Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Instant Messaging madness
SECURITY SHELF

Instant Messaging madness 

In the IM realm, some standards do exist, most notably the open XML-based Extensible Messaging and Presence Protocol (XMPP) and extensions to Session Initiation Protocol (SIP). While some standards-based clients and servers exist, efforts to create interoperability between major IM systems have all failed. Most systems in use are proprietary.

In the corporate space, IBM’s Sametime and Microsoft’s Lync (now Skype for Business on the Windows platform) have traditionally been chosen by Lotus Notes and Microsoft Exchange customers due to directory and calendar integration. Microsoft’s Skype for Business is also provided as a component of the company’s Office365 offering, again leveraging the integration factor.

Cloud-based IM systems have become increasingly popular, especially among startups and organizations that outsource their email. Google Apps customers can use Google Hangouts for free, with the additional benefit of using it to communicate with users outside the corporation. Dozens of vendors offer chat products aimed at the business market. One that particularly stands out is Atlassian HipChat. The product provides both web-browser access and client applications, and is one of the cleanest, easy-to-use, and flexible chat systems. Customers can also chose to deploy HipChat on their own server.

In the consumer space, IM has become a battleground, with Google, Microsoft, Yahoo, and Facebook all offering non-interoperable chat systems. There have been many discussions, but no meaningful progress. The reason is clear: there are financial incentives against interoperation. For example, consider Google and Facebook. Allowing messages to flow between Facebook Messenger and Hangouts would decrease advertising revenues.

WhatsApp has historically been different. The company’s original business model was to provide service for an annual $1 fee with no advertising. In October 2014, WhatsApp was purchased by Facebook for US $19 billion and by September 2015 reported more than 900 million active monthly users. In January 2016, the company announced plans to drop its annual subscription fee and start to test an offering for companies to communicate with their customers. It is unclear what the future holds for WhatsApp users, but it makes questionable sense for Facebook to operated two different IM systems and a business-to-consumer offering is unlikely to provide an incentive for interoperation.

The consumer space is littered with other proprietary IM systems. Blackberry Messenger (BBM), once only available to users of Blackberry handhelds, is available for Android and iOS, but the only real benefit it adds to those platforms is the ability to communicate with Blackberry users whose organizations refuse to allow them to install other IM clients. A prime example is the Government of Canada. Unlike third-party IM clients, BBM traffic can be intercepted and logged by Blackberry Enterprise Servers. By locking down the handhelds the government both improves security and their ability to log every message. As a byproduct, Android and iOS device owners who wishes to IM with government-issued Blackberries needs to install BBM.

Due to the lack of interoperability, most consumers have several IM clients on their mobile devices. The vast majority of messages are available to the IM providers and governments in the applicable jurisdictions, and the services themselves must be monetized to remain viable. Consumers may not pay money for the services, but they are not free. Access to the consumers is the product being sold to commercial interests.

There are exceptions, most notably Signal Private Messenger from Open Whisper Systems, a free, open source, encrypted IM and voice calling product for iOS and Android. According to the company, “Open Whisper Systems is both a large community of volunteer Open Source contributors, as well as a small team of dedicated grant-funded developers.” While Signal is likely the most secure IM product available to the public, it does not address the interoperability challenge. It is also questionable whether the company’s business model would be sustainable if large-scale consumer adoption of the product was to occur.

Interoperability issues force consumers to install multiple “free” IM products to stay connected with friends and colleagues. Consumers should be able to choose a single IM service and use it to communicate securely with all of their contacts. To accomplish this an agreement must be reached on an interoperability standard. The business model must also change; consumers must be willing to open their wallets to end this Instant Messaging madness.

Have a security question you’d like answered in a future column? Email eric.jacksch@iticonline.ca

Related posts