams is playing catchup with Webex and needs to gain market share. Teams is also competing with IP telephony, but let’s put that aside for another blog post.

There are other ways around IM interop, and one way (which was attempted back in the early 2000’s) was to have multi-lingual IM apps. Two of them that are still around are:

  • Adium, which supports AOL IM, Twitter, and Google Talk and has some basic support for WhatsApp and Telegram, and
  • Trillian, which requires a separate server to provide the connections among services.

They are still around largely because they have a dedicated crew of volunteer programmers willing to keep them current. Most of the other multi-lingual commercial products have gone by the wayside. Again, will EU regs help or hinder (or not have any effect) on this market? It will be interesting to watch these developments.

Remembering AIM

AOL is eliminating its AIM service after a 20 year run. It is sort of an ignominious end to the once-popular IM platform. Many of us were teens (or parents thereof) when AIM was in its heyday, and I was a big user back in the early 2000s when I worked at CMP to communicate with our far-flung staff (and even the folks sitting a few feet away from me too). That brings up how IM can bring together work teams to collaborate, and how IM has been an essential tool with many of my jobs since then. Just this morning I was using IM to “talk” to my editor in Pittsburgh and another researcher in Europe for my Inside Security newsletter. Like many of you, I take these conversations for granted and like many tech companies, has standardized on Slack, and indeed I participate in numerous other Slack groups now.

More than ten years ago, I wrote this story for the NY Times, The I.M. Generation Is Changing the Way Business Talks. In it, I describe the opportunities and challenges that IM faced in the modern business. To me, the timing of this article points out that there still were plenty of businesses that hadn’t even considered any IM tools. IBM was quoted in the piece as using its own IM tool for sending millions of messages daily, and eliminating voice mail tag. In my article, I called IM “the new black,” meaning it was trendy back then.

Today my phone rarely rings — to the point that I haven’t had a “desk” office phone in so long that I can’t even remember. Between IM and emails, there really isn’t any need to “talk” to anyone anymore.

One of the reasons why businesses loved IM is that its own workers literally grew up on the service. “AIM was a domain parents didn’t understand, giving it a feeling of clandestine cool.” This is from Tech Crunch, which has this tribute. In that link is a clip with a reminder of its pernicious sound effects. Boy does that bring back memories. One of my favorites was when my daughter was a pre-teen, deeply steeped into using AIM to communicate with 100 of her closest friends. I had trouble getting her to sign off when it was bed time, and so told her that she was going to get kicked off the system promptly at 10 pm. I had set up a firewall rule on our home router to block access to IP port 5190 at that time. She didn’t think I could do that, and after a few warnings I remember her realizing that I meant business when the hour struck. Being a parent back in that era was a lot easier than today, to be sure.

Speaking of pre-teens, I found this awkward story about making dating decisions using AIM. Again, a typical use case from back in that era.

But while AIM set the standard for IM, it didn’t keep up with the times. Ironically, as more users became mobile, they migrated to other IM tools because AOL’s mobile clients were late to the party and under-powered. They were slow to provide APIs, something Slack does in spades and one of the reasons you can find Slack “bots” for all sorts of add-on applications. And as users migrated to other IM services, AOL itself stopped using the service for its own internal communications, at one point using Slack itself. That is bad news when you can’t even find the tool capable for your own people.

AIM was also victim to SMS services and smartphones. As more people used both, the use cases blurred further between personal and corporate messaging. My daughter, who is now in her late 20s, told me that she hasn’t used AIM in years. Now she uses WhatsApp for both business and personal reasons, and that can be an issue when she is trying to get her work done and can’t easily find a conversation.

Well before Facebook-stalking was a thing, AIM profile stalking became slang for many users. This Ars writer recalls he had his “first taste of how the Internet could enable asynchronous self-expression and personal broadcasting amid a tight-knit social group.” That was before blogs, before MySpace even. So while I haven’t used AIM in a long time, I am sad that it is actually getting turned off soon.

What We’ve Got Here is a Failure to Communicate

Fans of Paul Newman will recognize his character’s famous line in Cool Hand Luke. Never in the history of electronic communications do we have so many choices and yet experience so many communication failures. This was made clear to me recently when I tried to get in touch with a “friend” of mine. I put the word in quotes because I mean it in Facebook terms: someone that I may or may not have met f2f, but want to stay in touch. Let’s call this friend Bob for simplicity.

My go-to communication method is email, so I first tried to send Bob a quick email to answer a question. Sadly, I have 9,000 contacts in my Gmail but Bob is one of the many of them who have moved on to another email address. The mail came back undeliverable. That wasn’t a good sign. But even if it got through, it doesn’t mean anything these days: there are lots of folks that ignore their emails, or have bad spam filters, so sometimes they don’t see them even if the address is correct.

Then I thought, perhaps I have Bob under my contacts at LinkedIn, which is my second place that I can usually track someone down. Strike two: LinkedIn knows about Bob with the outdated email that I had. Apparently, Bob hasn’t been too diligent about his updates. Yes I could try Plaxo but didn’t bother.

Bob’s phone is listed as his work number in my database, and of course he no longer works at this company anyway. Sometimes you can get the main number of the company or press 0 for a receptionist and they can be quite helpful. But this firm got rid of their receptionists long ago (chalk it up to progress) and just has a dial-by-name directory so that doesn’t help things. Once I got someone else’s replacement and they were quite helpful, pointing me to the new (or at least next) employer, but still, that doesn’t happen all too often these days.

Besides, even with a phone number or several numbers, that doesn’t mean anything. I have plenty of family members who are very hard to track down, and I have multiple numbers for them. People don’t like to answer their phones anymore. (Or maybe just not answer my calls. Hmm.)

Facebook? Bob and I aren’t connected there. And Bob has a common name, so trying to track him down and befriend him is an exercise in frustration. Do I remember any mutual friends of Bob that can connect me? I can’t remember how we first met: this isn’t unusual, as my memory isn’t what it used to be these days.

Even if we were Facebook “friends” that still doesn’t mean I am out of the woods. Yes, I could try Facebook messaging or IM, but if Bob isn’t online or doesn’t check his account all that frequently, that may or may not pan out.

Maybe Bob is on AOL or Skype or MSN IM? Nope, or at least I don’t think so. I have a lot of people on various IM lists, some that I have identified with their real names and others that have puzzling screen names with no clue as to who they are. Most of my IMs are to people that I work with (or did work with) on a daily basis: my AOL IM list for example, is frozen in time back to 2004 when I last worked at CMP (now UBM) and that was our main corporate communications channel. One of these days I am going to weed these out. In the meantime, there isn’t any real way to find someone on IM, unless you know of his or her ID to begin with. The same goes for Twitter.

There are some people that have turned Twitter into their go-to communications platform, but I am not even close there. Maybe that will motivate me to start.

I guess I could Google Bob, that might work, but for common names it is unlikely.

So yes, electronic communications has made us incredibly productive. But sometimes I do miss the olden times; back when real people answered their phones and tracked folks down when they didn’t.

So, as Newman says.

I welcome your thoughts and suggestions, please post to my story on ReadWriteWeb here.


Selling presence-aware apps in the channel (eWeek)

The next step in voice and data convergence is to develop real-time applications. Selling a voice-over-IP system is often just the beginning of a long-lasting and profitable solution for many VARs and systems integrators. One of the next steps in that process entails understanding how to develop real-time applications that can take advantage of voice and data convergence.

These often go by the term “presence-aware,” meaning that the application understands what users are actually doing, including when they are busy on a phone call or away from their desks.

You can read the entire article for eWeek’s Strategic Partner issue here.

Enterprise IM Strategies

Enterprises are coming to terms with Instant Messaging (IM), finding that it has become the best way to accelerate new forms of collaboration and communication among their distributed workforces and stay productive as email inboxes swell with spam. For some companies, email has become the new snail mail. But before you bite the IM bullet, here are some questions to answer to formulate your potential IM strategy for your corporation.

Read the complete story in Computerworld here.

Texting as the New Digital Divide

I never thought when my mother first taught me touch typing back in elementary school that the skill would turn out to be anything but useful, but lately I am not so sure. There is a new digital divide coming, and it concerns those of us that can text and those that are still stuck in the 90s typing on our PCs.

I look with longing at the teens and 20-somethings that can compose long odes on their cell phones with ease. I think all those years messing with QWERTY and look where it has gotten me – an aging PC user who, like Scotty in the second (or was it thirdfourth) Star Trek movie, has to grab a keyboard to get anything really useful done on a computer. And I am sure that reference alone will date me anyway.

My attempts at texting usually are done in the presence of a member of the younger generation and usually end in dismal failure, when said youngster will grab my phone from me and with a few clicks of the buttons finish the message that has taken me several (seeming) hours to compose. I know my mom would be turning over in her grave seeing me struggle – she was proud of my typing skills back in the day. Now they don’t even teach “typing” anymore. Sigh.

Yes, cell phones and PDAs now come with their own keyboards, and some of them you can actually type things in if you have small enough fingers or are patient and careful. But texting, sending short SMS messages via your phone, is even better, because you can do it to just about anyone with a phone and your correspondents can immediately send you back a pithy reply – if they are adept at texting, that is.

These days email is too slow – imagine waiting an hour or more before someone can compose and reply. It seems so quaint now. “You know, junior, back when I was young we thought it was pretty cool when we could email someone around the world and get an answer the Very Next Day!” And Instant Messaging isn’t instant enough – you still need a PC or something like it to really manage your buddy list that quickly grows into the multiple dozens. Yes, today’s divide is all about immediate gratification, and communication. Delays of a few seconds just won’t do.

I came to this sad (at least, sad for me) conclusion this week when I was attending the New Communications Forum in Vegas this week, talking about the latest tech with podcasters, corporate bloggers, and other geeks extraordinaire. I witnessed a demo of Twitter, which is one of those texting apps that you put on your cell phone and you can tell a couple dozen of your closest friends exactly what you are doing at any given moment of the day, or night. Why bother going to sleep, when you can keep up with the ‘hood? Who needs reality TV anymore, when we can manufacture our own so easy?

It is ironic that I came to this conclusion in Vegas. I mean, here I sit on a bench next to a replica of the Grand Canal, watching fake gondoliers steer boats that have their own electric motors down a waterway that exists entirely inside a (man-made) building. I had lunch with a friend of mine yesterday and the hostess asked us if we wanted to sit “outside,” meaning at a table under a 50-foot painted sky with a view of the fake canal.  Talk about the new realities of the digital divide.

So, don’t text me your issues. I don’t really want to know that quickly. Email is good enough for me. And those of you that can text fluently, go with grace.

Group chats take hold in the enterprise

Tired of taking yet another meeting or wasting more time on more conference calls? Maybe it is time you tried group online chat. While far from a new technology, its popularity around the enterprise is finally taking off because it can deliver real bottom-line returns and can be a real productivity boost. Chat is just part of the overall trend towards better real-time communications that began when corporations moved first to voice mail instead of secretaries, then to email, and finally towards Instant Messaging (IM).

In this story for Techweb, I talk more about how chat is taking hold and why enterprise IT managers are attracted to it. The story was picked up for the print Information Week edition as well.