It looks like this opens a copy of WhatsApp Web and instruments it as its client. And it uses compiled class names like `._2EZ_m` to interact with the DOM. Unless I'm missing something, this will probably break weekly or every time they release a new build of the frontend. Not sure if there's a better way?
That specific classname didn't change since the beginning of the project, I had a breaking change on WhatsApp's side one time (was several months ago already).
I'm aware of https://github.com/tulir/mautrix-whatsapp which I'm personally interested in, which uses a reverse engineered implementation of the WhatsApp web protocol.
One alternative is sandboxing the js code (or using existing browser or networking logging capabilities) to reverse engineer network requests and write a more raw client instead of piggybacking onto the web client, that would still have risks of changes but less likely than this.
> reverse engineer network requests and write a more raw client
People already have done that. The most famous example is the yowsup [1] python library. The problem with these client implementations is that WhatsApp is banning any numbers that use them [2]. So most recent attempts to use WhatsApp outside of the official clients revolve around using WhatsApp Web somehow. That appears to work better, but even here if you are using it on a long term basis, WhatsApp might ban you.
Ultimately, WhatsApp is a bad host when it comes to using their service outside of the official app. This is really sad for people like me who don't want to install WhatsApp on their phones because it sends too much of my data to Facebook... probably that's precisely why they are so strict, to get all the data because that's all they get (the service is gratis after all). That and spam.
3rd party implementations, such as that python library, have two fundamental issues (beyond what's mentioned here).
1) They're using outdated versions of the protocols, which they won't be motiviated to fix until those old versions are cut off server-side and their implementation suddenly stops working.
2) They never quite figured out how to correctly handle all the nuances and corner cases of the E2E encryption, so that part of their design is extremely fragile (just look at the issue trackers for all the evidence of this that you need).
On top of all that, the maintainers have basically given up and abandoned the projects... So they're not even being actively maintained.
> they won't be motiviated to fix until those old versions are cut off server-side and their implementation suddenly stops working.
I've never used one of these products, so I might be wrong, but as far as I understood it, the way WhatsApp bans your phone number if you use a third party client is done in a way that is permanent? So instead of saying "sorry your version is too old please use a newer one" they say "sorry your version is too old we don't want to see you ever again even if you fix it". It's totally okay to do something like "sorry the version is too old" if it's not your number that's banned but the outdated protocol implementation.
> the maintainers have basically given up and abandoned the projects
Because WhatsApp is sending DMCA requests like crazy [1] and the constant protocol changes make it hard for third party developers. See the opinion by one dev here [2].
If WhatsApp came out with a public statement about supporting third party clients, listing their conditions, it would be really great progress. Matrix, IRC, etc all thrive with different client implementations, even Threema officially tolerates the OpenMittsu third party client. The official communication I've seen by WhatsApp is the opposite.
I have used yowsup for some time, bans were not the issue. However there is a keying issue, leading to failed messages. Ultimately I had to switch to some Web API, as the 'official' version hasn't been updated for some time.
How can the server component of WhatsApp tell that the client is using the Python library you mention? If that library implements the protocol correctly, shouldn't it be indistinguishable from the official web client to the server?
Creating a correct implementation of a protocol is one thing, creating one that is indistinguishable from another implementation another. E.g. for TCP/IP you can find out the OS just from the additional information even though implementations are correct [1]. I guess they are doing something similar. And even if your protocol implementation were perfectly indistinguishable from the other one, usage patterns might reveal differences. E.g. if you have a bot then bots will most likely reply immediately after you issue a command. If you add a constant wait time, it's still distinguishable from humans typing at varying times. Same for uniformly randomly distributed wait times, I'm sure there is a distinction (I'd say it's correlated to message length for example). All of this is visible without looking at the message contents, which are obviously not available to the WhatsApp service.
> This is really sad for people like me who don't want to install WhatsApp on their phones because it sends too much of my data to Facebook... probably that's precisely why they are so strict, to get all the data because that's all they get (the service is gratis after all).
When you send a message through WhatsApp, WhatsApp knows you sent the message and who you are.
Since they know who you are, they also know, independently of the request you just sent, whether you're using their official client, and what data they've managed to extract from your phone.
If I get a seemingly-valid message from you despite the fact that I know perfectly well you've never installed my official client, I'm going to conclude you're not using my official client.
This was an incredibly interesting topic when pokemon go came out. People started using the reverse engieered protocol to gain information about the map from the pc (instead of the official android app), and Niantic updated the app every now and then with slight protocol changes and complex functions or crypto algorithms so that it was harder for those people to perfectly emulate the client. The protocol worked, but they could detect them sometimes because it was not identical.
I feel that I love this topic. It seems that it is an exciting challenge trying to protect an API to only be used (or at least, detected if not) by the official app. I don't even know if there is even a 'solution' to this problem. Would like to read more about it.
In my experience it doesn't break all that often. Once in a while it does, of course, but not weekly; and knowing the creator personally, I can say he uses it himself too, so any breakage will be fixed quite quickly (at least at the moment). ;)
My solution was to run WhatsApp in emulator and enable adb over tcp and send adb commands from server directly to emulator. I automate sending messages and pdf files from our erp system. and for receiving messages we just have a Whatsapp web available for one of our employee so he can reply and escalate whatever.
What's a shame here is that the "WhatsApp Business API Client" [1] would actually be the perfect tool for personal projects like this. Unfortunately, its still being reserved for use by only larger businesses planning to use it at scale, so they can be meaningfully paying customers.
Offering low-volume non-customer-facing free access to a product like this would likely make everyone here quite happy.
Indeed, it would be great to have something like this for non-business customers as well. Right now it's very much targeted at large businesses atm and seems to want a beefy computer, so you can't really install it on your RPI.
> In order to ensure a high quality experience for businesses and users, we're in a limited public preview. If you'd like to work with us, submit more information about your business for consideration as we continue to expand our availability.
The beefy computer requirements are really just the result of needing to invent pie-in-the-sky specifications for the website, and wanting to avoid any bottlenecks when running at high load. Remember, most of the current customers are trying to actively communicate with an enormous number of contacts.
The truth is that the product does not actually need much RAM, and storage is a direct function of the number of conversations and messages you're handling with the product. The main bottleneck is really just I/O for the databases. For the use cases of everyone here, it absolutely could run on an RPi. Easily.
> Offering low-volume non-customer-facing free access to a product like this would likely make everyone here quite happy.
I suspect that one reason they're not doing that is to prevent spambots. This is probably a valid concern, as experience as shown that preventing spam is a hard problem.
There are a whole bunch of tools but you really only want something simple that gives you an infinite loop that runs every time a message comes in and gives you access to the current message as an object
The iPhone has about a 56% market share in the US, compared to a 26% market share in Europe (with the UK being the outsider with 52% market share).
That makes a huge difference: in Europe it's very unlikely that everyone out of any group of friends has an iPhone, making Whatsapp, Telegram etc the goto solutions for group messages.
Apple is also huge in Japan, but I don't know what kind of chat apps are used there.
I'm from EU and it is a thing. I use iMessages whenever the other side has an iPhone. In my social circle, it's about two thirds. But it is also true that many people who have an iPhone still use Whatsapp or Messenger as the default communication channel even if the other side has an iPhone as well.
Its certainly not the default in Australia. Only a few people I know have iPhones. SMS is always the default messaging app unless you have added the person on something else which is a bit of a mess between different services.
If you don't mind having a phone (or emulated phone) being on at all times running the whatsapp native app, and if you make an IRC bot that automatically replies to things, yes that's possible.
On that point though, what do people think when they see WhatsApp the name? I get the whole whats up thing, but whenever I see the name I think "What's App???" as in What is App???
I'm aware of https://github.com/tulir/mautrix-whatsapp which I'm personally interested in, which uses a reverse engineered implementation of the WhatsApp web protocol.
People already have done that. The most famous example is the yowsup [1] python library. The problem with these client implementations is that WhatsApp is banning any numbers that use them [2]. So most recent attempts to use WhatsApp outside of the official clients revolve around using WhatsApp Web somehow. That appears to work better, but even here if you are using it on a long term basis, WhatsApp might ban you.
Ultimately, WhatsApp is a bad host when it comes to using their service outside of the official app. This is really sad for people like me who don't want to install WhatsApp on their phones because it sends too much of my data to Facebook... probably that's precisely why they are so strict, to get all the data because that's all they get (the service is gratis after all). That and spam.
[1]: https://github.com/tgalal/yowsup [2]: http://google.com/search?q=yowsup+name+ban
1) They're using outdated versions of the protocols, which they won't be motiviated to fix until those old versions are cut off server-side and their implementation suddenly stops working. 2) They never quite figured out how to correctly handle all the nuances and corner cases of the E2E encryption, so that part of their design is extremely fragile (just look at the issue trackers for all the evidence of this that you need).
On top of all that, the maintainers have basically given up and abandoned the projects... So they're not even being actively maintained.
I've never used one of these products, so I might be wrong, but as far as I understood it, the way WhatsApp bans your phone number if you use a third party client is done in a way that is permanent? So instead of saying "sorry your version is too old please use a newer one" they say "sorry your version is too old we don't want to see you ever again even if you fix it". It's totally okay to do something like "sorry the version is too old" if it's not your number that's banned but the outdated protocol implementation.
> the maintainers have basically given up and abandoned the projects
Because WhatsApp is sending DMCA requests like crazy [1] and the constant protocol changes make it hard for third party developers. See the opinion by one dev here [2].
If WhatsApp came out with a public statement about supporting third party clients, listing their conditions, it would be really great progress. Matrix, IRC, etc all thrive with different client implementations, even Threema officially tolerates the OpenMittsu third party client. The official communication I've seen by WhatsApp is the opposite.
[1]: https://github.com/github/dmca/blob/332f1896902c4f5780a249c0...
[2]: https://github.com/Enrico204/Whatsapp-Desktop/commit/18ba8a4...
[1]: https://en.wikipedia.org/wiki/TCP/IP_stack_fingerprinting
> This is really sad for people like me who don't want to install WhatsApp on their phones because it sends too much of my data to Facebook... probably that's precisely why they are so strict, to get all the data because that's all they get (the service is gratis after all).
When you send a message through WhatsApp, WhatsApp knows you sent the message and who you are.
Since they know who you are, they also know, independently of the request you just sent, whether you're using their official client, and what data they've managed to extract from your phone.
If I get a seemingly-valid message from you despite the fact that I know perfectly well you've never installed my official client, I'm going to conclude you're not using my official client.
I feel that I love this topic. It seems that it is an exciting challenge trying to protect an API to only be used (or at least, detected if not) by the official app. I don't even know if there is even a 'solution' to this problem. Would like to read more about it.
https://github.com/tgalal/yowsup/blob/master/yowsup/env/env_...
Offering low-volume non-customer-facing free access to a product like this would likely make everyone here quite happy.
[1]: https://developers.facebook.com/docs/whatsapp/getting-starte...
https://developers.facebook.com/docs/whatsapp/faq
> For single-instance production server setup, we recommend at least 250 GB SSD, 16 GB RAM, and 4 core CPU.
https://www.facebook.com/business/m/whatsapp/business-api/
> In order to ensure a high quality experience for businesses and users, we're in a limited public preview. If you'd like to work with us, submit more information about your business for consideration as we continue to expand our availability.
The truth is that the product does not actually need much RAM, and storage is a direct function of the number of conversations and messages you're handling with the product. The main bottleneck is really just I/O for the databases. For the use cases of everyone here, it absolutely could run on an RPi. Easily.
I suspect that one reason they're not doing that is to prevent spambots. This is probably a valid concern, as experience as shown that preventing spam is a hard problem.
https://github.com/RomanScott/weMessage
https://neosmart.net/blog/2018/imessage-for-windows/
Taking full advantage of UWP features and functionality.
There are jabber and slack gateways.
In practicality,I would like to see a gitter to IRC gateway,because of foss projects usage of both platforms.
And this obviously does exist. So that’s not the reason.
That makes a huge difference: in Europe it's very unlikely that everyone out of any group of friends has an iPhone, making Whatsapp, Telegram etc the goto solutions for group messages.
Apple is also huge in Japan, but I don't know what kind of chat apps are used there.
Whatsapp has been notorious for taking down third party APIs and any tools that allow message automation.
I would like to move away from WhatsApp for privacy reasons and out of principle.
Could I use this to set an auto-reply message to users contacting me, redirecting them to my new messenger e.g. Signal?
On that point though, what do people think when they see WhatsApp the name? I get the whole whats up thing, but whenever I see the name I think "What's App???" as in What is App???