Meta解释WhatsApp和Messenger遵守欧盟法规

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union.

Meta已经提供了如何在WhatsApp和Messenger中实现与第三方消息服务的互操作性的详细信息，数字市场法案（DMA）在欧盟生效。

"This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designated by the European Commission (EC) as being required to independently provide interoperability to third-party messaging services," Meta's Dick Brouwer said.

"这将允许第三方服务的用户选择启用互操作性（interop）与Messenger或WhatsApp中选择加入的用户发送和接收消息 - 欧洲委员会（EC）指定的两者都必须独立向第三方消息服务提供互操作性。"Meta的Dick Brouwer说。

DMA, which officially became enforceable on March 7, 2024, requires companies in gatekeeper positions – Apple, Alphabet, Meta, Amazon, Microsoft, and ByteDance – to meet certain obligations as part of the European Commission's efforts to clamp down on anti-competitive practices from tech players, level the playing field, as well as compel them to open some of their services to competitors.

DMA于2024年3月7日正式生效，要求处于关键地位的公司 - 苹果、字母表、Meta、亚马逊、微软和字节跳动 - 满足欧洲委员会努力打击技术公司反竞争行为、平衡竞争环境的一定义务，并强迫他们向竞争对手开放部分服务。

As part of its efforts to comply with the landmark regulations, the social media giant said it expects third-party providers to use the Signal Protocol, which is used in both WhatsApp and Messenger for end-to-end encryption (E2EE).

作为遵守重要法规的一部分，这家社交媒体巨头表示，它期望第三方服务提供商使用Signal协议，该协议在WhatsApp和Messenger中用于端到端加密（E2EE）。

The third-parties are also required to package the encrypted communications into message stanzas in eXtensible Markup Language (XML). Should the message contain media content, an encrypted version is downloaded by Meta clients from the third-party messaging servers using a Meta proxy service.

第三方还需要将加密通信打包成可扩展标记语言（XML）中的消息块。如果消息包含媒体内容，则Meta客户端会从第三方消息服务器下载加密版本，使用Meta代理服务。

The company is also proposing what's called a "plug-and-play" model that allows third-party providers to connect to its infrastructure for achieving interoperability.

该公司还提出了所谓的“即插即用”模型，允许第三方服务提供商连接到其基础设施以实现互操作性。

"Taking the example of WhatsApp, third-party clients will connect to WhatsApp servers using our protocol (based on the Extensible Messaging and Presence Protocol – XMPP)," Brouwer said.

"以WhatsApp为例，第三方客户端将使用我们的协议（基于可扩展消息和存在协议 - XMPP）连接到WhatsApp服务器，"Brouwer说。

"The WhatsApp server will interface with a third-party server over HTTP in order to facilitate a variety of things including authenticating third-party users and push notifications."

"WhatsApp服务器将通过HTTP与第三方服务器交互，以促进各种事项，包括对第三方用户进行身份验证和推送通知。"

Furthermore, third-party clients are mandated to execute a WhatsApp Enlistment API when opting into its network, alongside providing cryptographic proof of their ownership of the third-party user-visible identifier when connecting or a third-party user registers on WhatsApp or Messenger.

此外，第三方客户端在加入其网络时必须执行WhatsApp招募API，同时在连接或第三方用户在WhatsApp或Messenger上注册时，提供其拥有第三方用户可见标识的加密证明。

The technical architecture also has provisions for a third-party provider to add a proxy or an intermediary between their client and the WhatsApp server to provide more information about the kinds of content their client can receive from the WhatsApp server.

技术架构还为第三方提供商添加代理或中介之间的选项，以提供关于其客户端可以从WhatsApp服务器接收的内容类型的更多信息。

"The challenge here is that WhatsApp would no longer have direct connection to both clients and, as a result, would lose connection level signals that are important for keeping users safe from spam and scams such as TCP fingerprints," Brouwer noted.

"这里的挑战是WhatsApp不再直接连接到两个客户端，因此将失去对于保护用户免受垃圾邮件和诈骗（如TCP指纹）的重要连接级信号，"Brouwer指出。

"This approach also exposes all the chat metadata to the proxy server, which increases the likelihood that this data could be accidentally or intentionally leaked."

"这种方法还会将所有聊天元数据暴露给代理服务器，增加了数据意外或故意泄漏的可能性。"

参考资料

[1]https://thehackernews.com/2024/03/meta-details-whatsapp-and-messenger.html

关注我们

        欢迎来到我们的公众号！我们专注于全球网络安全和精选双语资讯，为您带来最新的资讯和深入的分析。在这里，您可以了解世界各地的网络安全事件，同时通过我们的双语新闻，获取更多的行业知识。感谢您选择关注我们，我们将继续努力，为您带来有价值的内容。

原文始发于微信公众号（知机安全）：Meta解释WhatsApp和Messenger遵守欧盟法规