Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Exactly, so how on earth does Google think that it is a good idea to put them in charge of running the infrastructure powering the future of instant messaging?

Any chance at all it has something to do with the fact that they've acquired an RCS infrastructure provider that they can sell to telcos?

https://jibe.google.com/



Someone has to run it. Logically, the obvious party to do so the carrier providing network access to the device, which also has a recurring billing relationship with the user from which to recoup its costs, and that the user knows to contact when they have issues. As a standard ostensibly replacing SMS, and coming out of the GSMA, it's also pretty obvious it'd be biased toward a carrier-centric solution.

There are a couple other options of course, but I am not sure they are better:

* Fully federate this, a la Matrix or XMPP. I really wish this was a practical option, but without legislation I doubt any company wants to go willingly in this direction. Even if they did, it'd be difficult to contain spam at scale. It also creates 'first contact' issues; love it or hate it, the general public seem attached to the idea of phone numbers and it seems to work relatively well and unambiguously. It is also the most technically complicated and most brittle and unpredictable for users.

* Phone / OS maker operates it for their devices. You don't seem to want Google running things, so this seems markedly worse than what they have actually done which is give you options (most people can at least choose a carrier, and carriers can choose implementations). It's unclear how operating costs are recouped here, especially for low-end devices. Does this lead to feature stratification? I hope not, but probably. It's a global single point of failure, both from a technical point of view as well as a policy/jurisdiction one (can $country LE subpoena my records because the company operating the service is ${country}an - or perhaps merely operates in $country, for example?). Also unclear how users are 'found', but maybe it's a bit easier than in a fully federated system.

* Phone / OS maker partners operate the service, giving users a few choices. Not really sure why anyone would go in for this, but it's basically the same as if the phone maker operates it.

None of these are great options, but I think the carrier is probably the least-bad one. You have an agreement with them. You have the legal protections offered in your home jurisdiction, with clear jurisdiction over the whole thing. They already have a ton of data on you and access to your traffic. You have a neck to wring if the service doesn't work properly.

They really should have standardized E2EE though, not including it is ridiculous.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: