Hacker News new | past | comments | ask | show | jobs | submit login
DoChat – a Dockerized WeChat PC Windows client for Linux (github.com)
77 points by zixia 38 days ago | hide | past | web | favorite | 73 comments

I went back to China for a month in December 2019. It's crazy how Wechat payment is now used everywhere.

Any shops in China (I believe 99% of them): in wechat, you have "wallet" that generates QR code. Go to any shop, at the counter, show the QR code generated, they have the machine (or wechat app) to scan it. done. Crazy efficient. Most of the people there don't bring wallets anymore.

Most of the restaurants in Shenzhen now has a QR code. You scan it, order what you want, and the food come. Don't need any interaction with the waiter, what I felt a bit inconvenient since I like to ask what's good there.

Starbucks: When I've left home, ordered via the Starbucks "mini-app" inside wechat, when I arrived in starbucks 5 minutes later, it was ready on the counter.

Metro and Bus: get the metro/bus "mini-app" in wechat. you get . In their receipt it is mentioned "blockchain" technology. I'm not too sure if they use it, wondering if they really do use a blockchain behind to generate receipts.

Sending money to ANYONE: never been that easy to send money to anyone. Even if you , show the QR code, and they'll . No more " I don't have cash on me " excuse. There is also no hard limit on how much you can send. I remembered paying all my rent via wechat when I lived there, about 3000 usd every 3 months.

Not sure if you know, but at least life in Sweden is pretty close to this. Contactless payments are everywhere (Apple/Samsung/Android pay) and the app “swish” works great for sending payments to people. Even some businesses have a swish QR code displayed in lieu of taking cash payments.

Same in Finland, although most people still use contactless cards instead of Apple/Samsung/Android payment apps. But since they work on the same terminals, it's really easy for people to switch when they want to.

I'd go all in on Apple Pay if not for the fact that the grocery store I go to has a loyalty card program and I can't use that with Apple Pay. Luckily the loyalty card is tied to my bank card, so I can get the loyalty card benefits and pay with the same tap.

Same in the UK, you get at least £30 from your contactless card/Apple/Android pay.

Some shops do more, an increasing large number allow a larger limit. However some large shops (Tesco) only allow large limits on their own payment apps, rather than Apple/android pay, forcing you to use your card and pin!

The £30 limit does not apply to mobile payments. There's no limit for those. I've successfully made 2k£ transactions with Apple Pay.

It depends on the merchant and they're apple/android pay enabled or not.

Regular contactless limits are 30, otherwise the limit is much higher.

My highest was ~£1200 at an apple store, and I had paid a 500 deposit on a car, but it refused the 8K balance. So there is a limit somewhere between your 2K and my 8K attempts on apple pay ;)

The brilliant thing about wechat (or alipay) is that they don't have a close affiliation to the banks. And therefore far less transaction fees.

Not sure about the fees part, my quick search shows it's 0.6% for businesses to receive money, at the first glance this seems cheap indeed, but there are other tricks in it, unsurprisingly.

It charges you 0.1% for withdrawal once you used up the initial 20K RMB quota, and the real profit driver is its own credit part, if the customer paid using credit from Alipay, which the company agressively promotes to users and urges to be set as default, the fees for businesses then adds another whopping 4%. Would they raise fees even higher? I think they want to. The duopoly raised fees in lockstep before.

It isn't that much different from other card organisations, except theoretically it encourages users to put cash on their platform's various funds and pay with credit it offers so it doesn't need to pay a clearance fee for every transaction. It takes away the protection for customers by credit cards, offers guarantee of receiving money without disputes to businesses.

So it really comes down to the time saving from processing cash vs the cost, since paying with bank cards or gift cards are uncommon in China, and usually you need to type your PIN as it's required by banks even for credit cards to avoid their fraud responsibilities. And the public inertia of not wanting to bring cash they are trying to build.

Do people have to pay transaction fees for using their bank cards in the US? At least over here in .nl there are none of these fees (as a consumer) and we have free NFC payments with your regular bank cards or Apple Pay etc.

EU caps the transaction fee of banks to like 1%. (which is paid by the seller).

NL is a bit of a special cookie here, companies in NL don't like paying 1% transaction fees, so most companies only accept MAESTRO. Because Maestro has lower tx fees.

Every time I visit I can't pay for anything with my VISA or Mastercard. It's rather frustrating.

Yeah nobody uses credit cards because of these fees. However, I have never heard of a 1% fee on regular bank card transactions. I know there used to be a 25 cents fee for consumers when they wanted to pay small amounts by cards, but nowadays shops promote payments for this as well and it’s free everywhere. I think it’s a few cents per transaction for the seller.

Put Germany on the same cookie jar, while it has largely improved since I arrived here, plenty of restaurants are still only accepting cash payments.

This was really strange to me, being used to pay with debit card almost everything in Portugal.

In Germany I thought it was due to being privacy conscious?

On the contrary, it is due to the operating taxes.

In 99% of cases no fees for consumers. I know only 1 store that has a credit card surcharge.

Contactless payments can be found where is a card terminal, but not everywhere.

NYC has contactless bus payments now.

That sounds pretty scary,what a price to pay. Let's say you're blacklisted for something, that's it, you can't buy anything or get any services from anywhere. You can't even beg for money! I hope I never have to see that in my lifetime,a very rare thing where I would prefer wars before it came to this.

or suddenly being not a part of a desired ethnic group

Mobile pay for Starbucks is a thing in North America, without the centralization of surveillance.

(There's probably a dozen tracking SDKs, but we're working on getting those to be properly opt-in, and they aren't fed almost directly to the gov't.)

Now that Apple Pay is available for online checkouts it has mostly the same convenience as WeChat. Hopefully Android Pay or whatever will catch up soon, as Apple Pay is only usable in Safari from what I know.

Eh. 2019 May, Hangzhou, impossible to rent a bicycle without alipay or wechat. The funny bit is that with UK phone number you can't sign up for the service.

China should have gone wireless cards, like most sensible countries.

I just wish they would allow foreigners to use it as well. I live in Hong Kong and go to China quite often to visit friends, but it’s a pain in the ass to pay. Usually my friends pay for me, and I give them cash. The rest just split through Wechat.

It's allowed for foreigners who has the mainland bank account. But yes, it's impossible without.

Yeah sorry, by foreigners I was mostly referring to tourists.

I've been to Chengdu and Shenzhen in 2017. People were sometimes sighing and rolling their eyes when I tried to pay with cash. Even worse with cards.

Why are cards worse?

First, it takes time. Second, western cards (especially debit) are not always accepted in China.

Yeah I guess cards can be slower than cash

You need special equipment to accept cards.

Did they not have the equipment?

I don't really have an issue in Canada with payments. Contactless w/ Visa/Amex/Interac is basically ubiquitous, and cash is fine when you don't want to rely on the networks. That thing you describe with Starbucks is here too, not that I really care about waiting 90 seconds for a beverage at a Starbucks, on the occasion that I visit one.

You need to be careful with this. I used something similar to this because I don't like running WeChat on my phone and the account was almost instantly banned and I lost my only communication channel with my family in mainland.

What does "something similar" mean? LINE, WhatsApp, WeChat all ban their users if you use non official clients.

This is the official client running in Wine.

I just got my WeChat suspended for fifteen days for no obvious reason. (Says I spread malicious rumor but doesn’t specify what exactly) I now use iMessage whenever I can.

Not to downplay your very valid concern, but "only"? I iMessage chat with my mainland friends every single day. Hell, use email. There are plenty of ways to communicate.

Yes, there are plenty of ways to communicate with younger people. But I am talking about, for instance, my grandpa. Many people in China (including my family) aren't so "cosmopolitan" and only use WeChat

I know this probably sounds ridiculous to some, but you could also use the phone to make a phone call.

The overwhelming method of communication in China is WeChat, whether that is in messaging or voice call. WeChat is the absolute most important communication medium -- this is true for all age ranges.

You statement doesn't sound ridiculous, just uninformed and lacking awareness of how people communicate in China.

Sounds like the Chinese people are uninformed.

Wonder why.

No different with Messenger in the US. Fools.

Assuming he’s not in china, it would be costly to make international calls.

12/15 hour time difference also make it difficult to find a good time to make phone calls

How do you send a picture by phone?


MMS is awful and barely works domestically, let alone internationally. As far as I can tell I can't even send MMS internationally from my phone network. Even for domestic MMS messages, they are charged at an effective rate of £1833/gigabyte.

you also need to be careful with this because you know installing untrusted software on your Linux box might be a bad idea. I guess it’s OK if you skim through the repository and compile it yourself. I don’t know how easy it is to breach docker.

Well, WeChat forbids the use of any emulator. Maybe you have used an Android emulator to log in your WeChat account?

Nice work! I can't make it switch DPI though, on HiDPI screen it looks miniscule.

Now you can use a new environment variable to control your DPI when starting DoChat. See: https://github.com/huan/docker-wechat#dochat_dpi

I hope this can work with your HiDPI screen! :)

Works like a charm, thank you! Sorry I didn't have a moment to file a feature request.

You are welcome.

I'd like to add the DPI setting to the project. Cloud you please to file an issue for recording this feature request?

>curl -sL https://raw.githubusercontent.com/huan/docker-wechat/master/... | bash

This is a textbook example of something you should never ever do...

It gives some entity (usually a bunch or entities) you may not entirely trust an effortless way to own your system. You would need to download the script and carefully examine it to determine that it only does things you approve of. The fact that others might of downloaded from the same place makes no difference, every downloaded script could be different. Every script/binary the original script downloads could be different and malicious.

Just don't...

Is this different from running any other piece of software from the internet?

The only real difference is that there are ways the server can know if you are downloading it for inspection, or if you're piping it straight to bash. A hacked/untrusted site could serve up a malicious script file if it detects that it's being sent straight into bash, and a clean script if you aren't. With most things you download from the Internet, you download then run the software if you want. Curl to bash is download and run with no confirmation step in the middle.

> Curl to bash is download and run with no confirmation step in the middle.

Which is fine, because almost nobody is going to thoroughly inspect the code anyways. The bash script looks pretty trivial, but it's running a privileged docker container, which means it has full root access. Are you really going to inspect every nook and cranny of the docker container for exploits?

This is a docker image of the WeChat Windows client running on Wine. I think it would be reasonable for the author to at least put some credit to the Wine projet in his project page. Instead, I have to check the Dockerfile to see how it works.

Also, the screenshot in the project page shows people's conversation and name (probably the author's), but it would again be nice if we could blur the content so that people's privacy got respected (yes, you could argue that since you are already running WeChat, you don't care about privacy).

Is anyone would have a solution with receiving text message of my China Mobile number on the web? Wechat ask me for 2FA (via text message) and I need to change sim card or top-up my phone number (condition to make my sim working outside china)


I'm away for several months (because of the coronavirus), and I struggle with receiving text message when I need to make some payments via wechat. It will be useful for bank transfer too

Should be free to receive SMS while roaming.

Nice! I'll give it a try next time. I ran Wine and tried to use it before but I never got it working nicely. Funnily enough there's a GitHub project which allows you to make miniprograms on Linux and it works quite well.

The best way is to keep away from wechat. They still can collect your message. There is nothing you can hide.

the novelty of volume mounting the /tmp/.X11-unix to get an actual ui is neat in itself. nice work

Did they mount /dev/shm as well? Otherwise I’m kind of surprised that works.

Currently the project has to use the `--ipc=host` for running the docker.

Can we get rid of the `--ipc=host` by adding a `/dev/shm` mounting?

x11docker takes this and runs with it:)

Why not just run WeChat Linux client?

AFAIK there is no Wechat Linux client. There used to be "electric-wechat" or something like that, Electron wrapping Web UI, but for 2+ years Tencent has deprecated Web UI, so it does not work.

My guess is: You might want to contain the hazard. Who knows what stuff that client is doing on your machine.

I don't think docker is enough. I would want to put it in a VM of it's own, and just for the sake of it, probably send all traffic out that VM via a VPN.

Genuinely curious (and not just for you, but other posters in the thread) but would you (do you?) do the same for the WhatsApp desktop app? (assuming you use it)

I don't know, what I will say is: most (tech) folks would (rightly, in my opinion) trust Facebook/WhatsApp more than they would Tencent.

What does "trust" mean in this context?

I expect Tencents government data sharing to be higher, but I also don't expect Facebook's to be zero - I would also say I trust less Facebook's handling of my data and it's exposure to third parties (see ref: Cambridge Analytica) and let's not forget their experiments in changing people's moods by manipulating what they saw on their timeline.

Not saying Tencent are free from sin, but it seems to be the breaches of trust that Facebook has performed are more wide reaching...

Definitely, if I was using WhatsApp.

Why would a VM have an advantage over docker here? You think the Windows WeChat client is designed to escape from docker if it ever finds itself inside one while running on linux?

Even if you ignore that Docker is not a good security boundary.. DoChat bypasses a lot of the protections that Docker does apply. In particular:

- --privileged basically gives it the same capabilities as root

- Forwarding the X socket means that it has full access to your desktop, including keylogging and so on

- IPC isolation is disabled, so it has full access to any shared memory exposed on the host (again, with root privileges)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact