(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


How WhatsApp could shut down service to the UK using “Feature Flags”

2023-04-23 22:04:24+00:00

Speaking as a former Facebook engineer, I would expect pushing some kind of “feature flag” (global configuration option) which prevented the service connecting for people with a “+44” phone number.

Pretty simple. Geo blocking could be done similarly.

https://en.wikipedia.org/wiki/Feature_toggle?wprov=sfla1

2/n) When you’re coding for at-scale platforms you quickly realise the utility of creating a tool to divide users into groups by {country, language, phone-number, userid-modulo-N-test-group, employee/non-employee} — and then THAT tool gets used for everything.

3/n) At Facebook-proper this tool was/is “Gatekeeper” and it’s the software which is used to switch you between seeing new-user-interface vs: old-user-interface, that sort of thing.

Nice essay about Gatekeeper, here:

https://launchdarkly.com/blog/secret-to-facebooks-hacker-engineering-culture/

4/n) True story: I was working on some logging code once & had pushed it to production, only then to realise there was a potential bug which would’ve been embarrassing…but I’d wrapped it in Gatekeeper controls, so I switched it off in the last seconds before it went live.

5/n) WhatsApp will have something similar, not least because someone will have anticipated the need for a bunch of phones to be switched-off by international dial prefix, e.g. in case the USA declared Libyan use to be export-controlled/illegal, or something.

6/n) So WhatsApp could probably NOW make their clients shut-down service to both of:

– anyone apparently inside the UK

– anyone with a +44 prefix

…trivially, by pushing a configuration update and waiting for clients to refresh their settings.

About 5 mins work for 1 person.

7/7) With centralised platforms it’s not a big technical challenge to switch off service to a country; it’s a political and legal-exposure (i.e. “lawsuits”) one.

But if the alternative is “make your software raddled with British Government spyware”, then it’s likely worth it.

Originally tweeted by Alec Muffett (@AlecMuffett) on 2023/04/23.

Postscript: but what if WhatsApp simply waits to be blocked by the UK Government for non-compliance?

I’ve already written a blogpost that is broadly about that, but I should note in passing that we have seen this battle before: when the UK, France, Sweden, etc, all petitioned Apple and Google to provide them with exceptional privileges in iOS and Android, to enable their own homegrown COVID apps.

That did not end well for the petitioning nations, for instance the UK:

The UK is abandoning its current contact tracing app for Google and Apple’s system



https://www.technologyreview.com/2020/06/18/1004097/the-uk-is-abandoning-its-current-contact-tracing-app-for-google-and-apples-system/

…and…

The UK’s contact tracing app fiasco is a master class in mismanagement



The failed rollout of Britain’s covid-19 app will damage digital contact tracing efforts worldwide—but its troubles were the result of clear, specific errors.



https://www.technologyreview.com/2020/06/19/1004190/uk-covid-contact-tracing-app-fiasco/
[END]

[1] URL: https://alecmuffett.com/article/58103
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.