return to table of content

I found a 1-click exploit in South Korea's biggest mobile chat app

james_dev_123
125 replies
23h20m

Fun fact: western ride sharing apps don't work in South Korea, and this company also makes the leading rideshare app in the country.

I was forced to make an account on the mobile chat app in order to log into their rideshare app, on a recent trip to Seoul. The UX was not great... not to mention that it was mostly in Korean. I had a lot of trouble. They didn't strike me as the most professional operation..

setopt
46 replies
22h15m

I lived in South Korea some years ago, and it was interesting how they had a separate ecosystem of apps and services. “KakaoTalk” and “Naver” had approximately the roles that WhatsApp/Meta and Google have in the West.

I think it’s great how these managed to thrive, despite increased competition from multinational companies. In many other countries, local tech companies seem to have become nearly irrelevant over the past decade, which is a sad to see.

Prickle
26 replies
20h3m

They don't have international competition.

The Korean government explicitly chooses companies for these things. And those companies, Chaebols like Samsung, choose the laws.

If these Korean apps were so good, you would expect them to penetrate foreign markets. But they don't.

https://www.techdirt.com/2023/12/06/dumb-telecom-industry-ba...

Just like how British car companies collapsed when foreign competition entered the market on equal footing, these companies will disintegrate if forced to compete.

https://www.latimes.com/world/la-xpm-2010-dec-01-la-fg-south...

seoulmetro
13 replies
19h22m

If these Korean apps were so good, you would expect them to penetrate foreign markets. But they don't.

Dumb reasoning. Their apps are targeted at Korean life on purpose. Their app being good or bad is irrelevant.

The reason American apps penetrate the world usually is because America is a superpower that has almost colonised the web.

consumer451
5 replies
19h7m

The reason American apps penetrate the world usually is because America is a superpower that has almost colonised the web.

I live in the USA and EU, and the reason that I prefer a Samsung display in almost all cases is because it is the best product. Korea has not colonized us, but the product is often superior, so that is why I buy it.

Why is it that Korean software cannot do the same? I find it very interesting, and I mean to ask this in a very neutral/curious way.

fmj
1 replies
17h48m

Now that you bring it up, I can't recall ever (knowingly) using a piece of Korean software that wasn't a game or baked into a phone's firmware. Does seem kind of odd considering how much Korean hardware there is in my life.

teen
0 replies
10h27m

naver mail is good. kakao talk too

shiroiushi
0 replies
18h10m

I live in the USA and EU, and the reason that I prefer a Samsung display in almost all cases is because it is the best product.

No way, LG displays are better.

(In case it's not obvious, there's a joke here.)

seoulmetro
0 replies
19h0m

Yes. Samsung created the best product for all eyes.

That's not the same for most internet apps.

They can do the same, they don't want to nor need to.

abdullahkhalids
0 replies
17h39m

TVs for most of their existence were simple devices, with mostly a few different consumer relevant parameters, which were mostly objective.

Apps on the other hand strongly reflect the philosophy of usage, control, privacy etc, and the design aesthetic of their creators. Different countries/cultures have radically different philosophies, and old countries have aesthetics that go back thousands of years. Using apps from the creators of a different culture almost certainly causes significant friction with your own culture's philosophy and aesthetics.

To give a related example. I don't know Korea, but many in the English speaking world are marginally know of Japanese TV shows - you know with the crazy antics. Imagine that you were forced to consume only that form of TV, and how jarring that would be compared to your own philosophical and aesthetic inclinations. The same with Apps.

kevin_thibedeau
4 replies
18h12m

Nothing prevented Switzerland from colonizing the web first. If Europe was a VC friendly environment it would be ahead in everything.

seoulmetro
1 replies
13h26m

Right. Instead the US colonised the internet. What's your point?

lupusreal
0 replies
2h7m

*created

The internet wasn't some terra nullius that America took over.

SuperNinKenDo
1 replies
16h16m

This doesn't really fit with the way the US government ensured dominance of its tech sector globally in the 80s, 90s, and even early 2000s. It was not a fair competition by any stretch of the imagination and involved a lot of strong-arming by the US government abusing its leverage.

kevin_thibedeau
0 replies
13h54m

Maybe somebody else should have invented the transistor, integrated circuit, and internet first. They didn't.

doyoulikecheese
1 replies
14h30m

The reason American apps penetrate the world usually is because America is a superpower that has almost colonised the web.

Love how the word "colonise" is thrown out without any thought.

Please tell us one example where America enacted a hostile takeover of a Korean site, and extracted its resources solely for the benefit of American interests.

seoulmetro
0 replies
13h28m

I thought about it, then I used it. It pretty much stands (not literally of course).

Please tell us one example where America enacted a hostile takeover of a Korean site

I don't think you understand what the word colonise means nor what my comment means...

mpercival531
11 replies
18h24m

LINE did.

Prickle
10 replies
16h53m

Line failed in the Korean market, and only penetrated Japan if I remember correctly.

And it is also partially owned by Softbank.

nextworddev
9 replies
16h14m

SoftBank took a stake in Line way after Line became established

Prickle
8 replies
14h38m

I did not know that.

Would that indiciate that Korean software companies are only able to penetrate one economy at a time?

That would be a very weird, but interesting thing to investigate.

numpad0
3 replies
8h32m

Each of language groups across the globe has its own dominant and different messaging apps. US has Messenger, Korea has KakaoTalk, Japan took LINE, China built WeChat, Russia picked Telegram, and so on. The Meta Facebook/Messenger/Instagram triad isn't the global default of social apps the way it might look to people from US.

And I don't think it takes conspiracy theories to explain it, maybe users don't like platforms that isn't dominated by similar users of their primary language, or maybe there are something else that prevent app experiences optimized for two distinct cultures at the same time.

tristor
1 replies
5h17m

This isn't really true. WhatsApp was used pre-acquisition and continues to be dominant throughout LATAM, Africa, and Europe in addition to US/NA. Only in the APJC region and Russia do we see significant divergence in messaging apps.

Having traveled extensively in these places, I always theorized it was due to UX behavior aligning well with the local languages. While the countries WhatsApp dominates speak different languages, they all use the Latin alphabet. In Russia and APJC there are many non-Latin alphabets used and those languages may also use different directions for writing/reading than Romance and Germanic languages.

codedokode
0 replies
2h22m

One advantage of Telegram over WhatsApp is that you don't have to display your phone number to your contacts and random people in group chats and blogs.

mananaysiempre
0 replies
6h44m

Russia picked Telegram

With some amusing exceptions: doctors are exclusively on WhatsApp; older (60+) people are often only on WhatsApp (and pre-Microsoft Skype before that).

nextworddev
3 replies
13h17m

Not sure what you are getting at, but Line is deeply penetrated into South East Asia as well

Prickle
1 replies
11h28m

Last I checked, 90% of Line users were in Japan, and Facebook messenger was most popular in SEA.

So I am simply surprised. My knowledge must be incredibly out of date.

teractiveodular
0 replies
9h57m

LINE is very popular in Thailand for unclear reasons, I've heard the theory that their cute sticker packs set them apart in the early days. In the rest of SEA Whatsapp is the most popular.

maeil
0 replies
12h27m

Taiwan too.

Quinner
18 replies
21h53m

It's the result of protectionist government policy. The policies are protectionist not just against foreign entry but also against entry of new products into the market. The government picks technology winners. Unsurprisingly, the government doesn't do a great job of this. Infamously it mandated usage of ActiveX and Internet Explorer for banking long after ActiveX had its time in the sun (the government made this the mandate in 1996 and didn't reform it until 2021!)

bhc
9 replies
19h46m

In case of Kakao Taxi vs Uber, it was Uber's unwillingness to work with existing taxi operators that killed any chance Uber had in the Korean market. Kakao (at least until they became dominant) acted more like an agent that sends additional customers to existing independent taxi drivers while Uber kept trying to find legal loopholes to bypass the taxi licensing system. S Korea is a civil law country, and its courts have no patience for actors whose entire legal strategy is to subvert the intent of the laws, and that was the end for Uber there.

gleenn
8 replies
19h39m

To be accurate, Uber didn't abide by laws in most countries it went up against. It was a little slimy but also the taxi systems of most places were very entrenched. I remember never enjoying riding taxis in San Francisco for years, the cars were gross and the drivers were grumpy and generally shady about having their "credit card readers being broken" so they didn't have to pay the fees. Uber and a bunch of companies did and end run around those very politically entrenched systems and I certainly am happy to have clean, friendly, safe, modern rides with good tech where reviews keep things in line and payment is easy and I can share my location easily and know I'm going to end up at the right place way better.

shiroiushi
5 replies
18h12m

Exactly. Uber was shady, but that kind of shadiness and willingness to ignore laws is necessary to bring positive change in a highly corrupt society. It's a lot like Batman: when the police are completely ineffectual or corrupt and working for organized crime, you need a vigilante who ignores the laws that just protect the criminals.

However, in better-run and not-so-corrupt societies like Korea, it's not necessary and probably downright harmful.

burutthrow1234
3 replies
16h10m

However, in better-run and not-so-corrupt societies like Korea, it's not necessary and probably downright harmful.

South Korea was under varying levels of dictatorship from the Korean War until the Sixth Republic in 1987. Roh Tae-woo, the first president after authoritarian rule, was imprisoned for corruption. Roh Moo-hyun, the President from 2003-2008 was investigated for corruption and died by suicide rather than face charges. Lee Myung-bak, his successor, was imprisoned for corruption. Park Geun-hye, his successor, was imprisoned for corruption.

I don't know that South Korea is the poster child for a "better-run and not not-so-corrupt" society.

setopt
1 replies
15h38m

Credit where credit is due: Sounds like no-one really gets away with corruption in Korea. The same can’t be said for more corrupt places.

teractiveodular
0 replies
10h0m

Yeah, I wouldn't go quite that far. Here's Samsung's heir, convicted in court of bribery, getting a special presidential pardon because, and I quote, he's "needed back at the helm to spearhead economic recovery post-pandemic".

https://www.bbc.com/news/world-us-canada-62501514

shiroiushi
0 replies
15h51m

I don't know that South Korea is the poster child for a "better-run and not not-so-corrupt" society.

It's not a poster child, but the US sets such a low bar that SK looks great by comparison.

Note also that the US isn't so visibly corrupt at the federal level; it's at the local levels where it's really no better than the typical poster children for corrupt countries. Taxis are a completely local (municipal) issue.

folkrav
0 replies
3h37m

Not sure I'd call Korea and its countless cases of political corruption with Chaebol more and more appearing to be basically running the show "not-so-corrupt".

pxx
0 replies
19h15m

credit card fees are insignificant compared to the fact that cash payment allows the driver to evade taxes more easily.

jorvi
0 replies
7h23m

Yup. I dislike Uber for the way they treat their drivers but I dislike the old taxis even more for the way they treat me.

setopt
6 replies
21h36m

When you mention it, as a Linux user at the time I struggled a lot with the ActiveX thing… Eventually I think I gave up. I had no idea that stuff was government-mandated.

throwaway2037
3 replies
17h17m

It didn't work on Wine?

SuperNinKenDo
1 replies
16h20m

Running IE in wine wasn't always the easiest thing in the world, and when you were specifically running it to try and use weird integrations even less so.

throwaway2037
0 replies
14h45m

This is a very good point. I didn't think about two things: (1) Internet Explorer, and (2) custom DLL with ActiveX integration.

numpad0
0 replies
16h6m

I heard Korea had a problematic mandatory Internet login wall specifically built for IE with ActiveX on XP, and that that made use of Linux and/or Firefox complicated.

Funnily it lead to creation of PC F2P gaming culture too for some reason.

themaninthedark
1 replies
4h7m

It was government mandated but it was an attempt by their government to strengthen security at the time when they couldn't import stronger crypto. Then it became established and hard to remove.

Due to restrictions on the export of cryptography from the United States, standard 128-bit SSL encryption was unavailable in Korea. Web browsers were only available to Koreans with weakened 40-bit encryption. In the late 1990s, the Korea Internet & Security Agency developed its own 128-bit symmetric block cipher named SEED and used ActiveX to mount it in web browsers. This soon became a domestic standard, and the country's Financial Supervisory Service used the technology as a security screening standard. ActiveX spread rapidly in Korea. In 2000, export restrictions were lifted, allowing the use of full-strength SSL anywhere in the world. Most web browsers and national e-commerce systems adopted this technology, while Korea continued to use SEED and ActiveX.

https://en.wikipedia.org/wiki/Web_compatibility_issues_in_So...

setopt
0 replies
2h9m

That makes a lot more sense. Thanks for sharing this bit of historical insight.

TkTech
0 replies
17h28m

While you're right, in the specific case of navigation apps (Google maps) or apps that need navigation data (uber), it's typically because of the Geospatial Information Management Act. High-quality mapping data isn't allowed to leave the physical borders of Korea so most foreign companies just stop trying. Nowadays it's just protectionism, but the original justification was to make it harder for north korea to aim artillery.

indoordin0saur
34 replies
22h17m

One thing that surprised me about SK is that they have so many local alternatives for tech products that I thought were global. And the global/US version has almost no market penetration. An example of this was Google, at least when I visited in early 2015.

localfirst
31 replies
22h13m

It's great that American software monopolies do not have access to Korean data and that Korean companies can create jobs hiring Koreans and add to the GDP. ALL sovereign countries should practice sovereign software and safeguard PII of its citizens

It's rather inconvenient for non-Koreans but you were never the intended audience nor is there much care for foreigners these days-there is growing hostility towards foreign tourists who have flocked to Japan and Korea in recent years.

mattnewton
11 replies
20h56m

Why would we think that every country blocking out foreign companies would result in better software being written for consumers in that country?

I think some tiny amount of protectionism can be necessary to get a domestic industry started, when it is important for reasons beyond giving access to the best products like national security. Especially in edge cases like competing with foreign companies with the backing of their state government or an international market that has degenerated to a monopoly. But ultimately free trade makes better products and international consumers richer and is the desired end goal, not every nation rewriting the same tech stack and providing local flavors of software solving similar problems.

lmz
8 replies
20h45m

not every nation rewriting the same tech stack and providing local flavors of software solving similar problems.

Why not? Isn't Diversity good? Wouldn't it be nice to have multiple colors, implementations of things rather than the monopolistic (and probably American) beige?

mattnewton
3 replies
19h0m

Diversity comes from (fair) competition. Why would I not make American monopoly beige if it works for America locally? But if the foreign company is already that color I have to differentiate somehow. I have to compete on whatever I know about the domestic market, and force the foreign companies to learn and adapt to reach parity with me.

That whole process works in reverse too, where I have to reach parity with the large multinational company on all the features the domestic audience cares about. That last step is usually the first one to be missed when a government hands a monopoly on a tech vertical to a local company with protectionist policies. (And often they don’t just do it to insulate them from foreign competition, they will end up insulating them from domestic too as an artifact of the way these relationships reinforce themselves)

So, the state should intervene to help level the playing field to reach fair competition. In practice though it rarely stops there and instead works to insulate the domestic company from any competition. Which results in inferior products.

It is not diversity to have many people reinventing and maintaining essentially the same wheel. Exceptionally, this is necessary for national security purposes, but in the common case this is actually a poor deal for local consumers who prop up a worse product.

shiroiushi
2 replies
18h6m

This is rich, coming from someone in a country where everyone still uses SMS to chat with their friends and family. Other countries already have far superior messaging apps than whatever America has produced, but Americans refuse to give up their SMS just like they refuse to give up their guns.

mattnewton
0 replies
17h31m

I’m not sure what this is supposed to prove? There are lots of different messaging apps with very high market share in the US versus a WhatsApp monoculture. A lot of people using SMS are actually using iMessage, and historically one of the reasons it’s won is because US telecoms went to unlimited SMS messaging when competing with each other, whereas foreign monopoly telecoms charged prices per SMS making messaging apps on data more competitive.

iMessage is a better experience and also degrades gracefully to sms for people who aren’t on the platform, unlike almost all other messaging apps where I have to make sure they have the app installed.

Facebook messenger has like 50% market penetration with its own suite of features. Snapchat is next and offers a very different user experience.

Apps without compelling reasons to exist like Google allo lose.

lupusreal
0 replies
2h0m

Europeans use Mark Zuckerberg's app and feel superior for it. They can keep it.

kcb
3 replies
19h49m

You would be doing the opposite of that. Creating 100 monopolies.

lmz
2 replies
19h46m

Better a hundred of them than only one or two.

L-four
1 replies
18h55m

It doesn't matter how many there are if only one is available in your region.

lmz
0 replies
17h26m

At least a local monopoly answers to local pressure. Good luck getting a global one to do so.

localfirst
1 replies
17h12m

Why would we think that every country blocking out foreign companies would result in better software being written for consumers in that country?

Why do you think foreign companies are automatically better? Is American software written by non-Americans automatically best? I find this to be incredibly arrogant.

Dylan16807
0 replies
13h54m

They didn't say that.

akdev1l
8 replies
22h5m

ALL sovereign countries should practice sovereign software and safeguard PII of its citizens

Most countries are incapable of this and when they do try they do a worse job.

My government has a website that allows you to fetch a person’s voting centre by knowing their ID number. Our ID numbers are sequential. Therefore you can use that website to get approximate location for literally everyone.

My government also has a website to request passports online. I was playing with it and it turns out they have an open GraphQL endpoint that lets me query billing transactions for _everyone_.

But sure the software was made in my country.

naniwaduni
3 replies
20h18m

Therefore you can use that website to get approximate location for literally everyone.

Approximate address, surely. Addresses are ... usually not very secret in the first place, though? It'd be absolutely fascinating if your government not only tracked everyone's location but assigned their voting center by current location, but, well,

akdev1l
1 replies
19h20m

I guess you misunderstood the word “location”.

The voting centre is typically the closest public school to where you live.

So when I say location here I mean the neighborhood where you live.

Also the main concern isn’t the government. They clearly already have the data and will always have that data. They also have the actual address of people.

The main concern is literally anyone can access the data and this thread is about countries protecting PII lol.

codedokode
0 replies
1h41m

In some Western countries voter's lists with names and addresses are publicly accessible, if I understand correctly. Helps to make sure government doesn't add dead souls to vote for them.

Aerbil313
0 replies
19h32m

It'd be absolutely fascinating if your government not only tracked everyone's location but assigned their voting center by current location, but, well,

That's exactly what happens in Turkiye. I assume GP is there.

makeitdouble
1 replies
20h15m

IMHO That's where the software model could change if more countries gave a serious shake at managing national services.

As you point out it's hard and few can do it, so getting more common open source platforms would be a natural evolution. Then relying on global providers that act as a service developer instead of a service owner would still be a huge difference.

bogota
0 replies
16h40m

That sounds great. I imagine it would turn out the same way using local transit has. Some are awesome like the netherlands and some are hostile towards users that you can’t even properly use it if you arrive too late at night because no one is available like france.

Everyone in this thread seems to thinks government is able to get things done. That is not what my last 40 years of life has shown me.

numpad0
0 replies
15h48m

Most countries ARE capable of that. Or rather, most people of a country don't like platforms not dominated by their own primary language, and this is passively achieved by that tendency.

Lots of Russian stuffs on the Internet come through Telegram, meanwhile China has Weibo and TikTok, Korea does its thing in KakaoTalk and Facebook/Insta, Japan uses LINE along Twitter/Insta instead, so on and so forth. Everyone could be on Facebook, but that isn't what is going on.

The Interweb isn't so global, and English isn't the lingua franca of all communications. It's just the perception one experiences through an American door, though the Web do tend to be more developed in en-US.

devbent
0 replies
19h32m

Therefore you can use that website to get approximate location for literally everyone.

In America, before the Internet took off, every year everyone would get a book called the "white pages" that had the name, address, and phone number, of everyone who lived in their city.

The American view of privacy is that "openness makes for a civil society".

Although one can argue that hasn't been working out well for us lately ..

Likewise, marriages are publicly recorded and accessible online, as are all property purchases, births, deaths, and even property tax payments.

Though for some reason we consider income taxes to be super secret. Everything else is public, but not those! (How much cash someone put down to buy a house? Public. How much money that person makes? Not public. How much money everyone donates to politicians? Public.)

hiccuphippo
4 replies
22h5m

I don't know about SK's privacy laws, but wouldn't a country's government have more power to tap into the data of local companies?

dingnuts
2 replies
20h57m

yes, and they also have the power to tell multinationals where they are allowed, geographically, to store the locals' data.

the grandparent has invented a fake problem (data regionalization, as though it cannot be addressed with regulation) and has conflated a nationalist-socialist desire to replace a foreign private enterprise with a nationalized public one. it's nationalist because it assumes that the nation needs to own it, and socialist because at the national level a public solution is proposed.

the solution, in turn, doesn't actually solve the regionalization problem unless the state organization running the nationalized ride share app is required through further legislation to keep the data local -- the same legislation that would be needed to regulate private entities, except now it's the government regulating itself since the public national ride share app is operated and owned by the government, and is now open to all the problems of corruption that plague every command economy.

But by all means, be more like North Korea, South Korea. Just nationalize everything. You don't want American influence. Those American monopolies and American dollars have really made you worse off in the last seventy years. /s

localfirst
1 replies
17h17m

I have a problem with your comment. It's extremely condescending and emotionally charged.

Data sovereignty/regionalization is not a fake problem. Many governments around the world are trying to keep foreign companies from accessing their citizens data.

A sovereign country wants to create its industry by keeping foreign companies out isn't communism. Much of the West does this already and uses regulation/fines/antitrust lawsuits to keep em down.

oefrha
0 replies
16h24m

Amusingly, U.S. Congress has been making a ruckus about this so-called “fake problem” lately (and I can’t fault them) even though TikTok already stores American data in Oracle Cloud on American soil.

lmm
0 replies
19h5m

Right, which is exactly why it's dangerous to allow foreign (that is, US) companies to control your citizens' data, particularly if that data is not safeguarded against those foreign governments (e.g. due to "national security" laws).

google234123
1 replies
19h26m

Ha, imagine the Korea economy if the US and EU did the same with respect to Korean tech companies

localfirst
0 replies
17h14m

There isn't any large software company from Korea that is setting up shop in US/EU

Most of its hardware and yes US has slapped tariffs on Korean EVs to boost their own.

Koreans prefer Naver over Google because its interface offers a lot more than Google. It's more of a portal site with social verification.

spongebobstoes
0 replies
20h36m

Sovereign software would break the open Internet as it exists today. A lot more work needs to be done on open protocols before interoperation would work nearly as well as the products we have today.

Not to mention the colossal waste of effort in engineering hours, the disparity in quality between rich and poor countries, etc.

Reuse is good. I would rather see open data and open protocols too, but look at Cambridge analytica, a scandal that was a direct consequence of giving people control over their data!

maeil
0 replies
12h19m

It's great that American software monopolies [...] and that Korean companies can create jobs hiring Koreans and add to the GDP.

Largely agree with this, but this

do not have access to Korean data

safeguard PII of its citizens

Is incredibly ironic on a post "I found a 1-click exploit in South Korea's biggest mobile chat app". Zerodium pays $1 million for a WhatsApp (the Western equivalent of Kakaotalk) one-click exploits. As a consequence, any new exploits must be incredibly involved, else they'll already have been cashed in (and patched after being reported/exploited). Whereas this Kakaotalk exploit is trivial.

Americans share their PII with the FAANGs, us in Korea share it with the entire world because, as this article shows, security is absolutely atrocious.

indoordin0saur
0 replies
22h3m

As an American in the software industry, I whole-heartedly agree.

seoulmetro
1 replies
19h24m

That's because the Korean and Japanese internets are far older than most of Americas giants. They also were made for locals.

ctvo
0 replies
6h16m

That's because the Korean and Japanese internets are far older than most of Americas giants. They also were made for locals.

Google launched in 1998. Naver didn't launch search until 2000. Copying American tech companies but targeting your own market is a common theme (see China, Latin America, Southeast Asia, etc.). Let's not pretend it's not the case here or Korea is somehow special.

Algemarin
24 replies
22h14m

The UX was not great... not to mention that it was mostly in Korean. I had a lot of trouble. They didn't strike me as the most professional operation..

What does the seemingly very common-sense fact that a South Korean app was "mostly"(?) in Korean have to do with the UX or with it not being "professional"?

What language were you expecting the South Korean app to be in, French?

Algemarin
8 replies
22h7m

Imagine supporting the 2nd most popular language in the world. CRAZY right?

Why are you fixating on supporting the 2nd most popular language, shouldn't it support the 1st most popular language first? Or why not jump straight to the 3rd?

lurking_swe
7 replies
21h58m

i meant most common, was an error on my part.

also, if you add internationalization support for 1 language in your app, it’s trivial (these days) to add other languages. My point is they should just add support for other languages, like chinese, japanese, english, etc.

More users = more money?

permanent
6 replies
21h30m

just so u know, kakaotalk does exist in multiple languages. feels like this whole thread is based on a false assumption

Kakaotalk is in English, French, German, Indonesian, Italian, Japanese, Korean, Portuguese, Russian, Simplified Chinese, Spanish, Thai, Traditional Chinese, Turkish, Vietnamese (https://apps.apple.com/us/app/kakaotalk/id362057947)
theultdev
4 replies
20h50m

Have you actually used it?

I used it earlier this year in Korea, although it did have a hard to get to setting to change your language, many many things were still in Korean.

It is very difficult to navigate, but I asked for help and a native was able to figure it out.

Still more usable than Google Maps though, which will only give you a not so good train schedule. No walking directions at all.

devbent
1 replies
19h30m

I've seen tons of American made apps from large companies that show bits of English here and there when switched to another language.

Localization is hard, even for companies that spend a lot of time and effort on it.

It isn't just string replacements!

numpad0
0 replies
8h19m

  (X)  Positional *tracking* is brittle, equal battalions in range XNUMX it expenditure a time effort per batch on item. 
       Object is incorrectly threaded return request is here.

   [FINE] [Returns] [Add...]

shiroiushi
0 replies
15h31m

Still more usable than Google Maps though, which will only give you a not so good train schedule. No walking directions at all.

That's interesting, because Google Maps here in Japan is absolutely fantastic: train schedules are always correct (and updated with delays etc.), walking directions are good, etc. I guess having a big office here in Tokyo is a big part of this.

sWW26
0 replies
20h8m

I think your talking about a different app, KakaoMap, which you're right isn't totally localised. KakaoTalk is though.

lurking_swe
0 replies
21h0m

happy to be proven wrong! Cheers

TillE
2 replies
22h5m

Surely not the most popular language among tourists in South Korea, who would be mostly from Japan, China, etc.

lurking_swe
0 replies
22h2m

that’s a fair point. in that case, why not support chinese, japanese, etc?

my point is it seems like good business sense. strange they haven’t done this.

doyoulikecheese
0 replies
14h27m

The subway station notification is spoken in Korean and English.

PenguinCoder
1 replies
17h19m

multi language support ... it’s not even that hard.

Can you elaborate on how easy it is, please? Say for a web application or a native Linux application?

nilsherzig
0 replies
10h40m

The translating part is by far the hardest. But there are services to organize a crowd sourced translations of your app / service.

Booth android and iOS app building frameworks will try to force you into using variables for every rendered string (allowing you to change them easily and in one place - f.ex. based on user / device settings).

kevintb
0 replies
14h4m

Majority of tourists to Korea do not speak English. You’re really thinking from an American bias there.

voxic11
3 replies
22h4m

Uber, an American rideshare company, supports a large number of languages including Korean.

astonex
2 replies
20h27m

Because Uber operates is many countries.

kiwijamo
1 replies
17h6m

They don't operate in Korea but they do provide Korean translations which seems to suggest they consider inbound tourists as a target market. It is quite telling the Korean apps do not.

SuperNinKenDo
0 replies
16h11m

Uber attempted to operate in Korea and failed. At that point keeping a Korean translation would have been a simple matter of maintaining and updating it for the small returns that it brought in, coupled with the knowledge that simply maintaining a Korean translation for their vastly more entrenched service ensured no chance of competition from one of the few non-American firms to succeed in the same space as them.

jszymborski
2 replies
22h12m

Surely there's no obligation to internationalize your app, but taxis are commonly used by tourists so you'd imagine it would be a good business decision.

throwaway2037
1 replies
17h13m

What percentage of online taxi rides are booked by tourists? I would guess less than 1%. "[I]t would be a good business decision": I disagree.

smabie
0 replies
13h18m

Well maybe more people would book taxi rides if they added translation..

himinlomax
0 replies
10h44m

An app in French would be easy to comprehend for an English speaker.

To wit: une appli en Français serait facile à comprendre pour un anglophone.

unsupp0rted
3 replies
22h48m

It’s an everything app suite with single sign-on:

KakaoTalk, KakaoTaxi, KakaoBank even (bank obvs not for foreigners without local ID numbers).

The Kakao Metro map app is the best of its class too.

laz
2 replies
22h36m

When did Kakao Bank start offering accounts to foreigners with ARCs? Last I checked it did not.

unsupp0rted
1 replies
22h19m

Some foreigners claim they have KakaoBank accounts, but they may be confusing them with KakaoPay accounts, or maybe the account is in their spouse’s name or whatever.

Suffice it to say: for foreigners without a Korean ID number it’s a definite no and with a Korean ID it’s a likely no.

And good news: they’re not called “ARCs” anymore. No more “Alien Registration Card” extraterrestrial stigma. Now it’s just the regular stigma.

BlockerBrews
0 replies
20h37m

This is correct. I live in South Korea and I’ve never heard of any foreigners with kakao bank accounts. That was never offered as far as I know.

Xeamek
2 replies
21h38m

As others already mentioned, Uber does work in SKorea (or at least Seoul), altough it's not really an uber, afaik its just a proxy for kakaotaxi while using Uber's interface

tkazec
0 replies
15h53m

Uber operates through a local JV with Tmap called UT. Taxi drivers typically sign up for both Kakao T and UT, except when exclusively branded. (Kakao T and Uber both operate branded taxis.)

BlockerBrews
0 replies
20h36m

Korea uses KakaoT as a ride hailing app. But all it does is hail taxis. Uber in Korea just hails Uber branded taxis. I have no idea if they are officially affiliated with Uber or not.

kevintb
1 replies
14h6m

The UX was not great...

UX patterns are different in Asia by the way.

Also majority of tourists to Korea do not speak English, so it’s a little weird you think English should be prioritized over other Asian languages

Dylan16807
0 replies
13h58m

UX patterns are different in Asia by the way.

I would be interested in elaboration on this.

so it’s a little weird you think [thing they definitely did not say they think]

Uh huh.

a_t48
1 replies
18h41m

When I went ~5 years ago, I was completely unable to use the taxi apps due to lack of Korean bank acct. This lead to being unable to even hail a cab at times - they mostly seemed to pick up fares from the apps. At one point I managed to get one of their attentions - and was told that he wouldn’t drive me because I was an “outsider”. Not sure if he was actually xenophobic, didn’t want to deal with a cash fare, didn’t want to deal with my lack of Korean, or just had a misunderstanding. A later “successful” cab ride put me going halfway across the city through the mountain. I had to call a date I’d had and get her to explain to the driver that we were going the wrong way. The perils of going to new country underprepared I suppose.

kevintb
0 replies
14h5m

It’s not because of xenophobia, overseas Koreans without a Korean bank account have also faced this before.

tkazec
0 replies
15h56m

Uber has operated in Korea for the past couple years through a local JV with Tmap called UT. It's the next most popular taxi hailing service after Kakao T.

teen
0 replies
10h28m

ive used uber in seoul many times

seoulmetro
0 replies
19h26m

They are professional. They just don't have to care about foreigners.

permanent
0 replies
21h36m

Kakaotalk is in English, French, German, Indonesian, Italian, Japanese, Korean, Portuguese, Russian, Simplified Chinese, Spanish, Thai, Traditional Chinese, Turkish, Vietnamese (https://apps.apple.com/us/app/kakaotalk/id362057947)

neom
0 replies
13h2m

I totally don't understand the comments under this comment or this comment, apart from about 8 months when Uber was being sold to SK, uber has worked just fine daily for the past 5+ years for me? Even during the "government crackdown" phase, X stopped working but although the press said uber shut down, uber worked just fine, only X shut down.

I hear this comment time and time and time again and I wonder where it comes from, I'm happy to show literally years and years of uber receipts from South Korea.

laz
0 replies
22h35m

Uber works in S Korea now.

It also accepts non-Korean credit cards, while most online apps in South Korea do not.

alxlu
0 replies
22h37m

Uber works in Seoul

siva7
34 replies
23h56m

Reminds me how the telegram founder boasted how talented his team is as only one developer was responsible for writing the mobile client. Turns out that client was riddled with bugs that displayed messages to the wrong user. A mobile chat app shouldn't be developed with the mantra "move fast and break things" yet this is the natural product result of all-in-one apps like kakao.

BiteCode_dev
22 replies
23h14m

Chat apps are hard, this doesn't strike me as a proof of bad quality as many competitors had such bugs.

And Telegram has been so far the most reliable, feature full and easy to use chat app I have had to use.

lxgr
19 replies
23h9m

Which other chat app has displayed messages to the wrong users? That seems like one of the worst things a chat app could possibly ever do.

EGreg
6 replies
22h49m

Wow, touche

And in an Apples-to-Apples comparison, WhatsApp fared far worse than Telegram on privacy, and not to mention its parent company.

The only benefit I can think of WhatsApp has is claiming to be encrypted by default. So I dont need to press an extra button. I just have to take their word for it.

lxgr
5 replies
21h40m

And in an Apples-to-Apples comparison, WhatsApp fared far worse than Telegram on privacy, and not to mention its parent company.

I'd like to see that comparison. Considering that WhatsApp is end-to-end encrypted, and Telegram persistently stores almost all of their users' messages on their backend in a way that lets them read them, I find that very hard to believe.

So I dont need to press an extra button.

Nobody presses an extra button, especially not one that opts you out of multi-device support.

BiteCode_dev
4 replies
21h26m

Whatsapp is not open source and facebook was part of the PRISM program.

I don't think it's reasonable to expect them to actually be e2e encrypted.

Espacially since Zuckerberg has many years of poor track record for privacy, and made the famous quote "they trust me the dumb fucks"

lxgr
1 replies
20h14m

So we have one app that claims to be end-to-end encrypted and is under intense scrutiny of security researchers across the world, and another one that's provably not encrypted and stores everything server side. Which one should I use?

BiteCode_dev
0 replies
11h35m

I don't care that the russian spy on my messages, I care that my gov does.

Russian can't affect my life as much as my gov.

EGreg
1 replies
21h22m

Exactly! Good points. Facebook’s been caught spying on you with audio, video, contacts, cameras you name it. What makes the true believers so sure their WhatsApp chats are really E2E encrypted and FB cant decrypt them and isnt scanning at the edge? LMAO

lxgr
0 replies
20h15m

Facebook’s been caught spying on you with audio, video, contacts, cameras you name it.

For contacts: I have no expectations of any contact privacy on WhatsApp. It's known and documented [1] that they upload your entire phone book for contact matching. Private set intersection would be better, but I don't see anything sneaky going on.

Audio, video, cameras: What are you referring to?

What makes the true believers so sure their WhatsApp chats are really E2E encrypted and FB cant decrypt them and isnt scanning at the edge?

The amount of scrutiny they're under from security researchers worldwide, and the fact that many governments are currently throwing a fit about not being able to gain access to the data either.

[1] https://faq.whatsapp.com/1191526044909364

lxgr
5 replies
21h31m

That's a single point of anecdata from Reddit, as far as I can tell at least for the WhatsApp one.

The Signal one somebody has posted in the adjacent thread was definitely real and horrible though: https://news.ycombinator.com/item?id=27950763

The fact that at least two heavily-used messengers got one of the most essential things in instant messaging wrong is nightmare fuel I didn't need to have in my life :(

BiteCode_dev
4 replies
21h4m

We just had the xz crisis and that surprises you?

IT is just a series of security breaches.

lxgr
3 replies
20h12m

Don't shift goal posts, please. A supply chain attack and a service sending private messages to the wrong recipient are very different issues.

BiteCode_dev
1 replies
11h33m

I don't shift goal post, I'm answering to:

is nightmare fuel I didn't need to have in my life :(

It's a weird reaction. All software have always been like that as far as I remember.

lxgr
0 replies
5h41m

These two things are as different as you can get in terms of software bugs.

xz: A sophisticated supply chain attack. These are known, scary, and we don't have great ways to prevent them yet.

Apparently half of all popular instant messengers at some point making the same kind of trivial but catastrophic off-by-one error: Not rocket science to prevent. I was hoping at least high-stakes apps would have better QA.

BiteCode_dev
0 replies
4h49m

I don't shift goal post, I'm answering to:

is nightmare fuel I didn't need to have in my life :(
lxgr
1 replies
20h13m

Wow, I'm truly baffled! Is this a rite of passage for instant messenger developers!?

BiteCode_dev
0 replies
1h24m

Or OS developers. Video codec developers. Network stack developer. Driver developers. Web browser developers. Web service developers. Office suite developers.

And if you are a developer and your software is used in any decent scale, you are unlikely to be the exception.

xeromal
0 replies
3h20m

Funny enough, I experienced this in Android in the 2010s. Several times I would text one of my buddies using vulgar language and the texts would go to random people. My grandparents, my pastor, etc. It was horrible. lol

PhasmaFelis
1 replies
22h36m

Delivering messages to the intended recipients (and no one else) is the single fundamental purpose of chat. If many chat apps have failed at this, then many chat apps have sucked.

BiteCode_dev
0 replies
22h34m

Yes, but in that case, no single chat app ever conceived match your criteria. They all had some kind of similar major bug at some point. Even the big names.

bluesign
5 replies
23h33m

To be fair to telegram; similar things happened to many big names: facebook, google, apple etc

lxgr
4 replies
23h8m

Delivering messages to the wrong recipient!? Examples, please!

wiseowise
1 replies
22h28m

How could client deliver messages to the wrong recipient? Why would client have messages for user outside of the one logged in anyway?

ascar
0 replies
21h56m

Seems like a rather easy thing to go wrong in the client, no?

User sends message via client. Client fumbles the recipient id. Message ends up at the wrong recipient.

Examples: incorrect recipient ID attached to contact in list where users selects recipient. Buggy selection of multiple targets in the selection UI due to incorrect touch event handling. Incorrect deletion of previously selected and then deselected recipient from recipient array of multitarget message. Or if working low level even a good old off by one error and reading out of bounds data for the recipient list (though that one hopefully should trigger a faulty send request due to other stuff no longer matching). There is endless examples.

The server can't really safeguard against the client providing a legitimate send request even though the user intended to send it to another recipient.

webappguy
0 replies
22h40m

Curious to know more. Will search but if anyone finds anything

inquirerGeneral
1 replies
23h49m

Was this a decade ago? I've been following Telegram development for over five years and never heard of this

sunaookami
0 replies
20h21m

Telegram user since 2014 and never heard of it. This definitely never happened.

rvba
0 replies
20h49m

"Designed by committee" software can have terrible bugs too.

doyoulikecheese
0 replies
14h26m

Kakao definitely does not move fast...

IncreasePosts
0 replies
23h31m

Do you mean something like the mobile app had multiple user accounts added to it, and it displayed messages for one account in the other account? Otherwise it seems more like a server bug than a client bug?

second_brekkie
22 replies
17h50m

Source: I live in SK

For some context, you can't live in South Korea and not use Kakao, even your grandma has it.

So the fact that they have so many holes in their security is a cause for concern.

You grandma isn't going to know a fishy link when she sees one, especially with this exploit where domain looks legitimate.

A contributing factor is the hierarchical work culture in Korea. You boss gives you a deadline for a feature which is treated an non-negotiable so you cut corners to get it out. Your boss can't 'see' security vulnerabilities, but can see a UI. So you get told "good job" and then get given the next unachievable deadline.

This all amounts to an app full of security holes, and until Kakao stock drops because of it, they're not going to address it.

kijin
9 replies
17h29m

You can find hierarchical work cultures with impossible deadlines all around the world, not just SK. The difference seems to be that the government sector and the chaebol take up such a huge share of the "IT" market in SK, that there really isn't much space left for startup culture to make a difference.

Kakao used to be a cool startup, but they've been trying hard to emulate the chaebol once they became successful.

OsrsNeedsf2P
8 replies
16h28m

there really isn't much space left for startup culture to make a difference.

This is very much not the case - Startups are quite big in SK because the government gives them lots of funding.

Source: I worked at a South Korean startup. Fair warning to other foreigners, you will have to make _a lot_ of sacrifices.

AYBABTME
3 replies
13h20m

Source: I worked at a South Korean startup. Fair warning to other foreigners, you will have to make _a lot_ of sacrifices.

As a foreigner living in Seoul, working for US startups, and eyeing creating a US-styled startup in Seoul in the future, what are the sacrifices you have in mind?

neom
2 replies
13h7m

Do you know of anyone who has created a US style startup in Seoul? Only two people I can think of are Matthew Shampine and Jason Boutte. Jason Boutte is literally the only foreigner I know who pulled it off, I've lived in Seoul doing startup stuff for 5 years till recently.

AYBABTME
1 replies
7h28m

Nope, I didn't search either. I just want to do it. (Hi John)

neom
0 replies
4h56m

Ha, I figured it was you. Hi Antoine! Feel free to look up Jason and tell him John sent you if you want, he's a cool dude and I'm sure responsive.

tkazec
1 replies
15h47m

The government gives out a lot of grants to startups, but largely in the range of $10k-$100k USD. Beyond that, there aren't many angels, and VC is dominated by highly conservative corporates. It's an incredibly tough fundraising environment.

laborcontract
0 replies
15h34m

yup. i wouldn’t consider sk a startup hub in the remotest. like you said, the vc landscape perfectly reflects it.

lifthrasiir
0 replies
15h58m

Startups are quite big in SK because the government gives them lots of funding.

They need funding mainly because otherwise the govt sector and chaebol would outlive them. It greatly depends on the exact circumstances though. (Source: Had been in several startups with varying degrees of funding.)

Fair warning to other foreigners, you will have to make _a lot_ of sacrifices.

Mainly because most if all people in Korean startups are necessarily Koreans. The same thing happens whenever many members share the same background, not just the nationality.

kijin
0 replies
14h59m

Startups are quite big in SK because the government gives them lots of funding.

Exactly. All that funding and the associated paperwork, not to mention the adverse incentives it brings to the table, help to turn the Korean startup ecosystem into yet another old-fashioned, government-controlled economic sector.

We all call each other the same honorifics, make our offices cute and comfy, and try not to have a visible hierarchy. But at the end of the day, it's the government that tells you which projects will be funded and when you should submit screenshots of the deliverables. Angels? Yeah, they exist, but where do you think half of their money comes from?

Source: also a South Korean startup.

lifthrasiir
5 replies
16h8m

I actually don't use Kakaotalk (or LINE or Facebook, to be comprehensive) even though I'm a Korean. That does make me some kind of weirdo, but many enough services have an SMS fallback so I can live without it.

On the security side though: I don't think it is a work culture at the play because major IT companies in South Korea---often referred as to the initialism 네카라쿠배, for Naver, Kakao, LINE, Coupang and Baemin operated by Woowa Bros---are known for much better work culture and higher compensation than the nation average [1]. It is probably more like that these apps are domestic and hadn't been scrutinized enough compared to globally popular apps.

[1] But still lower than US or even some Korean startups in my experience.

chabulhwi
3 replies
15h47m

I'm also a Korean, and I've been getting on without KakaoTalk for two years. But I've never met any other Korean personally who doesn't use it.

1oooqooq
2 replies
5h46m

it was the same in other places. it's only a matter of time.

south America and most of Africa was taken over by metabook whatsapp. you can't even schedule government appointments without one (which then require a mobile phone number, which then require all the data each govt require for a mobile phone sim purchase)

Europe requires sms plus a apple/google validated app and stock phone. you can't access most eu or eu commission or local gov services without it.

but it all started with "it's fine, i still have X fall back working". but we only cry about china dystopian techno state...

Ylpertnodi
0 replies
3h31m

Eu citizen here: where in Europe are you talking about?

Angostura
0 replies
3h37m

Europe requires sms plus a apple/google validated app and stock phone.

Which European central government services require you to use an online service or app, with no voice, paper on in-person fallback. I can think of one in the UK - my council's resident's parking permit system

rjzzleep
0 replies
3h5m

Didn't Japan just buy(back) line and pledge better operational security a while back? Samsung is famous for frequently reinventing things on their own and leaving it full of security holes as a result. Somehow it's just part of the culture.

simonebrunozzi
1 replies
5h14m

Is there an easy way for a non-SK (and non Korean speaking) to use it?

verteu
0 replies
4h29m

You can simply download KakaoTalk from the App Store, right?

intoamplitudes
1 replies
2h23m

"Hierarchical work culture" is like the go-to blanket excuse to explain anything in East Asia that Americans don't like or think is bad.

If you've ever spent a few years at any decent-sized white collar company in the US (tech, finance, consulting) you know it's the same in the west. Especially FAANGs. All these mid-level engineers are just yes-men trying to suck up to their VPs to get in the next promo cycle. The western companies just have better marketing about "flat hierarchies" but it's all PR talk and lip service. Some PM or SVP drops some mandate and no one ever has the balls to question it, they just grumble and do it.

The saddest part is that these tech bros actually believe the marketing they are fed about their company cultures, and it breeds this shallow superiority complex and so whenever something negative about Asian companies comes up, you get comments like this citing this 'go-to' rationale about hierarchy.

It's actually kind of sad these guys don't have the self-awareness to critically examine what they are told vs. what reality is.

awithrow
0 replies
1m

I've spent many years at large companies including FAANGs. I've had no problems or issues pushing back on unreasonable deadlines or being the bearer of bad news about vulns, bugs, or systemic flaws. I've also seen plenty of engineers do the same.

graemep
0 replies
4h51m

You boss gives you a deadline for a feature which is treated an non-negotiable so you cut corners to get it out. Your boss can't 'see' security vulnerabilities, but can see a UI. So you get told "good job" and then get given the next unachievable deadline.

If only that happened only in SK.

It definitely happens in the west too. Maybe its worse in SK because of the culture, but its definitely not unique. The problem of the boss or the customer seeing the UI but not security issues is universal.

Rastonbury
0 replies
15h46m

Is this something that would be picked up by the news in SK or a regulator? Potential ways to get the accountable besides share price

Shank
12 replies
1d

However, we didn’t receive any reward as only Koreans are eligible to receive a bounty

Talk about discouragement for research. KakaoTalk is huge -- the equivalent of WhatsApp for EU people or LINE in Japan. Many foreigners learning Korean use KakaoTalk to chat, so this definitely affects people outside of the country. Restricting payment to just Koreans is objectively a terrible decision, as it endangers their users for no discernible reason.

its-summertime
9 replies
23h29m

KakaoTalk is huge -- the equivalent of WhatsApp for EU people or LINE in Japan

I feel that doesn't really describe it well, one should look into the respective product listings for these companies to get a proper idea of the scope of potential damages that could occur.

https://www.kakaocorp.com/page/service/service

https://line.me/en/#allProduct

WhatsApp is only just getting into the complete ecosystem side of things with Meta Pay. Google as a company is probably more representative of scale

https://about.google/products/#all-products

mschuster91
8 replies
22h59m

That kind of stuff is what Musk chases with X, by the way. It's his once-a-lifetime bet, even bigger than SpaceX and Tesla combined - succeed in delivering a "one for everything" Asian-style app to the Western ecosystem and you have a money printer of unfathomable power. Had he not completely destroyed all trust in the brand Twitter/X, I'd think he'd have a serious chance of achieving that goal.

The really interesting thing, IMO, is where Facebook went off the rails. They have the moat with literal billions of people using their apps already, they got real names, addresses, location data, in some cases (legacy Whatsapp users, people who ever ran ads) payment data, Facebook already has sort of a "shop" solution with Marketplace... but they don't seem to be attractive at all, or doing anything innovative. It's all Metaverse or whatever.

numpad0
4 replies
21h45m

It's not just Facebook that "failed" to build the so-called superapps, none of Western private chat apps company had done it, let alone social media, or any app from anyone with strong C-class leadership and lean bureaucracy for that matter.

The way those "superapps" grow the "apps" is middle management doing his personal projects on corporate microservice infrastructure and IC hire upper management succumbing to bureaucracy. Thanks to bureaucracy, some brand integrity is maintained, and that kind of makes money anyway as company side gigs. After it goes garbage in and out of translation, the whole company doings end up on BBC as Oriental wonder superapps.

SoftBank subsidiary owns LINE. So do Masayoshi Son even know how many individual sub-apps there are or who's under who running what? I highly doubt it. And I also highly doubt a control freak like Musk can even bear that kind of situation; he'd personally dragged out a server rack out of an NTT datacenter without going through rituals and ceremonies, which made a web article by itself. None of superapp operators seem to have that kind of boss.

bobthepanda
2 replies
21h13m

the fact of the matter is that there are massive differences in consumer opinion. Western markets prefer specialist companies that do one thing really well, whereas in East Asia people often prefer trusted conglomerates.

As a general example, department stores are much healthier in Japan and Korea, whereas in the US they were hollowed out by specialty clothing retailers, specialty makeup retailers, etc. and then finally kicked over by online shopping.

shiroiushi
1 replies
17h56m

As a general example, department stores are much healthier in Japan and Korea,

Not only that, here in Japan some of the biggest department stores also operate their own train lines, and own all the real estate around the stations. It's an extremely different way of running a business than in the US.

numpad0
0 replies
17h10m

And none of it has a strong visionary figure leading the way. It's all committees and pork barreling. THAT churns out evergrowing list of features.

mschuster91
0 replies
19h32m

None of superapp operators seem to have that kind of boss.

But they also don't have the shareholder/activist investor pressure that Western companies face.

To achieve "superapp" size, you need to have either a strong leader personality driving the push by their sheer will and vision and especially with enough authority/financial power to overrule investors - people like Steve Jobs, Jeff Bezos, Elon Musk or Mark Zuckerberg - or you need to be one of the Asian ultra-conglomerate/"chaebol" companies that have absurd amounts of money flowing through them that enterprising middle managers can divert.

Unfortunately, with the exception of the visionaries I mentioned, corporate America and Europe just doesn't have many company founders with both clear visions and a backbone, and there's (partially "thanks" to de-conglomerisation trends of the 90s and later like with German giant Siemens) nothing at all left that comes even close to the diversification of revenue that Samsung has.

its-summertime
1 replies
22h11m

Meta was probably against pushing super hard to avoid the kind of situation that X is now in.

jacobgkau
0 replies
20h10m

How do you mean? The situation with X seems mostly to do with marketing (people not liking the owner & his behavior) and bots, with maybe a little bit of instability thrown in. As noted elsewhere in the thread, Facebook already has experience with a bunch of different types of services-- from the games they used to host, to Marketplace mentioned elsewhere in the thread, to event management rivaling Meetup & Eventbrite, and even a dating app. X talks about being an "everything app," but they really just have posts (with media) and that's their only feature to date. Facebook does a lot more. So I don't see how pushing harder on non-social features would make them any more like X is right now.

maeil
0 replies
12h8m

For a decade now I've been completely stumped just why Meta (and before they were sold, WhatsApp) hasn't tried this. Why is only Musk trying this? It's the incredibly obvious thing to do.

Does Zuck find the idea boring? Is that why he rather do something flashy like "Metaverse"? It's the obvious model to go for and East-Asia has already made that clear since a decade ago.

Even bloody MSN Messenger 15 years ago was more of a super app than WhatsApp.

Now finally Musk says he's going to give it a go, but I reckon he'll struggle because X's penetration, as high as it is, is nowhere near WhatsApp. He's also extremely late in the game, so much that unless he starts buying up incumbents (maybe that's what he needs the $56 bn pay package for), the barriers are now incredibly high. When WeChat, KakaoTalk and Line started branching out, there was no huge incumbent in the areas they competed in.

unsupp0rted
0 replies
1d

KakaoTalk is huge in the sense that it's almost impossible to find any Korean person, teenager or adult, who doesn't use it daily.

It'd be like finding a person who doesn't use electricity.

snaeker58
0 replies
1d

I can see some executive being sneaky and saving 0.0001% of all their expenses.

qwertox
10 replies
23h42m

"We also release our tooling so that fellow security researchers can dig into KakaoTalk’s broad attack surface to find more bugs." I think this would be illegal in Germany.

MeImCounting
8 replies
23h35m

Why? How is that relevant? Isnt it well established that open source security research is the number one way to have a secure app/ecosystem? Why should tooling be kept secret when another team can potentially find more exploits using these/similar techniques?

mlinhares
5 replies
23h16m

We'd all be arrested in Germany then as we all have computers with compilers installed on them.

mschuster91
4 replies
23h6m

Well that is kinda the point of these vague laws. Just like they eventually nailed Al Capone with taxes in the US - if you can't hit someone directly, you can hit them with the "three felonies a day".

I'm German... our politicians, at least most of them are a bunch of pathologically technologically incompetent buffoons. A lot of that was masked during the Merkel era because she herself was a literal nuclear physics doctorate, but now that she's gone, it's painfully obvious what's going on.

yorwba
3 replies
21h7m

Except §202c StGB https://www.gesetze-im-internet.de/englisch_stgb/englisch_st... isn't actually vague. The simple reason it doesn't outlaw compilers is that compilers aren't built for the purpose of giving unauthorized access to other people's data, even though they can help achieve that aim.

It's similar to how weapons designed to be used against people are regulated differently from tools that merely happen to be usable as weapons.

In the concrete case of sharing tools to explore the attack surface of KakaoTalk, this is not a crime under §202c StGB as long as you do not intend them to be used to hack accounts you do not own.

mlinhares
2 replies
15h14m

Good luck proving you have an exploit in your machine but you _do not intend_ to use it to hack accounts to a judge.

yorwba
1 replies
13h1m

The burden of proof is supposed to be the other way around, as presumption of innocence is a thing in Germany (Unschuldsvermutung).

Good luck to the prosecution trying to prove that you did intend to hack other people's accounts when you can point to this blog post where the author demonstrates hacking their own account and reports the vulnerability to get it fixed.

I think people who get convicted of one of the "preparation to commit a crime" crimes mostly:

1. fail to come up with any alternative explanation for their behavior

2. put their plans in writing or told someone about their intentions

mschuster91
0 replies
10h53m

The burden of proof is supposed to be the other way around, as presumption of innocence is a thing in Germany (Unschuldsvermutung).

Theoretically.

Unfortunately, judges who are actually fit in IT topics are rare, especially in the criminal courts. They tend to rather believe what the prosecutor tells them. I'm just happy we don't have US-style juries because that would be even worse given our collective love as a society for faxes and writing information on highly processed dead trees (i.e. paper).

tptacek
0 replies
23h18m

That is not in fact well-established at all, though as someone who came up through vuln research I expect we have similar takes on the public policy of vuln and exploit disclosure.

rjh29
0 replies
13h34m

Good. Since KakaoTalk refuse to issue bug bounties to non-Koreans, hopefully they'll change their mind when a bunch of hackers destroy their infrastructure.

snaeker58
6 replies
1d

Crazy that only Koreans are eligible for bounty rewards. Someone is going to put their morals aside in the future and their customers are going to be the victims. Also I’m pretty sure a large part of government officials in Korea use KakaoTalk?

But hey at least they actually took action…

ffhhj
3 replies
23h49m

Taxes?

laz
2 replies
22h31m

Non-Koreans who live and work in South Korea pay South Korean taxes

nextworddev
1 replies
21h39m

Don't think most Digital Nomads in South Korea pay any South Korean taxes

ddoolin
0 replies
20h2m

There are many non-Korean non-digital-nomads living and working in South Korea who do pay taxes. Millions, actually. South Korea has a very large international residency.

localfirst
0 replies
22h19m

It is rather strange isn't it? After all it seems like author of the article isn't Korean, would benefit KakaoTalk to just pay a bounty to him.

KakaoTalk is huge. Can't do anything in Korea without it.

boodleboodle
0 replies
18h44m

I think this news will trigger a change

system2
2 replies
22h2m

LOL Only Koreans are eligible for reward. They deserve to be destroyed by hackers at this point.

rvba
0 replies
20h48m

Encourages to sell the bugs

elaus
0 replies
5h34m

And even for Koreans the maximum payout is about 7000 USD which seems absurdly low for an app that seems to be riddled with various security issues.

solarized
2 replies
16h16m

We reported this vulnerability in December 2023 via Kakao’s Bug Bounty Program. However, we didn’t receive any reward as only Koreans are eligible to receive a bounty

Holy crap !

xyst
0 replies
5h49m

Well at least it’s disclosed on their bug bounty site:

You must be a Korean living at home and abroad

https://bugbounty.kakao.com/home

Would have been worse if author submitted this expecting to get paid. But found out it’s limited to SK citizens.

Side note: the payouts are extremely low:

… minimum of 50,000 won (~35 USD) to a maximum of 10 million won (~7.1K USD)
jacob_rezi
0 replies
13h49m

This is very normal for Korea. As a foreigner who has spent the last 9 years building a startup in Seoul, this has been my experience many times

ponorin
1 replies
13h6m

A small correction: KakaoTalk is not an "all in one" app like WeChat. The main chat app does contain anciliary features such as gifting that enabled this exploit, but you can't call a taxi on KakaoTalk, you do that on Kakao T, a mobility app that also offers rental scooters, e-bikes, and train and flight booking. Similarly, even though the messenger app does have integration with its payment platform (cleverly named KakaoPay), the service itself lives in a dedicated app. It's like Google on Android where you could access bunch of services with one central ID, which I presume is why their apps have so many access points: they need it for themselves.

maeil
0 replies
12h17m

This isn't accurate.

Similarly, even though the messenger app does have integration with its payment platform (cleverly named KakaoPay), the service itself lives in a dedicated app.

Just like WeChat, KakaoPay is fully integrated in KakaoTalk to the extent that the large majority of users use KakaoPay only through KakaoTalk. The existence of the separate KakaoPay app doesn't have much of an impact. You can transfer money, receive money, and make payments through KakaoTalk, without using the KakaoPay app.

boodleboodle
1 replies
18h46m

They STILL don't have a web version after more than a decade of service but I guess that is a good thing in light of this news

BlockerBrews
0 replies
15h25m

I wish they did just because I can’t get the kakao app to work consistently on my Linux machine via wine.

idlephysicist
0 replies
16h26m

I wonder how many U.S. service persons stationed in South Korea could have been affected by this? Do we know if it was exploited in the wild?

Summerbud
0 replies
13h23m

We should step back and re-think the approach we have in software engineering nowadays...

Is it for long-term game or short term gain for a small group of people