
India reportedly wants to build its own WhatsApp for government communications - jmsflknr
https://techcrunch.com/2019/06/26/india-government-inhouse-chat-app-whatsapp/
======
ailideex
Hopefully they rather use something like
[http://matrix.org](http://matrix.org)

~~~
edhelas
Or maybe something like… the existing IETF standard for IM: XMPP. With plenty
of implementations, support across the globe, servers that can scale up to
millions of sessions.

~~~
metildaa
Conversations is the only decent XMPP client, and server XEP support is a
mess. Its unusable for normal people if you want to use any kind of advanced
features.

~~~
Nux
I concur, tried to adopt it at dayjob when HipChat closed, but it was
impossible. Conversations IM client is alright, but we couldn't find a client
for IOS that just worked. It's mission impossible.

I hope they go for Matrix, like France did, but I get a feeling they'll be hit
hard by NIH.

~~~
upofadown
Yeah, iOS XMPP client support does seem to be _the_ issue. Riot gets cross
platform support from electron. Perhaps the world needs an electron based XMPP
client...

One relatively low effort path for a government might be to simply adopt
something like Chatsecure and fix it.

~~~
pgeorgi
I found Monal (monal.im) to be a better maintained iOS client than Chatsecure,
very responsive developer, too.

------
vmurthy
An interesting aside: In 1998, India tested its nuclear weapons (Pokhran-II
[1]). Almost immediately, US imposed sanctions. One of the terms of the
sanction? "Bar the export of certain defense and _technology_ material" [2].

I can't find a source but I do remember that IE used to ship with reduced
encryption. Perhaps we have learnt some lessons since then :-)

[1][https://en.wikipedia.org/wiki/Pokhran-
II](https://en.wikipedia.org/wiki/Pokhran-II)

[2][http://edition.cnn.com/WORLD/asiapcf/9805/13/india.us/](http://edition.cnn.com/WORLD/asiapcf/9805/13/india.us/)

~~~
kyshoc
This is why my hair stands up every time we have the "backdoored encryption"
discussion -- we had, and probably still have, people in positions of power
that think of encryption as something that should be regulated on the order
that guided missiles are.

~~~
vmurthy
As a technologist, I agree with your view. But in cases like sanctions, I
think the "Let me show who has the power" mentality takes over. So, a country
(say USA) can pressure its companies (like Microsoft in 1998) to stop
providing some features/services/products to have some leverage over the
sanctioned country. The unfortunate pattern in history has been that politics
wins over rationality.

~~~
pvg
Do you have some reference to something that suggests that this is what
actually happened? I don't think the US government made Microsoft put weak
encryption in export versions of IE because India tested a nuke.

~~~
vmurthy
Sorry! I tried so bad to find it but couldn't :-( Someday ..

~~~
pvg
I think you can't find it because it just didn't happen that way and you're
misremembering something. The export-crippled cryptography in browsers was a
real thing but it got there before the Indian nuclear test and for other
reasons.

------
germanlee
Why don't they just support the growth of their own homegrown "WhatsApp"?

With government support and financial support, india could easily have an
indian "whatsapp". WhatsApp isn't technological sophisticated. It's simply a
large network. With government/business "tweaking", india could help their own
"whatsapp" company take over much of that market from facebook.

Why hand the entire indian market over to facebook and zuckerburg?

There is no reason why large and significant markets shouldn't be dominated by
local businesses. Not to say whatsapp should be banned from india, but it's
only the incompetence of government/business that cedes their market to
foreign companies. This also applies to the EU. It's insane to me that the EU
doesn't have their own google, facebook, etc.

------
anon121212
Bet you TCS or most likely Infosys will be the implementation partner. Tax
money goes in. Crap comes out. As usual. Public will sing praises.

~~~
th3iedkid
Not that I like TCS or Infosys, but why does everyone appear to hate them so
much? If most organisations appear to go with them, is it because they lack
market options at what they offer?

On the other hand ,Wouldn’t some other govt sub-org like CDAC etc might get to
build this via NIC or whomsoever supervises this?

~~~
anon121212
In one word, cost! But you get what you pay for and it shows in the quality of
the work. The engineers are just fresh out of college and are given titles
like junior dev or senior dev rather quickly to retain them. This combined
with fake resumes compound the problem where a solution to any problem is
simply reboot the computer. CDAC/NIC are even worse -- just go see the state
of some state-run sites, they've got people that are stuck in the past, can't
be fired and won't change things because hey, why change things when you will
get paid nonetheless!

------
Bhilai
Its scary how prevalent Whats App is in India. A lot of official communication
happens over WhatsApp. So it makes sense to move sensitive communication over
something homegrown and outside jurisdiction of foreign government. But Indian
government does not have a very good track record in terms of cyber security
so an actual secure implementation seems pretty far off.

~~~
srameshc
OMG your username :) I love that place. It is absolutely scary when government
officials in India ask you for your sensitive information to be sent through
WhatsApp and when you can't suggest them an alternative way or say them no.

------
rstuart4133
There are suggestions of starting with lots of other non-open source platforms
here, but no mention of Signal. That's downright odd. WhatsApp _is_ a fork of
Signal. Why on earth wouldn't you just use Signal as your base? After all
Signal open sources everything.

That aside, it's a bit of a mystery why anyone would choose a proprietary app
whose owner could be in cahoots with anybody and you would never know over an
open source app, given the entire point of the exercise to ensure your
communications private. Facebook is even talking about monetising WhatsApp
chats, and governments are talking about forcing Facebook to store the chats
so they can be retrieved with a suitable warrant. Yet people still choose use
these apps for private communications. Such is the power of the marketing
dollar, I guess.

------
netsharc
If this is their track record, it'd be like using public Twitter posts for
government comms: [https://gizmodo.com/simple-hack-turns-indias-massive-
biometr...](https://gizmodo.com/simple-hack-turns-indias-massive-biometric-
database-int-1828972521)

------
raylangivens
The Indian Government is extremely inept at assessing at technological needs.
Aadhar is a good example of what came out of the Indian Government
(technically Nilekani & Co.).

The pathetic Indian Government websites would show you what they are capable
of when designing a product that is supposed to work for Millions/Billions of
people. They are just going to line up TCS or Wipro's pockets because that's
the cheapest and also the crappiest.

------
vinay_ys
I hope they commission a project to build this completely indigenously to be
built from scratch and set the scale requirements high enough to scale to
100million+ people in a single private organization along with stringent
sufficiently future proof security requirements.

India has a very large base of software engineers, security researchers and
local cloud builders that would love to contribute to such a project.

------
ThinkBeat
This is good.

Hopefully it inspired a bit of innovation.

China has learned a lot from not adopting all the US products and implementing
their own product and in some ways we see things they did, that our products
had not done yet.

The monoculture that the digital hegemony of a few multi national corporations
creating the only viable solutions is not healthy.

Making something like a government chat system, might be the seed for creating
a public system.

------
fouc
What are the chances they're going to use Java instead of Erlang?

~~~
macspoofing
Does it matter? Routing text is a solved problem and not particularly hard at
any scale.

The interesting parts for any potential implementation only pertain to things
like workflow, integrations to existing applications and services and
regulatory requirements (export, backup etc) - from that end, Erlang is not a
great option.

~~~
visarga
It's not just text, but images, audio and live video. Tons of images are being
uploaded everyday to WhatsApp.

------
MarkMc
I think Telegram is open source, so they could just fork it

~~~
rvense
The server part isn't.

There are several alternatives where both sides are, though.

~~~
giancarlostoro
They are better off forking Wire which I think isnt perfect either but seems
to be properly open sourced frontend and backend.

------
chewz
What do they have to hide?

Internal communication is usually great source for historians and posterity.
Not to mention parliamentary investigative bodies.

~~~
helloindia
"The rationale behind the move is to cut reliance on foreign entities, the
report said, a concern that has somehow manifested amid U.S.’s ongoing tussle
with Huawei and China."

~~~
addicted
These are the kinds of damage that the US is facing that has gonna have severe
adverse effects, that will not show up before the next elections, so the
current US administration doesn’t care. Other stuff would be that it’s likely
that US companies will not even be considered in the future by governments and
companies for products, where in the past, the likes of an IBM or Oracle would
be the front runner.

------
divs1210
host your own mattermost instance

~~~
the_common_man
The free edition has no basic access control.

~~~
sailfast
To clarify - you mean that if you have access to the database then you can see
all messages?

~~~
the_common_man
Anyone can archive any channel in the free instance. It is meant to be used by
a trusted team apparently

------
whoisninja
it will be hacked in a day

