Fun fact: western ride sharing apps don't work in South Korea, and this company also makes the leading rideshare app in the country.
I was forced to make an account on the mobile chat app in order to log into their rideshare app, on a recent trip to Seoul. The UX was not great... not to mention that it was mostly in Korean. I had a lot of trouble. They didn't strike me as the most professional operation..
Reminds me how the telegram founder boasted how talented his team is as only one developer was responsible for writing the mobile client. Turns out that client was riddled with bugs that displayed messages to the wrong user. A mobile chat app shouldn't be developed with the mantra "move fast and break things" yet this is the natural product result of all-in-one apps like kakao.
Chat apps are hard, this doesn't strike me as a proof of bad quality as many competitors had such bugs.
And Telegram has been so far the most reliable, feature full and easy to use chat app I have had to use.
Which other chat app has displayed messages to the wrong users? That seems like one of the worst things a chat app could possibly ever do.
Wow, touche
And in an Apples-to-Apples comparison, WhatsApp fared far worse than Telegram on privacy, and not to mention its parent company.
The only benefit I can think of WhatsApp has is claiming to be encrypted by default. So I dont need to press an extra button. I just have to take their word for it.
And in an Apples-to-Apples comparison, WhatsApp fared far worse than Telegram on privacy, and not to mention its parent company.
I'd like to see that comparison. Considering that WhatsApp is end-to-end encrypted, and Telegram persistently stores almost all of their users' messages on their backend in a way that lets them read them, I find that very hard to believe.
So I dont need to press an extra button.
Nobody presses an extra button, especially not one that opts you out of multi-device support.
Whatsapp is not open source and facebook was part of the PRISM program.
I don't think it's reasonable to expect them to actually be e2e encrypted.
Espacially since Zuckerberg has many years of poor track record for privacy, and made the famous quote "they trust me the dumb fucks"
So we have one app that claims to be end-to-end encrypted and is under intense scrutiny of security researchers across the world, and another one that's provably not encrypted and stores everything server side. Which one should I use?
I don't care that the russian spy on my messages, I care that my gov does.
Russian can't affect my life as much as my gov.
Exactly! Good points. Facebook’s been caught spying on you with audio, video, contacts, cameras you name it. What makes the true believers so sure their WhatsApp chats are really E2E encrypted and FB cant decrypt them and isnt scanning at the edge? LMAO
Facebook’s been caught spying on you with audio, video, contacts, cameras you name it.
For contacts: I have no expectations of any contact privacy on WhatsApp. It's known and documented [1] that they upload your entire phone book for contact matching. Private set intersection would be better, but I don't see anything sneaky going on.
Audio, video, cameras: What are you referring to?
What makes the true believers so sure their WhatsApp chats are really E2E encrypted and FB cant decrypt them and isnt scanning at the edge?
The amount of scrutiny they're under from security researchers worldwide, and the fact that many governments are currently throwing a fit about not being able to gain access to the data either.
That's a single point of anecdata from Reddit, as far as I can tell at least for the WhatsApp one.
The Signal one somebody has posted in the adjacent thread was definitely real and horrible though: https://news.ycombinator.com/item?id=27950763
The fact that at least two heavily-used messengers got one of the most essential things in instant messaging wrong is nightmare fuel I didn't need to have in my life :(
We just had the xz crisis and that surprises you?
IT is just a series of security breaches.
Don't shift goal posts, please. A supply chain attack and a service sending private messages to the wrong recipient are very different issues.
I don't shift goal post, I'm answering to:
is nightmare fuel I didn't need to have in my life :(
It's a weird reaction. All software have always been like that as far as I remember.
These two things are as different as you can get in terms of software bugs.
xz: A sophisticated supply chain attack. These are known, scary, and we don't have great ways to prevent them yet.
Apparently half of all popular instant messengers at some point making the same kind of trivial but catastrophic off-by-one error: Not rocket science to prevent. I was hoping at least high-stakes apps would have better QA.
I don't shift goal post, I'm answering to:
is nightmare fuel I didn't need to have in my life :(
Wow, I'm truly baffled! Is this a rite of passage for instant messenger developers!?
Or OS developers. Video codec developers. Network stack developer. Driver developers. Web browser developers. Web service developers. Office suite developers.
And if you are a developer and your software is used in any decent scale, you are unlikely to be the exception.
Funny enough, I experienced this in Android in the 2010s. Several times I would text one of my buddies using vulgar language and the texts would go to random people. My grandparents, my pastor, etc. It was horrible. lol
Delivering messages to the intended recipients (and no one else) is the single fundamental purpose of chat. If many chat apps have failed at this, then many chat apps have sucked.
Yes, but in that case, no single chat app ever conceived match your criteria. They all had some kind of similar major bug at some point. Even the big names.
To be fair to telegram; similar things happened to many big names: facebook, google, apple etc
Delivering messages to the wrong recipient!? Examples, please!
How could client deliver messages to the wrong recipient? Why would client have messages for user outside of the one logged in anyway?
Seems like a rather easy thing to go wrong in the client, no?
User sends message via client. Client fumbles the recipient id. Message ends up at the wrong recipient.
Examples: incorrect recipient ID attached to contact in list where users selects recipient. Buggy selection of multiple targets in the selection UI due to incorrect touch event handling. Incorrect deletion of previously selected and then deselected recipient from recipient array of multitarget message. Or if working low level even a good old off by one error and reading out of bounds data for the recipient list (though that one hopefully should trigger a faulty send request due to other stuff no longer matching). There is endless examples.
The server can't really safeguard against the client providing a legitimate send request even though the user intended to send it to another recipient.
Curious to know more. Will search but if anyone finds anything
https://news.ycombinator.com/item?id=27950763
Yeah, I don't know how they manage to get bugs like that, but it's happened
Was this a decade ago? I've been following Telegram development for over five years and never heard of this
Telegram user since 2014 and never heard of it. This definitely never happened.
"Designed by committee" software can have terrible bugs too.
Kakao definitely does not move fast...
Do you mean something like the mobile app had multiple user accounts added to it, and it displayed messages for one account in the other account? Otherwise it seems more like a server bug than a client bug?
Source: I live in SK
For some context, you can't live in South Korea and not use Kakao, even your grandma has it.
So the fact that they have so many holes in their security is a cause for concern.
You grandma isn't going to know a fishy link when she sees one, especially with this exploit where domain looks legitimate.
A contributing factor is the hierarchical work culture in Korea. You boss gives you a deadline for a feature which is treated an non-negotiable so you cut corners to get it out. Your boss can't 'see' security vulnerabilities, but can see a UI. So you get told "good job" and then get given the next unachievable deadline.
This all amounts to an app full of security holes, and until Kakao stock drops because of it, they're not going to address it.
You can find hierarchical work cultures with impossible deadlines all around the world, not just SK. The difference seems to be that the government sector and the chaebol take up such a huge share of the "IT" market in SK, that there really isn't much space left for startup culture to make a difference.
Kakao used to be a cool startup, but they've been trying hard to emulate the chaebol once they became successful.
there really isn't much space left for startup culture to make a difference.
This is very much not the case - Startups are quite big in SK because the government gives them lots of funding.
Source: I worked at a South Korean startup. Fair warning to other foreigners, you will have to make _a lot_ of sacrifices.
Source: I worked at a South Korean startup. Fair warning to other foreigners, you will have to make _a lot_ of sacrifices.
As a foreigner living in Seoul, working for US startups, and eyeing creating a US-styled startup in Seoul in the future, what are the sacrifices you have in mind?
Do you know of anyone who has created a US style startup in Seoul? Only two people I can think of are Matthew Shampine and Jason Boutte. Jason Boutte is literally the only foreigner I know who pulled it off, I've lived in Seoul doing startup stuff for 5 years till recently.
Nope, I didn't search either. I just want to do it. (Hi John)
Ha, I figured it was you. Hi Antoine! Feel free to look up Jason and tell him John sent you if you want, he's a cool dude and I'm sure responsive.
The government gives out a lot of grants to startups, but largely in the range of $10k-$100k USD. Beyond that, there aren't many angels, and VC is dominated by highly conservative corporates. It's an incredibly tough fundraising environment.
yup. i wouldn’t consider sk a startup hub in the remotest. like you said, the vc landscape perfectly reflects it.
Startups are quite big in SK because the government gives them lots of funding.
They need funding mainly because otherwise the govt sector and chaebol would outlive them. It greatly depends on the exact circumstances though. (Source: Had been in several startups with varying degrees of funding.)
Fair warning to other foreigners, you will have to make _a lot_ of sacrifices.
Mainly because most if all people in Korean startups are necessarily Koreans. The same thing happens whenever many members share the same background, not just the nationality.
Startups are quite big in SK because the government gives them lots of funding.
Exactly. All that funding and the associated paperwork, not to mention the adverse incentives it brings to the table, help to turn the Korean startup ecosystem into yet another old-fashioned, government-controlled economic sector.
We all call each other the same honorifics, make our offices cute and comfy, and try not to have a visible hierarchy. But at the end of the day, it's the government that tells you which projects will be funded and when you should submit screenshots of the deliverables. Angels? Yeah, they exist, but where do you think half of their money comes from?
Source: also a South Korean startup.
I actually don't use Kakaotalk (or LINE or Facebook, to be comprehensive) even though I'm a Korean. That does make me some kind of weirdo, but many enough services have an SMS fallback so I can live without it.
On the security side though: I don't think it is a work culture at the play because major IT companies in South Korea---often referred as to the initialism 네카라쿠배, for Naver, Kakao, LINE, Coupang and Baemin operated by Woowa Bros---are known for much better work culture and higher compensation than the nation average [1]. It is probably more like that these apps are domestic and hadn't been scrutinized enough compared to globally popular apps.
[1] But still lower than US or even some Korean startups in my experience.
I'm also a Korean, and I've been getting on without KakaoTalk for two years. But I've never met any other Korean personally who doesn't use it.
it was the same in other places. it's only a matter of time.
south America and most of Africa was taken over by metabook whatsapp. you can't even schedule government appointments without one (which then require a mobile phone number, which then require all the data each govt require for a mobile phone sim purchase)
Europe requires sms plus a apple/google validated app and stock phone. you can't access most eu or eu commission or local gov services without it.
but it all started with "it's fine, i still have X fall back working". but we only cry about china dystopian techno state...
Eu citizen here: where in Europe are you talking about?
Europe requires sms plus a apple/google validated app and stock phone.
Which European central government services require you to use an online service or app, with no voice, paper on in-person fallback. I can think of one in the UK - my council's resident's parking permit system
Didn't Japan just buy(back) line and pledge better operational security a while back? Samsung is famous for frequently reinventing things on their own and leaving it full of security holes as a result. Somehow it's just part of the culture.
Is there an easy way for a non-SK (and non Korean speaking) to use it?
You can simply download KakaoTalk from the App Store, right?
"Hierarchical work culture" is like the go-to blanket excuse to explain anything in East Asia that Americans don't like or think is bad.
If you've ever spent a few years at any decent-sized white collar company in the US (tech, finance, consulting) you know it's the same in the west. Especially FAANGs. All these mid-level engineers are just yes-men trying to suck up to their VPs to get in the next promo cycle. The western companies just have better marketing about "flat hierarchies" but it's all PR talk and lip service. Some PM or SVP drops some mandate and no one ever has the balls to question it, they just grumble and do it.
The saddest part is that these tech bros actually believe the marketing they are fed about their company cultures, and it breeds this shallow superiority complex and so whenever something negative about Asian companies comes up, you get comments like this citing this 'go-to' rationale about hierarchy.
It's actually kind of sad these guys don't have the self-awareness to critically examine what they are told vs. what reality is.
I've spent many years at large companies including FAANGs. I've had no problems or issues pushing back on unreasonable deadlines or being the bearer of bad news about vulns, bugs, or systemic flaws. I've also seen plenty of engineers do the same.
You boss gives you a deadline for a feature which is treated an non-negotiable so you cut corners to get it out. Your boss can't 'see' security vulnerabilities, but can see a UI. So you get told "good job" and then get given the next unachievable deadline.
If only that happened only in SK.
It definitely happens in the west too. Maybe its worse in SK because of the culture, but its definitely not unique. The problem of the boss or the customer seeing the UI but not security issues is universal.
Is this something that would be picked up by the news in SK or a regulator? Potential ways to get the accountable besides share price
However, we didn’t receive any reward as only Koreans are eligible to receive a bounty
Talk about discouragement for research. KakaoTalk is huge -- the equivalent of WhatsApp for EU people or LINE in Japan. Many foreigners learning Korean use KakaoTalk to chat, so this definitely affects people outside of the country. Restricting payment to just Koreans is objectively a terrible decision, as it endangers their users for no discernible reason.
KakaoTalk is huge -- the equivalent of WhatsApp for EU people or LINE in Japan
I feel that doesn't really describe it well, one should look into the respective product listings for these companies to get a proper idea of the scope of potential damages that could occur.
https://www.kakaocorp.com/page/service/service
https://line.me/en/#allProduct
WhatsApp is only just getting into the complete ecosystem side of things with Meta Pay. Google as a company is probably more representative of scale
That kind of stuff is what Musk chases with X, by the way. It's his once-a-lifetime bet, even bigger than SpaceX and Tesla combined - succeed in delivering a "one for everything" Asian-style app to the Western ecosystem and you have a money printer of unfathomable power. Had he not completely destroyed all trust in the brand Twitter/X, I'd think he'd have a serious chance of achieving that goal.
The really interesting thing, IMO, is where Facebook went off the rails. They have the moat with literal billions of people using their apps already, they got real names, addresses, location data, in some cases (legacy Whatsapp users, people who ever ran ads) payment data, Facebook already has sort of a "shop" solution with Marketplace... but they don't seem to be attractive at all, or doing anything innovative. It's all Metaverse or whatever.
It's not just Facebook that "failed" to build the so-called superapps, none of Western private chat apps company had done it, let alone social media, or any app from anyone with strong C-class leadership and lean bureaucracy for that matter.
The way those "superapps" grow the "apps" is middle management doing his personal projects on corporate microservice infrastructure and IC hire upper management succumbing to bureaucracy. Thanks to bureaucracy, some brand integrity is maintained, and that kind of makes money anyway as company side gigs. After it goes garbage in and out of translation, the whole company doings end up on BBC as Oriental wonder superapps.
SoftBank subsidiary owns LINE. So do Masayoshi Son even know how many individual sub-apps there are or who's under who running what? I highly doubt it. And I also highly doubt a control freak like Musk can even bear that kind of situation; he'd personally dragged out a server rack out of an NTT datacenter without going through rituals and ceremonies, which made a web article by itself. None of superapp operators seem to have that kind of boss.
the fact of the matter is that there are massive differences in consumer opinion. Western markets prefer specialist companies that do one thing really well, whereas in East Asia people often prefer trusted conglomerates.
As a general example, department stores are much healthier in Japan and Korea, whereas in the US they were hollowed out by specialty clothing retailers, specialty makeup retailers, etc. and then finally kicked over by online shopping.
As a general example, department stores are much healthier in Japan and Korea,
Not only that, here in Japan some of the biggest department stores also operate their own train lines, and own all the real estate around the stations. It's an extremely different way of running a business than in the US.
And none of it has a strong visionary figure leading the way. It's all committees and pork barreling. THAT churns out evergrowing list of features.
None of superapp operators seem to have that kind of boss.
But they also don't have the shareholder/activist investor pressure that Western companies face.
To achieve "superapp" size, you need to have either a strong leader personality driving the push by their sheer will and vision and especially with enough authority/financial power to overrule investors - people like Steve Jobs, Jeff Bezos, Elon Musk or Mark Zuckerberg - or you need to be one of the Asian ultra-conglomerate/"chaebol" companies that have absurd amounts of money flowing through them that enterprising middle managers can divert.
Unfortunately, with the exception of the visionaries I mentioned, corporate America and Europe just doesn't have many company founders with both clear visions and a backbone, and there's (partially "thanks" to de-conglomerisation trends of the 90s and later like with German giant Siemens) nothing at all left that comes even close to the diversification of revenue that Samsung has.
Meta was probably against pushing super hard to avoid the kind of situation that X is now in.
How do you mean? The situation with X seems mostly to do with marketing (people not liking the owner & his behavior) and bots, with maybe a little bit of instability thrown in. As noted elsewhere in the thread, Facebook already has experience with a bunch of different types of services-- from the games they used to host, to Marketplace mentioned elsewhere in the thread, to event management rivaling Meetup & Eventbrite, and even a dating app. X talks about being an "everything app," but they really just have posts (with media) and that's their only feature to date. Facebook does a lot more. So I don't see how pushing harder on non-social features would make them any more like X is right now.
For a decade now I've been completely stumped just why Meta (and before they were sold, WhatsApp) hasn't tried this. Why is only Musk trying this? It's the incredibly obvious thing to do.
Does Zuck find the idea boring? Is that why he rather do something flashy like "Metaverse"? It's the obvious model to go for and East-Asia has already made that clear since a decade ago.
Even bloody MSN Messenger 15 years ago was more of a super app than WhatsApp.
Now finally Musk says he's going to give it a go, but I reckon he'll struggle because X's penetration, as high as it is, is nowhere near WhatsApp. He's also extremely late in the game, so much that unless he starts buying up incumbents (maybe that's what he needs the $56 bn pay package for), the barriers are now incredibly high. When WeChat, KakaoTalk and Line started branching out, there was no huge incumbent in the areas they competed in.
KakaoTalk is huge in the sense that it's almost impossible to find any Korean person, teenager or adult, who doesn't use it daily.
It'd be like finding a person who doesn't use electricity.
I can see some executive being sneaky and saving 0.0001% of all their expenses.
"We also release our tooling so that fellow security researchers can dig into KakaoTalk’s broad attack surface to find more bugs." I think this would be illegal in Germany.
Why? How is that relevant? Isnt it well established that open source security research is the number one way to have a secure app/ecosystem? Why should tooling be kept secret when another team can potentially find more exploits using these/similar techniques?
The sole possession of hardware, software or other tools that can be used to commit cybercrime can constitute a criminal offence according to Sec. 202c of the German Criminal Code.
https://iclg.com/practice-areas/cybersecurity-laws-and-regul...
We'd all be arrested in Germany then as we all have computers with compilers installed on them.
Well that is kinda the point of these vague laws. Just like they eventually nailed Al Capone with taxes in the US - if you can't hit someone directly, you can hit them with the "three felonies a day".
I'm German... our politicians, at least most of them are a bunch of pathologically technologically incompetent buffoons. A lot of that was masked during the Merkel era because she herself was a literal nuclear physics doctorate, but now that she's gone, it's painfully obvious what's going on.
Except §202c StGB https://www.gesetze-im-internet.de/englisch_stgb/englisch_st... isn't actually vague. The simple reason it doesn't outlaw compilers is that compilers aren't built for the purpose of giving unauthorized access to other people's data, even though they can help achieve that aim.
It's similar to how weapons designed to be used against people are regulated differently from tools that merely happen to be usable as weapons.
In the concrete case of sharing tools to explore the attack surface of KakaoTalk, this is not a crime under §202c StGB as long as you do not intend them to be used to hack accounts you do not own.
Good luck proving you have an exploit in your machine but you _do not intend_ to use it to hack accounts to a judge.
The burden of proof is supposed to be the other way around, as presumption of innocence is a thing in Germany (Unschuldsvermutung).
Good luck to the prosecution trying to prove that you did intend to hack other people's accounts when you can point to this blog post where the author demonstrates hacking their own account and reports the vulnerability to get it fixed.
I think people who get convicted of one of the "preparation to commit a crime" crimes mostly:
1. fail to come up with any alternative explanation for their behavior
2. put their plans in writing or told someone about their intentions
The burden of proof is supposed to be the other way around, as presumption of innocence is a thing in Germany (Unschuldsvermutung).
Theoretically.
Unfortunately, judges who are actually fit in IT topics are rare, especially in the criminal courts. They tend to rather believe what the prosecutor tells them. I'm just happy we don't have US-style juries because that would be even worse given our collective love as a society for faxes and writing information on highly processed dead trees (i.e. paper).
That is not in fact well-established at all, though as someone who came up through vuln research I expect we have similar takes on the public policy of vuln and exploit disclosure.
Good. Since KakaoTalk refuse to issue bug bounties to non-Koreans, hopefully they'll change their mind when a bunch of hackers destroy their infrastructure.
Crazy that only Koreans are eligible for bounty rewards. Someone is going to put their morals aside in the future and their customers are going to be the victims. Also I’m pretty sure a large part of government officials in Korea use KakaoTalk?
But hey at least they actually took action…
Taxes?
Non-Koreans who live and work in South Korea pay South Korean taxes
Don't think most Digital Nomads in South Korea pay any South Korean taxes
There are many non-Korean non-digital-nomads living and working in South Korea who do pay taxes. Millions, actually. South Korea has a very large international residency.
It is rather strange isn't it? After all it seems like author of the article isn't Korean, would benefit KakaoTalk to just pay a bounty to him.
KakaoTalk is huge. Can't do anything in Korea without it.
I think this news will trigger a change
LOL Only Koreans are eligible for reward. They deserve to be destroyed by hackers at this point.
Encourages to sell the bugs
And even for Koreans the maximum payout is about 7000 USD which seems absurdly low for an app that seems to be riddled with various security issues.
We reported this vulnerability in December 2023 via Kakao’s Bug Bounty Program. However, we didn’t receive any reward as only Koreans are eligible to receive a bounty
Holy crap !
Well at least it’s disclosed on their bug bounty site:
You must be a Korean living at home and abroad
https://bugbounty.kakao.com/home
Would have been worse if author submitted this expecting to get paid. But found out it’s limited to SK citizens.
Side note: the payouts are extremely low:
… minimum of 50,000 won (~35 USD) to a maximum of 10 million won (~7.1K USD)
This is very normal for Korea. As a foreigner who has spent the last 9 years building a startup in Seoul, this has been my experience many times
A small correction: KakaoTalk is not an "all in one" app like WeChat. The main chat app does contain anciliary features such as gifting that enabled this exploit, but you can't call a taxi on KakaoTalk, you do that on Kakao T, a mobility app that also offers rental scooters, e-bikes, and train and flight booking. Similarly, even though the messenger app does have integration with its payment platform (cleverly named KakaoPay), the service itself lives in a dedicated app. It's like Google on Android where you could access bunch of services with one central ID, which I presume is why their apps have so many access points: they need it for themselves.
This isn't accurate.
Similarly, even though the messenger app does have integration with its payment platform (cleverly named KakaoPay), the service itself lives in a dedicated app.
Just like WeChat, KakaoPay is fully integrated in KakaoTalk to the extent that the large majority of users use KakaoPay only through KakaoTalk. The existence of the separate KakaoPay app doesn't have much of an impact. You can transfer money, receive money, and make payments through KakaoTalk, without using the KakaoPay app.
They STILL don't have a web version after more than a decade of service but I guess that is a good thing in light of this news
I wish they did just because I can’t get the kakao app to work consistently on my Linux machine via wine.
I wonder how many U.S. service persons stationed in South Korea could have been affected by this? Do we know if it was exploited in the wild?
We should step back and re-think the approach we have in software engineering nowadays...
Is it for long-term game or short term gain for a small group of people
I lived in South Korea some years ago, and it was interesting how they had a separate ecosystem of apps and services. “KakaoTalk” and “Naver” had approximately the roles that WhatsApp/Meta and Google have in the West.
I think it’s great how these managed to thrive, despite increased competition from multinational companies. In many other countries, local tech companies seem to have become nearly irrelevant over the past decade, which is a sad to see.
They don't have international competition.
The Korean government explicitly chooses companies for these things. And those companies, Chaebols like Samsung, choose the laws.
If these Korean apps were so good, you would expect them to penetrate foreign markets. But they don't.
https://www.techdirt.com/2023/12/06/dumb-telecom-industry-ba...
Just like how British car companies collapsed when foreign competition entered the market on equal footing, these companies will disintegrate if forced to compete.
https://www.latimes.com/world/la-xpm-2010-dec-01-la-fg-south...
Dumb reasoning. Their apps are targeted at Korean life on purpose. Their app being good or bad is irrelevant.
The reason American apps penetrate the world usually is because America is a superpower that has almost colonised the web.
I live in the USA and EU, and the reason that I prefer a Samsung display in almost all cases is because it is the best product. Korea has not colonized us, but the product is often superior, so that is why I buy it.
Why is it that Korean software cannot do the same? I find it very interesting, and I mean to ask this in a very neutral/curious way.
Now that you bring it up, I can't recall ever (knowingly) using a piece of Korean software that wasn't a game or baked into a phone's firmware. Does seem kind of odd considering how much Korean hardware there is in my life.
naver mail is good. kakao talk too
No way, LG displays are better.
(In case it's not obvious, there's a joke here.)
Yes. Samsung created the best product for all eyes.
That's not the same for most internet apps.
They can do the same, they don't want to nor need to.
TVs for most of their existence were simple devices, with mostly a few different consumer relevant parameters, which were mostly objective.
Apps on the other hand strongly reflect the philosophy of usage, control, privacy etc, and the design aesthetic of their creators. Different countries/cultures have radically different philosophies, and old countries have aesthetics that go back thousands of years. Using apps from the creators of a different culture almost certainly causes significant friction with your own culture's philosophy and aesthetics.
To give a related example. I don't know Korea, but many in the English speaking world are marginally know of Japanese TV shows - you know with the crazy antics. Imagine that you were forced to consume only that form of TV, and how jarring that would be compared to your own philosophical and aesthetic inclinations. The same with Apps.
Nothing prevented Switzerland from colonizing the web first. If Europe was a VC friendly environment it would be ahead in everything.
Right. Instead the US colonised the internet. What's your point?
*created
The internet wasn't some terra nullius that America took over.
This doesn't really fit with the way the US government ensured dominance of its tech sector globally in the 80s, 90s, and even early 2000s. It was not a fair competition by any stretch of the imagination and involved a lot of strong-arming by the US government abusing its leverage.
Maybe somebody else should have invented the transistor, integrated circuit, and internet first. They didn't.
Love how the word "colonise" is thrown out without any thought.
Please tell us one example where America enacted a hostile takeover of a Korean site, and extracted its resources solely for the benefit of American interests.
I thought about it, then I used it. It pretty much stands (not literally of course).
I don't think you understand what the word colonise means nor what my comment means...
LINE did.
Line failed in the Korean market, and only penetrated Japan if I remember correctly.
And it is also partially owned by Softbank.
SoftBank took a stake in Line way after Line became established
I did not know that.
Would that indiciate that Korean software companies are only able to penetrate one economy at a time?
That would be a very weird, but interesting thing to investigate.
Each of language groups across the globe has its own dominant and different messaging apps. US has Messenger, Korea has KakaoTalk, Japan took LINE, China built WeChat, Russia picked Telegram, and so on. The Meta Facebook/Messenger/Instagram triad isn't the global default of social apps the way it might look to people from US.
And I don't think it takes conspiracy theories to explain it, maybe users don't like platforms that isn't dominated by similar users of their primary language, or maybe there are something else that prevent app experiences optimized for two distinct cultures at the same time.
This isn't really true. WhatsApp was used pre-acquisition and continues to be dominant throughout LATAM, Africa, and Europe in addition to US/NA. Only in the APJC region and Russia do we see significant divergence in messaging apps.
Having traveled extensively in these places, I always theorized it was due to UX behavior aligning well with the local languages. While the countries WhatsApp dominates speak different languages, they all use the Latin alphabet. In Russia and APJC there are many non-Latin alphabets used and those languages may also use different directions for writing/reading than Romance and Germanic languages.
One advantage of Telegram over WhatsApp is that you don't have to display your phone number to your contacts and random people in group chats and blogs.
With some amusing exceptions: doctors are exclusively on WhatsApp; older (60+) people are often only on WhatsApp (and pre-Microsoft Skype before that).
Not sure what you are getting at, but Line is deeply penetrated into South East Asia as well
Last I checked, 90% of Line users were in Japan, and Facebook messenger was most popular in SEA.
So I am simply surprised. My knowledge must be incredibly out of date.
LINE is very popular in Thailand for unclear reasons, I've heard the theory that their cute sticker packs set them apart in the early days. In the rest of SEA Whatsapp is the most popular.
Taiwan too.
It's the result of protectionist government policy. The policies are protectionist not just against foreign entry but also against entry of new products into the market. The government picks technology winners. Unsurprisingly, the government doesn't do a great job of this. Infamously it mandated usage of ActiveX and Internet Explorer for banking long after ActiveX had its time in the sun (the government made this the mandate in 1996 and didn't reform it until 2021!)
In case of Kakao Taxi vs Uber, it was Uber's unwillingness to work with existing taxi operators that killed any chance Uber had in the Korean market. Kakao (at least until they became dominant) acted more like an agent that sends additional customers to existing independent taxi drivers while Uber kept trying to find legal loopholes to bypass the taxi licensing system. S Korea is a civil law country, and its courts have no patience for actors whose entire legal strategy is to subvert the intent of the laws, and that was the end for Uber there.
To be accurate, Uber didn't abide by laws in most countries it went up against. It was a little slimy but also the taxi systems of most places were very entrenched. I remember never enjoying riding taxis in San Francisco for years, the cars were gross and the drivers were grumpy and generally shady about having their "credit card readers being broken" so they didn't have to pay the fees. Uber and a bunch of companies did and end run around those very politically entrenched systems and I certainly am happy to have clean, friendly, safe, modern rides with good tech where reviews keep things in line and payment is easy and I can share my location easily and know I'm going to end up at the right place way better.
Exactly. Uber was shady, but that kind of shadiness and willingness to ignore laws is necessary to bring positive change in a highly corrupt society. It's a lot like Batman: when the police are completely ineffectual or corrupt and working for organized crime, you need a vigilante who ignores the laws that just protect the criminals.
However, in better-run and not-so-corrupt societies like Korea, it's not necessary and probably downright harmful.
South Korea was under varying levels of dictatorship from the Korean War until the Sixth Republic in 1987. Roh Tae-woo, the first president after authoritarian rule, was imprisoned for corruption. Roh Moo-hyun, the President from 2003-2008 was investigated for corruption and died by suicide rather than face charges. Lee Myung-bak, his successor, was imprisoned for corruption. Park Geun-hye, his successor, was imprisoned for corruption.
I don't know that South Korea is the poster child for a "better-run and not not-so-corrupt" society.
Credit where credit is due: Sounds like no-one really gets away with corruption in Korea. The same can’t be said for more corrupt places.
Yeah, I wouldn't go quite that far. Here's Samsung's heir, convicted in court of bribery, getting a special presidential pardon because, and I quote, he's "needed back at the helm to spearhead economic recovery post-pandemic".
https://www.bbc.com/news/world-us-canada-62501514
It's not a poster child, but the US sets such a low bar that SK looks great by comparison.
Note also that the US isn't so visibly corrupt at the federal level; it's at the local levels where it's really no better than the typical poster children for corrupt countries. Taxis are a completely local (municipal) issue.
Not sure I'd call Korea and its countless cases of political corruption with Chaebol more and more appearing to be basically running the show "not-so-corrupt".
credit card fees are insignificant compared to the fact that cash payment allows the driver to evade taxes more easily.
Yup. I dislike Uber for the way they treat their drivers but I dislike the old taxis even more for the way they treat me.
When you mention it, as a Linux user at the time I struggled a lot with the ActiveX thing… Eventually I think I gave up. I had no idea that stuff was government-mandated.
It didn't work on Wine?
Running IE in wine wasn't always the easiest thing in the world, and when you were specifically running it to try and use weird integrations even less so.
This is a very good point. I didn't think about two things: (1) Internet Explorer, and (2) custom DLL with ActiveX integration.
I heard Korea had a problematic mandatory Internet login wall specifically built for IE with ActiveX on XP, and that that made use of Linux and/or Firefox complicated.
Funnily it lead to creation of PC F2P gaming culture too for some reason.
It was government mandated but it was an attempt by their government to strengthen security at the time when they couldn't import stronger crypto. Then it became established and hard to remove.
https://en.wikipedia.org/wiki/Web_compatibility_issues_in_So...
That makes a lot more sense. Thanks for sharing this bit of historical insight.
While you're right, in the specific case of navigation apps (Google maps) or apps that need navigation data (uber), it's typically because of the Geospatial Information Management Act. High-quality mapping data isn't allowed to leave the physical borders of Korea so most foreign companies just stop trying. Nowadays it's just protectionism, but the original justification was to make it harder for north korea to aim artillery.
One thing that surprised me about SK is that they have so many local alternatives for tech products that I thought were global. And the global/US version has almost no market penetration. An example of this was Google, at least when I visited in early 2015.
It's great that American software monopolies do not have access to Korean data and that Korean companies can create jobs hiring Koreans and add to the GDP. ALL sovereign countries should practice sovereign software and safeguard PII of its citizens
It's rather inconvenient for non-Koreans but you were never the intended audience nor is there much care for foreigners these days-there is growing hostility towards foreign tourists who have flocked to Japan and Korea in recent years.
Why would we think that every country blocking out foreign companies would result in better software being written for consumers in that country?
I think some tiny amount of protectionism can be necessary to get a domestic industry started, when it is important for reasons beyond giving access to the best products like national security. Especially in edge cases like competing with foreign companies with the backing of their state government or an international market that has degenerated to a monopoly. But ultimately free trade makes better products and international consumers richer and is the desired end goal, not every nation rewriting the same tech stack and providing local flavors of software solving similar problems.
Why not? Isn't Diversity good? Wouldn't it be nice to have multiple colors, implementations of things rather than the monopolistic (and probably American) beige?
Diversity comes from (fair) competition. Why would I not make American monopoly beige if it works for America locally? But if the foreign company is already that color I have to differentiate somehow. I have to compete on whatever I know about the domestic market, and force the foreign companies to learn and adapt to reach parity with me.
That whole process works in reverse too, where I have to reach parity with the large multinational company on all the features the domestic audience cares about. That last step is usually the first one to be missed when a government hands a monopoly on a tech vertical to a local company with protectionist policies. (And often they don’t just do it to insulate them from foreign competition, they will end up insulating them from domestic too as an artifact of the way these relationships reinforce themselves)
So, the state should intervene to help level the playing field to reach fair competition. In practice though it rarely stops there and instead works to insulate the domestic company from any competition. Which results in inferior products.
It is not diversity to have many people reinventing and maintaining essentially the same wheel. Exceptionally, this is necessary for national security purposes, but in the common case this is actually a poor deal for local consumers who prop up a worse product.
This is rich, coming from someone in a country where everyone still uses SMS to chat with their friends and family. Other countries already have far superior messaging apps than whatever America has produced, but Americans refuse to give up their SMS just like they refuse to give up their guns.
I’m not sure what this is supposed to prove? There are lots of different messaging apps with very high market share in the US versus a WhatsApp monoculture. A lot of people using SMS are actually using iMessage, and historically one of the reasons it’s won is because US telecoms went to unlimited SMS messaging when competing with each other, whereas foreign monopoly telecoms charged prices per SMS making messaging apps on data more competitive.
iMessage is a better experience and also degrades gracefully to sms for people who aren’t on the platform, unlike almost all other messaging apps where I have to make sure they have the app installed.
Facebook messenger has like 50% market penetration with its own suite of features. Snapchat is next and offers a very different user experience.
Apps without compelling reasons to exist like Google allo lose.
Europeans use Mark Zuckerberg's app and feel superior for it. They can keep it.
You would be doing the opposite of that. Creating 100 monopolies.
Better a hundred of them than only one or two.
It doesn't matter how many there are if only one is available in your region.
At least a local monopoly answers to local pressure. Good luck getting a global one to do so.
Why do you think foreign companies are automatically better? Is American software written by non-Americans automatically best? I find this to be incredibly arrogant.
They didn't say that.
Most countries are incapable of this and when they do try they do a worse job.
My government has a website that allows you to fetch a person’s voting centre by knowing their ID number. Our ID numbers are sequential. Therefore you can use that website to get approximate location for literally everyone.
My government also has a website to request passports online. I was playing with it and it turns out they have an open GraphQL endpoint that lets me query billing transactions for _everyone_.
But sure the software was made in my country.
Approximate address, surely. Addresses are ... usually not very secret in the first place, though? It'd be absolutely fascinating if your government not only tracked everyone's location but assigned their voting center by current location, but, well,
I guess you misunderstood the word “location”.
The voting centre is typically the closest public school to where you live.
So when I say location here I mean the neighborhood where you live.
Also the main concern isn’t the government. They clearly already have the data and will always have that data. They also have the actual address of people.
The main concern is literally anyone can access the data and this thread is about countries protecting PII lol.
In some Western countries voter's lists with names and addresses are publicly accessible, if I understand correctly. Helps to make sure government doesn't add dead souls to vote for them.
That's exactly what happens in Turkiye. I assume GP is there.
IMHO That's where the software model could change if more countries gave a serious shake at managing national services.
As you point out it's hard and few can do it, so getting more common open source platforms would be a natural evolution. Then relying on global providers that act as a service developer instead of a service owner would still be a huge difference.
That sounds great. I imagine it would turn out the same way using local transit has. Some are awesome like the netherlands and some are hostile towards users that you can’t even properly use it if you arrive too late at night because no one is available like france.
Everyone in this thread seems to thinks government is able to get things done. That is not what my last 40 years of life has shown me.
Most countries ARE capable of that. Or rather, most people of a country don't like platforms not dominated by their own primary language, and this is passively achieved by that tendency.
Lots of Russian stuffs on the Internet come through Telegram, meanwhile China has Weibo and TikTok, Korea does its thing in KakaoTalk and Facebook/Insta, Japan uses LINE along Twitter/Insta instead, so on and so forth. Everyone could be on Facebook, but that isn't what is going on.
The Interweb isn't so global, and English isn't the lingua franca of all communications. It's just the perception one experiences through an American door, though the Web do tend to be more developed in en-US.
In America, before the Internet took off, every year everyone would get a book called the "white pages" that had the name, address, and phone number, of everyone who lived in their city.
The American view of privacy is that "openness makes for a civil society".
Although one can argue that hasn't been working out well for us lately ..
Likewise, marriages are publicly recorded and accessible online, as are all property purchases, births, deaths, and even property tax payments.
Though for some reason we consider income taxes to be super secret. Everything else is public, but not those! (How much cash someone put down to buy a house? Public. How much money that person makes? Not public. How much money everyone donates to politicians? Public.)
I don't know about SK's privacy laws, but wouldn't a country's government have more power to tap into the data of local companies?
yes, and they also have the power to tell multinationals where they are allowed, geographically, to store the locals' data.
the grandparent has invented a fake problem (data regionalization, as though it cannot be addressed with regulation) and has conflated a nationalist-socialist desire to replace a foreign private enterprise with a nationalized public one. it's nationalist because it assumes that the nation needs to own it, and socialist because at the national level a public solution is proposed.
the solution, in turn, doesn't actually solve the regionalization problem unless the state organization running the nationalized ride share app is required through further legislation to keep the data local -- the same legislation that would be needed to regulate private entities, except now it's the government regulating itself since the public national ride share app is operated and owned by the government, and is now open to all the problems of corruption that plague every command economy.
But by all means, be more like North Korea, South Korea. Just nationalize everything. You don't want American influence. Those American monopolies and American dollars have really made you worse off in the last seventy years. /s
I have a problem with your comment. It's extremely condescending and emotionally charged.
Data sovereignty/regionalization is not a fake problem. Many governments around the world are trying to keep foreign companies from accessing their citizens data.
A sovereign country wants to create its industry by keeping foreign companies out isn't communism. Much of the West does this already and uses regulation/fines/antitrust lawsuits to keep em down.
Amusingly, U.S. Congress has been making a ruckus about this so-called “fake problem” lately (and I can’t fault them) even though TikTok already stores American data in Oracle Cloud on American soil.
Right, which is exactly why it's dangerous to allow foreign (that is, US) companies to control your citizens' data, particularly if that data is not safeguarded against those foreign governments (e.g. due to "national security" laws).
Ha, imagine the Korea economy if the US and EU did the same with respect to Korean tech companies
There isn't any large software company from Korea that is setting up shop in US/EU
Most of its hardware and yes US has slapped tariffs on Korean EVs to boost their own.
Koreans prefer Naver over Google because its interface offers a lot more than Google. It's more of a portal site with social verification.
Sovereign software would break the open Internet as it exists today. A lot more work needs to be done on open protocols before interoperation would work nearly as well as the products we have today.
Not to mention the colossal waste of effort in engineering hours, the disparity in quality between rich and poor countries, etc.
Reuse is good. I would rather see open data and open protocols too, but look at Cambridge analytica, a scandal that was a direct consequence of giving people control over their data!
Largely agree with this, but this
Is incredibly ironic on a post "I found a 1-click exploit in South Korea's biggest mobile chat app". Zerodium pays $1 million for a WhatsApp (the Western equivalent of Kakaotalk) one-click exploits. As a consequence, any new exploits must be incredibly involved, else they'll already have been cashed in (and patched after being reported/exploited). Whereas this Kakaotalk exploit is trivial.
Americans share their PII with the FAANGs, us in Korea share it with the entire world because, as this article shows, security is absolutely atrocious.
As an American in the software industry, I whole-heartedly agree.
That's because the Korean and Japanese internets are far older than most of Americas giants. They also were made for locals.
Google launched in 1998. Naver didn't launch search until 2000. Copying American tech companies but targeting your own market is a common theme (see China, Latin America, Southeast Asia, etc.). Let's not pretend it's not the case here or Korea is somehow special.
What does the seemingly very common-sense fact that a South Korean app was "mostly"(?) in Korean have to do with the UX or with it not being "professional"?
What language were you expecting the South Korean app to be in, French?
multi language support is pretty standard in many popular apps. it’s not even that hard.
Imagine supporting the most common language in the world. CRAZY right?
https://developer.apple.com/documentation/xcode/supporting-m...
Why are you fixating on supporting the 2nd most popular language, shouldn't it support the 1st most popular language first? Or why not jump straight to the 3rd?
i meant most common, was an error on my part.
also, if you add internationalization support for 1 language in your app, it’s trivial (these days) to add other languages. My point is they should just add support for other languages, like chinese, japanese, english, etc.
More users = more money?
just so u know, kakaotalk does exist in multiple languages. feels like this whole thread is based on a false assumption
Have you actually used it?
I used it earlier this year in Korea, although it did have a hard to get to setting to change your language, many many things were still in Korean.
It is very difficult to navigate, but I asked for help and a native was able to figure it out.
Still more usable than Google Maps though, which will only give you a not so good train schedule. No walking directions at all.
I've seen tons of American made apps from large companies that show bits of English here and there when switched to another language.
Localization is hard, even for companies that spend a lot of time and effort on it.
It isn't just string replacements!
That's interesting, because Google Maps here in Japan is absolutely fantastic: train schedules are always correct (and updated with delays etc.), walking directions are good, etc. I guess having a big office here in Tokyo is a big part of this.
I think your talking about a different app, KakaoMap, which you're right isn't totally localised. KakaoTalk is though.
happy to be proven wrong! Cheers
Surely not the most popular language among tourists in South Korea, who would be mostly from Japan, China, etc.
that’s a fair point. in that case, why not support chinese, japanese, etc?
my point is it seems like good business sense. strange they haven’t done this.
The subway station notification is spoken in Korean and English.
Can you elaborate on how easy it is, please? Say for a web application or a native Linux application?
The translating part is by far the hardest. But there are services to organize a crowd sourced translations of your app / service.
Booth android and iOS app building frameworks will try to force you into using variables for every rendered string (allowing you to change them easily and in one place - f.ex. based on user / device settings).
Majority of tourists to Korea do not speak English. You’re really thinking from an American bias there.
Uber, an American rideshare company, supports a large number of languages including Korean.
Because Uber operates is many countries.
They don't operate in Korea but they do provide Korean translations which seems to suggest they consider inbound tourists as a target market. It is quite telling the Korean apps do not.
Uber attempted to operate in Korea and failed. At that point keeping a Korean translation would have been a simple matter of maintaining and updating it for the small returns that it brought in, coupled with the knowledge that simply maintaining a Korean translation for their vastly more entrenched service ensured no chance of competition from one of the few non-American firms to succeed in the same space as them.
Surely there's no obligation to internationalize your app, but taxis are commonly used by tourists so you'd imagine it would be a good business decision.
What percentage of online taxi rides are booked by tourists? I would guess less than 1%. "[I]t would be a good business decision": I disagree.
Well maybe more people would book taxi rides if they added translation..
An app in French would be easy to comprehend for an English speaker.
To wit: une appli en Français serait facile à comprendre pour un anglophone.
It’s an everything app suite with single sign-on:
KakaoTalk, KakaoTaxi, KakaoBank even (bank obvs not for foreigners without local ID numbers).
The Kakao Metro map app is the best of its class too.
When did Kakao Bank start offering accounts to foreigners with ARCs? Last I checked it did not.
Some foreigners claim they have KakaoBank accounts, but they may be confusing them with KakaoPay accounts, or maybe the account is in their spouse’s name or whatever.
Suffice it to say: for foreigners without a Korean ID number it’s a definite no and with a Korean ID it’s a likely no.
And good news: they’re not called “ARCs” anymore. No more “Alien Registration Card” extraterrestrial stigma. Now it’s just the regular stigma.
This is correct. I live in South Korea and I’ve never heard of any foreigners with kakao bank accounts. That was never offered as far as I know.
As others already mentioned, Uber does work in SKorea (or at least Seoul), altough it's not really an uber, afaik its just a proxy for kakaotaxi while using Uber's interface
Uber operates through a local JV with Tmap called UT. Taxi drivers typically sign up for both Kakao T and UT, except when exclusively branded. (Kakao T and Uber both operate branded taxis.)
Korea uses KakaoT as a ride hailing app. But all it does is hail taxis. Uber in Korea just hails Uber branded taxis. I have no idea if they are officially affiliated with Uber or not.
UX patterns are different in Asia by the way.
Also majority of tourists to Korea do not speak English, so it’s a little weird you think English should be prioritized over other Asian languages
I would be interested in elaboration on this.
Uh huh.
When I went ~5 years ago, I was completely unable to use the taxi apps due to lack of Korean bank acct. This lead to being unable to even hail a cab at times - they mostly seemed to pick up fares from the apps. At one point I managed to get one of their attentions - and was told that he wouldn’t drive me because I was an “outsider”. Not sure if he was actually xenophobic, didn’t want to deal with a cash fare, didn’t want to deal with my lack of Korean, or just had a misunderstanding. A later “successful” cab ride put me going halfway across the city through the mountain. I had to call a date I’d had and get her to explain to the driver that we were going the wrong way. The perils of going to new country underprepared I suppose.
It’s not because of xenophobia, overseas Koreans without a Korean bank account have also faced this before.
Uber has operated in Korea for the past couple years through a local JV with Tmap called UT. It's the next most popular taxi hailing service after Kakao T.
ive used uber in seoul many times
They are professional. They just don't have to care about foreigners.
Kakaotalk is in English, French, German, Indonesian, Italian, Japanese, Korean, Portuguese, Russian, Simplified Chinese, Spanish, Thai, Traditional Chinese, Turkish, Vietnamese (https://apps.apple.com/us/app/kakaotalk/id362057947)
I totally don't understand the comments under this comment or this comment, apart from about 8 months when Uber was being sold to SK, uber has worked just fine daily for the past 5+ years for me? Even during the "government crackdown" phase, X stopped working but although the press said uber shut down, uber worked just fine, only X shut down.
I hear this comment time and time and time again and I wonder where it comes from, I'm happy to show literally years and years of uber receipts from South Korea.
Uber works in S Korea now.
It also accepts non-Korean credit cards, while most online apps in South Korea do not.
Uber works in Seoul