fsebugoutzone.org:9999

       Post AceactQdgso7TwjQcC by mjg59@nondeterministic.computer
 (DIR) More posts by mjg59@nondeterministic.computer
 (DIR) Post #AccIuSSmV1FvZV2Wwq by mjg59@nondeterministic.computer
       2023-12-09T00:51:42Z
       
       1 likes, 2 repeats
       
       I&#39;m not going to get into the rights or wrongs of Apple blocking Bleep Mini, other than to say that if this was driven by a desire to ensure the privacy and security of Apple users, that implies that there was a privacy and security hole in iMessage up until now
       
 (DIR) Post #AccJ61i9mwaG4okQxU by mjg59@nondeterministic.computer
       2023-12-09T00:52:56Z
       
       0 likes, 0 repeats
       
       Was anyone making use of this before now in malicious ways? Does someone have illicit plaintext logs of iMessage conversations already?
       
 (DIR) Post #AccJZ3EzBGmJDawYOO by funkylab@mastodon.social
       2023-12-09T00:59:14Z
       
       0 likes, 0 repeats
       
       @mjg59 the marketing explanation will be that they can&#39;t guarantee confidentiality of other user&#39;s chat messages when stored as message logs on untrusted platforms, no?
       
 (DIR) Post #AccJlSj2Fsk1jTuuUi by mjg59@nondeterministic.computer
       2023-12-09T01:00:09Z
       
       0 likes, 0 repeats
       
       @funkylab what stopped someone from doing that before now and just not telling anyone?
       
 (DIR) Post #AccJvbQKlmWTbd0MAi by c0dec0dec0de@hachyderm.io
       2023-12-09T01:00:47Z
       
       0 likes, 0 repeats
       
       @mjg59 really surprised they don’t just release a damn Android client - yes, I know that they’re making money on selling their own hardware and blah blah blah.
       
 (DIR) Post #AccK7hmwvoFYoxM0Y4 by funkylab@mastodon.social
       2023-12-09T01:04:27Z
       
       0 likes, 0 repeats
       
       @mjg59 true
       
 (DIR) Post #AccLcXzjUiadNRbUbg by megamatt@mastodon.online
       2023-12-09T01:22:24Z
       
       0 likes, 0 repeats
       
       @mjg59 from what I gather the exploit was on the registration side, so afterwards one would still use E2E encryption. IIRC they open sourced the way they broke into it?
       
 (DIR) Post #AccLqAue6rbZqMirUe by tthbaltazar@chaos.social
       2023-12-09T01:24:58Z
       
       0 likes, 0 repeats
       
       @mjg59 bleep mini?
       
 (DIR) Post #AccLzJzBkF8kaeCznE by tannerprynn@infosec.exchange
       2023-12-09T01:26:18Z
       
       0 likes, 0 repeats
       
       @mjg59 Seems possible Apple routinely bans “abusive” clients (registrations / device ID) reuse and we just haven’t had a public example before? Though maybe that’s a more nuanced point than the current level of discussion on HN 😂
       
 (DIR) Post #AccMPcGaOtZeocsuDA by mjg59@nondeterministic.computer
       2023-12-09T01:30:29Z
       
       0 likes, 0 repeats
       
       @megamatt Eh  not quite the technical definition of open source (it&#39;s not an open source license) but yeah. The concerns some people are raising is that the client could then behave maliciously once the e2e messages are decrypted
       
 (DIR) Post #AccMdGUKAXF3KDop4y by mjg59@nondeterministic.computer
       2023-12-09T01:32:25Z
       
       0 likes, 0 repeats
       
       @tthbaltazar Er, Beeper Mini
       
 (DIR) Post #AccN1gKlj5BsR0zZNg by megamatt@mastodon.online
       2023-12-09T01:34:41Z
       
       0 likes, 0 repeats
       
       @mjg59 oh yeah that makes sense. Though isn’t that risk inherent in any sort of open(ish) protocol? Like if you control the client, you control… information.
       
 (DIR) Post #AccNGKytOinsYOkQz2 by mjg59@nondeterministic.computer
       2023-12-09T01:38:36Z
       
       0 likes, 0 repeats
       
       @megamatt iMessage involves keys provided by Apple on device registration, and in theory those are tied to device serial number, so you can at least make it hard for people to be able to register
       
 (DIR) Post #AccNu47DWVvxpSaMPQ by megamatt@mastodon.online
       2023-12-09T01:46:39Z
       
       0 likes, 0 repeats
       
       @mjg59 oh for sure. They have pretty solid device attestation. I just mean *if* iMessage was an open platform that officially supports third party clients, that problem would be inherent. An evil actor could make an app that hijacks the messages and forward it to EvilCorp.
       
 (DIR) Post #AccPUOcsqHOtoyHj6W by not2b@sfba.social
       2023-12-09T02:05:35Z
       
       0 likes, 0 repeats
       
       @mjg59 Currently if there is a group chat involving both Apple and Android users and the Apple folks are using iMessage, the messages to/from Android users are in the clear. So having the Android folks use Beeper would have been more secure for everyone in the conversation. Alternatively I guess Apple could implement Google&#39;s extension so Android users get encrypted RCS messages, don&#39;t know the details of that.
       
 (DIR) Post #AccdFv2nQh4tNVOdM0 by maxthyme@mastodon.social
       2023-12-09T04:40:08Z
       
       0 likes, 0 repeats
       
       @mjg59 Plus the problem of not being able to send secure messages to anyone without an iPhone, which was briefly fixed.
       
 (DIR) Post #Ace0CXXQrLzni92lpg by beebles@social.beebl.es
       2023-12-09T20:30:42Z
       
       0 likes, 0 repeats
       
       @mjg59 all beeper mini is is just a reverse engineering of the OSX Mountain Lion version of iMessage with a few newer APIs stacked on top of it.Pypush has been around for months and ape had no issue until beeper started charging for it, as indicated in the C&amp;D sent to beeper
       
 (DIR) Post #AceactQdgso7TwjQcC by mjg59@nondeterministic.computer
       2023-12-10T03:18:48Z
       
       0 likes, 0 repeats
       
       @nicolas17 I had no advanced knowledge