[HN Gopher] Apple cuts off Beeper Mini's access
___________________________________________________________________
Apple cuts off Beeper Mini's access
Author : coloneltcb
Score : 1330 points
Date : 2023-12-08 21:41 UTC (2 days ago)
(HTM) web link (techcrunch.com)
(TXT) w3m dump (techcrunch.com)
| nicklevin wrote:
| Saw that coming. Just like Google did with the SEO heist a person
| bragged about a couple weeks ago, if you make big tech companies
| look foolish they are going to react quickly.
| blinding-streak wrote:
| SEO heist?
| minimaxir wrote:
| https://news.ycombinator.com/item?id=38433856
| minimaxir wrote:
| When did Google react to the SEO heist? I can't seem to find a
| source for it.
| nicklevin wrote:
| https://x.com/rosshudgens/status/1729889490947518868
| gruez wrote:
| This is still baffling. The tweets make it sound like
| they're competing against google and stole traffic from
| google, but their landing page makes it look like they're
| some sort of business modeling SaaS? Why would they be
| competing against google?
| travem wrote:
| They are competing against another business (not google),
| and through AI generation of content (based information
| gathered from the competitors site map) they were able to
| capture web traffic from Google that would previously
| have gone to their competitor.
| ribosometronome wrote:
| Isn't it just fighting over already low effort affiliate
| spam pages, anyway? The ideal result is seeing none of
| them.
| jacoblambda wrote:
| The issue isn't just low effort affilate spam pages piss
| fighting with each other. It's that they were trying to
| sell the technique as a product to people who make actual
| content so that they could steer viewership of their
| other high-quality-content competitors towards AI
| generated garbage.
|
| Basically a weapon to taint your competitors brands by
| redirecting their viewers away from their content to ad
| saturated AI garbage.
| ec109685 wrote:
| The follow up tweet says he typo'd the company name in the
| screenshot:
| https://twitter.com/RossHudgens/status/1729927440112189820
|
| And the tweet fundamentally misunderstands how ahref works.
| If google killed the site in question, ahref would have no
| idea given they have their own crawl.
| mchanson wrote:
| Smart to do it Friday afternoon.
| vinberdon wrote:
| That was fast!
| cloudking wrote:
| I wonder what Apple will do with the number registrations that
| came from Androids.
| frizlab wrote:
| Unregister them, just like when so switch from iOS to android I
| guess
| mchanson wrote:
| Done late on a Friday.
| spzb wrote:
| If I know anything about software dev, it'll be someone at
| Bleeper who fat-fingered something in their haste to get the
| weekend started.
| ReptileMan wrote:
| The EU will probably look closely into that.
| superb_dev wrote:
| Why? iMessage so far isn't a part of the EU's plan. There's no
| requirement for it to be open.
| duskwuff wrote:
| It was for a while, but they reversed course:
|
| https://arstechnica.com/apple/2023/12/imessage-will-
| reported...
| snthd wrote:
| It might be a breech of the GDPR's data portability
| requirements.
|
| It comes down to if, by having people send you messages, you
| are the one providing the data to the data controller, or
| not.
|
| Currently I think it's ambiguous.
| rplnt wrote:
| Apple isn't blocking competitive messaging apps from their
| platform. They are simply blocking unauthorized access to their
| services. EU won't look at Slack for blocking your irc client,
| and EU won't look at this.
| HPsquared wrote:
| Potato, potato. Would they authorize it if asked?
| etchalon wrote:
| No, and, at the moment at least, they have no legal
| requirement to do so.
| jimbob45 wrote:
| If you can't come up with at least a specious argument as
| to why your [insert thing] should be locked down, you
| should expect EU Antitrust at your door in the near
| future.
| etchalon wrote:
| "Cause it's ours and we don't want to." is a very
| legitimate reason.
|
| I don't have to let you into my house. I don't owe you a
| reason. It's my house.
| turquoisevar wrote:
| Wishful thinking.
|
| The EU set up the rules of the game, and it turns out iMessage
| falls outside the rules (to the EU's dismay).
|
| Even if it would fall within the rules, EU regulations work on
| a policy level, not a technical one. In other words, they can
| force Apple to change their policy and facilitate
| interoperability, but there's no legal mechanism to force Apple
| to allow unauthorized use of their service.
|
| The best you can do, if you're so inclined, is hope that the EU
| will change the rules of the game, but that would be such a
| transparent attempt at targeting a specific company (a big no-
| no in the legal reality within the EU) that the European courts
| will strike it down before they finish their breakfast.
| hnuser435 wrote:
| Brutal. Will there be refunds?
| graypegg wrote:
| Well, to be fair, wasn't this always going to be the end state?
| I wouldn't be surprised if the choice of subscription plan was
| mostly because it makes "total value-time received" a really
| easy calculation. It worked for 2 months, you're not getting
| your 4$ back.
|
| Surprised it only lasted this long though, I'm sure they
| weren't betting on that. I still wouldn't expect a refund for
| the 1,50$ of 3 weeks this payment cycle that you didn't use.
| sgjohnson wrote:
| > I still wouldn't expect a refund for the 1,50$ of 3 weeks
| this payment cycle that you didn't use.
|
| I would. They sold a service that they clearly cannot
| reliably provide.
| jmkni wrote:
| You and I know that, but your average consumer has no idea,
| and could absolutely argue they have been swindled.
| DeIlliad wrote:
| Beeper Mini starts as a 7 day trial and its been 24 hours so I
| imagine they'll be fine.
| focusedone wrote:
| Why can't we have nice things?
| sonicanatidae wrote:
| Humans. Humans are why we can't have nice things.
| waffleiron wrote:
| Greed I'd argue, there are many that aren't greedy but enough
| to ruin many things.
| aidenn0 wrote:
| Oh, so we just kill all the humans, and _then_ we can have
| nice things?
| fasquoika wrote:
| Personally nearly every nice thing in my life either is a
| human or was made by one
| thomastjeffery wrote:
| It's a bit redundant to mention "is a human" separately,
| since humans are made by... wait a minute
| quickthrower2 wrote:
| Reproduction isn't really a human making a human. Where
| making means using your cognitive power to apply focus to
| a creative task. It is more akin to natural biological
| processes. Do humans make poo, or hair?
| thomastjeffery wrote:
| OK, what about IVF?
| sonicanatidae wrote:
| And every atrocity, driven by greed, envy or just sheer
| assholery?
|
| Also humans.
| StressedDev wrote:
| I suspect you are asking why Apple will not allow Beeper Mini
| to send and receive iMessages. The answer is probably Apple
| does not want non-customers to use iMessage or iMessage's
| infrastructure. iMessage costs money to run and Apple is not
| interested in letting people who do not use its products use
| iMessage.
| JohnMakin wrote:
| this comment predicted it:
| https://news.ycombinator.com/item?id=38536577
| madeofpalk wrote:
| I'm pretty sure _everyone_ predicted it. It was exceptionally
| clear to anyone that Apple would block this and patch the hole
| that allows it to work.
| JohnMakin wrote:
| but, if you read the comment, he points out why/how, which
| other commenters seemed confused about.
| sgjohnson wrote:
| I actually thought that Apple might not care for now and that
| they'd just wait and see what happens.
| etchalon wrote:
| You mean the company who controls the protocol, and the clients,
| and the servers for a given service somehow found a way to stop a
| third-party from utilizing that service without permission?
|
| I am shocked at this outcome, and shall write my senator.
| sonicanatidae wrote:
| Make sure you mention the tubes!
| rplnt wrote:
| And IIRC it used some old OSX binaries to do so? Just
| terminating the access might be a lucky outcome if that's the
| case, considring the money involved.
| tadfisher wrote:
| pypush uses the old binary pulled from macOS. Beeper Mini
| uses another workaround for the device UUID/serial/etc.
| requirement.
| turquoisevar wrote:
| > Beeper Mini uses another workaround for the device
| UUID/serial/etc. requirement.
|
| Have you got a source on that? As far as I know, there's no
| workaround possible because the authentication blob is
| based on the UDID/serial. Put differently: without
| UDID/serial, there's no way of authenticating with the
| message servers.
|
| Beeper keeps referring to pypush when it comes to details
| in their write-up[0], and pypush, in turn, clearly
| states[1] the need for information like serial and UDID
| when dealing with the albert server and IDS registration
| request.
|
| As a "workaround," they simply stuff fake serials, etc.,
| and cross their fingers that it gets through Apple's
| scoring mechanism.
|
| 0: https://blog.beeper.com/p/how-beeper-mini-works
|
| 1: https://jjtech.dev/reverse-engineering/imessage-
| explained/
| chrisbrandow wrote:
| I mean, what did they really expect when accessing a private
| messaging service without permission?
|
| Maybe it shouldn't be private or whatever, but it still seemed
| weird to me that they thought this would "just work".
| wmf wrote:
| One may wonder if the real goal was to create an antitrust case
| rather than a working app.
| madeofpalk wrote:
| How is this a demonstration of "antitrust"? Apple does not
| unfairly prevent competition for messaging apps, as evidenced
| by a plethora of competition for messaging apps, plenty of
| which are far more popular _on iPhone_ outside of the US.
|
| Apple faces the heat of this competition - it frequently adds
| features to iMessage to make it equal or better than it's
| competition. Voice notes through iMessage was a direct
| reaction to popularity of that feature in other platforms.
| jethro_tell wrote:
| Additionally, didn't they just announce that RCS would be a
| first class citizen in '24?
|
| Feel free to use the open standard but don't be iMessage.
|
| I'm a long time beeper user. It's been nice to sign up with
| my email, and at least be in a few of the iPhone only
| chats.
|
| When I saw Eric's post the other day, my first thought was
| 'what an arrogant dumbass.' My guess was that they though
| they have an anti trust case, and my guess is that apple
| may have thought the same, and so they enabled 'iMessage'
| access to RCS.
|
| This was so predictable, especially after the RCS
| announcement, that I messaged my group threads and said
| they'd be borked by the end of the week, please switch back
| to signal.
|
| So, I think I'll ride that train until RCS is a thing and
| be done with beeper. I honestly think they just shot
| themselves in the foot.
|
| https://www.theverge.com/2023/11/16/23964171/apple-iphone-
| rc...
| thomastjeffery wrote:
| The only reason that an alternative iMessage client is
| newsworthy _at all_ is because Apple uses iMessage as a
| moat to keep people using Apple devices.
| Jtsummers wrote:
| How would this be used for an anti-trust case?
| kxrm wrote:
| I think it is odd that they chose to make a product out of a
| hack. Seems like a lot to invest on the bet a few Apple
| security people wouldn't patch this up.
|
| Not discouraging the endeavour but now they are on the hook for
| all of these customers who bought on this promise. Feels like
| it should have started as a free product to see how Apple would
| handle it.
| amelius wrote:
| It's for your own good. Those Android users cannot be trusted.
| skeaker wrote:
| To downvoters, the above appears to be sarcasm. Apple would
| love you to believe this even though it's just blatantly silly,
| which is why it's funny.
| yodon wrote:
| Any time one is tempted to post a sarcastic comment, it's
| good to re-read Poe's law[0] first. It does in fact always
| apply when posting on the internet.
|
| [0]https://en.m.wikipedia.org/wiki/Poe%27s_law
| dang wrote:
| Recent and related:
|
| _Show HN: Beeper Mini - iMessage client for Android_ -
| https://news.ycombinator.com/item?id=38531759 - Dec 2023 (863
| comments)
|
| _iMessage, explained_ -
| https://news.ycombinator.com/item?id=38532167 - Dec 2023 (143
| comments)
| crazysim wrote:
| This was the way with GAIM and Adium and stuff back in the old
| days. It'll be back.
| malfist wrote:
| Oh man this brought back memories. I had forgotten those words
| phailhaus wrote:
| Crazy that the CEO even tried to create an entire company based
| on something that they absolutely cannot control. Was this an
| acquisition play?
| maelito wrote:
| The entire company is not based on Beeper Mini.
| rglullis wrote:
| Beeper is doing a lot more than just an iMessage proxy.
| slowbdotro wrote:
| Technically it's not a proxy. As every device (apparently)
| connects directly to Apple's servers.
| wffurr wrote:
| Beeper Mini talks directly to Apple servers from your
| device.
|
| Beeper the company also has Beeper (Cloud) which bridges a
| whole lot of chat apps via Matrix to their other client
| app, including iMessage via a Mac relay.
| corobo wrote:
| Beeper (not mini) is already a company - it's an app that
| aggregates the various other networks friends and family insist
| on using. WhatsApp, FB Messenger, Telegram, Instagram, etc.
|
| Been using it a while now, pretty good.
|
| This was a proof of concept to expand that app, it's not the
| entire company
| gnicholas wrote:
| What's the pricing model? I would think that many people
| would not be potential customers because the vast majority of
| their networks are on a single platform (whatsapp or
| messages), or because they don't really care if messages live
| in 2 different places. I could imagine paying a one-time fee
| for something like this, but I assume the ongoing upkeep
| required would not work with such a model.
| kevincox wrote:
| I would agree if they hadn't completely redone their website
| to remove every reference to Beeper Cloud. They really made
| it look like a deprecated product, not a good alternative
| that won't get blocked.
| corobo wrote:
| Oh wow aye, admittedly I've had no reason to go to their
| main site recently (and in hindsight should have before
| responding). They really went all in on marketing this eh
|
| There's always a possibility of me being wrong! It does
| look like a bit of a pivot doesn't it.. Good point, well
| made.
|
| I think I'll go double check I can still log in to my chat
| apps directly just in case haha
| LelouBil wrote:
| I mean, even if they go all in with Beeper Mini, they
| plan on adding all the services supported in Beeper Cloud
| in it.
|
| Even without iMessages, a fully local application like
| this would be a great product. The fact that it relied on
| their servers put me off of using Beeper cloud
| mwidell wrote:
| I used to think like this before I saw companies like Instagram
| and Tiktok thrive in the app store, which they absolutely
| cannot control. It is often worth a shot.
| wilsynet wrote:
| Relying on the App Store to distribute your app is more than
| a little different than building an extension to iMessages.
| Apple and Google want you to use their app stores in this
| way. Apple does not want you to bridge iMessages to other
| platforms.
| LeonB wrote:
| True, but I think this sentence buries the key point:
|
| "Apple and Google want you to use their app stores in this
| way."
|
| ...they want you to use their app stores, their way,
| because they retain 100% control of what you can and cannot
| do.
| LeonB wrote:
| Yep, agree++.
|
| It's impossible to avoid relying on other people's platforms.
| (Unless you want approximately zero customers, I guess) I
| _wish_ these monopolistic corps didn't have such an iron
| grip, but I'm not demanding creators single handedly remove
| every dependency on them. There is no ethical consumption (or
| production) in late stage capitalism.
| jejeyyy77 wrote:
| this - basically a backdoor trick/hack
| ElijahLynn wrote:
| > Reached for comment, Beeper CEO Eric Migicovsky did not deny
| that Apple has successfully blocked Beeper Mini. "If it's Apple,
| then I think the biggest question is... if Apple truly cares
| about the privacy and security of their own iPhone users, why
| would they stop a service that enables their own users to now
| send encrypted messages to Android users, rather than using
| unsecure SMS? With their announcement of RCS support, it's clear
| that Apple knows they have a gaping hole here. Beeper Mini is
| here today and works great. Why force iPhone users back to
| sending unencrypted SMS when they chat with friends on Android?"
|
| Does it come down to The Law of Leaky Abstractions?
|
| >> https://www.joelonsoftware.com/2002/11/11/the-law-of-
| leaky-a...
|
| Which means that if Apple wants to change something eventually,
| then they will possibly break downstream abstractions and then
| people will complain and the downstream abstraction will say
| "Well Apple changed their API, it is their fault". Letting
| someone do it from square one would be enabling that future
| scenario, as it isn't "if" it changes, it is "when".
|
| If it was an open source API that would be different, but Apple's
| is closed source, that is Apple's philosophy at the core. It is a
| closed API yah? Not even an open spec right?
| ElijahLynn wrote:
| The good thing though is that Apple finally announced RCS
| support >
|
| https://9to5mac.com/2023/11/16/apple-rcs-coming-to-iphone/
| graphe wrote:
| Good? RCS isn't universal. Am I gonna be sending and
| receiving Google, Verizon, TMobile, or Samsung messages? It's
| not universally encrypted either. No way am I turning it on.
| LordDragonfang wrote:
| So instead of being possibly unencrypted RCS when sending
| outside iMessage, you'd rather guarantee it be unencrypted?
| graphe wrote:
| The only texts I get are unwanted spam or some
| confirmation codes and no it is not worth it to use RCS
| with the amount of unsent messages it keeps having
| problems with, maybe for some "possible encryption". It
| is trash all the way around.
| unstatusthequo wrote:
| It will end up like home IoT crap. Zigbee, Zwave, Matter,
| ten other shits... GL with this
| dwaite wrote:
| RCS Universal Profile.
|
| Vendors are going to have to actually work on improving the
| standard (and Apple has committed to working within GSMA on
| an appropriate multi-vendor E2EE mechanism)
|
| In the absence of interoperable standards through GSMA,
| there will likely still be quite a bit of broken behavior,
| e.g. when it's not a Google RCS Server and all Google
| clients.
| graphe wrote:
| They don't have to, as they haven't for over a decade. It
| will suck and I doubt anyone will use it unless they're
| forced to (for 2fa). This is too little too late, if not
| iMessage, they'd use Snapchat, Facebook messenger, or IG
| before switching over to texting.
|
| There is zero benefit for apple to make it good and no
| commercial reason for these vendors to make it good for
| multi vendors.
| jejeyyy77 wrote:
| lol that is such a reach from Eric
| ma2rten wrote:
| Apples cares about the privacy and security of iPhones as a
| differentiator.
| threeseed wrote:
| Apple employees also care deeply about the privacy and
| security of iPhones.
| dev_tty01 wrote:
| I agree. There are already third party E2E messaging apps that
| work across platforms. Anyone who decided to build a business
| on unauthorized use of another company's servers was just
| setting themselves up for disappointment. I have a hard time
| understanding how anyone thought Apple would not cut this off.
| m3kw9 wrote:
| Is like saying if they care about privacy why do Apple allow
| users to buy android? Why not give your iPhone away for free so
| they don't get to use it.
| trynumber9 wrote:
| The EU should, like they did years ago with PC operating systems,
| mandate a default browser selection screen. And a default
| messenger selection screen. And a default app store selection
| screen.
|
| Not that we'd get it in the US but it would help reduce
| Apple/Google market capture efforts.
| gafage wrote:
| >And a default messenger selection screen.
|
| What for? Everybody in the EU already uses whatsapp. That shows
| how unnecessary these selection screens are.
| i5-2520M wrote:
| Incorrect meme, almost no one is on whatsapp in Hungary for
| example. We use Messenger, Viber mainly and other social
| media apps that have a chat feature.
| gafage wrote:
| So basically you are making my own argument: we use tons of
| different apps. What would be the selection screen useful
| for?
|
| Going further: if we download different messengers, it
| stands to reason we can download different browsers,
| therefore if safari is the most used it's because it's the
| one we choose.
| umanwizard wrote:
| Common case of people seeing that something is common in
| Western Europe and Latin America and then claiming "the
| U.S. is the only country that doesn't do X". Happens all
| the time.
| 3836293648 wrote:
| That's assuming Europe is way more homogeneus that it is. I
| have never heard of anyone using whatsapp in Sweden
| not2b wrote:
| That's probably why Apple will get away with keeping iMessage
| closed (unless the US government pushes them), probably not
| enough European use to count as a gatekeeper.
| schrodinger wrote:
| You say that like it's a bad thing ("get away"). iMessage
| has nowhere near a majority and Apple doesn't put in any
| restrictions against alternative messaging software (...not
| that they're perfect, and haven't in other areas...).
| not2b wrote:
| I don't believe in closed protocols or crappy
| interoperability. There are several approaches that could
| improve things, like adopting Google's encryption
| improvements to RCS so that mixed iPhone/Android
| conversations are secure ("but that's not in the
| standard!", well, then, get it or something similar in
| the standard); they don't have to let others into
| iMessage necessarily. Apple claims to care strongly about
| their users' privacy and correctly attacks Google for
| caring a whole lot less. Encrypted, full-featured
| messaging would benefit their own users.
| aaomidi wrote:
| Nah I rather them do what they're doing right now and enforce
| chat applications be cross platform.
| madeofpalk wrote:
| 'Nobody' in the EU uses iMessage, even on iPhones. Everyone
| here already uses Whatsapp. This demonstrates a lack of a
| monopoly and how competition can flourish.
|
| Honestly - and EU-regulation that Apple faces over iMessage
| would just be collateral damage from EU targeting Whatsapp.
| dgellow wrote:
| WhatsApp and Telegram (varies by country)
| NBJack wrote:
| I mean, if everyone is using Whatsapp, that is effectively a
| monopoly. I am curious as to what the runner ups are in the
| EU however.
|
| Meanwhile, wait until Mr. Zuckerberg looks for new ideas to
| monetize their messaging ecosystem.
| Semaphor wrote:
| Both Telegram and Signal. Threema is a distant 3rd ime.
| chmod775 wrote:
| There's no monopoly. Messengers hardly have any lock-in and
| there's plenty of competition available. Entire continents
| will switch messengers essentially overnight once the
| current market leader becomes too enshittified and there's
| something better. Remember how AOL, ICQ, MSN, Skype, etc.
| died?
|
| WhatsApp is the current leader because it's no-nonsense and
| works everywhere. The moment Facebook fucks that up even a
| little bit, people will have moved on to the next thing.
| ImJamal wrote:
| There is major lock-in. If I want to move Signal but
| everybody I message uses WhatsApp then I can't message
| them unless they switch.
| chmod775 wrote:
| I can use multiple messengers in parallel without issue,
| as I did each time in those transitional periods.
|
| The last messages on a dying messenger are always
| instructions on how to move on to the next thing. In
| skype, my status and most recent messages are just
| informing people of my discord handle. I accept that I
| may not be the norm, because generally I don't reach out
| to people and don't initiate contact, meaning that the
| onus is on them to use the appropriate channel to reach
| me.
|
| Maybe it's worse for people who voluntarily stay in
| contact with many others using different messengers, but
| I don't see the problem with just having multiple
| messaging apps, especially since modern phones just
| consolidate all messaging services's contacts into your
| contacts app (at least on Android). You don't even need
| to remember who is reachable where.
| ImJamal wrote:
| >Maybe it's worse for people who voluntarily stay in
| contact with many others using different messengers
|
| This is the problem I was expressing. If I want to
| contact Joe I have to use Signal, if I want to contact
| Sarah it is WhatsApp. Sam is SMS. Its hard to remember
| who is using which app.
|
| > but I don't see the problem with just having multiple
| messaging apps, especially since modern phones just
| consolidate all messaging services's contacts into your
| contacts app (at least on Android). You don't even need
| to remember who is reachable where.
|
| That is easy enough if you use the contacts app. I
| usually go straight to the app I want. Regardless, it
| doesn't solve the core problem because people use
| multiple apps. How am I supposed to remember which app
| they prefer? I could message them on their non-prefered
| app, but I don't like doing that if I can avoid it.
| krater23 wrote:
| What do you think why suckerberg didn't done that until
| now? Facebook knows exactly that they need to be extremely
| cautiones to don't lose all their users to threema, signal
| or telegram.
|
| Thats the reason why until now they only added non
| intrusive monetizing ideas than company accounts and so on.
| And when you ask me, they found a way to make whatsapp
| better. I can now order sushi via whatsapp. Here in Germany
| I know no other messenger that makes this possile.
| pdntspa wrote:
| God I really wish we Americans would get on whatsapp
| sentientslug wrote:
| No thanks, iMessage is much better and not owned by
| Facebook.
| 123sereusername wrote:
| Damn Straight.
| etrautmann wrote:
| My sense is that zeitgeist has shifted on this in the
| last year no?
| umanwizard wrote:
| In what way?
| krater23 wrote:
| It's owned by Apple. Thats not better. Same shit, other
| asshole.
| gardenhedge wrote:
| How is iMessage better? WhatsApp is a great app.
| icehawk wrote:
| Apple's business model is predicated on me buying things
| from them.
|
| Facebook's business model is predicated on being able to
| sell access to me to third parties.
|
| I can control the first one directly.
| gardenhedge wrote:
| That is not related to how the app works though
| DanAtC wrote:
| So I can give my data to Meta? No thanks.
| mardef wrote:
| I really don't want to give meta any of my business.
| umanwizard wrote:
| Why? What is so great about it? It seems practically
| identical to signal and, if everyone is already on iOS,
| strictly worse than iMessage.
| dgellow wrote:
| Runs on android, windows, web, macOS, iOS.
| umanwizard wrote:
| So does signal.
| KomoD wrote:
| I can't find a web client?
| umanwizard wrote:
| Guess you're right.
| dgellow wrote:
| Sure, and telegram does too. I was responding to someone
| talking about iMessage
| bombcar wrote:
| I can't really tell the difference between signal
| telegram teams discord et al.
|
| But messages falls back to sms and that I can notice.
| krater23 wrote:
| Tried it in the early days where Whatsapp was buyed by
| facebook. Signal lost messages in group chats, Signal
| lost messages in normal chats.
|
| Thats was the way to my blacklist. Droped Signal caused
| by unreliability.
|
| Additionally, same as now iMessage, close out of other
| clients. Other asshole, same shit.
| dgellow wrote:
| > Tried it in the early days where Whatsapp was buyed by
| facebook.
|
| Wasn't that in 2014, so literally 9 years ago? Things are
| pretty different now.
| mattl wrote:
| Signal group chats are shit by comparison.
| zoklet-enjoyer wrote:
| I've been using Signal since it was Text Secure and Red
| Phone. I've got most of my friend group switched over to it
| mattl wrote:
| British-American here. WhatsApp is very good despite its
| owners. Way better than anything else which is why we
| continue to use it for group chats.
|
| There's no other good group chat encrypted option for both
| iPhone and Android.
| ivanjermakov wrote:
| I don't consider any of these as a viable option.
| etrautmann wrote:
| It felt like most of the US was on whatsapp and then
| everyone moved to signal and telegram
| ggm wrote:
| These assertions need those quotes around 'nobody' because I
| work with a bunch of apple device owners across Europe and
| they certainly do use Apple messages.
|
| At scale yes, signal, telegram and whatsapp are perhaps more
| significant than the apple ecology and the ratio of android
| to apple outside the USA and canada probably shows why.
| madeofpalk wrote:
| Yes, I'm sure that there is at least one person who uses
| iMessage in all of Europe.
| diligiant wrote:
| 10 if you count my family, parents and siblings ;)
| tiahura wrote:
| Is anyone aware of actual statistics on this?
| spacebanana7 wrote:
| It's surprisingly difficult to measure.
|
| "Installs" are muddied by the fact that everyone with a
| Facebook account has a Messenger capability, and every
| Apple user has an iMessage app downloaded.
|
| "Messages received" is distorted by group chat dynamics
| and commercial messages.
|
| "Messages sent" is distorted by the unequal value of
| relationships.
|
| For example, I generally communicate with FB marketplace
| sellers & acquaintances from high school on Messenger,
| but use WhatsApp for talking with overseas family
| members.
|
| More generally, there are social dynamics which make
| messenger apps radically different from one another. Even
| when the feature sets of the applications are very
| similar.
| ggm wrote:
| Beeper had a good approximation
| mig39 wrote:
| I know some that use it in Portugal, but most of my
| relatives use Facebook Messenger first, then WhatsApp, then
| SMS or iMessage.
| trynumber9 wrote:
| I'm aware almost no one uses iMessage in Europe. Most would
| choose WhatsApp in Europe. And if we had the choice most
| would choose iMessage in the US.
|
| But it gives normal users a choice if they want it. Maybe it
| would get some to think oh maybe I should try Signal. That's
| how some people found out about Firefox - unimaginable I
| know.
| madeofpalk wrote:
| But Whatsapp's popularity on iOS already shows that
| "normal" (whatever that means) users already have a choice.
| The market is not being constrained by Apple.
| trynumber9 wrote:
| Not by Apple anyway. But it'll save them having to search
| WhatsApp :)
| johnbellone wrote:
| Every person I interact with in the EU uses iMessage. Let's
| avoid making sweeping generalizations.
| sbuk wrote:
| That's a pretty sweeping generalisation on it's own. You
| personally interacting via iMessage with people in the EU
| has absolutely no bearing on this. When people say that
| 'no-one' uses iMessage, they are really saying saying that
| it's a very small percentage. It's like saying 'no-one uses
| Yahoo! mail' - relative to GMail and Outlook.com, it's use
| is vanisingly small these days, but I guaruntee that there
| is a not-insignificant number of mail originating from
| Yahoo domains.
| johnbellone wrote:
| It's an anecdote just like yours.
| SahAssar wrote:
| Your view is clearly not representative for the whole of EU.
|
| Most of my family, friends and colleagues are on iMessage. I
| often need to explain why facetime will not work.
|
| Whatsapp is also common, but different as it does not as
| easily replace SMS.
| rglullis wrote:
| Let's think higher than that. Let's just get rid of
| megacorporations: let's mandate that any company with more than
| amount of X employees should be broken down into smaller
| divisions, with a separate board and CEO, and make it that no
| one can be on more than one board at the same time.
|
| Make X low enough, 250, and all of this would go away: no more
| corporatism, no more monopolies, no more special groups
| interests paying for government lobbying, no more abuse of
| power from a handful of companies...
| spacephysics wrote:
| This sounds like some utopic conjecture, that honestly,
| wouldn't solve the root problem
| tombozi wrote:
| As with any system, it is just a matter of time before
| loopholes are found and exploited.
| rglullis wrote:
| As with any policy, it will be up to the Government to use
| its three branches of power to determine and enforce their
| laws.
| tombozi wrote:
| The government is just another layer of the system.
| judge2020 wrote:
| Sure, it might seem appealing to do this now, but had this
| existed 20 years ago the convenience and pros of the Apple
| ecosystem wouldn't exist. You don't get the hardware+software
| experience that Apple provides. You'd get stuff like handoff
| (such as the handoff to Homepod functionality where you tap
| your phone to the top of it) maybe 10 years later when enough
| people finally get together to make a standard for it. Apple
| Silicon and the Rosetta translation layer never happens.
| rglullis wrote:
| You make it sound like that is bad thing.
| umanwizard wrote:
| I never understood what the point of comments like this is.
| You _know_ what you're describing is never going to happen.
| So is it just philosophical musing about what the ideal
| society would look like?
| hellotomyrars wrote:
| What is the point of asking what the point of someone's
| comment is because it seems fanciful and impractical? Good
| grief. They're not hurting anyone.
|
| Also there are a lot of things people could say "You know
| what you're describing is never going to happen." That did
| happen.
|
| I'm not suggesting this one is. I don't think so either,
| but it isn't a very productive attitude.
| zoklet-enjoyer wrote:
| 250 is a bit low, but otherwise, interesting idea
| sleepybrett wrote:
| lol, what if china says no?
|
| Now I have a company that cannot compete at the scale some
| chinese company can. OK so we close the border to imports
| from companies that are larger than our rules. When has that
| ever worked out?
| rglullis wrote:
| Can the US (or Europe or Japan) compete with China today?
| seanmcdirmid wrote:
| How many people are still using safari on Mac? Everyone I know
| uses chrome, but maybe that's just in the states?
| nomel wrote:
| Chrome being viable is fairly recent:
| https://9to5google.com/2023/02/28/chrome-safari-battery-
| life....
|
| In fact, I didn't realize it's actually viable until now.
| 123sereusername wrote:
| I live in the states and dropped Chrome for Safari Pick
| your poison.
| caseyohara wrote:
| I use Safari as my daily driver on Mac because it syncs
| nicely with my iPhone and iPad (I don't see any point using a
| browser besides Safari on iOS/ipadOS), and is better on
| battery life. I also regularly use Chrome on Mac for things
| like front-end development.
| seanmcdirmid wrote:
| I'm the opposite. The only reason I ever use chrome on my
| iPad to s because I need to use my password manager (since
| I use chrome for everything on my desktops). Even my non
| techie wife uses chrome on her MBP (and I didn't set it up
| for her).
| caseyohara wrote:
| You really should use a password manager that is separate
| from your browser.
| CharlesW wrote:
| According to StatCounter, Safari has a 13% browser market
| share on desktops. (Similarweb shows 11% on desktops, so not
| terribly different.)
|
| https://gs.statcounter.com/browser-market-
| share/desktop/worl...
| umanwizard wrote:
| I know a few people who use safari on Mac. Either because
| they just don't care enough to install another browser, or
| because they prefer the more "native Mac" look and feel.
| MBCook wrote:
| > Either because they just don't care enough to install
| another browser...
|
| Why does so many people have this attitude that Safari
| sucks and the only people who use it are idiots who don't
| know better?
|
| It's so incredibly insulting.
|
| Not that putting native Mac in quotes implies anything nice
| either.
| umanwizard wrote:
| I don't use Mac, nor care what browser people use on it.
| I use safari on iOS because I too don't care enough to
| install another browser.
|
| It's absolutely baffling that you could read my post as
| saying safari sucks or that people who use it are idiots.
|
| Let me try to be more clear... there are two reasons
| someone uses Safari on macOS, in my experience:
|
| 1. They like it better. Usually, the reason they like it
| better is because it feels more "native Mac". This term
| is in quotes because it's not a technical term and my
| understanding of what it actually means is vague, but I
| by no means dispute that it's real.
|
| OR...
|
| 2. They don't care, so they use the default.
| MBCook wrote:
| > Either because they just don't care enough to install
| another browser
|
| The way this is written implies to me you think they
| should install something else, but obviously they just
| don't care.
|
| Whenever there are discussions about Safari on hacker
| news they tend to be a lot of people who seem to have the
| opinion it should die and that anyone with a brain uses
| chrome.
|
| Between your word choice and that seemingly common
| sentiment here that's what I thought you were saying. I'm
| sorry if I misunderstood.
| FirmwareBurner wrote:
| Why do you care about other peoples' opinion on a
| fricking browser? Did you write it to feel insulted?
|
| I'm trying to understand the reason for the white knight
| HN commenters NPC reactions coming with their "stop
| insulting my favorite trillion dollar corporation".
| MBCook wrote:
| I really like safari and have used it ever since the day
| it was released. It's my favorite browser.
|
| There's a very common sentiment on HN and other technical
| places that safari is a serious problem that needs to be
| removed from the web so that things can be "better".
|
| That's why I'm insulted. Not because someone is insulting
| Apple, do that all you want if they deserve it. Because
| I'm tired of people implying that the browser I like is
| shit because it's not chrome and its only used because
| people have no choice or can't figure out how to switch.
| FirmwareBurner wrote:
| So you're feeling insulted because someone insulted your
| favorite browser made by a multi trillion dollar
| corporation? You need to get a life mate and stop
| shilling for mega corporations.
|
| People are entitles to their own opinion regarding
| products. If they think it's shit, it's their opinion
| same how you're entitled to your own different opinion,
| no need to be Apple's unpaid white knight and froth at
| the mouth at everyone calling their stuff shit.
| sleepybrett wrote:
| the password manager integration tempts me to switch on my
| mac...
| MBCook wrote:
| Me? I love Safari and Chrome drives me nuts. I can't see a
| single reason to switch.
| dgellow wrote:
| I do use safari on macOS, and edge on windows. What am I
| missing? I only use chrome when debugging web stuff because
| I'm more used to their web console and tooling, but I don't
| see a need to use it as my main browser.
| samcat116 wrote:
| Famously those default selection screens for browsers failed
| horrendously.
| trynumber9 wrote:
| Did it? Firefox still has lingering popularity in Europe it
| doesn't have elsewhere.
| jeroenhd wrote:
| The EU's DMA is supposed to basically do this: break up
| gatekeepers and closed platforms for user choice.
|
| Not every app needs to be compatible with every other app,
| though. There is a user base cutoff (and even then there is
| some room for interpretation) of 45 million users (10% of the
| EU population)/10k business users.
|
| Negotiations aren't done yet, but it seems iMessage isn't
| popular enough to meet this cutoff. Alternatives like WhatsApp
| definitely are, though; I'm pretty sure that's exactly why
| Facebook is working on cross-platform messaging for WhatsApp:
| https://www.theverge.com/2023/9/10/23866912/whatsapp-cross-p...
|
| This law doesn't just effect chat app developers: it also
| applies to app stores and other methods of digital gatekeeping.
|
| That being said, Apple argues the app store for its iPads
| aren't popular enough to cross the threshold (they split up the
| iOS app store and the iPadOS app store in their statistics), so
| the impact of these requirements will depend on what specific
| iDevice you use.
| turquoisevar wrote:
| No, thank you.
|
| When the EU forced that implementation, it was already behind
| the ball.
|
| It all but ensured Chrome's dominance by killing Firefox's
| momentum and proved unsuccessful, which is why the browser
| selection screen got killed.
| mh8h wrote:
| An open source client for iMessage is going to be used for fraud
| and spam. Before this, a device being blocked by Apple because it
| was used for fraud or spam would increase the cost of business
| for fraudsters and spammers. But now it's a matter of picking a
| new phone number. Of course Apple would try hard to stop this.
| Banditoz wrote:
| Is spam a good reason for Apple to keep their iMessage garden
| exclusive? SMS is also widely used for spam.
| MBCook wrote:
| Yes. It exists but (for me) is non-existent. I know others do
| get it.
|
| I've never thought about it but that would be a huge black
| mark and could end up pushing a lot of people to
| WhatsApp/FaceBook Messenger/whatever.
| mh8h wrote:
| I am not in the position to judge that. But reducing spam on
| iMessage is beneficial for Apple customers, and as a
| customer, I want Apple to be able to do that.
| lawgimenez wrote:
| I'm in Asia, my phone number has been with me for almost a
| decade. I haven't received spam in a blue bubble, only on SMS
| (green). Just want to give you a perspective in the other
| part of the world.
|
| This are not just spam but most are sms phishing with links.
| We have poor, inadequate cyber laws, so we are glad Apple is
| doing its part sealing this off.
| StressedDev wrote:
| Yes - As an iPhone users, I am not really interested in
| getting more SPAM.
| jeroenhd wrote:
| This is exactly why Signal closed their source code: if you
| allow access to your network, you're only accepting spam. For
| their users' security, it's essential that they must guard
| access to their network as much as possible.
| yjftsjthsd-h wrote:
| > if you allow access to your network, you're only accepting
| spam.
|
| Well no; spam yes, _only_ spam no.
| meonkeys wrote:
| I feel the need to get a bit pedantic here. I'm not trying to
| pick a fight; I truly hope it helps clear up a few things.
|
| Signal _is_ open source. It 's a fair argument that they make
| it difficult to use servers other than theirs, and we can't
| be sure exactly what they run server-side, but their code is
| possible to fork and all that. Their licensing is clear. Even
| the choice of AGPL is significant here: they _must_ provide
| the source for exactly what they run on their server.
|
| Network access is orthogonal to source availability/openness.
| Closing source as a means to limit access is security through
| obscurity. Not to say that it wouldn't work, but we certainly
| wouldn't expect the Signal Foundation to take this approach.
|
| The most significant measure Signal uses to manage access to
| their network has to do with the phone number requirement.
| That's an intentional choice on their part (arguably
| controversial, but I don't have an opinion about it).
|
| I've never received a spam message from another Signal
| user... is this common for you (or anyone)? I think in all
| the years I've used Signal I've only received less than 5
| spammy "message requests" that are quite obvious/easy to
| decline because I don't already have their phone number in my
| contacts. I've always had to first ask someone "hey, can we
| use Signal?" so I'm already expecting legitimate message
| requests when they arrive.
| jeroenhd wrote:
| I was hoping the /s wasn't necessary, but just to be clear:
| my comment was entirely sarcastic. Signal has had its
| issues in terms of open source-ness (like that time they
| stopped publishing their code for quite some time) but the
| client and server are open source, and while they're not
| huge fans of alternative clients, they have designed their
| protocol so that it's practically impossible for them to
| refuse alternative clients, purely out of privacy
| considerations.
|
| Now that Signal has usernames you can share, rather than
| phone numbers, I think the phone number decision is a lot
| less problematic.
|
| Strangely enough, I did receive spam this week. Or at least
| I think I did, an account I didn't recognise with a profile
| picture of a woman I didn't recognise sent me "hi". This
| coincided with my first SMS spam of the year and spam on an
| email address I used for one specific company, so I guess
| they've been hacked and had their database dumped. Maybe
| I'm just lucky, but spam just isn't a problem for me.
| KomoD wrote:
| This is what Snazzy Labs said about Beeper Mini... hilarious:
|
| > This doesn't appear to be some easy thing Apple can just turn
| off.
|
| > It will require a complete redesign of their entire
| authentication and delivery strategy for not just iMessage but
| Apple ID account access as a whole.
| aaomidi wrote:
| To be fair, this could be a heuristic based ban which wouldn't
| be too hard to bypass.
|
| It'll be interesting if beeper mini ends up bypassing it.
| dagmx wrote:
| This is why people shouldn't listen to tech YouTubers who don't
| actually work in tech as engineers.
|
| They're tech fans, not experts but act like they know the
| domain space enough to make strong authoritative claims since
| that's what gives them an audience.
| ShamelessC wrote:
| There were a number of similar comments on HN when they
| announced. The real lesson? The internet is a shit show.
| twodave wrote:
| I don't know about you, but I've worked with plenty of
| "engineers" who can't even properly read a stack trace. Not
| meaning to offend, most software developers are unable to
| reason about a system even as straightforward as a
| messaging client with accuracy, especially a closed source
| one.
| sbuk wrote:
| This is true, we see it anytime a discussion around email
| comes up.
| dagmx wrote:
| True, but there's a difference in seeing a random anonymous
| account parroting things and someone with a following
| pushing it.
|
| Honestly many people here, myself too probably at points,
| tend to just repeat what they've heard elsewhere as fact.
| You can see it if you try and notice phrasing patterns
| repeating.
|
| My real lesson is less that the internet is a shit show (it
| is though), and more that people like to take a very strong
| opinion as fact, over a more nuanced opinion that requires
| understanding of a topic.
| znpy wrote:
| The guy is a fine youtuber but i think he was talking about
| stuff outside of his area of competence wrt to this specific
| matter.
| IMTDb wrote:
| Usually the correct course of action is to just... say
| nothing then ? Or at least take some caution. But hey, it
| makes for a less sensationalist headline. The thing is that
| trustworthiness is typically something you look for in a
| reviewer, clearly not something that can be found there.
| acherion wrote:
| Say nothing? They can't do that, what else are they going
| to talk about in the next video that they have to release
| to appease the Youtube Algorithm?!
|
| /s obviously!
| wildrhythms wrote:
| The bar for 'tech journalist' is... none. There is no bar.
| prvc wrote:
| Or for any kind of journalist.
| throw310822 wrote:
| Do sms/mms received from iMessage users on Android look anything
| in particular? Because a possible move for Google would be to
| reject them by default in some future version (hm hm, "security
| reasons"). End of "yes you're still in but you look like a
| cripple" and begin of "this app _doesn 't allow_ me to talk to
| that person, if I want to reach him I _need_ to switch to
| something that supports Android ".
| umanwizard wrote:
| If they tried that in the US basically everyone on android
| would switch to iOS the next day.
| robertoandred wrote:
| iMessage doesn't send SMS/MMS messages.
| kstrauser wrote:
| Of course it does.
| meepmorp wrote:
| iMessage does not send SMS or MMS.
|
| SMS messaging is a feature of the mobile network, and
| they're sent directly from the device to the carrier SMSC
| without going through Apple's servers. You might be
| confusing iMessage with Messages. The former is a messaging
| platform, the latter is an app that can send messages
| either via iMessage or SMS (assuming a mobile device, or
| pairing with an iPhone).
| MBCook wrote:
| You think it would be a good idea for android to reject all
| SMSes?
| throw310822 wrote:
| No, obviously not, that's why I specified "if it's possible
| to tell apart those coming from iMessage".
| MBCook wrote:
| It's not. They don't come from iMessage. They're went like
| any other SMS.
| meepmorp wrote:
| SMS is handled by carriers, so google couldn't really block
| messages from iPhone users specifically. And that's not
| considering what an incredibly bad move it would be for them if
| they could somehow reject only iPhone texts.
| throw310822 wrote:
| Do the SMSes come straight from the other users' phones, or
| are they relayed via some Apple server?
|
| > what an incredibly bad move it would be for them
|
| I don't see it very different from Apple's choice to degrade
| arbitrarily the experience of messaging with android users.
| There are infinitely better alternatives to sms for private
| messaging, Google could say it's encouraging its users to
| move on them.
| meepmorp wrote:
| From the device to the carrier SMSC.
|
| Edit: to respond to your edit
|
| Apple is blocking 3rd party access to their own services.
| Google blocking access to messages delivered via an 3rd
| party isn't at all the same thing. And the optics of it
| would be incredibly bad for Google.
| throw310822 wrote:
| Anyway, look. If I had this issue (I don't since I live
| in Europe where everyone uses Whatsapp) that's what I
| would do: I would download an app that blocks SMSes from
| selected (known) numbers and auto-responds to them with a
| message like "SMSes from this number are blocked by the
| receiver - Please contact me on Whatsapp/ Telegram/
| Signal".
| meepmorp wrote:
| Sure, I guess. Seems like performative outrage, but at
| least it'd send a signal to people that they should stop
| talking to you entirely.
| throw310822 wrote:
| More like "educating people to care". And if they don't,
| yes, there's no point in talking.
| MuffinFlavored wrote:
| It lasted 3 days? :)
| MBCook wrote:
| Surprisingly long, really. I expected it to die much faster.
| gnicholas wrote:
| Maybe Apple was waiting for a Friday afternoon to issue their
| update.
| quickthrower2 wrote:
| You could do a few OpenAI hokey pokeys in that time.
| dmillar wrote:
| As usual, Gruber was right on the money. Via Threads yesterday:
|
| _" My prediction is that Apple will make changes--fixing bugs
| and/or closing loopholes--that break Beeper Mini. It's untenable
| that there's unsanctioned client software for a messaging
| platform for which privacy and security are a primary feature._
|
| _It's a very nice app, remarkably clever, and for now works like
| a charm, but if Apple wanted an iMessage client for Android
| they'd release an iMessage client for Android. Seems
| irresponsible for Beeper to charge a subscription for an
| unsupported service. "_
|
| https://www.threads.net/@gruber/post/C0k1VgyMGZN?hl=en
| goodluckchuck wrote:
| It looks to me like there is an advantageous business
| relationship between Beeper and their customers. As a general
| rule, Apple is free to change their programs and how they work.
| However, I think there's a plausible argument for tortious
| interference here if the sole purpose was to prevent
| interoperability.
| umanwizard wrote:
| Are you a lawyer because Apple stopping third parties from
| using their service being in any way illegal sounds extremely
| hard to believe
| MBCook wrote:
| > The CFAA prohibits intentionally accessing a computer
| without authorization or in excess of authorization, but
| fails to define what "without authorization" means.
|
| - From the National Association of Criminal Defense Lawyers
|
| Other way around. If anything, it sounds to me like _Beeper
| Mini_ was acting illegally by accessing Apple's servers in
| a way they didn't give permission for.
|
| The CFAA is ripe for abuse. I'm not saying applying it here
| would be just or not, only that Apple likely wasn't the one
| acting illegally.
| bee_rider wrote:
| Wouldn't it be the users, rather than Beeper Mini, that
| are doing the accessing?
| dwaite wrote:
| Beeper mini includes a hosted service to receive APNS
| notifications (meant for Apple software)
|
| So I would summarize it as the corporate entity
| connecting to an Apple API and using it in undocumented
| ways that they reverse engineered, intercepting messages
| meant only for Apple software, doing so without prior
| permission, for purpose to selling access to services
| which would normally be covered by an Apple EULA.
|
| It is not quite like a smaller word processor wanting to
| be able to import Word documents - without tying into
| Apple's service, Beeper Mini has zero value.
| goodluckchuck wrote:
| I think that's certainly an argument that Apple would
| make. However, it seems that this app was simply sending
| requests and receiving responses that there was no code
| injection or compromise of Apple servers, or of
| credentials, or anything of that sort.
| chmod775 wrote:
| Yes, they didn't violate the law as you think it _ought_
| to be written.
|
| They may very well have violated the law as it is
| _actually_ written.
| simondotau wrote:
| It's also entirely possible that no law has been violated
| by anyone at all. What Beeper Mini did is probably not
| illegal. What Apple did in response is probably not
| illegal.
| ntqvm wrote:
| Not particularly relevant due to lawsuits involving game
| cheating, where the circumstances are very similar.
|
| Beeper is lucky they weren't sued under the DMCA anti-
| circumvention clause, as they clearly were bypassing the
| technological measures Apple uses to prevent genuine
| devices from connecting to iMessage & Apple services.
| tadfisher wrote:
| The DMCA protects copyright, not APIs. If iMessage was a
| DVD then this would be a point.
| MBCook wrote:
| I wonder if any of the encryption stuff Apple uses would
| give them an argument, like convincing their system to
| generate keys.
|
| I think you're likely right though. If they had such a
| claim I think their lawyers would have been on it
| instantly.
|
| That's why I mentioned the CFAA. Accessing servers
| without someone's permission is the exact kind of thing
| people have gotten very stiff punishments for under the
| CFAA in the past. It's basically the main reason I know
| the law exists, stories about peoples ridiculous
| punishments for relatively benign things.
|
| Sure it's useful for real things. I bet you can prosecute
| ransom under it. Or hacking to break into a rival
| company.
|
| But it's also great for when someone embarrasses a
| politician with stuff that they published on their own
| website and "something has to be done".
| goodluckchuck wrote:
| That's fair, but compare it to SMS. What if Apple blocked
| SMS messages sent via cellular carriers, which are also
| using their services (software on phones, etc.) Then
| suppose it wasn't malicious SMS or spam, but legitimate
| messages sent using a competitor's product (e.g. from all
| Samsung phones).
| freedomben wrote:
| Maybe (or maybe not) plausible, but I think it's irrelevant,
| because there's no way a small company like Beeper could beat
| Apple's lawyers at this game. It will end up bankrupting
| Beeper long before it would even matter.
| gnicholas wrote:
| This is unfortunate, but not untrue. Even just going
| through discovery on this issue would be quite expensive --
| and would be critical to proving Beeper's case.
| madeofpalk wrote:
| That's like getting upset after getting bad dating advice
| from a vending machine.
| tptacek wrote:
| There's a bunch of reasons why this is unlikely to be
| tortious interference, but one of the obvious ones is the
| contractual Terms & Conditions that apply between Apple and
| its users; I doubt Beeper is liable here, but if interference
| was a thing, my bet (not a lawyer!) is that the liability
| would point the other direction.
| gnicholas wrote:
| My read of GP's comment was that the claim of tortious
| interference would be by Beeper against Apple (for
| interfering with Beeper's relationship with Beeper's
| customers).
| tedunangst wrote:
| Apple is not preventing anyone from downloading beeper,
| or giving beeper money, or running beeper software. They
| are exercising control over their own servers.
| paulryanrogers wrote:
| Blocking interpretability could be illegal, especially as
| they near market dominance
| lotsofpulp wrote:
| iMessage is nowhere near market dominance. As evidenced
| by the ease of use and popularity of alternatives such as
| SMS/Whatsapp/Signal/Wechat/etc
| AlexandrB wrote:
| I agree. The obsession with "blue bubbles" is something I
| only hear about from tech writers. No one I communicate
| with in the real world has ever mentioned it.
| _Supposedly_ teenagers care about this, but that seems
| like a poor basis for anti-trust action.
|
| At the same time, I miss the era of rich third party
| client ecosystems for things like AIM or MSN messenger.
| Blocking interoperability is a bummer for innovation.
| lotsofpulp wrote:
| >Supposedly teenagers care about this,
|
| Android vs iPhone is definitely a thing people in their
| 20s and 30s even use to judge others. I have polled quite
| a few family/friends, and it is near unanimous that it is
| a dealbreaker in dating, mostly because they assume there
| is a higher likelihood they will not mesh with the type
| of person the non iPhone user is.
|
| >but that seems like a poor basis for anti-trust action.
|
| Correct.
| simondotau wrote:
| Apple would claim that you pay for the iMessage service
| as part of the purchase price of hardware and software.
| From this perspective it's not blocking interoperability,
| it's blocking theft.
|
| Whether that argument holds is for governments and courts
| to decide, ultimately.
| gnicholas wrote:
| My understanding of tortious interference is that it is
| broader than actually preventing others from using a
| service. Even just saying things to dissuade them from
| doing business with a company can qualify.
| tedunangst wrote:
| Really weird that a disinterested third party like Apple
| would even make loud public statements about Beeper.
| tptacek wrote:
| Yes. And I'm saying, were this a live issue (I don't
| think it is), the graver liability might be for Beeper
| interfering with Apple's contracts with its users.
| gnicholas wrote:
| In what way would Beeper's action cause Apple's customers
| to breach a contract with Apple? I would think most of
| the people who would purchase a service like this would
| be Android users, not iPhone users. Some of them might
| own Macs, but what would be the contract that the user
| would be breaching that would result in damage to Apple?
| tptacek wrote:
| If they're "just Android users", they don't have iMessage
| accounts.
| gnicholas wrote:
| So your thinking is that these end-users have signed some
| sort of agreement with Apple, and that agreement says
| they won't use any unauthorized services to connect to
| Apple servers, or some such thing?
| tptacek wrote:
| That's not "my thinking" so much as it is a fact.
| gnicholas wrote:
| If it's a fact then it should be no trouble to share the
| relevant provision.
|
| I was sharing that theory as a conjecture, since I have
| no reason to believe such a provision exists.
| goodluckchuck wrote:
| There's certainly a contract there, but it's not obvious
| how a customers compliance the terms and obligations create
| a profit for Apple. I think most outside observers would
| generally assume that Apple's profits come from the
| payments the customers make to Apple, when purchasing
| devices or making subscriptions. After all, the only people
| subject to, and breaching the terms of service are Apple
| customers who did pay for their phones, etc..
| tptacek wrote:
| In a California interference case, Apple would need to
| prove:
|
| 1. An enforceable contract existed (check!)
|
| 2. Beeper knew about the contract (check!)
|
| 3. Beeper's actions intentionally caused a breach of that
| contract (check!)
|
| 4. An actual breach of Apple's Terms & Conditions
| occurred
|
| 5. Apple had damages
|
| None of those elements have much to do with profit.
| gnicholas wrote:
| Not sure why this is getting downvoted - IAAL and this is
| definitely something worth considering. This particular type
| of law varies from state to state, and can be quite broad.
| I've talked with other lawyers about it in the past, and my
| understanding is that it's frequently asserted when companies
| make counterclaims in business litigation.
|
| That doesn't mean it's a sure winner, just that it's a live
| question until more info is known. I imagine Apple would say
| they need to tighten up any parts of their system that could
| allow for spoofing or other security issues, and that was
| their 'legitimate' reason to make these changes.
| cqqxo4zV46cp wrote:
| I'm not a lawyer, but I do know how computers work. I'd bet
| the farm on the very safe assumption that any protocol
| change that blocks a third-party client at the very least
| can plausibly be claimed to be in service of security, and
| most likely be a legitimate claim in reality. It is
| probably being downvoted because it's incredibly far-
| fetched.
| gnicholas wrote:
| I agree that this would be their argument. But as other
| commenters mention, this area could be a minefield for
| Apple due to their dominance in various markets. It's
| possible they wouldn't want to get sucked into a lawsuit
| about this, even if they thought they could win, since
| they might end up making statements that would have a
| larger detrimental effects in other cases/potential
| cases.
| D13Fd wrote:
| I think most or all states recognize that the defendant's
| actions must not be justified or privileged. It's hard to
| imagine how Beeper would meet that element on these facts.
| willseth wrote:
| How are you going to make a case for tortious interference
| when the would be interferee is profiting by using the
| interferer's resources without payment?
| goodluckchuck wrote:
| From beepers website, there's no use of apples servers when
| iMessages are sent from a beeper user to a beeper user.
| Rather, they only pass through Apple when sent to an iPhone
| user and in that case it's the iPhone user that's utilizing
| apples resources. And in that case there's an Apple device
| owner, who is paid for the right to use iMessage servers.
| willseth wrote:
| Wow that's a hell of a stretch, but A+ for effort I
| guess. By that logic, they're only stealing 50% of
| Apple's iMessage resources for iPhone users.
| tedunangst wrote:
| Well, obviously, if those messages aren't using Apple's
| servers, then Apple hasn't stopped them, so there's no
| interference.
| tiahura wrote:
| Not sure that's worth much congratulation. Is there anyone that
| didn't think the exact same thing as soon as they saw the
| story?
| kyleyeats wrote:
| The "well duh" crowd says "well duh" no matter what happens.
| jjulius wrote:
| Mmm, absolutes.
| tiltowait wrote:
| I heard/saw quite a few people saying Apple either couldn't
| or wouldn't cut them off--and that even if they did, it would
| take a while. They were ridiculous takes, yes, but apparently
| made in earnest.
| jeroenhd wrote:
| While it would ruin the experience in practice (not being
| able to receive any notifications), I don't see why someone
| couldn't perfectly reverse engineer the protocol.
|
| Beeper made several design decisions that made the app
| super easy to use (i.e. using a single certificate that
| wasn't supplied by a user's phone), but if you extract the
| necessary source material from an old jailbroken iDevice,
| you could create an iMessage clone that Apple can't ban
| without either legal action or breaking compatibility with
| all easily jailbroken iOS devices.
|
| Back in the days of AIM and MSN, even large companies used
| reverse engineering to get chat interoperability, and it
| was so successful that AIM left open an RCE vulnerability
| to push shellcode so that Microsoft couldn't chat through
| their service.
| _rs wrote:
| Any source/articles about the AIM RCE and it being left
| open? Would love to read about that
| jeroenhd wrote:
| Here's a long writeup by someone who worked at Microsoft
| at the time:
| https://www.nplusonemag.com/issue-19/essays/chat-wars/
| willseth wrote:
| There were a lot! Usually taking the form of: 1. They'll have
| to do a major update to iMessage, 2. But what about
| Hackintosh?, or 3. EU regulators will stop it
| vGPU wrote:
| A good chunk of the posters on the release thread seemed to
| think otherwise.
| treyd wrote:
| >It's untenable that there's unsanctioned client software for a
| messaging platform for which privacy and security are a primary
| feature.
|
| I don't follow this logic at all. Shouldn't supporting
| thirdparty clients be desirable if security is a primary
| feature in the interest of transparency? Especially if the
| reference client is proprietary and undocumented.
| Grustaf wrote:
| How would third-party clients _increase_ security (other than
| indirectly, by people using SMS less)? On the contrary,
| third-party clients is a gigantic security hole, since Apple
| can't even know if a client app is spying on users.
| jlarocco wrote:
| > On the contrary, third-party clients is a gigantic
| security hole, since Apple can't even know if a client app
| is spying on users.
|
| Security isn't about _Apple_ knowing if an app is spying on
| users, but about _THE USERS_ knowing that nobody is spying
| on them.
|
| At best a third party iMessage client can only be as secure
| as iMessage itself because the back end is still closed and
| has no transparency, so it's the weakest link. If Apple (or
| a third party) is spying on the back end then no client can
| be safe.
|
| > How would third-party clients _increase_ security (other
| than indirectly, by people using SMS less)?
|
| They can increase security by breaking a single target into
| multiple targets, by increasing competition around security
| and privacy issues, by having more people use and work with
| the protocols and able to spot potential problems, by
| encouraging more transparency around issues when they
| arise, and by having alternatives readily available if one
| of the clients is found to be compromised or insecure.
|
| And of course open source clients can be verified and
| validated by other developers and security professionals.
| dwaite wrote:
| > They can increase security by breaking a single target
| into multiple targets, by increasing competition around
| security and privacy issues, by having more people use
| and work with the protocols and able to spot potential
| problems, by encouraging more transparency around issues
| when they arise, and by having alternatives readily
| available if one of the clients is found to be
| compromised or insecure.
|
| I believe you are speaking to transparency, not third
| party clients.
|
| Beeper Mini actually bundled binaries that they didn't
| understand to bootstrap registration. They could only
| attempt to be compatible with messages that they have
| received, and verify messages they send show up correctly
| - they cannot know they covered all available options.
|
| I speak to this as someone who reverse engineered MSN
| Messenger back in the early 2000s for an XMPP gateway -
| you'd occasionally find an entirely new type of message
| (requiring an entirely new parsing code path for their
| undocumented/bespoke messaging protocol) because someone
| registered for a stock ticker or the like.
|
| There was no fuzzing the official servers or clients to
| see if they were robust or secure - the goal was to have
| a salable product. In fact, we saw other messaging
| systems where we had significant concerns based on our
| understanding of the protocols through reverse
| engineering, and we saw one vendor exploit a security
| vulnerability in their own shipping product in order to
| verify authenticity and block third party clients (which
| worked for a period of time)
|
| From what I saw of the iMessage system, third party
| support is not going to be feasible even with a
| documented protocol without partnership, because there is
| an assumption of attestation of real, unique hardware as
| part of registration to prevent mass abuse.
| person3 wrote:
| I don't know a lot about how it works, so forgive me if
| this is a silly idea. I wonder if attestation could be
| done using real Apple devices, while leaving the private
| key on the user's android. So similar to the old beeper
| to get the signed attestation, and send the result to the
| phone. Still could be secure since you can keep the
| private key used to encrypt messages local on the users
| device. I guess the issue might be a cat and mouse game
| if detecting beepers flock of Apple hardware to try and
| disable them all... (given many people would be using the
| same Apple devices)
| poisonborz wrote:
| > Security isn't about Apple knowing if an app is spying
| on users, but about THE USERS knowing that nobody is
| spying on them.
|
| True, but Apple caters specifically to a consumer base
| that can't know this and does not want to think about
| this. Whether this is health or sustainable in the future
| is another matter.
| Grustaf wrote:
| > Security isn't about Apple knowing if an app is spying
| on users
|
| Clearly, what matters to Apple is what _they_ believe is
| secure, and they of course trust themselves more than
| they trust Beeper.
|
| > At best a third party iMessage client can only be as
| secure as iMessage itself
|
| Exactly, they can never be safer, and given that Apple,
| or we as users, know very little about the company behind
| the client, third-party clients are much less secure.
| cdata wrote:
| We've really done one over on ourselves by adopting the
| mental model that only a vertically integrated corp can
| deliver privacy and security to users. This rigid tendency
| towards homogeneity is bound to suffer a tragic systemic
| failure before too long.
|
| It would be healthier to assume multi-polarity and lean into
| it.
| zxt_tzx wrote:
| > We've really done one over on ourselves by adopting the
| mental model that only a vertically integrated corp can
| deliver privacy and security to users. This rigid tendency
| towards homogeneity is bound to suffer a tragic systemic
| failure before too long.
|
| Look no further than the other news that came out this week
| re: government spying via push notifications. (https://www.
| reuters.com/technology/cybersecurity/governments...)
| Consumers rationally trust the few big companies which are
| incentive-aligned to protect their data and government then
| goes after those few big companies. I thought this was
| particularly galling:
|
| > _In a statement, Apple said that Wyden 's letter gave
| them the opening they needed to share more details with the
| public about how governments monitored push notifications._
|
| > _" In this case, the federal government prohibited us
| from sharing any information," the company said in a
| statement. "Now that this method has become public we are
| updating our transparency reporting to detail these kinds
| of requests."_
| ChrisMarshallNY wrote:
| I suspect there's more where that came from. The only
| reason we learned of this, is because the cat was let out
| of the bag, and Apple was able to talk about it (gag
| order).
|
| People might want to think about how AirTags and Find My
| Phone work...
| paulmd wrote:
| > People might want to think about how AirTags and Find
| My Phone work...
|
| rotating BTLE identifiers controlled by a pseudorandom
| sequence derived from a key, and tunneled over end to end
| encryption?
| oarsinsync wrote:
| With locations over time tied to personal identifiers
| stored in a database with no public audit controls
| simondotau wrote:
| > We've really done one over on ourselves by adopting the
| mental model that only a vertically integrated corp can
| deliver privacy and security to users.
|
| Who is saying that? Certainly nobody anywhere in this HN
| thread. It is, however, fair to say that the only guarantor
| of privacy and security is a network of trust. There are
| plenty of examples where trust is partially decentralised,
| the most notable being the system of certificates used for
| establishing trust in HTTP over TLS.
| zucker42 wrote:
| > Who is saying that?
|
| There is a quote in the top level comment of this thread
| that says that.
|
| > It's untenable that there's unsanctioned client
| software for a messaging platform for which privacy and
| security are a primary feature.
| simondotau wrote:
| That is not even remotely similar to the claim you made.
| Nowhere in that sentence is the claim that privacy and
| security cannot exist without a vertically integrated
| corporation.
|
| All they're saying is that the existence of third party
| software compromises Apple's ability to make blanket
| statements about the security and privacy of this one
| specific platform. An unofficial third party client
| breaks an established network of trust -- which is an
| objective fact. If you doubt this, then you really should
| use this Chromium fork I just developed. Use it to log
| into your internet banking. Don't be scared. There's
| nothing to worry about. See, there's a lock symbol in the
| address bar and everything.
| cdata wrote:
| Sure, but also recognize: web browsers constitute a
| mature, multi-polar ecosystem; we do not clutch pearls
| when a user chooses Firefox, or Safari, or Chrome (or
| myriad others) to transact on the web.
|
| Can a bad actor slap a green lock on an insecure browser
| clone and harm users? Certainly. And yet, in a survey of
| the _systemic_ threats to security and privacy on the
| open web, such attacks are relegated to the margins.
|
| Apple encourages a popular narrative that centralization
| and control beget trust, and from there may enable
| privacy and security. Look no further than the comments
| on this HN post to see the narrative echoed!
|
| It's fair to point out that it's not literally what
| Gruber wrote, but readers will fill in the negative space
| around his uncritically apologetic commentary. To state
| the implied message: trust in Apple's way, and remember
| that third parties (who are not accountable to Apple)
| will ultimately deprive you of privacy and security!
| simondotau wrote:
| Having a system where trust is embodied in a single
| entity is one valid solution. It's also not the only
| solution and I haven't heard anyone claim that it is.
| cdata wrote:
| That is technically a remark I agree with, but you're
| skipping past the actual point of my comment: it may be a
| valid strategy on its face but it is fragile and makes
| users vulnerable to systemic exploitation.
|
| The web browser ecosystem has its own (different)
| problems, but iMessage lacks requisite variety to back up
| its particular claims to privacy and security (see that
| Reuters article for a preview).
| simondotau wrote:
| > you're skipping past the actual point
|
| I skipped past that because that wasn't what I had
| expressed disagreement about. Though now you elucidate
| further I'll say I fundamentally disagree with your
| "actual point" as expressed. While I agree that systems
| of distributed trust are fundamentally healthier, they
| are an order of magnitude harder, and rely upon educating
| users. And some percentage of users will always be
| impervious to education -- see the continued prevalence
| of phishing scams for example.
|
| A system which relies upon trusting fewer entities is
| inherently _less_ fragile and _less_ vulnerable to
| exploitation. It 's true that systems can be designed
| which rely on users trusting a large number of entities,
| and can sometimes result in a more educated user base,
| but they're much harder to implement and much, much,
| much, much rarer in the real world.
| BeautifulSynch wrote:
| I think the difference here is whether we're considering
| the plausibility that there aren't _any_ security
| violations versus the _overall_ frequency and severity.
| Centralization significantly increases the chance that
| all the systems involved will be safe; that 's what makes
| it so useful for individual organizations, where
| centralizing their operations wouldn't attract
| significantly more bad actors to try breaking their
| security than decentralizing.
|
| But if we have centralization on the scale of a society,
| then anyone interested in _any_ of the groups using that
| centralized source of secure data storage /transfer will
| be drawn to look for the flaws in that source. And there
| are _always_ flaws, either technical, legal (as with the
| government spying mentioned elsewhere in the comments),
| or otherwise. And once any group manages to infiltrate
| that one source, they get access to _everything_
| dependent on it.
|
| Sure, decentralized security is harder to get together,
| meaning we have an initially-high violation rate that
| decreases over time (though this can be supplemented by
| security-conscious users taking their own steps to
| protect their data). But centralized security at
| sufficiently large scales essentially guarantees a breach
| impacting everyone within its domain; and the kind of
| trust that would be required to sustain such
| centralization also anti-correlates with users
| independently adding additional layers of security to
| their systems.
|
| This seems like a much greater risk than just accepting
| that users who are "impervious to education" will be
| vulnerable to certain social-side exploits, while
| everyone else will be reasonably safe.
| simondotau wrote:
| Agree with all of that.
| photonerd wrote:
| Plenty of people clutched pearls (rightly) about IE tho.
| And https by default. And much more.
|
| That it's _not currently_ a problem is due to 25 years of
| _strongly_ pushing for privacy & security.
|
| We're still not there (see Google & adblockers in chrome)
| stjohnswarts wrote:
| I don't remember anyone "clutching pearls" over https by
| default? Do you have any suggested references where I can
| find those? I do recall people really complaining that
| anything at all was allowed to be http, even sites that
| most people would consider "unimportant".
| oarsinsync wrote:
| > All they're saying is that the existence of third party
| software compromises Apple's ability to make blanket
| statements about the security and privacy of this one
| specific platform.
|
| We've also got examples of Apple making misleading
| statements about the security and privacy of their
| platform, as a result of government gag orders.
|
| That recent disclosure makes me suspect that every vector
| that they do not disclose explicitly as being private, is
| very much not private. To that end, the platform is
| clearly neither private nor secure if you value privacy
| from the government.
|
| ...so I'm not particularly concerned about third party
| software being a cause for concern anymore.
| catlifeonmars wrote:
| > An unofficial third party client breaks an established
| network of trust
|
| I think this is key. The problem is the security of
| iMessage as a protocol is dependent on trust between
| client (implementations). Which is actually not that
| great from a security perspective.
|
| I don't mean that there are necessarily vulnerabilities
| in the protocol (there very well may be), but that the
| protocol is not something that Apple is willing to depend
| upon to uphold their desired security guarantees.
| al_borland wrote:
| This would be the case if it were a protocol designed to be
| opened up for use by 3rd party clients. As it stands, this
| was a clever hack which would undermine the integrity of the
| system if left in place. Within a few weeks we'd see 100 3rd
| party iMessage clients, and it would be luck of the draw if
| the one someone downloads is secure or not.
| eptcyka wrote:
| How is using another client undermining the security of the
| whole system?
| al_borland wrote:
| The system wasn't designed with those 3rd party clients,
| and security around them, in mind. Beeper Mini is
| spoofing/reusing device IDs, pretending to be some random
| person's Mac, for example. True support for 3rd party
| clients wouldn't not require this kind of thing.
|
| From what I understand Beeper Mini is interfacing with
| iMessage on-device, what's to stop another clients from
| using a server and intercepting messages? While I don't
| have time to look it up again, I think there was also
| something on how Beeper Mini is handling the push
| notifications when the app isn't open. While that may not
| leak a lot of information, and there is also the news of
| Apple/Google sharing push info with some governments,
| that's something that can at least raise some eyebrows
| when it comes to how private it is.
| danShumway wrote:
| > The system wasn't designed with those 3rd party
| clients, and security around them, in mind.
|
| It sure as heck better have been designed with that in
| mind, because it sends SMS messages to uncontrolled 3rd
| party clients that could be stealing your information or
| spying on push notifications every single time you
| message an Android user.
|
| I genuinely don't understand this argument. Do people
| think that SMS messages don't generate push
| notifications? Does Apple have a 1st-party SMS messenger
| available on Android that I'm not aware of? You're
| already communicating with 3rd-party clients that could
| be spying on you, and you're already receiving messages
| from those clients in the iMessage app. The biggest
| difference is that your messages with those clients today
| are fully unencrypted, so spying on them doesn't even
| require compromising an app.
|
| It's weird for people to be so concerned about push
| notifications as if that's a decrease in security when
| the alternative system they're proposing is for iOS
| messages to be sent to Android devices fully unencrypted.
| Apple/Google can share all of that information with the
| government as well; if they're not being asked to it's
| only because the government can get it even more easily
| directly from the telcos.
| shadowfiend wrote:
| There is no iMessage app. There is a Messages app that
| implements two systems: iMessage and SMS/MMS. iMessage is
| the system whose security model is being discussed here,
| and the security model of SMS/MMS is mostly irrelevant to
| it.
| danShumway wrote:
| This is splitting straws; the overwhelming majority of
| Apple users don't make this distinction (if they even
| realize there is a distinction to make). For all
| practical purposes they use one app that lets them talk
| to their friends and some of the bubbles are green and
| some are blue. How many of those Apple users even realize
| that the green bubbles are unencrypted rather than just
| being a designation for Android contacts?
|
| It also changes nothing about my comment, because you can
| call SMS a different system all you want, but your
| conversations with Android users are still being sent
| unencrypted and any malicious payloads you get from SMS
| phones are still being loaded into the same Messages app.
| If you're worried that a 3rd-party client on Android is
| going to let a company spy on conversations you're having
| with Android users, then I still have real bad news for
| you about how Apple sends messages to Android users.
|
| Draw the lines however you want between Messages and
| iMessages, but the security implications of Apple's setup
| are exactly the same. When you write a message to an
| Android contact, Apple sends that message unencrypted to
| a 3rd-party client that could by spying on you, leaking
| your data, or sending malicious payloads to your iOS
| Messages app. It still makes no sense whatsoever to be
| this concerned about the security of the push
| notifications for your messages to Android users when the
| alternative being proposed is to throw security entirely
| out of the window for those conversations. It is still a
| clear security improvement for conversations between
| Apple and Android users to be E2EE rather than to be sent
| over SMS, because the risks being raised about 3rd-party
| messaging clients are already present within those
| conversations today.
| jvolkman wrote:
| If the existence of a working unsanctioned client
| undermines the integrity of a system as prominent and
| security- and privacy-focused as iMessage proclaims to be,
| then that system has big problems.
|
| Certainly this is not the first time some entity in the
| world has reverse-engineered iMessage; it's just the first
| time that it was publicized.
| ceejayoz wrote:
| Every system has holes that get discovered in time.
| Leaving those holes _open_ is a different thing.
| danShumway wrote:
| This is also notable, because the technology that Beeper
| Mini is based on was public and available to potential
| attackers before Beeper Mini launched. Beeper didn't
| invent this, they contracted the developer and based the
| project off of their open Github repository.
|
| Apple did leave the hole open; they left it open until it
| threatened their customer lock-in. Only at that point did
| they decide that it was a security risk.
| bombcar wrote:
| Third party clients offer many more cases for average users
| to lose their security, because you can't prevent malicious
| actors from releasing "SuperMessengerSecure" that just
| mirrors everything off to a server somewhere.
| cqqxo4zV46cp wrote:
| No. This is an entirely self-centred view. The only people
| that equate this sort of transparency with genuine security
| are computer nerds. These tend to be the sorts of people that
| don't sit very highly on my internal list of "people who
| stand to benefit the most from increased privacy measures".
| For...literally every other member of society, this sort of
| implementation detail doesn't mean _anything^. They hear some
| (from their perspective) very abstract words like 'open', and
| all that means is that they're trusting some league of
| computer nerds to tell them that something is 'secure'. This
| is somehow meant to be more convincing than Apple, who, to
| most people, is at the very least another mob of computer
| nerds, but in reality also happen to have a pretty good track
| record of making phones that seem to work alright for people.
|
| Beyond optics, let's just look at attack surface. The
| implication that the sort of security holes that "openness"
| would fix are anywhere near the top of the list is...where's
| that xkcd about cryptography and crowbars? It's very clearly
| in the realm of nerdy cosplay. You know what _is* a much more
| realistic threat? Some stupid third-party client on the Play
| store that exfiltrates all messages sent and received. Apple
| has absolutely no control over that. No protocol security
| accounts for that.
| danShumway wrote:
| > You know what is a much more realistic threat? Some
| stupid third-party client on the Play store that
| exfiltrates all messages sent and received.
|
| One way to avoid that outcome would be to have a first-
| party client on the Play store.
|
| Instead, Apple drops all message security entirely from
| cross-platform communications for iOS users, allowing
| anyone to read those messages whether or not they have a
| crowbar. This is security 101: users do dangerous crap when
| the secure options don't have affordances for their use-
| cases. Users are lazy. If an official 1st-party secure
| client exists that meets their needs, they won't install a
| 3rd-party client. Users resort to dangerous and unsupported
| options when the safe, obvious options either don't work or
| aren't available.
|
| And thankfully, we now know that it would be entirely
| possible for Apple to fix that problem and to move its own
| users off of SMS for communication with Android contacts,
| and we know that because a 16 year-old high-schooler was
| able to build that support with zero documentation.
| Presumably Apple is capable of doing the work of a 16 year-
| old. We now know that it would in fact be entirely possible
| for Apple using a 1st-party controlled, proprietary client
| with a proprietary protocol, to encrypt virtually every
| message that Apple users send to every one of their
| contacts, rather than what Apple does today where it
| encrypts... some of them.
|
| None of this requires Apple to Open Source anything or to
| document or make available any of their protocols. The only
| reason Apple is in this position right now of needing to
| deal with 3rd-party clients is because of a lack of support
| from their 1st-party client.
| hoistbypetard wrote:
| > Instead, Apple drops all message security entirely from
| cross-platform communications for iOS users, allowing
| anyone to read those messages whether or not they have a
| crowbar.
|
| I think that's my biggest gripe with the situation. Or my
| second-biggest. My biggest gripe is that the only
| notification that your messages are now not end-to-end
| encrypted is the green bubble. They don't tell you
| anywhere that the green bubble (also) means that.
| m3kw9 wrote:
| No need for transparency here. Just know that no one has
| broken the encryption is all you need. Also you likely will
| not know if beeper sends a copy of your messages to their
| servers to sell, but who would you trust more won't sell your
| info, beeper or Apple?
| oehpr wrote:
| I'm trying to figure out if this post is sarcasm.
|
| The first half definitely made me think sarcasm, then the
| second half... I mean I know some people actually believe
| this... Then I noticed you said "encryption" instead of
| "protocol". Breaking an encryption standard is obviously
| very hard, breaking a protocol is obviously not nearly so
| hard.
|
| On the other hand, taking this stance would be insane given
| the post we're talking about. A company that actively
| circumvented apples security measures. So you must be being
| sarcastic. You just have to be.
|
| Remember, on the internet it's kinda hard to tell. Make
| sure to throw in a /s unless you really _REALLY_ sell it.
| m3kw9 wrote:
| I wasn't being sarcastic, I mean you do know there exist
| closed source for a reason whatever that is. For Apple to
| open their protocol would mean your messages sent to 3rd
| party clients, which means they could sell your messages
| for ad targeting or worse.
| danShumway wrote:
| When Apple sends messages via SMS, they are sending your
| messages to 3rd party clients who could sell your
| messages for ad targeting or worse. Apple already does
| this. They already send your messages to random clients
| who could be spying on you.
|
| It's just that in addition to sending your messages to
| 3rd party clients that could be stealing the data, Apple
| goes the extra step to make it even more insecure and
| also sends your messages completely unencrypted, so that
| everybody along the path from your device to the 3rd-
| party client can join in and also read your messages and
| can also use them for ad targeting or worse.
|
| I'll make the argument that this is strictly worse for
| security than tolerating an encrypted 3rd-party client
| (or better, releasing their own _1st-party_ client rather
| than relying on SMS).
| paulmd wrote:
| isn't googles RCS encryption a proprietary non-standard
| that other companies have requested to interop against
| and been ignored?
|
| yeah can't imagine why apple doesn't use it
| danShumway wrote:
| Google's RCS standard is garbage.
|
| But Apple doesn't have to use it. They could release a
| messaging app for Android that used their own encryption,
| and they could encourage Android users to switch. But
| they don't do that, because distinguishing between
| Android and iOS users is ultimately more important to
| Apple than securing the conversations that Apple users
| have.
|
| If RCS is garbage (and it is) then it is extremely weird
| that Apple has committed to supporting RCS for cross-
| platform messages instead of encouraging adoption of what
| would be a superior form of encryption for those
| conversations.
|
| What you have to ask is, if you are an Apple user, why
| isn't Apple trying to encrypt every message that you
| send? Why are they asking you to use a garbage protocol
| when you send messages to Android users?
|
| > yeah can't imagine why apple doesn't use it
|
| Really, this statement should be reversed, it's difficult
| to imagine why Apple _is_ planning to use RCS. Why is
| Apple more willing to implement a garbage protocol than
| they are willing to release a messaging app for Android?
| yurishimo wrote:
| Beeper was acquired by Automattic about a month ago.
| massel wrote:
| That was texts.com, not Beeper
| shafyy wrote:
| Speaking of, how is Texts able to send iMessage messages
| (at least on their website, they have the Apple Messages
| app icon)?
| ruune wrote:
| They go through Apple. iMessage only works on MacOS, so
| they probably just hook into the regular stuff MacOS
| provides
|
| https://texts.com/faq
| shafyy wrote:
| I see. And that's fine for Apple? It's still not an
| official API right?
| paulmd wrote:
| apple
| mixdup wrote:
| What's untenable is that the third party software is
| unsanctioned. You can make the argument that it would be a
| good or better system with third party clients, or that Apple
| should open the system up, but it is ridiculous that anyone
| would trust a client/integration that depended on some kind
| of hack (regardless of the nature of that hack--such as
| whether it's decrypting and proxying or getting into the
| ecosystem in a "secure" way)
| jethro_tell wrote:
| It's planning to make RCS blue bubble in 24.
| mixdup wrote:
| They are planning RCS support. They've said nothing about
| how that will look in the app, it's not a given that will
| be in blue bubbles or fully feature complete with
| iMessage
| a2dam wrote:
| They actually did say that it will be green:
| https://9to5mac.com/2023/11/16/apple-confirms-rcs-
| messages-w...
| mixdup wrote:
| Even better, and not surprising at all. I was kind of
| surprised that everyone just assumed RCS would get the
| blue bubble treatment when Apple made their announcement.
| sneak wrote:
| Gruber is a shill, bribed with special access for his blog.
|
| Everything you said is correct.
| michaelcampbell wrote:
| Sure, but I don't think anyone can legitimately claim Gruber
| hasn't had some generally pro-Apple stance for decades.
| LanzVonL wrote:
| Yeah but then that one Israeli company that spies on
| everybody will just pump these apps out.
| catlifeonmars wrote:
| Yes 100% Security and privacy should be built into the
| protocol. Anything else is just protectionism and security
| theater.
| orangecat wrote:
| If an "unsanctioned" client can compromise iMessage security,
| then there was no actual security other than obscurity.
| sdfhbdf wrote:
| I didn't compromise the security of iMessage as a whole, it
| just exploited a way to get people into the system that was
| not planned.
|
| Imagine there is a theme park that has normal ticket booths
| and some requirements there to get in. Then there comes a
| Beeper that finds a hole in the fence on the perimeter and
| sets up their ticket booths there. It's in theme park's best
| interest to close that hole and cut off the revenue stream of
| somebody pigging back on their theme park.
| ancientworldnow wrote:
| Except they charge a thousand dollars to enter and then let
| everyone else in for free but they have to wear a badge and
| the pictures they get from the roller coaster photo booth
| are 240p.
| sircastor wrote:
| And no one is obligated to come to the Theme park.
| There's an entire world of people who never visit the
| theme park, mock the people who do, and couldn't care
| less about it. But some people want to be included as
| going to the park, when they don't. Some people are very
| judgy and don't want to talk to people who don't go to
| the park...
|
| Okay, I've stretched the metaphor out enough.
| hamandcheese wrote:
| Almost 60% of America is in the theme park.
| simondotau wrote:
| > _Except they charge a thousand dollars_
|
| A Lamborghini Urus costs $230k so I guess it's morally
| acceptable to break into a dealership and steal it.
| BobaFloutist wrote:
| Kind of, yeah. Once something is expensive enough it's no
| longer common theft, it's a _heist_.
| simondotau wrote:
| _Blackmail is such an ugly word. I prefer extortion. The
| "x" makes it sound cool._
| quickthrower2 wrote:
| Easy to be right on the money here. This is the default MO.
| Regardless of if you are paying for it or are licensed or are
| doing it despite the tech giant whose toe you are tickling.
| Twitter API springs to mind.
| jlarocco wrote:
| His first sentence about privacy and security is nonsense, but
| his second sentence hits the nail on the head.
|
| If the richest company in the world wanted their chat app to
| run on Android, it would by now.
|
| It's strange Apple doesn't sell an iMessage Android app, but
| I'm sure they've had somebody do the math and found out that
| it's more money for Apple in the long run if they don't.
| shultays wrote:
| Because there are people that buys iphone just to get a blue
| bubble, why would Apple want to stop that?
| paulmd wrote:
| you're talking to a forum that is probably 50% iPhone and
| has very good technical reasons to do so, this is insulting
| and it's absurd that it's so casually normalized to
| directly insult people in this fashion
| idle_zealot wrote:
| How did you manage to take this as a personal insult?
| Some people buy an iPhone for the blue bubble, some have
| what they believe to be good technical reasons to buy
| one, some people like the aesthetics, some people buy one
| out of habit. Stating that each category exists is not an
| insult to those who fall outside it.
| paulmd wrote:
| > How did you manage to take this as a personal insult?
|
| years and years of "apple sheeple" variants tend to take
| their toll, you're just the latest in an endless parade
| of microaggressions even if you don't think your
| particular case was notable.
|
| why is it so important for you to push on the idea apple
| users being thoughtless trend-followers? just don't do
| that, be better. you can do it. the next time you feel
| like posting that, simply take a deep breath and don't
| post it.
|
| there is just no reason to go around posting that
| "[device that 50% of people own] users are all doing it
| for [trite/dismissive reason]" in the first place, let
| alone on a tech forum where everyone has very specific
| reasons for their tech purchases. and it's so completely
| normalized, android users do it so routinely and don't
| even think that what they are saying is offensive. it's
| literally the classic microaggression problem.
| jhasse wrote:
| he didn't say that though???
| tssva wrote:
| Do Apple devices not have a shift key?
| Toutouxc wrote:
| You need to read the message again, they said nothing
| like that.
| masa331 wrote:
| > on a tech forum where everyone has very specific
| reasons for their tech purchases
|
| Thats a very funny statement. From my experience tech
| people in general are the ones falling for vanity,
| fashion, dogmas etc. most often while claiming some
| "practical" reasons
| everforward wrote:
| It's a socioeconomic indicator for high status, and it
| would be foolish to ignore that as part of Apple's
| strategy.
|
| Android doesn't suffer from that kind of complaint
| because it's often perceived as the opposite: a
| socioeconomic indicator for low status. It's socially
| acceptable to mock people for choosing high socioeconomic
| indicators, but not low socioeconomic indicators.
|
| "You only bought that because you're rich" has a very
| different ring than "you only bought that because you're
| poor".
|
| That perception of low vs high indicators is somewhat
| wrong (high-end Android phones cost more than the latest
| iPhone, used iPhones are pretty affordable) but it is the
| perception.
| dontlaugh wrote:
| That's a small subset of their customers in a single
| country. I don't think they really care either way.
| Zuiii wrote:
| Completely agreed about the nonsensical first claim. We have
| many third-party clients for other messaging platforms where
| privacy and security are a primary feature. It's completely
| tenable, especially for a player like Apple.
|
| Or put another way: If the privacy and security of imessage
| is compromised by someone building another client, I'd argue
| that you never had either to begin with.
| dwaite wrote:
| > Completely agreed about the nonsensical first claim. We
| have many third-party clients for other messaging platforms
| where privacy and security are a primary feature.
|
| I can't think of an any with independent implementations.
|
| For instance, have a few third party Signal clients, which
| work by using the official libSignal . These are not third
| party clients, but third party GUIs. Use of libSignal on
| the official Signal network is also not supported or
| recommended.
|
| Likewise, all the third-party Telegram clients I know of
| are forks using Telegram source.
|
| This makes sense, because neither of these are stable
| systems. A third party has to stay up-to-date with features
| and changes made to the official servers and clients.
|
| Do you know of a security and privacy focused messaging
| platform which is both:
|
| 1. documented
|
| 2. has multiple independent implementations of the
| networking and security protocols?
| twicetwice wrote:
| Does Matrix not qualify?
| alephnan wrote:
| > If the privacy and security of imessage is compromised by
| someone building another client, I'd argue that you never
| had either to begin with
|
| That's like saying the internet protocol is neither private
| and secure because people willingly use random public Wi-Fi
| mlrtime wrote:
| Look no further than blackberry... Their days were always
| numbered as the only reason to keep it is the messaging (and
| a bit the keyboard).
|
| Another theme here is BBM (Bloomberg Messaging).
| People/Companies pay BB five figures per year just to get
| BBM. Why would they ever release a messaging app outside of
| the terminal. They will die before this happens.
| mr_toad wrote:
| > It's strange Apple doesn't sell an iMessage Android app
|
| Apple doesn't sell apps they sell hardware and services.
| There's no incentive for them to provide a free iMessage app
| for android, and I doubt many people would pay for one.
| gkbrk wrote:
| > I doubt many people would pay for one.
|
| Enough people paid for one. Enough to make Apple scared and
| use engineer time to ban/block people anyway.
| mcfedr wrote:
| The primary feature of iMessage is lock-in. Everything else is
| secondary.
| tempodox wrote:
| > Seems irresponsible for Beeper to charge a subscription for
| an unsupported service.
|
| Completely wrong. It's a job-seeking ad. "Look, I'm ruthless
| enough to fuck over users who buy this bogus subscription."
| Which SV startup wouldn't pay millions for a crook of that
| caliber?
| crest wrote:
| > It's untenable that there's unsanctioned client software for
| a messaging platform for which privacy and security are a
| primary feature.
|
| What a stupid take on the situation. At most it's untenable to
| Apples short term financial interests. A well designed protocol
| and implementation would be even better at protecting _user_
| privacy and security especially from a privileged attacker like
| the service provider and anyone able to put covert pressure on
| them.
|
| The only way in which vendor lock-in helps the the existing
| users is that spammers and scammers have to invest additional
| money to acquire Apple devices to create new accounts instead
| of just phone numbers and a labor to create accounts.
| paulmd wrote:
| this sounds like proof of stake to me
|
| yes, you can indeed build a secure system on the basis of
| increasing the economic cost of attack beyond reasonable
| levels and by forcing attackers to repeatedly slash their
| stake to perform an attack
| windexh8er wrote:
| On the money, but unsurprising. Gruber is an Apple fan-boy
| through and through and it doesn't take much of a guess to
| posit the exact "prediction" he made. It was clear Apple was
| never going to put up with this, but it was likely
| accelerated by all of the media attention.
|
| Apple is, however, nothing for "privacy and security" beyond
| what they need to do to be marginally better, and that's a
| stretch these days. If Gruber really believes what he wrote
| he's full-on living in Apple's orchard behind the walled
| garden that Tim Cook splendidly gatekeeps. But because Apple
| puts marketing dollars behind ads that say "privacy" and
| "security" it must be so!
|
| This is why it's always funny to me when the trope of the
| hour is the mass privacy failures of Signal through use of
| phone numbers. And then the author turns around and types out
| an iMessage to a blue-bubble friend. I really hope we can
| move beyond the Apple reality distortion machine and move to
| truly user focused platforms that aren't designed to steal
| user data or make the board richer.
|
| Apple has become rotten.
| rpgbr wrote:
| To be fair, that was an easy prediction.
| ComputerGuru wrote:
| This was why I never shared my iMessage for Windows:
| https://neosmart.net/blog/imessage-for-windows/
|
| They'd block an account out of spite without a second thought.
| Shawnj2 wrote:
| Does it still work?
| ComputerGuru wrote:
| Still using it daily.
| nchase wrote:
| Love this. Congrats and thank you for the writeup!
| Hackbraten wrote:
| This is amazing. Truly a labor of love. Kudos to you for
| accomplishing this, and then polishing it to perfection. Good
| on you to withhold it, as proved again today. I'm so glad that
| I finally left the Apple ecosystem.
| graphe wrote:
| Loved your post, thanks for sharing!
| froggertoaster wrote:
| Your article was the first I thought of when Beeper Mini was
| released. I knew it had already been done by you and never saw
| the light of day for a reason!
| Grustaf wrote:
| > "if Apple truly cares about the privacy and security of their
| own iPhone users, why would they stop a service that enables
| their own users to now send encrypted messages to Android users,
| rather than using unsecure SMS?" - Eric Migicovsky
|
| 1. If Apple sees this as a gap, it is very obvious that they
| would address that themselves, rather than by allowing a hack to
| exploit loopholes in their architecture
|
| 2. Since Apple has no control over the Beeper mini client, they
| would not consider it safe, it could easily be spying on users
| without their knowledge.
| CivBase wrote:
| > 2. Since Apple has no control over the Beeper mini client,
| they would not consider it safe, it could easily be spying on
| users without their knowledge.
|
| Since I have no control over iMessage, I would not consider it
| safe. It could easily be spying on me without my knowledge.
| diligiant wrote:
| The basic assumption here is trusting Apple, provided that
| numerous security researchers have access to the platform. If
| you don't trust Apple, don't buy their products.
| 0cf8612b2e1e wrote:
| It's a two party marketplace. Even if I don't like Apple,
| the alternative is not great either.
| judge2020 wrote:
| "they would not consider it safe" is from Apple's
| perspective, which is the only thing that matters when Apple
| is the steward of legally and technically enforcing who can
| use their APIs.
| CivBase wrote:
| Sure. They have every right to do what they're doing. I'm
| just mocking Apple because I think their implication that
| they're the only trustworthy entity is ridiculous. We have
| no reason to trust them any more than we do Beeper or any
| other company.
|
| If Apple _actually_ cared about security they 'd implement
| an open protocol that is provably secure. Imagine if they
| supported something like Matrix. But that's clearly not
| their primary concern here. It's just a convenient excuse
| to maintain their walled garden.
| addandsubtract wrote:
| Which is why most people (should) opt to use a cross platform
| messenger, such as Signal.
| SahAssar wrote:
| If signal would officially allow third party clients, non-
| phone-number-bound users and maybe federation that'd be
| great.
|
| It does not.
| anigbrowl wrote:
| Signal does allow third party clients, Beeper is one. I
| agree about other things, and would expand on the list.
| SahAssar wrote:
| They do not officially and discourage it. Moxie and the
| rest of the company has been extremely clear that all
| third party clients are not considered supported or
| allowed, regardless if they can and do interact with
| signal services.
| anigbrowl wrote:
| Useful (though somewhat dispiriting) to know. I would
| feel a lot more forgiving toward Signal's UI shortcomings
| if I had a choice of alternative front-ends.
| kccqzy wrote:
| Does iMessage allow third party clients? No? Then why the
| double standard?
| SahAssar wrote:
| I'm saying that if we hold something to a higher standard
| lets actually hold them to a higher standard.
|
| Is signal better than iMessage? Probably. Should we ask
| for them to be better than they are? Yes.
| thomastjeffery wrote:
| It looks like we are comparing standards here, and that
| neither passes the bar.
| cqqxo4zV46cp wrote:
| As very recently made evident, Signal spends a
| significant amount of money maintaining their phone-
| number-bound infrastructure, with an entirely plausible,
| reasonable, user-focused reason for doing so. As a Signal
| user, and donator, I'm 100% okay with the trade-off
| they've made, and would hate to see it reversed just to
| appeal to some nerdy pipe-dream for how services should
| work.
| SahAssar wrote:
| > As very recently made evident, Signal spends a
| significant amount of money maintaining their phone-
| number-bound infrastructure, with an entirely plausible,
| reasonable, user-focused reason for doing so.
|
| If there is some recent revelation that makes phone
| numbers all of a sudden a secure, portable and
| censorship-resistant identifier please link me that.
|
| Until then I'd prefer to not have my private
| communication determined by telephone companies that
| often have not cared for either security, censorship or
| privacy. Regardless of signals e2e encryption having my
| access to the network determined by a telephone company
| is not the right way to go.
| noirbot wrote:
| I'll continue to restate the thing that made me
| immediately quit Signal forever - I made an account, and
| 10 minutes later, it had alerted someone I hadn't talked
| to in years that I had an account, simply because they
| had my phone number at some point in the past, and they
| messaged me.
|
| For a nominally privacy focused app, for them to
| literally alert people to my new Signal account I'd
| gotten to securely message someone violated all trust I
| had in them. What's to stop someone from just adding a
| Contact for every single valid phone number on their
| phone and then getting an alert for any time anyone makes
| a Signal account? I may as well just use Facebook then.
| Grustaf wrote:
| As pointed out below, "they" is Apple, but I would also
| assume that at least 99.9% (really) of users would trust
| Apple more than Beeper, i they had to choose.
| cqqxo4zV46cp wrote:
| Let's add a few more 9s to that, just to make it even more
| realistic.
| willseth wrote:
| If you don't trust Apple, then obviously you don't use it. If
| you do, then it shouldn't be possible for a 3rd party client
| to break that trust. Users only see iMessage vs no-iMessage
| and have no other way to identify the client to decide for
| themselves whether to trust it.
| johnbellone wrote:
| Not what he said. He said he doesn't trust them (safe). The
| question you should be asking is why do you?
| vGPU wrote:
| Because they've proven to be the most trustworthy and if
| you can't trust the manufacturer of the device and OS you
| also can't trust any app running on said hardware.
| thomastjeffery wrote:
| > If you do, then it shouldn't be possible for a 3rd party
| client to break that trust.
|
| A correctly implemented end-to-end encrypted protocol would
| be safe for all participating clients.
|
| The only way to break that security is by copying messages
| outside the protocol in the app itself.
|
| Neither of us knows whether iMessage or Beeper Mini does
| this. To bring up the possibility is to criticize _both_
| apps equally.
| willseth wrote:
| > A correctly implemented end-to-end encrypted protocol
| would be safe for all participating clients.
|
| As long as the clients are closed source, this is a
| circular argument. The client itself is a vector. Not
| just for a good E2E implementation but for the 3rd party
| company to not outright steal everyone's messages, create
| a backdoor, etc. You have to be willing to trust every
| client used in the thread.
| thomastjeffery wrote:
| That was my second point.
|
| If we must be willing to _distrust_ one closed source
| client, then we ought to distrust _both_.
| willseth wrote:
| This is tantamount to saying we should only trust open
| source software. If that's your point, then you lost me.
| If not, then it's obvious that some companies are more
| trustworthy than others. (P.S. the many active exploits
| found in core low level open source software after months
| or years because despite the source being open almost no
| one audits it because they're cheap and/or assume someone
| else is doing it)
| thomastjeffery wrote:
| Well why in the world would I trust iMessage _and_
| distrust Beeper Mini?
| willseth wrote:
| Are you seriously asking why someone would trust Apple
| over a small generally unknown Android-only app company?
| CivBase wrote:
| I don't actually think it's that unreasonable. Apple has
| broken people's trust many times and come out just fine
| in the end because they are a huge company with many
| products participating in many markets. A small company
| like Beeper is dependent on a small user base and a
| significant breach of trust could easily spell the end
| for them.
|
| That said, I don't personally trust either of them. When
| it comes to matters of security, I prefer open protocols
| which can be proven to be secure over pinky swears from
| companies.
| dwaite wrote:
| Trust is generally something you build and lose, rather
| than something you are given by default. That reputation
| can be a massive asset or liability.
|
| The level of trust I currently give in Beeper is that
| identity verification happened such that someone could
| potentially be prosecuted for abuses after-the-fact.
|
| They have not built up a reputation, and in the face of
| potential scams or privacy abuses their reputation may
| not be as valuable as the user information they can gain
| access to.
|
| Small incidents can cause significant reputation harm to
| Apple, and those equate to billions of dollars lost in
| corporate value.
|
| Even the recent notification monitoring announcement
| harms their reputation, where the government itself
| mandated non-transparency. (For this reason, I somewhat
| expect they are trying to design an oblivious
| notification system, where role separation prevents a
| single intermediary from knowing both where a
| notification is from and where it is going to.)
| thomastjeffery wrote:
| Apple has done plenty to lose my trust, and very little
| to build it. But that's not really the subject at hand,
| though I do see where word choice is misleading here.
|
| You just brought up a better word: "liability". I'll go
| one step further: "attack surface".
|
| When it comes to security in software, we don't need to
| work with many unknowns. The unknowns we do work with are
| the attack surface. By presenting a greater domain of
| unknown behavior, closed source software effectively
| presents me (the user) a larger attack surface. Sure, I
| could _trust_ that the extra attack surface is actually
| covered; but I can 't _know_. With open source, I don 't
| have to trust, because I can know instead.
|
| If I am to choose between open and closed source
| software, then I am choosing between knowledge and trust.
| That is a completely different position than choosing
| between closed and closed: trust vs. trust. So long as
| any securely-designed open-source messaging app exists,
| iMessage is at a disadvantage in end-user security. Even
| if Apple can know for certain that iMessage's attack
| surface is not larger than an open-source alternative, we
| the users can't. Closed source software will _always_
| present a higher demand for trust.
| verandaguy wrote:
| > Since I have no control over iMessage, I would not consider
| it safe.
|
| Generally fair assumption. There's been some research (both
| positive and negative) around their E2EE claims, though AFAIK
| much of what's known about iMessage's E2EE guts has been
| learned through unofficial means. I think that for the vast
| majority of users, iMessage is probably _safe enough_.
|
| As a user, you have the agency to choose a messenger app that
| better suits your privacy/convenience balance, though in
| fairness, I think even among users who care about privacy,
| many don't know how to judge privacy features and
| implementation details well.
|
| Like others in this thread, I personally recommend Signal.
| It's widely available, easily usable, has been audited and
| researched a fair bit, and though it doesn't have a self-
| hosted option, it does have white papers out about its
| protocol which IMO are worth a read.
| Grustaf wrote:
| > Since I have no control over iMessage, I would not consider
| it safe.
|
| I would trust iMessage about 95% less if I had written, or
| even implemented, the protocols myself, and I consider myself
| a pretty good developer.
| CivBase wrote:
| If I'm expected to believe a messaging app is secure, the
| first thing I want is an open protocol. An open source
| client would be nice too, but honestly I'm fine with just
| the protocol.
|
| I do not need to have had a hand in developing any of this.
| It's not my expertise and, like you, I'd feel more
| comfortable having it developed by the experts.
| LordDragonfang wrote:
| (1) is exactly what that quote is pointing out. If Apple
| _actually_ cared about its users ' security, they _would_ see
| this as a gap, and would have addressed it already. The fact
| that they haven 't means that, despite all their posturing
| about being a security-first platform, they care more about
| lock-in and marketing than they do about user security.
| robertoandred wrote:
| An intentional gap? Or a bug that they've now fixed?
| Dylan16807 wrote:
| Fixing this bug leaves the gap intact.
| Grustaf wrote:
| It's a pretty indirect gap, since it has nothing to do with
| Apple's infrastructure, it's about users choosing to interact
| with users of non-Apple platforms using insecure means. There
| are dozens of secure cross-platform messenger apps that they
| could be using, and SMS is a legacy technology.
| georgespencer wrote:
| Putting aside that I count at least two glaring examples from
| this list[^1] in your reply, I suspect Apple would argue that
| it is in fact _solely_ preoccupied with its users' security:
| that's why iMessage is end to end encrypted and Apple does
| not offer 2FA / OTPs via SMS. Apple does not generally try to
| mitigate security issues which are beyond its control (e.g.
| non-Apple devices, protocols).
|
| [^1]: https://en.wikipedia.org/wiki/List_of_fallacies
| jeroenhd wrote:
| > and Apple does not offer 2FA / OTPs via SMS
|
| Last time I checked, Apple still used security questions
| any hacker can get answers to on Facebook. I'm not all that
| confident about Apple's approach to account security.
|
| Apple has the ability to control security issues on
| Android: they can release an Android app, like every other
| E2EE messenger out there.
|
| Apple _chooses_ not to, and it 's their choice, of course.
| It doesn't care about the privacy of it's non-users, and it
| doesn't care about the privacy of its users when they
| communicate with non-users. From what I can tell, it only
| cares if you stay within the Apple bubble.
| philistine wrote:
| Those security questions are now very much optional. I
| made sure to lock down my Apple account. If I lose either
| my password or access to all my devices, the only thing
| that can unlock my account is a long printed code or
| permission from a trusted family member. My account no
| longer has security questions.
|
| Apple is doing it optionally because they're trying to
| balance two opposing forces here: helping its users
| access a locked account, and giving users tightly locked
| accounts.
| georgespencer wrote:
| My points are narrowly related to the parent's assertion
| that Apple preventing Beeper Mini interoperability /
| allowing SMS is evidence of their convictions relating to
| privacy being hokum, but since you're not one of those 3
| month old accounts I see making specious arguments...
|
| > Last time I checked, Apple still used security
| questions any hacker can get answers to on Facebook.
|
| Apple's default for a number of years has been to use
| trusted devices IIRC. Their kb article on resetting a
| forgotten Apple ID password even suggests that it's
| better to wait until you're back with a trusted device
| than to immediately try to reset without one, suggesting
| that the process is somewhat intensive and perhaps
| subject to human review? I just kicked it off online and
| the first question _is_ to confirm an obfuscated cell
| phone number, but I can't imagine that after that it's
| mother's maiden name dreck?
|
| > Apple has the ability to control security issues on
| Android: they can release an Android app, like every
| other E2EE messenger out there.
|
| Which would thus expose them to security weaknesses of a
| device and OS they do not control, and potentially expose
| iPhone and iOS customers to increased risk should an
| Android iMessage user's phone have malware, or screen
| scraping, or keylogging, etc.
|
| > Apple chooses not to, and it's their choice, of course.
| It doesn't care about the privacy of it's non-users, and
| it doesn't care about the privacy of its users when they
| communicate with non-users. From what I can tell, it only
| cares if you stay within the Apple bubble.
|
| Nail on the head, but I do think that folks overstate the
| simplicity with which Apple could provide a comparably
| secure iMessage experience on Android.
| reaperducer wrote:
| _Last time I checked, Apple still used security questions
| any hacker can get answers to on Facebook._
|
| Check again.
|
| I recently reset a forgotten iTunes password. This
| required: - An email verification
| - An SMS verification - A verification code
| sent to another device on the account - A ten-
| day wait - Another second device verification
|
| That's 5FA authentication just to reset a password.
|
| The days of answering personal trivia questions to reset
| passwords are long gone.
| saintfire wrote:
| > Apple has the ability to control security issues on
| Android: they can release an Android app, like every
| other E2EE messenger out there.
|
| I'm surprised I haven't seen this mentioned more. They
| could even make a green (or whatever colour they wish)
| iMessage bubble to denote that it is not from an Apple
| device. Seems like it solves all the problems people
| present with E2EE/iMessage with Android interop. On the
| issue of spam, which I feel is just grasping at straws,
| You could allow blocking unknown non-Apple iMessages by
| default. Unless I am mistaken, this really only leaves
| the walled-garden as the thing that stops Apple from
| implementing something like this.
|
| In fact, you could even only allow Android iMessage
| conversations that include at least one genuine Apple
| device. This combats the argument that they shouldn't
| have to give resources away to Android users for free.
| This would be added-value to their own customers by
| providing more streamlined messaging with their Android
| contacts. Such as situations where group chats are forced
| to swap to MMS for a single Android user, sending
| pictures/video to a friend, etc.
| goosedragons wrote:
| They do offer 2FA via SMS. This is AFAIK the ONLY option
| for Android/non-Mac users. Why are those users less
| deserving of decent security? Apple still sells and offers
| services outside their platforms, so they're still
| customers potentially with hundreds or thousands of dollars
| worth of purchases and CCs attached. FFS Nintendo has
| better 2FA options than Apple for non-Apple platforms.
| georgespencer wrote:
| > Why are those users less deserving of decent security?
|
| Because they don't own an Apple device or have iMessage,
| which is the entire point of this discussion?
| goosedragons wrote:
| So Apple only cares about security for Apple platform
| users and not all users of Apple services? Such
| commitment to security...
| kevincox wrote:
| This is like making a car where the airbags only deploy if
| you hit another car of the same brand.
|
| Sure, if this car is super safe it may be better if both
| you and the other driver both had it. But it is clearly
| better to have airbags, even if the other car is less safe
| than it could be if it was from the first-party brand.
|
| It is one thing to not try to mitigate security issues
| outside their control and another thing to remove possible
| security because you don't control it entirely.
| 7e wrote:
| A third party client in iMessage allows for spam attacks, and
| (worse) malicious payload attacks. It's very much in the
| interests of security that Apple fence them out.
| danShumway wrote:
| I don't think it's at all clear that the approach you
| describe is working: https://www.wired.com/story/imessage-
| interactionless-hacks-g... (2019), https://www.forbes.com/s
| ites/daveywinder/2023/06/02/warning-... (2023)
|
| Of course, this is a hard problem. I'm not saying Apple is
| bad at security, many good messaging platforms run into
| these kinds of problems. But the way you fix these problems
| (and the way Apple in fact did fix the bugs above) was
| through patching their own software, not by trying to
| control what attackers can send.
|
| If security researches can send a malicious payload attack
| that compromises iMessage, the solution is not to make sure
| they can't send that payload (which would be impossible to
| guarantee anyway), the solution is to patch iMessage to no
| longer be vulnerable to that payload attack.
|
| One hopes that the only thing preventing your iMessage
| client from being compromised is not whether or not the
| attacker has a spare $1,000 lying around.
| api wrote:
| The longer term solution is to stop using memory unsafe
| languages.
| danShumway wrote:
| Regardless, when a buffer overflow happens, it's not
| reasonable to say, "well, we'll just make sure nobody
| sends us badly formatted or maliciously formatted data.
| As long as only iPhone users can send us data then we can
| trust it."
|
| The actual solution is to make the client/server not be
| vulnerable to malicious payloads that would cause a
| buffer overflow. Whether you do that by patching bugs
| individually or switching to a memory safe language, or
| whatever strategy is used -- "don't send our messaging
| platform bad data" isn't a security fix.
| pcwalton wrote:
| On macOS iMessage is scriptable in various ways (both
| officially supported and unsupported), so the security
| argument doesn't hold water to me. It's a business
| decision.
| maxlin wrote:
| Since apple has no control over your fire extinguisher, they
| sent a man to securely take it from your house and dispose of
| it. It could have been a bomb for all you know.
| vosper wrote:
| Except that the iMessage system belongs to Apple, not to you
|
| > The app doesn't connect to any servers at Beeper itself,
| only to Apple servers, the way a "real" iMessage text would.
|
| https://techcrunch.com/2023/12/05/beeper-reversed-
| engineered...
| georgespencer wrote:
| Do you really consider Apple's control over a proprietary
| protocol which they invented and maintain to be comparable to
| a scenario in which Apple "sends a man" to take "your fire
| extinguisher [...] from your house"?
|
| I've re-written this comment five or six times in an attempt
| to find the most charitable interpretation, but I just cannot
| comprehend how it made it through your filter and out onto
| the internet.
| iAMkenough wrote:
| There's an open standard they're refusing to adopt that
| would be more secure than forcing users back to SMS.
| Hamuko wrote:
| Are you referring to the one that they're adopting?
| georgespencer wrote:
| Apple is adopting RCS, but as far as I can tell your
| reply has nothing whatsoever to do with my comment.
| kamilner wrote:
| If you mean RCS, end-to-end encryption is not part of the
| standard, it is a non-standard extension supported only
| by the google messages app
| https://support.google.com/messages/answer/10262381?hl=en
| Rebelgecko wrote:
| Does RCS need E2E to be better than SMS when it comes to
| privacy/security?
| llm_nerd wrote:
| Yes, it does. RCS without E2E is following the SMS model
| and putting your telco in charge. It uses transport
| encryption but that is basically meaningless when every
| relay sees the entire contents of the message.
| Rebelgecko wrote:
| Does that mean Stingrays and just regular old SDRs can
| still pick up RCS messages?
| llm_nerd wrote:
| RCS uses transport encryption and I honestly have no idea
| if it uses cert pinning or server certs or the like. The
| bigger concern to me is that it puts your telco in
| charge, just like the old days of SMS. Without E2E they
| get to see all of the contents of messages and to share
| it with whoever they deem they want to share it with,
| which history has shown is too many people. Telcos were
| very willing partners in the development of RCS for a
| reason. And there's a reason the base spec doesn't
| include E2E. Telcos want a return to the good old days.
|
| SMS is insecure and no one should use it. RCS isn't that
| much better and history is a lesson that it returns to a
| partner that isn't trustworthy.
| NavinF wrote:
| Yeah anything that's not E2E encrypted is pretty useless
| for privacy/security these days. Might as well just use
| DMs on reddit, twitter, etc if you don't care about E2E
| dwaite wrote:
| IMHO profiled RCS is notably worse than SMS for privacy,
| because the vast majority of RCS servers are hosted by
| Google.
|
| SMS can be read but it is still at least somewhat
| decentralized. It isn't being funneled to a single party
| whose business model is profiling users.
| zem wrote:
| i am just flabbergasted that we are living in a timeline
| where the phrase "proprietary protocol" is a real thing
| NavinF wrote:
| Aren't most protocols proprietary? Every app builds their
| own on top of standard protocols like HTTP, TLS, and IP.
| Not all services are hostile to third party clients
| though
| zem wrote:
| well, there's proprietary in the sense of "not a
| standard" and proprietary in the sense of "no one else
| can make software that uses this protocol". the latter is
| very weird if you think about it.
| NavinF wrote:
| Eh not really that weird. Consider how Microsoft
| repeatedly reverse engineered AOL for compatibility
| reasons and AOL actively blocked their efforts with every
| update: https://youtu.be/w-7PjunSxLU
|
| Stuff like this happens all the time and the internet has
| always been like this. I'm sure older users will remember
| even older examples
| maxlin wrote:
| It's not a super serious comment, it's more about how
| ridiculous the tone of "We are doing this for YOUR
| protection" would be.
|
| On a more serious note though, in the end Apple absolutely
| has the power of increasing everyone's capability and
| security by doing something like setting up a playbook of
| how iMessage could just use Signal protocol and how other
| actors could join in, or really anything else but doing
| this.
| georgespencer wrote:
| > It's not a super serious comment, it's more about how
| ridiculous the tone of "We are doing this for YOUR
| protection" would be.
|
| Right now I can presume a basic level of device security
| across all iMessage threads I have. Beeper deranges that:
| E2EE is still there, but Beeper exposes my correspondence
| to device security weaknesses from other OEMs, malware,
| keyloggers, screen scrapers, etc. as a result of lax app
| marketplace security & privacy.
|
| It seems to me to be entirely disingenuous to suggest
| that Beeper _increases_ security: in fact, the opposite
| is true.
|
| > in the end Apple absolutely has the power of increasing
| everyone's capability and security by doing something
| like setting up a playbook of how iMessage could just use
| Signal protocol and how other actors could join in, or
| really anything else but doing this.
|
| I don't see why any company should be denigrated for not
| helping the users of another competing platform,
| particularly when doing so likely comes at the cost of
| increasing the risk to its own users.
| scatters wrote:
| Does Apple block imessage on rooted phones? If not, what
| level of device security do you really have?
| georgespencer wrote:
| In addition to explicitly prohibiting it as a violation
| of the iPhone EULA, Apple goes to extraordinary lengths
| to close the exploits which allow jailbreaking. Apple
| doesn't just block iMessage on rooted phones, it tries to
| prevent jailbreaking _outright_.
| PrimeMcFly wrote:
| It being a violation of the EULA means absolutely nothing
| lol
| lelandbatey wrote:
| If more users are sending encrypted messages over APNS
| instead of SMS (remember, SMS is effectively unencrypted
| plaintext), that sounds like the definition of "more
| security".
|
| Hmmming and hawing over "OEMs... and ...lax app
| marketplace security" seems like quite a high bar to
| hold, a bar so high it ceases to be useful. Remember,
| iPhone users can disable passwords on their iPhone
| entirely; if that's not something you ever worry about,
| then worrying about a minority of OEM's seems like mere
| pretext to keep your comfy walled garden all to yourself.
| maxlin wrote:
| The whole underlying point is that Apple will do anything
| to virtue signal when in reality they are making a
| decision on improving their profit regardless if it
| decreases security of its customers and other people. It
| is undeniable and silly to argue against.
| georgespencer wrote:
| > Apple will do anything to virtue signal
|
| Subjective, speculative.
|
| > when in reality
|
| I think you mean "when in my opinion".
|
| > they are making a decision on improving their profit
|
| Speculative, and "improving their profit" is clumsy
| enough vocabulary that it's a red flag on continuing to
| discuss this with you.
|
| > regardless if it decreases security of its customers
| and other people
|
| The plurality of countervailing perspectives in this
| thread - which you have failed to address or refute, as
| far as I can tell - ought to indicate to you that it is
| arguable that Apple's decision in this case _increases_
| security of its customers.
|
| > It is undeniable and silly to argue against.
|
| I'll let others judge who seems silly here.
| maxlin wrote:
| You know, one doesn't really even need to read the whole
| of your comment to know your way of "debating" is dead in
| the water. Take the argument as a whole. "Isolating"
| parts of it just makes you look like you're debating for
| flat earth or the like lol. "Red flag" rofl grammar
| police
|
| My point stays exactly the same. You haven't said
| anything real against it.
| cremp wrote:
| > a basic level of device security across all iMessage
| threads I have
|
| Is that really true though? Jailbroken phones, iMessage
| may still work. Any device security gets thrown out the
| window.
|
| You also can't expect everyone to have an Apple device
| for security, which we've seen time and time again SS7
| being weak - So is the requirement to remove SS7, for
| everyone to jump on the Apple train?
|
| I see Beeper as doing Apple a service, not so much a
| competing platform, but a gateway to the iMessage
| ecosystem - 'Hey, this would be pretty cool to use
| without this app and have it native' vs the 'Only Apple
| devices can use this.'
| georgespencer wrote:
| > Is that really true though? Jailbroken phones, iMessage
| may still work. Any device security gets thrown out the
| window.
|
| Apple closes exploits which allow jailbreaking, precludes
| it in the EULA. What more would you have them do?
| feitingen wrote:
| > Apple closes exploits which allow jailbreaking,
| precludes it in the EULA. What more would you have them
| do?
|
| Preventing jailbreaking is not a good thing, in part
| since that's what allows us to check on what Apple is
| doing on the device, in regards to privacy, security and
| e2e encryption. If nobody can check, do you suppose we
| just accept their statements about the device as fact?
| danShumway wrote:
| > comes at the cost of increasing the risk to its own
| users.
|
| iMessage using SMS to communicate with Android devices
| increases the risk to iOS users. Apple customers are
| still Apple customers when they communicate with Android
| users.
|
| Every risk you describe is still present in the current
| implementation of iMessage when communicating with
| Android users, except the risks are much greater because
| SMS is much easier to exploit and intercept than an E2EE
| protocol would be.
|
| A message platform that forces Apple users to use an
| insecure protocol when communicating with Android users
| decreases the security and privacy of Apple users.
|
| So even an imperfect implementation of real E2EE between
| Apple and Android users, even with all the risks you
| describe above, is still an improvement in security over
| what we have right now: a situation where Apple forces
| iMessage users to use to what is quite possibly the least
| secure communication method possible when communicating
| with their friends and family in different ecosystems.
|
| It's not necessarily about helping the users of another
| competing platform, _Apple users_ who are using normal
| iPhones are sending unencrypted and unsecured messages to
| their friends and family members because Apple is more
| interested in vendor lock-in than it is interested in
| making sure that its customers are able to communicate
| securely with their contacts.
|
| The idea that Apple users would suddenly stop caring
| about security or that they wouldn't want their
| conversations encrypted just because they're talking to
| someone else who's on an Android device is very strange
| to me -- it suggests that Apple is willing to sacrifice
| security for paying iOS users just to keep Android users
| from seeing any of the benefits of those security
| improvements.
|
| Yes, there may exist reasons to distinguish between
| locked down vendor-controlled devices where users do not
| have the autonomy to change device settings that could
| damage encryption, and devices where users do have that
| autonomy. I understand that concern, even if I think it's
| usually disengenous. But there is really no reason and no
| excuse (especially now that we know how easy it would be
| for Apple to take its encryption multiple-platform) for
| going beyond distinguishing between those devices, and
| going so far as to actively drop all security measures
| and all encryption from those conversations. It's like
| saying that because a window can be broken we might as
| well take the door off of its hinges and put up a
| "burglars welcome" sign -- and, incredibly, it's claiming
| that anyone who tries to replace the door without
| permission is somehow _decreasing_ security. Apple doesn
| 't just distinguish between controlled and uncontrolled
| environments, it removes the door entirely by dropping
| its users into a messaging format with no end-to-end
| encryption at all. It's a bad policy that hurts Apple
| users and decreases their safety.
| willseth wrote:
| What? Does a fire extinguisher connect to Apple servers? Does
| a fire extinguisher secretly being a bomb affect the security
| of others? I don't know if you could have come up with a
| worse metaphor.
| jrflowers wrote:
| If you think about it, blocking an app and stealing your
| fire extinguishers are both actions that a person or
| corporation could theoretically do. Since they are both
| actions, they are equivalent. Therefore blocking an app,
| burning down your house, baking a pie, writing a sonnet,
| doing a backflip are all the same thing.
| willseth wrote:
| Ahhh and to think all this time I thought I knew what a
| metaphor was. It's literally any comparison! Silly me!
| jrflowers wrote:
| It's spooky. If you think about it if Apple can block an
| app what is to stop them from breaking into your garage
| and modifying your car to talk like KITT from Knight
| Rider but instead of being helpful it makes mean remarks
| about your clothes that make you cry?? What if Apple
| filled your refrigerator with concrete? They could build
| a brick wall in front of your house and paint a replica
| of the outside on it so you run into it like a looney
| toon!
| willseth wrote:
| Shit. E2EE encrypting my refrigerator brb
| JumpCrisscross wrote:
| Really, your comment is equivalent to a black hole or
| pomegranate, since they're all things.
| willseth wrote:
| I didn't even realize my mind could expand to this level.
| JumpCrisscross wrote:
| It was always that level! Those are both things too!
| willseth wrote:
| Ok giving up software to become a monk now.
| ysofunny wrote:
| It's a new more advanced fire extinguisher that is 'smart'
| and has a touchscreen and it smells really nice* and what's
| even better,
|
| it's going to become illegal not to have one in california!
| so you better invest NOW!!!
|
| go to double U double U double U blah blah blah dot yadda
| yadda yadda
|
| *full disclaimer, this technology is patent pending**
|
| **doubly full disclaimer, "patent pending" in the sense
| that the invention is still to be invented, the panel of
| experts said 20 (more) years!
| maxlin wrote:
| It does work as a metaphor because if Apple could force you
| to use their iExtinguisher and ban others they absolutely
| would, with the argument that they are improving fire
| safety.
| echelon wrote:
| It's time that we as an industry push back against Apple and
| Google.
|
| The smartphone is the single most important device for modern
| life and society. It's news, photos, communications with
| loved ones, work, entertainment, food, paying for practically
| everything...
|
| And it's just two companies. Two companies with an iron grip
| over such a wide and diverse set of functionalities that,
| taken together, should be as inalienable as free speech.
|
| - They control what you can put on the devices (or in the
| cases where they're open, they _scare you_ or make it
| exceedingly difficult).
|
| - They tax all innovation happening on the platform. Because
| web is second class. If you build an app, you have to pay for
| ads against your own brand. You can't have a customer
| relationship (yet Google and Apple get that). You have to
| keep up with their release cycles on their timeline. They can
| deny you or ban you at any point. They take 30% of your
| margin. You're forced to use their billing. In many cases,
| they actively develop software that competes with you.
|
| - They're extremely user hostile. The devices aren't easily
| repairable, the batteries force upgrade cycles, and they do
| stupid things that make your kids want to buy the most
| expensive model for clout. Green and blue bubbles, etc.
|
| - On top of this, they're gradually eating away at every
| related industry. The music industry. The credit cards and
| payments and finance industry. The film industry. It's all
| getting absorbed into the blob that is the locked down
| smartphone.
|
| - They turn their devices into "CSAM detection dragnets"
| (read: five eyes, US, China, and every other entity that
| wants to surveil).
|
| This is fucking absurd and it needs to stop.
|
| We need more than two device and platform manufactures.
|
| Apps should be at least one of: (1) portable, (2) freely
| installable from the web without scare tactics, (3) web
| should be first class / native
|
| The device provider shouldn't be able to use their platform
| play to maintain dominance. The cost of switching should be
| zero until there are enough new peer-level competitors.
|
| I could keep going... the status quo is a tax on the public,
| a tax on innovation, and a really overall unfortunate
| situation.
| fsflover wrote:
| The alternative phones outside the duopoly exist.
|
| Sent from my Librem 5.
| nvy wrote:
| Have Purism solved the problem where it will randomly
| burn through an entire battery charge in an hour?
|
| That basically makes it a non-option for the overwhelming
| majority of people, and it was still an issue 6 months
| ago.
|
| I really want to like the Librem but it's hard to justify
| the price tag when you're going to have to carry another
| phone around with you anyway.
| Hackbraten wrote:
| I use a Librem 5 as my daily driver without carrying a
| second phone around.
|
| The battery thing is not an issue for me in practice. I
| carry a spare battery (they're swappable), but I never
| actually need it because there's USB-C chargers
| everywhere I go, and I made it a habit to plug it in
| whenever I can.
| nvy wrote:
| Look, no offense but it sounds like the battery thing
| _is_ an issue for you in practice, as evidenced by the
| fact that you carry a spare battery and plug it into a
| charger multiple times per day.
|
| A phone should adapt to your lifestyle. You should not
| have to adapt your lifestyle to your phone.
| fsflover wrote:
| Linux phones can't benefit from 10 years of software
| optimizations for the battery life, so yes. However it's
| good enough for non-heavy usage already.
| fsflover wrote:
| I don't have such issue. The battery is sufficient for
| one day unless I use the phone heavily.
|
| Edit: Actually it did happen when I opened a Firefox tab
| with a heavy js and left it open with deactivated
| suspend, which you shouldn't do on any phone (and even
| then it's more than a couple of hours).
| rezonant wrote:
| Agreed with all of this. I'm happy to see others who care
| about these issues- all too often on HN that's not the case
| :-\
| chx wrote:
| > They take 30% of your margin.
|
| that would be nicer than the current situation where they
| take away 30% of your revenue
| WWLink wrote:
| It's really not just two companies trying to pull this
| bullshit. Microsoft and Samsung also try to do the
| "ecosystem" bullshit. If you try to use a streaming music
| service other than Spotify, you'll eventually notice almost
| all social media has an exclusive connection with Spotify
| to do things like share "now playing" songs or your
| playlists or whatever. Retail companies tried to force
| everyone into their payment platform lol. Banks try to
| force you to only use iOS or locked-down android distros.
| (Some are even deprecating their desktop websites and
| forcing you to download the app now, apparently).
|
| There's also the mountain of 'mobile first' (aka mobile-
| only) garbage out there, and stuff that is nerfed on mobile
| unless you download the app (so they can squeeze telemetry
| out of you).
|
| Don't get me wrong, I'm not defending Apple or Google - far
| from it - but I'm saying there's a lot of real crap going
| on in tech right now.
|
| To be fair, I am a curious person and use both android and
| iOS. I use onedrive and (sigh) icloud for storing photos.
| On my android phone, I can actually have it sync pictures
| to onedrive and nowhere else (and it'll free up the
| storage, even! I think...). On iOS it either fills your
| phone up and then nags you constantly to manually delete
| pictures, or you use iCloud. There's no other choice.
| CharlesW wrote:
| Keep in mind that this is spin -- Erik's statement is
| ridiculous, and he knows it. To think that Apple would somehow
| not treat Beeper like any other bad actor hacking iMessage
| protocols is delulu.
| Grustaf wrote:
| Sure, that's fair. But if he knows that, why spend the time
| to build this app in the first place? Is it a marketing play?
| It did buy them a whole lot of attention.
| lisper wrote:
| > It did buy them a whole lot of attention.
|
| Ding ding ding! We have a winner!
| pjz wrote:
| Besides the obvious attention play, he might be going for
| an acquisition play... "Why bother writing our own iMessage
| for Android when we can just buy this little company that's
| already done it?" There's obvious issues with that plan,
| but that doesn't keep delusional founders from being
| delusional.
| paulryanrogers wrote:
| Apple chose not to support Android on purpose. They know
| iMessage exclusivity drives hardware sales. The emails
| have come out proving as much.
|
| It's the same reason they dragged their feet supporting
| RCS, until regulatory pressure started mounting.
| cyanydeez wrote:
| exclusivity is all Apple runs on after it's tech succeeds
| politician wrote:
| As much is apparent to anyone who has used Xcode or has
| encountered the special appeals process behind the
| official appeals process behind the ostensibly fair and
| evenly-applied public AppStore review process.
| AlexandrB wrote:
| > They know iMessage exclusivity drives hardware sales.
| The emails have come out proving as much.
|
| I find this incredibly hard to believe. And just because
| the Apple marketing department believes something is
| true, doesn't make it so.
|
| Maybe I run in a weird crowd, but I've never met anyone
| who cares whether "text messages" are delivered over SMS
| or iMessage. In general most messaging I do happens over
| Signal, WhatsApp, Discord, or (in a few unfortunate
| cases) Instagram messenger.
| paulryanrogers wrote:
| Hard for you perhaps. Disclosures from the Apple v Epic
| litigation indicate it's true.
|
| https://www.thurrott.com/apple/248931/apple-didnt-bring-
| imes...
| vagrantJin wrote:
| I must be an idiot. Never even heard of iMessage before
| this debacle - I wouldnt even know I was using it.
|
| On a more serious note regarding the Hardware sales-
| Apple inc does not make that much profit based on "what"
| they sell, its "who" they are selling to.
| Cyberdog wrote:
| iMessage is the former name for Apple's Messages app on
| macOS and iOS. Some people still use the former name as
| it's a bit more distinct than the current name and/or
| it's what they're used to. See also iTunes/Music and
| iCalendar/Calendar, or people who still call macOS "Mac
| OSX/MacOS X/MACOS X" and so on.
| skygazer wrote:
| iMessage is Apple's proprietary chat protocol. It's still
| named that -- for instance in iMessage apps and iMessage
| stickers. "Messages" is the current name of the user
| facing app that speaks both iMessage and SMS, which was
| formerly named "Text" when it just used SMS. I think
| you're thinking of the defunct iChat message client on
| macOS.
| zarzavat wrote:
| Actually not quite. iMessage is the protocol/service used
| by the Messages app to communicate between two iPhones.
| Conversely when you send a message between an iPhone and
| any other kind of device it uses SMS.
|
| It's possible that the GP is unfamiliar with iMessage
| because they don't live in NA. I have neither sent nor
| received an iMessage for several years. I use the
| Messages app for receiving SMS OTP codes only and pretty
| much nothing else.
| threeseed wrote:
| They didn't spend much time building this feature.
|
| It was an acquihire involving a 16 year old who was doing
| it for fun.
| singpolyma3 wrote:
| Except they didn't hire him? He gave them some kind of
| info about the sms verifications, which they then had
| their devs implement.
| selectodude wrote:
| The Github page for the iMessage hack said something
| about Beeper "acquiring" it. Not entirely sure what that
| means in practice since it was open source code on
| Github.
| kyawzazaw wrote:
| They contracted him
| dylan604 wrote:
| But what kind of attention did it garner? Now, we all know
| that these folks are pretty delusional. They spent time
| developing an app that everyone except them knew was not
| long for the world. A rational company would realize that
| it wouldn't live long enough to recoup any money. Releasing
| such a still born product doesn't make me feel warm and
| fuzzy about it. Hell, Google releases products that live
| longer than this.
| SCM-Enthusiast wrote:
| Continue to watch this space, remember - He created the
| pebble. The cost of this "Experiment", to put forward a
| point at a super simple level. reverse engineering
| architecture and providing a service on top of this would
| be a huge space, if it were allowed.
| ysofunny wrote:
| but the real problem some of use have with Apple's behavior
| is the real underlying reasons they're doing this
|
| I am reasonably sure that their main driver is profit which
| really means exploitation of people;
|
| I consider their public arguments lies made up to cover up
| the fact that what they account for as profit comes from what
| are in the end some really ugly historical and traditional
| imperialistic (colonial, neocolonial, and occulted) practices
| threeseed wrote:
| > I am reasonably sure that their main driver is profit
| which really means exploitation of people
|
| Just wondering if you've forgotten what site you're on.
|
| This is YC which exists to build companies whose main
| driver will always be profit.
| singpolyma3 wrote:
| There are companies who have come out of YC who have main
| drivers other than profit.
| meindnoch wrote:
| Yeah. E.g. cashing out and leaving the business to
| bagholders.
| ysofunny wrote:
| that's not an example (exampli gratia)
|
| that's the generalized pattern
| anomaly_ wrote:
| so buy/use something else?
| KerrAvon wrote:
| > I am reasonably sure that their main driver is profit
| which really means exploitation of people;
|
| What phone do you use that does not have the same issue?
| theshackleford wrote:
| I'm poorer for having read this unsubstantiated drivel.
| JumpCrisscross wrote:
| > _reasonably sure that their main driver is profit_
|
| As opposed to Beeper?
| foobiekr wrote:
| Spam. Spam is the reason and the Beeper guys know it.
| doctoboggan wrote:
| My guess is Beeper calculated this was likely to happen
| eventually (maybe not this fast), but that they would get good
| press on the initial launch and on the shutdown announcement and
| that press would be worth the technical investment they made.
| They do have a different service they still offer and some
| percentage of people are looking at that now.
| evbogue wrote:
| Yah, this is a great runway to launch a chat app with real
| encryption.
| jeroenhd wrote:
| They already sell a wide ecosystem based on Matrix. The whole
| point of this app was to connect without relying on Matrix
| bridges.
| etrautmann wrote:
| I find this a bit confusing though. It seems like this was an
| inevitable outcome, but what do they gain from this technical
| investment aside from exposure. Their website doesn't steer
| users to anything other than the now cut-off Beeper mini?
| MBCook wrote:
| Exposure is something. The fact the developer had the chops
| to do this is now on the public record. That could be very
| valuable for getting a job or a college scholarship (since
| they're in HS).
| yellow_lead wrote:
| Are you referring to the developer of the GitHub project
| they bought or the Beeper Mini devs?
| MBCook wrote:
| Were they not the same person? You're right that doesn't
| make sense.
|
| The GitHub developer I guess. Still his project got
| noticed because of all of this so it still sort of fits.
| iKlsR wrote:
| I did something similar, built an entire app around an
| undocumented developer api, got a lot of users and then
| ended up in a good enough position to find out there was a
| "hidden" official api for sale and it opened a lot of doors
| as well even to the same site had gotten it from. For
| someone as young as that with nothing but time, I'm sure
| they knew the outcome and it blowing up was probably more
| than they could ask for.
| MBCook wrote:
| Anyone who has paid any attention to Apple knew this was
| gonna happen relatively fast.
|
| Doesn't mean it wouldn't be an awesome project to do. I
| don't blame them one bit. It's an awesome achievement.
| lolinder wrote:
| What do the Beeper investors get out of the kid having
| better job prospects? I don't think anyone is questioning
| that the whole situation has been great for the kid, the
| question is what the Beeper execs were thinking.
| KomoD wrote:
| They have another product, Beeper Cloud, does the same thing
| + includes a bunch of other messaging services but (as the
| name implies) runs in the "Cloud"
| okdood64 wrote:
| Wait, how do they run cloud with iMessage?
| dlazaro wrote:
| They send your Apple credentials to a machine (possibly
| virtual) that runs macOS, which sends and receives
| messages. Those messages get relayed through Beeper.
| aftbit wrote:
| Why? Because they could!
| sgjohnson wrote:
| > from this technical investment
|
| What technical investment? They bought an open-source project
| from a high-school student.
|
| Beeper Mini is an app they would have built anyway. They
| simply implemented the bare minimum of iMessage functionality
| there. Which is a couple of days worth of work, maximum.
| Maybe a week. And some for testing.
|
| I'm somewhat certain it cost them less than 5 figures. And if
| it did, what a great marketing campaign. I had no idea what
| Beeper even was before this whole fiasco.
| manmal wrote:
| More like a few weeks to months since there's also emoji
| support and endless scrolling etc, but yeah. I agree it's
| doable by one developer and that's quite affordable to do,
| considering the scale Beeper is at now.
| lolinder wrote:
| I still have no idea what Beeper is, because beeper.com
| only talks about Beeper Mini. I'm getting from some people
| here on HN that there's another product... somewhere... but
| if the purpose of the whole exercise were to draw attention
| to that product shouldn't they be _doing that_ somehow?
|
| As is all I know about is the chat app whose primary sales
| pitch is the now-broken iMessage interop.
| rezonant wrote:
| Bottom of the page, click Beeper Cloud. They signalled
| that they want to move all of Beeper Cloud's features to
| Mini eventually and just call it Beeper.
|
| https://www.beeper.com/cloud
| willseth wrote:
| Agree. It shows off their technical chops and gets a lot of
| press attention and goodwill for their target market of Android
| users who mostly don't like Apple.
| LeafItAlone wrote:
| That seems like a possibility. But if I was a user (and I am
| admittedly not), I would be _less_ likely to continue with
| their services after something like this. This experience would
| not instill confidence in me that any of their services would
| be stable.
| neilv wrote:
| Of course, open standards are part of the answer.
|
| Even if Apple would permit something like Beeper Mini for now,
| that would not only relieve demand for actual open standards
| efforts, but also put more people at the mercy of Apple.
|
| (This is not a new idea. For example, every time I see another
| open source project push people to Discord for
| support/discussion/community, I make a big sad and disappointed
| face.)
| 123sereusername wrote:
| Why not just use signal?
| wffurr wrote:
| No one is stopping you and everyone you know from switching to
| Signal.
|
| You can even use Beeper (Cloud) as a client if you don't mind
| using a relay. They also had plans to extend Beeper Mini to
| support Signal and other e2e encrypted chat apps with no relay.
| mrweasel wrote:
| This comes up in just about any conversation regarding
| iMessage, and it's pretty out of touch with the real world.
| Apple backed iMessage into the same app that does SMS, so you
| can't not use that app, SMS is still relevant. So iPhone users
| are going to use that app. Now imagine that 90% of your friends
| and family use iMessage, but not by some deliberate choice, but
| because they just view it as fancy text messaging. How on earth
| are you going to convince all those people that they should
| download Signal, WhatsApp or Telegram? The answer is that you
| don't. You might get a few people who already use Signal to
| start contacting you that way, but the rest... they aren't
| going to install yet another app just because you don't like
| iMessage, and when SMS still works just fine. But now you're
| excluded from all group chats and videos or largish images.
| blindriver wrote:
| As someone in tech, I think it's awesome they were able to find a
| way into iMessage.
|
| As an iPhone user, I hate the idea that spammers can now use
| iMessage, and I'm glad the service was taken down.
|
| Both things can be true at once.
| makeitdouble wrote:
| Won't spammers just continue using the macos bridged other
| services instead of the direct to Apple way ?
| MBCook wrote:
| What do you mean? There are no services bridged to iMessage.
| 1123581321 wrote:
| He refers to Mac apps like AirMessage that relay
| information from iMessage's SQLite database or control the
| screen, and are connected to a messages app on Android.
| tredre3 wrote:
| Beeper Cloud, their other product, does exactly this...
|
| https://help.beeper.com/en_US/chat-networks/imessage
| mh8h wrote:
| If they have to use real Apple hardware, and those devices
| are blocklisted by Apple when the spam is reported, spamming
| stays cost prohibitive.
| nomel wrote:
| I also assume there are iMessage rate limits in place, that
| if exceeded, trigger some analysis. If that's true, then
| hardware costs would also be proportional to rate.
|
| I suspect there's some dark market for broken iPhones, and
| perhaps some rate limit for activations within a city
| block/building. The last time I had iMessage spam was years
| ago, so maybe it's not so practical.
| lotsofpulp wrote:
| The first time I received iMessage spam was Aug 22, 2023
| from +1 626 453 4929. And the second time was Oct 11,
| 2023 from edgardonikko@gmail.com trying to get me to
| click a link to malware.
| jeroenhd wrote:
| With how many "rent a mac mini stuffed in a datacenter"
| services are out there, I wonder how cost-prohibitive
| blacklisting specific devices really is.
| sdfhbdf wrote:
| If a serial number of the mac mini is blacklisted by
| apple from registering for example with apple updates or
| any other apple connected services, then probably it's in
| datacenters' best interest to keep spammers out of them.
| aeyes wrote:
| Cutting anyone off from security updates is a step too
| far.
| xyst wrote:
| Spam is not really an issue. For me, it just goes to the
| "Unknown Senders" tab. No notification, so I am not bothered.
| Occasionally check it if I am expecting a message from a random
| number.
| cqqxo4zV46cp wrote:
| Not really an issue for you. There are plenty of people for
| whom this is not viable.
| Arch485 wrote:
| but... Spammers can still message you via SMS? In either case,
| they just need to get your phone number. SMS vs iMessage
| doesn't make much of a difference.
| lotsofpulp wrote:
| The difference is that spam is so rare on iMessage that the
| blue color message has the trait of being more trustworthy.
| In 15 years, I have only received 2 blue message, both within
| the last few months.
| bastard_op wrote:
| I knew that was going to happen, it's become a status symbol of
| like good vs. bad, the blue vs. green.
|
| Its become like a racial slur the blue vs. green, and that's
| exactly what Apple wants to sell cellphones. You can't contact
| the cool kids until you have a blue bubble, that means you're
| like, cool or something. You can message me if you can afford an
| iphone apparently.
| meepmorp wrote:
| > Its become like a racial slur the blue vs. green
|
| Take a moment to say this out loud to yourself, so you can hear
| how fucking ridiculous it sounds. Notwithstanding the
| trivialization of actual racism, it's just a throughly silly
| statement.
| z7 wrote:
| This is a wake-up call. It's high time we demand open-source
| messaging standards across all platforms. Imagine a world where
| communication isn't dictated by corporate interests but by user
| needs and innovation.
| madeofpalk wrote:
| There actually a bunch of competition for messaging apps, which
| put forward user needs and drives innovation though.
| schrodinger wrote:
| Apple is probably the company that most has my interests at
| heart: they're very privacy focused, masterful at encryption
| and making it simple, and makes products I love.
|
| Do you really think they're the worlds most valuable company
| because of "corporate interests" and not because people like
| their products?
| doublerabbit wrote:
| > Apple is probably the company that most has my interests at
| heart: they're very privacy focused, masterful at encryption
| and making it simple, and makes products I love.
|
| Apple is a business, they have no users interests at heart.
| They may be very privacy focused, and maybe masterful at
| encryption but for sure they do not make products I love.
| Their instant change of UI, forceful updates and
| territoriality behaviour are some of the toxic behaviours
| that drive me mad.
|
| As the same of Google. After Google banning my email for
| "non-inclusive" reasons wolfcub@gmail.com when I was 17, I
| will never return.
|
| So within mobile, while only real alternative is Apple. Apart
| from my computer which is FreeBSD which will soon to be Haiku
| once it matures. I just couldn't get everything working with
| OpenIndiana and how I wanted it to be.
| schrodinger wrote:
| We can all have our preferences. But I love having a very
| fast laptop that lasts 18 hours on a single charge, for
| under $1,000, with a high-dpi screen. My Macbook Air M1 is
| a product I and a lot of people love.
| doublerabbit wrote:
| I'm sure, and I'm not one to launch flame at those who do
| love. If it works for them, great! I'm glad those find
| pleasure in them. They have pros/cons, as does cloud
| services which stems off for me in to another dislike.
| I'm used to my own ways, as everyone else is.
|
| There's not much else I can say to the discussion but
| just wanted to reiterate my point that I'm not hating
| others for the reason but just disliking for the reasons.
| I've never been a laptop fan.
|
| With awkward hands, handheld consoles, controllers,
| laptops have never jelled for me. Yet constantly
| disappointed for that they've have never been taken
| catered for. As VR with glasses, Netflix non-continuing
| content I enjoy; everything I seem to enjoy just
| vanishes. Sad, as after experiencing tech at such a young
| age with so much potential; for it to be regurgitated to
| how it is, singular devices makes it depressing.
|
| I must be a niche but I just assume companies have to
| cater to the majority, for which I'm not one.
| schrodinger wrote:
| I was only giving an example of an Apple product that _I_
| love, and can just as easily described my iPhone, except
| I think and Android is probably just as good, or very
| close, where the Macbook Air's leaped ahead of
| competition.
|
| But anyway, this is only _my_ beloved product, and I
| certainly hadn't even considered a disability that would
| get in the way, and apologize for my ignorance. I hope
| you can find some setup that works well for you
| specifically that you end up loving :)
|
| Truly sorry--certainly didn't mean to offend.
| doublerabbit wrote:
| Oh, no offence taken at all. If anything it's something
| I've been willing to express found the right time to
| comment.
|
| I'm not psychically disabled as I have no deformities,
| have fingers which work but it just seems that any
| portable device I use gives me hand cramps or just not
| enough room to flow.
|
| It would just be nice for the factory default to just be
| usable. Thank you.
| schrodinger wrote:
| Btw I can totally understand your point. If I wasn't happy
| with the choices that Apple "made for me" I'd be on your
| side here. And getting blocked for that gmail address is
| ridiculous! Just trying to find common ground--I think
| you're reasonable for disliking Apple for blocking an
| other-platform iMessage clone, but I also understand some
| logical reasons for it and am ok with it. I hope that we
| can all have our preferences without hostility (not that
| I'm accusing you of it, but these convos often degenerate
| into it imo).
|
| Hope you're having a great day :)
| sbuk wrote:
| > _It 's high time we demand open-source messaging standards
| across all platforms._
|
| What, like this https://github.com/signalapp?
|
| The only thing holding this back are end users. Not
| corporations or governments. A safe, vetable 'standard' exists,
| it just needs ratifying by a standards body. It is available
| cross platform and is free of charge and free-as-in-beer
| (mostly AGPL I believe).
|
| Messages app exists to send SMS, MMS and soon RCS. Apple
| developed a convenience feature that allows users to send
| enhanced messages to other users of the platform. Since the
| platform is successful and has had compelling and useful
| features added, it has found popularity in territories that
| traditionally had free or cheap SMS bundles. The rest of the
| world didn't have this golden noose and settled on other
| platforms (WhatsApp, FB Messenger, Telegram, Line, WeChat,
| Signal, Viber, etc...) _across all platforms_.
|
| Edited spelling/layout.
| greyface- wrote:
| Signal isn't a protocol; it's a centralized service that
| wants you to use their official client only. The Signal
| Foundation gets weird and starts making trademark threats
| whenever someone makes moves towards interoperability (see
| e.g. https://github.com/LibreSignal/LibreSignal/issues/37#iss
| ueco...).
| foobiekr wrote:
| It isn't weird, its completely straightforward why this is
| a problem.
| globular-toast wrote:
| Nope. You can't blame uses for this. The reason we have
| governments at all is because individuals all operating
| independently cannot get out of local optima like this
| sbuk wrote:
| I can and I did - installing alternatives is easy, as is
| using them, as proven by literally the rest of the world
| oustside of North America. In fact, _free and open_
| alternatives exist.
| MBCook wrote:
| Tell me when Facebook Messenger, WhatsApp, Line, WeChat, and
| all the others are opened.
|
| Oh right. No one cares. Apple's iMessage is the only one a
| large number of people seem to care about.
|
| I've never seen anyone call for opening the others. But Apple?
| Constantly.
| StressedDev wrote:
| One thing which is really confusing is why are Android users
| obsessed with iMessage? Android users can send text messages to
| iPhones, the can call iPhone users, and they can use third party
| messaging apps to communicate with iPhone users.
|
| It really isn't clear to me why so many people are so angry they
| cannot use iMessage on Android.
| LordDragonfang wrote:
| Because I want the pictures and videos my iPhone-using parents
| send me to not be crunched to shit, and I'm not going through
| the effort of teaching non-technical users to use a different
| messaging client. Same with the group chats that my partner's
| extended family keep including me in.
| MBCook wrote:
| Apple announced RCS support. That will provide what you want.
| LordDragonfang wrote:
| Right, but that's likely not coming out for another year
| yet, and requires everyone involved to update their phones
| (yet another hassle for non-technical users, they will put
| updates off for as long as they can). As the quote in the
| article says, Apple clearly recognizes the issue, and
| beeper mini fixes it _now_ , not "at some point in the
| future".
| cqqxo4zV46cp wrote:
| Getting someone to update their iPhone is a matter of
| them not actively dismissing iOS's repeated attempts at
| updating itself. This isn't a good-faith argument.
| badwolf wrote:
| I've personally found Apple users are some of the
| quickest to install updates/upgrades in bulk/mass.
|
| I think one of the key reasons, other than apple sending
| push notifications that it's going to automatically
| install overnight, is they bundle candy/goodies to entice
| users to update asap - Want the new emojis so your
| friends stop sending you scary black boxes with an x over
| it? Update now.
| MBCook wrote:
| You know that's a great question. I've never thought to ask
| that but boy does it seem to come up a lot.
| jgaxn wrote:
| The iPhone user experience for messaging with Android users
| (especially MMS) is awful and the Android users in the group
| chat get blamed for it. Having blue text bubbles show up when
| someone texts you can be seen in some circles as a status
| symbol.
| cqqxo4zV46cp wrote:
| Let's be clear here: Apple not yet implementing RCS aside,
| the experience is horrible because SMS/MMS are horrible.
| mission_failed wrote:
| I can send the same mms from Android to Android and Apple
| recipients and they receive the same media. Yet sending
| from Apple to both the Apple users get good quality and
| Android Apple deliberately sends pixelated rubbish.
| MBCook wrote:
| Apple to Apple is not MMS.
| increscent wrote:
| I recently switched from Android to iOS just for iMessage. SMS
| is quite unreliable even in 2023. SMS messages don't have the
| same delivery guarantees as IP-based messaging services. And
| often I have internet access, but spotty cellular service. The
| thing that pushed me over the edge was that my carrier happened
| to block all my SMS for a day. I only found out about it later
| in the day, after I had missed many (unrecoverable) messages.
| To avoid this, I could either blindly trust some other carrier,
| or use IP-based messaging. In my area, all my friends use
| iMessage. Ideally, people would use Telegram, WhatsApp, or even
| Matrix, but they don't. It's not uncommon to leave someone out
| of a group chat just because they don't have iMessage--the
| alternative is a subpar MMS experience. At some point, I'll
| probably buy a cheap Mac Mini and run BlueBubbles, but for now
| it's nice to not have to worry about messaging reliability, and
| I get the added bonus of being able to Facetime my family
| members, who all use iOS.
| girvo wrote:
| FaceTime is the real lock-in service for me. I use it for all
| my video and most of my audio calls, it's second to none in
| terms of reliability and quality. I wish that was accessible
| from my work laptop!
| HKH2 wrote:
| I don't get why Americans cling so dearly to SMS.
| inoop wrote:
| As a European living in the US, it's been baffling to me.
| Everywhere else in the world people use WhatsApp, Telegram,
| Signal, etc. This iMessage green/blue bubble nonsense just
| isn't a thing outside the US.
| rtkwe wrote:
| Apple has 56% of the US market compared to just 36% in
| the EU, afaik the number gets even higher as you go
| younger so the clique-iness is a lot stronger.
| noirbot wrote:
| I mean, isn't this just trading one bad monopoly for
| another? It's weird to me that everyone's like "oh, the
| backwards US where they gave in to the Apple monopoly. We
| enlightened rest of the world use Facebook's Whatsapp
| like real free people".
| iforgotpassword wrote:
| Yes, but at least you get the same experience on every
| device with the other monopolies.
| HKH2 wrote:
| WhatsApp doesn't pressure people to buy another phone.
| Also, encryption is important.
| Pulcinella wrote:
| My understanding is that unlimited SMS text messages have
| basically been included free with cellphone plans in the
| US for a very long time while that's generally still not
| the case in Europe. So there hasn't been a need to find a
| cheaper way to send messages.
| JeremyNT wrote:
| This thread basically sums it up:
|
| * Apple is really popular in the US
|
| * Apple users tend to rely heavily on Apple's default
| applications
|
| * Apple's messaging app is the default, and works fine with
| other Apple devices, but sends shitty SMS or MMS to non-
| Apple devices
|
| SMS would disappear tomorrow if Apple adopts RCS.
|
| And if they allowed iMessage clients on other platforms,
| they could corner the entire messaging market.
| throw310822 wrote:
| I don't understand, why don't you _force_ them to use
| Whatsapp (or Signal, or whatever) to contact you? Get an app
| that rejects by default SMSes coming from certain numbers.
| They want to text you at all? They need to use Whatsapp,
| otherwise they can go fuck themselves. (It worked for me when
| a friend wanted to force me to contact him on Telegram rather
| than Whatsapp- I resisted for weeks but at the end I gave
| in).
|
| Once you automatically reject SMSes from those contacts, such
| that _you don't even know_ they 're trying to contact you,
| the ball is entirely in their park to take action.
| Raicuparta wrote:
| I don't use SMS myself but in this case it sounds like I'd
| be better off just not being your friend.
| throw310822 wrote:
| Sounds like you'd prefer to keep inflicting to me and to
| yourself a degraded experience rather than making the
| tiny, one-time effort of installing a free app. Because
| that's the whole point of this issue: the fact that you
| can still get what you want (reaching me) is what
| prevents you from making the smallest effort to make both
| our lives better and easier. And I also don't expect my
| friends to behave like that.
| doubledash wrote:
| Is this a legitimate question? No one is going to download
| an app and use it to message one guy.
| throw310822 wrote:
| No one? I did. Normal, if you really care about that guy.
| In any case, the app is free, what does it cost you?
| Plus, the more people do it, the easier is for everyone
| to move to an app that works for everyone.
| ciabattabread wrote:
| Fashion statement
| haswell wrote:
| An android user in an otherwise iMessage only group chat tends
| to mess things up. Those Apple users tend to get frustrated by
| it and group chat exclusion is a real thing.
|
| It's less about a specific feature set and more about inclusion
| and acceptance from/by peers.
|
| This is especially prevalent among the younger crowd. Think
| high school group dynamics playing out with phones.
|
| And then on top of that, photos/videos are terrible quality.
| cycomanic wrote:
| I realised this the other day, a friend send me a video via
| mms (I'm on android) and the quality was super poor (like 90s
| gif like quality). I though she must have some issue with her
| camera or so, no next time I saw her we looked at her phone
| (which is an iPhone), perfectly fine video. It's just apple
| degrading the performance for who is not on an iPhone.
|
| I mean just imagine they'd degrade sound to nearly noise if
| you'd call a non-iPhone.
| meepmorp wrote:
| > It's just apple degrading the performance for who is not
| on an iPhone.
|
| The reason the video looks like ass is because MMS messages
| aren't meant to be very large. While (iirc) there isn't a
| hard limit, the recommended maximum message size is ~600KB.
| The only way to fit a video into that range is to compress
| the hell out of it.
| hu3 wrote:
| That's the technical reason.
|
| Apple knows of such limitations and does nothing to
| improve the situation. In fact they ban those who try.
| FTA.
| haswell wrote:
| Apple announced RCS support in 2024, so they're doing
| more than nothing. Don't think we know yet how fully
| they'll support it though.
| meepmorp wrote:
| > Apple knows of such limitations and does nothing to
| improve the situation.
|
| Why would they? It's not their problem, nor does it seem
| to be a big deal for their customers because they're not
| clamoring for a fix.
|
| > In fact they ban those who try. FTA.
|
| They don't, thiugh. The App Store has tons of photo and
| video sharing services, email, and other messaging
| services; I'm sure any number of them would let your
| iPhone-using friends and family easily send you a non-
| mangled videos. This is a solved, dozens of times over.
|
| iMessage, on the other hand, is a service Apple provides
| for Apple customers. They get to set the terms under
| which it's used, and Beeper did not abide by those terms.
| prmoustache wrote:
| Are these iMessage group chat really a thing?
|
| In my part of the world Whatsapp is the defacto standard for
| group chat and even for things like scheduling anpointment to
| a doctor/dentist/hairdresser.
|
| And that is because it is available on android, apple devices
| and even those cheap kaios halfsmartphones.
| lotsofpulp wrote:
| > Are these iMessage group chat really a thing?
|
| For some, but everyone knows and has the capacity to
| download WhatsApp.
|
| The root issue is there is a lot of judgment about Android
| users, hence wanting to restrict chats to iMessage. It's a
| signal that you are part of the in group vs out group.
|
| Although, it is objectively convenient to have a group of
| all iMessage users at events, because any pics/video get
| shared at high quality with no extra work.
| adaptbrian wrote:
| Walled garden development practices sold under the guise
| of privacy and security. It's a very tired and old
| playbook that has real societal damage. So. Tired. Of.
| It.
| sneak wrote:
| There's a reason why robocalls and spam emails and spam
| paper mail are a nearly universal thing and iMessage spam
| is not.
| prmoustache wrote:
| Ironically in the initial beep announcement some people
| mentionned in the comments that imessage spam was already
| a thing.
| wbobeirne wrote:
| At least in the US, it's very common. The iPhone has ~60%
| market share here, skewed even higher if you limit to
| higher income individuals. Text messaging is still the
| lingua franca of communication here, likely due to the lack
| of a single dominant messaging app. For those iPhone users,
| the UX of texting someone on an iPhone with iMessage is
| vastly superior to texting via MMS with Android users.
| rtkwe wrote:
| The US is odd that way that unified chat apps haven't made
| as much of a headway. iMessage way more dominant in the US
| and is the leader.
| interpol_p wrote:
| In my family they are. I am in Australia and almost
| everyone I text has their phone number come up in blue,
| signifying iMessage/iPhone
|
| For example, when RSVPing to a kid's birthday party, other
| parents' numbers are inevitably blue. When selling and
| buying items, the contacts for those sales have always been
| blue numbers, it's rare to encounter a number that doesn't
| "turn blue" when I enter it into the "to" field
|
| I would say maybe 5% of the people I know and text use
| Android. For one of those people I use Signal, one other
| has asked me to use Facebook Messenger, one has asked me to
| use WhatsApp, and the remaining few use SMS. It's a pain to
| use three separate apps to message just these three people!
|
| One of my cousins switched to an Android phone. This broke
| our long-standing group message in iMessage, so she was no
| longer able to be included in it. After two years of this
| her siblings simply ordered her a new iPhone and she is
| back in the group chat
|
| Getting everyone to move their default messaging behaviour
| for one person is a huge ask. It was easier for one person
| to just relay the group chat info instead, but when this
| became annoying, it was even easier to buy her a new phone
| octodog wrote:
| It's highly dependent on the demographic I think. I'd
| guess that I'm younger than you based on your comment
| about having kids, and everyone in my social circles use
| Facebook messenger or instagram.
| interpol_p wrote:
| Interesting, my kids all have 20+ large iMessage groups
| for their friends at school. They play Minecraft and
| Among Us while on FaceTime calls. They are in the 8 - 11
| year range. So it is certainly down to demographics, but
| perhaps not age
| georgyo wrote:
| My daughter's parents group is all iMessage. The group is
| too large to even downgrade to SMS. I am excluded entirely
| unless I figure out methods to get into that group.
|
| It is very annoying and quite real.
| trevor-e wrote:
| From Google themselves: https://www.android.com/get-the-
| message/
|
| Apple is arbitrarily and intentionally making it a worse
| experience than it needs to be.
| dvngnt_ wrote:
| it's the other way around
| Brian_K_White wrote:
| I think they don't like being spit on and excluded by iphone
| users. Iphone users don't like when there are android users in
| group chats.
|
| The reason the iphone users don't like it is because Apple
| specifically and artificially makes the experience annoying and
| shitty in several different ways, for the iphone users not just
| for the Android users.
| Pulcinella wrote:
| Good grief! No one is spitting on people with Android phones.
| If you really feel this way you need to put your screen down
| and spend time talking to people in real life. No one is
| persecuting you.
| somebodythere wrote:
| No one is literally spitting, but Apple intentionally
| creates enough friction that Android users really do
| regularly get excluded from group chats in the US where
| iMessage is the convention for group chats.
| Pulcinella wrote:
| Chat app friction is not being spat on which is what the
| OP literally said. Perceived inconvenience is not
| persecution.
| inoop wrote:
| You may not have ever experienced this yourself, but it's
| a known cultural phenonemon. Here's a New York Times
| article: https://www.nytimes.com/2023/11/29/technology/pe
| rsonaltech/a...
|
| > Over time, the annoyance and frustration that built up
| between blue and green bubbles evolved into more than a
| tech problem. It created a deeper sociological divide
| between people who judged one another by their phones.
| The color of a bubble became a symbol that some believe
| reflects status and wealth, given a perception that only
| wealthy people buy iPhones.
|
| ...
|
| > On dating apps, green-bubble users are often rejected
| by the blues. Adults with iPhones have been known to
| privately snicker to one another when a green bubble
| taints a group chat. In schools, a green bubble is an
| invitation for mockery and exclusion by children with
| iPhones, according to Common Sense Media, a nonprofit
| that focuses on technology's impact on families.
|
| > "This green-versus-blue issue is a form of
| cyberbullying," said Jim Steyer, the chief executive of
| Common Sense, which works with thousands of schools that
| have shared stories about tensions among children using
| messaging apps.
| Pulcinella wrote:
| That's very unfortunate and all, but, again, it's not
| spitting. I don't think it's correct or good to say you
| were spat on by iphone users for having an android phone
| as if you were being persecuted for your religious
| beliefs or race, especially if it literally never
| happened. You can just factually describe events. The OP
| doesn't need to lie or grossly exaggerate.
| Brian_K_White wrote:
| Yes in fact they are. I have the amazing ability to
| recognize a problem even if I don't have it myself*. If you
| really can't do that, perhaps you should try.
|
| * Android user in the US where this dynamic primarily
| exists, but I just don't care because I'm not 20 any more.
| I only very occasionally need to send a video or picture to
| anyone, and in those cases, I know enough to use email or a
| google photos link or something, which probably annoys the
| recipient a little and makes me weird to them, but I'm just
| ok with that since I know where the blame really lies.
| Similarly in the occasional times I txt with family members
| or friends, we're not in high school and so they don't care
| about my green bubble, and I just accept the annoying
| stupid extra txts I get that say "x smiled" or whatever.
| That ux don't bother me in the sense that I don't spend any
| time thinking and caring about it, but that doesn't make it
| not utterly stupid and ridiculous, and especially so when
| you know it's a deliberate act and not an honest technical
| limitation. Astonishingly it's possible to both recognize
| that something is not worth investing much care over, and
| recognize that it's wrong and that it's a deliberate wrong
| commited by someone and not just the weather. Amazing!
| Pulcinella wrote:
| Do you have a single piece of evidence that anyone using
| an iphone has spat on anyone with an android phone
| because of imessage?
| Brian_K_White wrote:
| Are you really this obtuse?
| hu3 wrote:
| Took 5 seconds to search and copy first link:
|
| https://www.wsj.com/articles/why-apples-imessage-is-
| winning-...
| Pulcinella wrote:
| No one in that article mentions spitting. By your and the
| OP's definition, everyone downvoting me is literally[0]
| spitting on me and the WSJ locking the article behind a
| paywall is also literally[0] spitting on me.
|
| This is of, of course, silly. The OP could have just said
| they didn't like being excluded and doesn't like what
| Apple is doing. That's fine. But spitting? That isn't
| something that is happening. The language of "spitting"
| is far to strong a description for what is effectively
| console war, consumer electronic purchase fandom BS. Some
| of use face actual prejudice you know!
|
| [0]metaphorically
| LargeTomato wrote:
| I can anecdotally confirm this is real. And not only
| that, I'm actually surprised you've never seen this or
| heard of this. Maybe you aren't in the US? Surely you're
| not arguing in bad faith.
| jaktet wrote:
| They're just asking for actual evidence that iOS users
| think down on Android users. There are multiple articles
| that talk about this in the social circle of teens, and
| likely exist in various adult circles as well. What I can
| say is that it is extremely frustrating that texts don't
| just work between users of different platforms. Some
| Android users don't want to use WhatsApp, Signal, etc.
| and that's totally fine. This feels like a closed wall
| two party system debate, it shouldn't just be one or the
| other they should just work together.
|
| As an iOS user I do not look down on Android users, I
| have separate reasons for not using Android. That said I
| think it's dumb that we need to use a different app to
| communicate effectively in a group setting, and I'm
| willing to use other apps, but not everyone is. So we end
| up with the current state where sometimes new groups are
| created when someone responds from a different device, or
| a different experience occurs when someone reacts to a
| message in a group thread.
| gkbrk wrote:
| > They're just asking for actual evidence that iOS users
| think down on Android users.
|
| From their reply after you commented, no. That user is
| asking for actual evidence that iOS users throw saliva
| from their mouth at Android users. Not a figure of
| speech, real liquid saliva.
| paulryanrogers wrote:
| Which is absurd. "To spit upon" is a common figure of
| speech, and the person using it was clearly being
| metaphorical. Even iMessage doesn't support saliva
| transfer among iPhones ... as of 2023-12.
| Pulcinella wrote:
| I have literally never, ever, ever in my entire life
| heard people say "I was spit upon" as a figure of speech.
| Ever. Please don't accuse me of being absurd just because
| I have not had the same life experience as you.
| paulryanrogers wrote:
| The context should be clear in their comments. If not a
| web search usually helps me clear up any such
| misunderstandings before any doubling down.
| Pulcinella wrote:
| People literally spit on you for having an Android phone?
| Like they literally hacked up a glob of saliva and spat
| on you as if you were doing a lunch counter sit in during
| the civil rights movement?
| gkbrk wrote:
| > > Surely you're not arguing in bad faith.
|
| > People literally spit on you for having an Android
| phone? Like they literally hacked up a glob of saliva and
| spat on you?
|
| Soooo, you're arguing in bad faith. Could have saved
| people some time and said so.
| Pulcinella wrote:
| No. "Spit on" is a serious accusation with real life
| historical analogs. I have literally never, ever, ever in
| my entire life heard people say "I was spit upon" as a
| figure of speech. Ever. It's not a figure of speech I
| would personally ever use because of the implications.
|
| Please don't accuse people of arguing in bad faith just
| because they haven't had the same life experiences you
| have had. You are spitting in me when you do so.
| SOLAR_FIELDS wrote:
| Go on /r/tinder and the like and you see posts like this
| all the time: https://www.reddit.com/r/Tinder/comments/v7
| a7s3/your_phone_s...
| lotsofpulp wrote:
| "You're in for a treat buddy" is a weird response and
| probably confirmed her biases.
| Despegar wrote:
| It's just become a meme among tech enthusiasts (on Reddit, HN,
| etc) and tech journalists that "blue bubbles" are a real social
| problem. The origin of the meme was this amusing post by Paul
| Ford 8 years ago [1]. They took it and ran with it for their
| own purposes. For some it was to explain away the iPhone's
| success versus Android and for some interested actors like Epic
| it was part of their antitrust campaigning to illustrate the
| "lock in" effects. It however was never a social problem in the
| real world (more than, say, young people feeling depressed
| about seeing their peers' manicured lives on Instagram) or the
| reason why iPhones sell well (you only had to look to China, or
| now India, to see the success of the iPhone in places where
| iMessage wasn't the dominant messenger).
|
| [1] https://archive.ph/OcDaO
| haswell wrote:
| Even if this was a meme at some point in the past, it's a
| very real issue now.
|
| I know multiple people who have switched to iPhone just for
| iMessage. And the kids these days won't accept anything but
| the blue bubble. This is no longer a meme. Or if it is, it's
| also real.
| LargeTomato wrote:
| I switched because people think android users are poor and
| I don't want to signal to others that I am poor.
| nani8ot wrote:
| It's a self fulfilling prophecy. Once everyone has an
| iPhone to not be perceived as poor, the only people still
| using Android will actually not be able to afford an
| iPhone.
|
| At least it sounds like that's what happens across the
| ocean.
| lotsofpulp wrote:
| Even the bottom income quintile in the US uses iPhones,
| especially young people. They are not that expensive.
|
| Knowing someone has an iPhone tells you nothing about
| their wealth/power.
|
| What people think it does tell them is where someone is
| on the cool / weird spectrum. See:
|
| https://news.ycombinator.com/item?id=38578103
| im_thatoneguy wrote:
| Because iMessage users won't let you join iMessage group chats.
| They don't want to lose features. So your choice is to just not
| be friends anymore or have an iphone device.
|
| I have an ipad just to chat with people who refuse to use
| anything other than imessage.
|
| I don't want anything to do with iMessage, but I have to.
| azubinski wrote:
| This is the first time I've heard that people who put
| features above friendship are called friends.
|
| Well, the time has come.
| graphe wrote:
| I use features of programs with people who can use it. I
| don't want to call friends that have bad audio quality as
| often and I'm not as comfortable on unencrypted services. I
| prefer facetime for the quality. We all use something
| Android users can use when we want to include them, but it
| degrades the experience.
|
| Most people don't talk to people they don't communicate as
| well with.
| bitwize wrote:
| Green bubbles means you won't be called back for a second date.
| zappb wrote:
| No, the holier-than-thou attitude of typical Android users
| shitting on the Apple Sheep is why they don't get called
| back.
| bigstrat2003 wrote:
| That's a feature, not a bug. Anyone who does that would be a
| miserable significant other.
| esrauch wrote:
| My mother sends me videos from her phone and I literally can't
| see what she's trying to show me.
| cphoover wrote:
| My whole family uses iMessage because it is the default client
| on their iphones. I'd love to partake in the family group chat.
|
| For those technically savvy enough to download an additional
| client like Meta's Whatsapp or Messenger... it's no problem,
| but for the less technically inclined (like my mother) they
| will just use the default client.
| mission_failed wrote:
| Because Apple deliberately screws with messages to non Apple
| users. Every video my family sends to me is low res heavily
| pixelated trash, to the point that you can't even recognise
| faces.
| Pulcinella wrote:
| That's cellphone carriers. MMS messages generally have to fit
| within 300-600KB[0] so they are horribly, horribly
| compressed.
|
| https://m.gsmarena.com/glossary.php3?term=mms
| tryauuum wrote:
| sending MMS in 2023 is a crime. what next, WAP?
| paulmd wrote:
| have them send an icloud link
| system2 wrote:
| I have a group chat with mainly female iPhone users. One of the
| users switched to Android. They created a new group without
| her. Bizarre but real.
| bilalq wrote:
| You've heard from plenty of others on this thread, but here's
| another anecdotal data point:
|
| I'm in my early 30's and have been told to my face by friends
| I'm hanging out with that they excluded me from group chats
| because I have an Android phone. Sometimes there'll be two
| group chats where the second one is just the iPhone users
| subset. Some photos only get shared in that second group chat.
| Some messages get sent giving people a heads up about things
| and the sender sometimes forgets that a few people are being
| left out of the loop. There are real social segregation issues
| that happen.
| tedunangst wrote:
| I was told this was impossible. What happened?
| nickorlow wrote:
| I'm guessing the binary they use from Apple (IMDAppleServices) to
| generate part of the registration information probably adds
| metadata to the "validation blob" that gets sent to apple when
| registering beeper mini as an iMessage device.
|
| If the metadata includes the OS version, Apple probably
| blacklisted any new devices registered in the past few days with
| validation blobs generated from that binary.
|
| (The binary was sourced from OS X 10.8 which is ~11 years old
| now)
| threeseed wrote:
| My suspicion is this is going to be a cat-mouse situation for a
| while.
|
| Apple would've found some easy way to identify these users and
| Beeper will likely release a patch to fix it.
| nickorlow wrote:
| Agreed. I think Apple wins easily though. If they can break
| it once a month for a day or two, I think that makes it
| inconvenient for beeper mini users.
|
| Maybe not though, who knows
| winterqt wrote:
| It doesn't look like that binary is used for Beeper Mini,
| unlike pypush: https://blog.beeper.com/p/how-beeper-mini-works
| nickorlow wrote:
| I wouldn't be surprised if whatever they reverse engineered
| from the binary had similar behavior
| rickreynoldssf wrote:
| I'm not sure what was expected after they reverse engineered a
| private API and used it.
| tantalor wrote:
| Blue bubbles is not a business model.
| hellotomyrars wrote:
| For third parties at the mercy of Apple? No.
|
| For Apple? Demonstrably so. Apple has stated as much in court
| filings against Epic. This is largely an American trend, third
| party messengers are much more popular outside of the US as the
| defacto standard, Apple sees clear value in the blue bubble.
| cirrus3 wrote:
| Building a startup around this neat trick was always as doomed.
| It is incredible the amount of delusion they would have needed to
| assume this was sustainable.
|
| Edit: not a whole company, just a side project within a company I
| guess. Still, seems like a waste of time/effort to have even
| attempted.
| circuit10 wrote:
| While I do wish this was allowed I think it's pretty clear that
| using Apple's iMessage servers without permission is probably not
| legal
| anigbrowl wrote:
| The security argument is all very well, but I don't care for
| iMessage distinction between iP* users and Android/others. It
| reminds me of Jane Elliot's experiments*. Reinforcing your brand
| identity by structuring the private conversations of your users
| is weird and somewhat creepy.
|
| *https://ca.pbslearningmedia.org/resource/osi04.soc.ush.civil...
| justin_oaks wrote:
| Thanks for sharing the link about Jane Elliot's classroom
| lessons. I only learned about this today.
| benreesman wrote:
| I'll give a fuck one way or the other when shifting capital
| markets don't make it a Wozniak moment to participate at all.
|
| Ranking how much it's all captured and handed out to buds and
| pre-IPO AirBnB stock funded. Snooze.
|
| Call me when you want to knock this thing over.
| g42gregory wrote:
| This is what monopolies (or duopolies) usually do. Basically,
| they can do whatever they like in the market. I think that the
| antitrust enforcement is critical in a "free" market. But neither
| parties would do it. I am guessing Democrats think that they can
| get some benefits from Apple's control. And Republicans are
| simply paid off. The consumers end up bearing a brunt of it.
| Arch485 wrote:
| Small correction: Republicans _and_ democrats get paid off.
| Both groups are made up of politicians, after all.
| gigatexal wrote:
| Absolutely hilarious. Did people actually think this was going to
| be allowed? iMessage is a huge moat and only an act of Congress
| or a case verdict will force their hand. Maybe the EU legislation
| might.
| jeroenhd wrote:
| Apple and the EU don't agree on iMessage's status as a
| gatekeeper. Apple's argument is that it doesn't have the
| required amount of users (10% of EU population/10k business
| users).
|
| If they're right and Apple doesn't have the user base, the EU
| gatekeeper laws won't have an effect on iMessage.
| sbuk wrote:
| > _Maybe the EU legislation might._
|
| Why? iMessage simply does not have the market share enjoyed by
| WhatsApp, Facebook Messenger or Telegram EU-wide. iMessage was
| temporarily removed from the DMA in September and noises coming
| out of the commission favour Apple's stance that it is simply
| not big enough to warrant inclusion as a gatekeeper for
| messaging apps.
| thomastjeffery wrote:
| Those lucky bastards...
|
| If the EU won't solve America's problems for us, who will?
| SirMaster wrote:
| So does this also now break iMessage for older iOS devices too?
|
| I thought someone said something about that to block beeper mini,
| Apple would have to also block older iOS devices as that's the
| method they were using that wasn't as locked down.
| SparkyMcUnicorn wrote:
| Looks like iMessage stopped working on my hackintosh...
| usui wrote:
| Your Hackintosh is not working properly not because of this
| reason, then. Or if it is because of this, then it's not
| blanket-wide and it's based on generic model-based
| identifiers or heuristics. iMessage still works.
| SilverBirch wrote:
| There's been a lot of speculation about this, and in principle
| it's correct. At the end of the day Beeper can work to spoof
| genuine devices until its indistinguishable from an old iPhone
| and to block it Apple would essentially have to either force
| push an update to every device and enforce its installation
| (they probably can't/won't do this). But in reality Beeper
| probably leaks a load of data to Apple that Apple can use to
| block it and it's just a cat and mouse game between Beeper
| bringing in new workaround vs Apple blocking whatever they
| notice abusing the system. It really just depends how motivated
| Apple is to chase this down, and the low cost way for Apple to
| chase this down is.... to sue Beeper. Beeper might actually be
| able to outsmart them over time in engineering, but they sure
| as hell can't outspend them on lawyers.
| turquoisevar wrote:
| They were wrong insofar as there are multiple ways to combat
| this.
|
| One of the easiest ways is to block Beeper's encryption key
| from generating encryption tokens. Another way is to block the
| fake serial numbers and UDIDs Beeper uses. Yet another way is
| to block Beepers push notification servers.
|
| A more long-term solution is to require device attestation.
| This functionality is already built into iOS, and on newer
| devices, it utilizes the Secure Enclave on the device.
|
| This doesn't require older iOS devices to be excluded from
| iMessage because the attestation can partially be done via
| Apple's servers. For the most secure method, however, you'd
| want the device to have a Secure Enclave.
|
| Breaking compatibility with older devices isn't unheard of,
| however, when Apple upgraded the FaceTime protocol, older
| devices that didn't support the newer iOS versions were left
| out and couldn't make FaceTime calls with more recent devices
| on the more recent protocol.
|
| All in all, many tech tubers were talking out of their behind
| because they didn't understand the inner workings and were
| parroting what others told them.
| sbuk wrote:
| Take _anything_ any of these "tech" YouTubers say with a
| dumpster-full of salt. It makes my blood boil when I read "But
| Linus says..." or "MKBHD did a s test where..." They are all
| just fanboys in the truest sense.
| dishsoap wrote:
| I for one am shocked
| llm_nerd wrote:
| This was the obvious outcome. People were being willfully blind
| about how this "hack" works.
|
| Using an exfiltrated binary they used its blackbox functions to
| perform a sort of device attestation using ripped Apple device
| identifiers. Clearly Apple simply needs to blacklist any device
| attestation that this service uses, which is obviously trivial.
| These aren't just RNGs they're fabricating, they're sets of
| legitimate Apple device data that isn't plainly evident to any
| random user-mode app.
|
| Why would they block it? Every service has _some_ sort of gate on
| who can message or it will be overrun by bad actors and spammers.
| Signal, Telegram and others make you validate your cell phone
| number -- there 's a finite number of those, and they can
| blacklist them as necessary. Online services make you validate an
| email, do bot checks, etc. Beeper, and more importantly the
| technique they used, offers none of those gates. It was a plainly
| problematic free for all that was guaranteed to be closed.
| asylteltine wrote:
| This is actually a great point I didn't originally consider.
| People could easily infiltrate the iMessage fort with spam and
| other stuff which at the moment requires a genuine Apple
| device.
| spullara wrote:
| I'm pretty sure some of the spam I am getting was using this
| vector. Hopefully it kills it now.
| ysofunny wrote:
| that's one of the reasons they're doing this
|
| but I don't think it's their main reason, if anything I see
| that argument as convenient posturing which aids in covering
| the uglier underlying reasons
| singpolyma3 wrote:
| Still need a valid phone number with a SIM that can do the
| special SMS needed for this, so it's hardly going to produce
| a big spam farm too fast.
| boxed wrote:
| Better to kill it early. I get spam calls on WhatsApp (an
| app which I absolutely loathe)
| asylteltine wrote:
| It's completely trivial to get a real number for sms these
| days thanks to scum like twilio. You can use your
| legitimate Apple device identifiers to run something like a
| hackintosh and then use iMessage that way, or use the
| script linked last week.
| grupthink wrote:
| Wouldn't your iPhone still receive spam SMS text messages
| with Apple Messages? And isn't Apple Messages commonly
| exploited by NSO Group (Zero-clicks)? Maybe I'm wrong, but
| this does not appear to be very fort-like.
| rezonant wrote:
| Yes. I believe people are just saying that they assume
| unknown-contact SMS is spam and that sort of sounds like
| Apple's SMS spam filtering isn't very good.
| dwaite wrote:
| For iPhone there are two tiers - the carrier provided SMS
| spam filtering, and apps written to provide such
| filtering[1].
|
| 1: https://developer.apple.com/documentation/sms_and_call
| _repor...
| rezonant wrote:
| Oh, so there's no builtin message filtering at all??
|
| This explains some things. Why wouldn't they just add a
| spam filter. Is there still iCloud email addresses? Do
| they have spam filtering?
| yincrash wrote:
| They had a cloud of Apple devices that they already used for
| their relay service, and could easily generate keys using
| several devices. From my understanding, the best vector for
| Apple was to actually block their "BPN", the push server.
| pxeboot wrote:
| And Apple didn't even need to block any device identifiers,
| just the IPs Beeper Mini was using to connect to the APN
| service.
|
| This could have been blocked in minutes. The delay was likely
| to get approval from Legal.
| lelandbatey wrote:
| I think you've got Beeper Mini mixed up with other iMessage
| bridges. The whole thing with Beeper Mini (vs other iMessage
| bridges) was that it was entirely client side on the phone,
| no server to block. So the "IPs Beeper Mini was using to
| connect to the APN service", those IPs were just the IP
| addresses of every individual phone with Beeper Mini
| installed on it, no centralized place to block.
| kaladin-jasnah wrote:
| No, the BPN server is a server side service that
| persistently recieves APNs to forward to the phone (that
| don't contain the message data) since unlike iPhones,
| Android phones can't persistently check for APNs (at least
| that's what I understood from the announcement article).
| AIUI that's what you're paying for. But that wouldn't
| explain why sending is broken.
| rezonant wrote:
| The How It Works article is clear that BPNs is only used
| to serve push to your phone when the app isn't running.
| Disabling it would not cause send/receive failures.
| pxeboot wrote:
| If you check the How it Works post, they do show the Beeper
| Push Notification Service running in the cloud [1] to
| intercept 'new message available' APNs and then notify the
| Android device a new message is available.
|
| [1] https://blog.beeper.com/p/how-beeper-mini-works
| rezonant wrote:
| Only required when Mini isn't running.
| wkat4242 wrote:
| If it were purely client based, why did I leave to log in
| with Google to something then?
| zxt_tzx wrote:
| > just the IPs Beeper Mini was using to connect to the APN
| service.
|
| Hmm, wouldn't blocking IPs be overly broad and risked
| affecting regular users? Considering that IPs are scarce and
| constantly recycled by ISPs etc. Blocking device identifiers
| sounds more targeted and, for that reason, realistic.
| pxeboot wrote:
| If you take a look at their How it Works post [1] this is
| not an entirety client side implementation, so there would
| presumably be a small number of IPs that would need to be
| blocked.
|
| [1] https://blog.beeper.com/p/how-beeper-mini-works
| zxt_tzx wrote:
| Are you referring to the step where Beeper's servers make
| a persistent connection with Apple's APN service to
| listen to new messages ?
|
| So your point is Apple can presumably distinguish between
| an actual iOS connection and Beeper's connection by
| looking at "how many connections per IP"? Still seems
| prone to false positives to me, unless there is something
| else I missed.
|
| (Upon re-reading the post, I realized that the phone
| number registration is actually done by Apple. Wonder if
| this might provide another basis to block Beeper, i.e.
| all this SMS infrastructure is not cheap to maintain and
| Beeper's integration is arguably using it in an
| "unauthorized" way.)
| pxeboot wrote:
| Yes. An Apple sysadmin could just install Beeper, watch
| what IP their APN requests are coming from and block it.
| Then repeat the process occasionally.
|
| They don't need to break it completely. If Beeper is
| unreliable, nobody is going to pay for it.
| rezonant wrote:
| In that very article they mention you can turn BPNs off,
| it is just used to listen to APNs when the app is not
| running. If that's what they blocked, Beeper Mini would
| still work while the app is running, or at least when
| that setting is turned off.
| turquoisevar wrote:
| I can't speak for Cupertino et al., but I would take that
| risk, even if it weren't IP-based but instead UDID/serial-
| based.
|
| The amount of legitimate users it would affect would be
| trivial and can be taken care of by customer support.
|
| The benefit of that is that I can then, at that point,
| verify if we're dealing with a legitimate device or not.
| Geniuses at Apple Stores can obviously do this physically,
| and remote support has the option to run remote diagnostics
| and even share screens.
| rezonant wrote:
| Only BPNs used Beeper hosted services, and this is an
| optional component of the app (which enables push
| notifications when Mini is not running).
|
| Otherwise the IP Apple sees is those of the individual
| handsets on whatever network they are on.
|
| It's pretty likely that they blocked Mini based on the IDS
| (Identity Service) which requires the device to pass it's
| hardware model, serial number, and disk UUID as described
| elsewhere.
| explaininjs wrote:
| This should have been obvious to anyone who saw the code where
| it simply contained the raw literal string
| `FAIRPLAY_PRIVATE_KEY = b64decode("...")`. I suppose now we'll
| see how accurate the commenter's claim "if this becomes a
| problem, I know how to generate new keys" is.
|
| https://github.com/JJTech0130/pypush/blob/main/albert.py#L16
| mintplant wrote:
| What's the link between this repo and Beeper?
| gabeio wrote:
| > What's the link between this repo and Beeper?
|
| https://news.ycombinator.com/item?id=38531759
| jaktet wrote:
| I might be missing it but still don't see how that
| answers the question about how that repo is related to
| beeper mini. Did they use this directly or the same
| methodology?
| FoeNyx wrote:
| In https://news.ycombinator.com/item?id=38531759 its OP
| states "A team member has published an open source Python
| iMessage protocol PoC on Github:
| https://github.com/JJTech0130/pypush."
| jaktet wrote:
| Maybe there's an easy way to just read all their replies
| but I see now that in the linked blog post it links
| https://blog.beeper.com/p/how-beeper-mini-works which
| goes over the technical details and mentions the python
| repo. Thanks
| FoeNyx wrote:
| Oh, it wasn't lost among all their replies, it was in the
| 4th paragraph of the header text section of that Show HN
| post.
| yurishimo wrote:
| Beeper Mini's implementation was built on top of this
| repo. I'm sure it was cleaned up and modified for the
| production release, but the gist is largely still the
| same.
| jaktet wrote:
| Thanks I see that mentioned here
| https://blog.beeper.com/p/how-beeper-mini-works
| commandersaki wrote:
| Not disagreeing, but I do not think Beeper Mini used the binary
| method for registering accounts. I think that was the way to do
| it for non-mobile devices that couldn't receive SMS, but there
| is also a way to register an account using SMS which I believe
| Beeper Mini uses.
| winterqt wrote:
| I believe that you are correct:
| https://blog.beeper.com/p/how-beeper-mini-works
| empyrrhicist wrote:
| Yes, totally understandable that this would be blocked within
| our legal system... but its a proof of concept that it would
| not be burdensome for apple to enable interoperability. We
| should be demanding support for open standards for messaging
| from mono/duopolists like Apple/Google.
| seanp2k2 wrote:
| Yearly reminder that a long time ago, chat services used XMPP
| and we were on the verge of having GChat interoperability
| with FB messages and I think Yahoo or something similar at
| the time. None of them really wanted to do it for business
| reasons, so they could "add value" (and charge for
| it)....same reason RSS has fallen out of favor (no good way
| to inject ads and tracking). IRC and Matrix still exist.
| verst wrote:
| On the Google side the XMPP federation got killed when
| Google Hangouts and Google+ became the core strategy. The
| company wanted to focus on "social" (but their own social
| network) and didn't care about other chat. Back then I
| worked on the App Engine team which had a XMPP Chat API.
| When GChat killed XMPP Federation that API lost the
| majority of target users as a result. I tried to make the
| case for maintaining XMPP support - taking it up with some
| VP of Engineering. Alas, nobody cared about the opinion of
| this random guy in developer support (~2012, early days of
| Google Cloud)
| kyrra wrote:
| You forget that Google was worried about other XMPP
| services stealing user data. If I remember right, some
| services (maybe it was FB) was not sending out all data
| to Google in the federation system (I forget if it was
| names or friends lists or something). So it would allow
| other services to ingest data Google was sharing, but the
| sharing wasn't reciprocal.
| zaik wrote:
| Can we make XMPP popular again? We really could need an
| universal internet standard for IM.
| acka wrote:
| There is hope. The European Union's Digital Markets Act
| allows new messaging platforms to demand interoperability
| with the existing walled gardens. All it takes is for other
| jurisdictions to follow suit.
| dwaite wrote:
| You can't use regulations to change physics, and (demands
| or no) it is unclear what sort of interoperability is
| really possible.
|
| What will really happen is that there will be some subpar
| common denominator. An existing "walled garden" (WeChat?)
| would add support for this as well.
|
| But this would wind up being rather insecure, because
| messaging services tend to use email addresses they don't
| control or phone numbers they don't control as
| identifiers. We'd have to wait for carriers and email
| providers to be regulated with the burden of solving this
| mess (for markets they aren't in).
| rjzzleep wrote:
| Yeah and how did that work out for google? Hangouts was
| their most popular product and most of my friends were
| using it. Incredibly stupid management decisions right
| there.
| skygazer wrote:
| In my experience, incoming SMS are mostly spam, and other low
| trust notifications, while incoming iMessages, even if
| unknown to me, are likely to be real people. Buying an Apple
| device is an expensive signal, and Apple will quickly shut
| down abusers, maintaining that relatively high bar.
|
| Letting (actual) Android users use iMessage probably wouldn't
| affect that, but the open source hack/reversing of it opened
| the door to iMessage spam that Apple, for the sake of
| reputation, and customer satisfaction, is obliged to close.
|
| Anyway, I guess my point is that there are some "burdens"
| that are less obvious than others.
| vachina wrote:
| Huh, I used to receive spam on iMessage with blue bubbles.
| In fact the only blue bubbles I receive are spam.
| empyrrhicist wrote:
| Who is talking about SMS? Not I.
| skygazer wrote:
| I mention SMS as a natural contrast to iMessage and to
| illustrate the annoyances which may burden iMessage if
| opened up blindly to any bot -- a different variety of
| burdensome.
| skygazer wrote:
| Apple's statement: "At Apple, we build our products and
| services with industry-leading privacy and security
| technologies designed to give users control of their data
| and keep personal information safe. We took steps to
| protect our users by blocking techniques that exploit fake
| credentials in order to gain access to iMessage. These
| techniques posed significant risks to user security and
| privacy, including the potential for metadata exposure and
| enabling unwanted messages, spam, and phishing attacks. We
| will continue to make updates in the future to protect our
| users."
| bradleybuda wrote:
| Also WhatsApp, Facebook Messenger, WeChat, Telegram, LINE,
| and a handful of others with more than a half-billion users.
| Are those heptopolists or septopolists?
|
| The word "monopolist" in 2023 seems to mean "a company whose
| corporate values are different than my personal ones and/or
| whose pricing and packaging don't match my consumption
| function and/or who has a lot of money and of whom I am
| jealous".
| rezonant wrote:
| I think you might be mistaking what monopoly/duopoly is
| being mentioned here. Those companies aren't phone
| manufacturers and they don't make phone texting apps. The
| distinction might not matter to you, but it's clearly the
| meaning of the GP.
|
| You can say iMessage isn't a texting app because iMessage
| functionally (as in, the technical details) works like a
| non-texting app, but it is the only texting app on those
| phones and is the way normal texting is done. Perhaps it
| would be different if iMessage was just installable from
| the app store.
| eek2121 wrote:
| You are aware that iPhones have many alternative
| messaging apps right? The second part of your comment is
| simply not true.
| rezonant wrote:
| Texting is a feature of a phone. You cannot, without
| elaborate workarounds, text from a consumer computer,
| tablet or other device as if it was a phone. Texting
| requires a phone number and a phone plan.
|
| I understand that the distinction might seem slight, but
| in the eyes of most US consumers, texting is distinct
| from a chat app that you download from an app store _even
| if_ it uses your phone number.
|
| The absolute one way that everyone with a phone has to
| send a textual message to another person is to text them
| with their phone number.
|
| In the US, where adoption of Signal, Whatsapp, Discord,
| or insert hundreds of other apps is very small, the
| percentage of your real world contacts using a particular
| app is also extremely small. Convincing all of them to
| use Signal would certainly be great, but in reality you
| will be using _all_ of those apps if you are trying to
| escape the interoperability nightmare that is currently
| texting.
|
| Given that everyone has a phone and they are all texting
| already, it would be awfully nice if we could just use
| texting without these interoperability problems without
| having to manage all of the apps, and without having to
| remember who prefers which one.
|
| Group texting is also hugely popular in the US. If no
| single third party messaging app covers the set of
| friends you want to group text, what do you do? You text
| them. Because everyone has it. Let's say when you started
| your group everyone was on Whatsapp. Phenomenal! Start
| the group on Whatsapp. Then you meet Joe, and Joe is very
| cool and you definitely want him in the group chat. Joe
| doesn't trust Meta products and doesn't want to use
| Whatsapp. Should Joe capitulate, install another chat app
| used only for a single group chat, and grant access to
| their device to a Meta app? Should a negotiation occur
| amongst the rest of the group where they select a new
| common app to run the group on and split the conversation
| history, while also adding an app that they only use for
| that group chat?
|
| Let's say they choose to switch to Signal, but Josh keeps
| forgetting (dammit Josh) and keeps messaging the group on
| Whatsapp. And instead of yell at Josh that the group is
| on Signal now, folks reply! Because Josh's joke was super
| funny. Conversation also continues on Signal. Someone on
| Signal now does a reference to Josh's joke on Whatsapp.
| Joe is confused, but everyone else gets the joke. Someone
| realizes what happens and sends a screenshot of the joke
| and ensuing replies from within Whatsapp so Joe can catch
| up, but the messages around the joke are longer than one
| phone screen so there's a lot more context that he
| misses. Joe is annoyed but he gets over it.
|
| A few months pass and Sandra seems to have a bug where
| Signal is chewing through her battery life. Since only
| one of her group conversations is on Signal (she uses
| Whatsapp mostly) and she is fine not getting the work
| related banter that is often the topic of the group chat.
| But then she finds an article that's super interesting
| and she wants to share it with the group. She remembers
| that the group moved to Signal, but who cares, that
| Whatsapp group still exists and there's only, like, one
| person that isn't in it. She sends the link in the
| WhatsApp group instead. This leads organically to the
| group wanting to get together for a holiday. They plan
| out that July 12th would be a perfect weekend, and since
| they want to do a potluck, they all choose what part of
| the meal they'll bring.
|
| A few days before the potluck, someone mentions on the
| Signal chat that they are excited to see everyone at the
| potluck. Joe is very confused and asks what they mean.
| They realize that this was in the WhatsApp group chat and
| explain what everyone is bringing. Unfortunately Joe is
| working that weekend, and can't come.
|
| Should the group chat reschedule?
| drdaeman wrote:
| Just to explain - some people may think different because
| they have different experience.
|
| Personally, I don't use default texting, like, at all.
| Except for those notification/2FA SMSes and couple of
| contacts, I don't ever open it. For me, mentally,
| chatting with people (with 2 exceptions) is done through
| different apps, not the built-in one. And this forms a
| view that default app is just "one rarely used messenger,
| of many".
|
| But then, even though I'm in the US, most of my chats are
| international.
| mlindner wrote:
| > You cannot, without elaborate workarounds, text from a
| consumer computer, tablet or other device as if it was a
| phone. Texting requires a phone number and a phone plan.
|
| Nitpick, but I can text from my Mac laptop using the
| messages app. I haven't looked into exactly how exactly
| it works but I think it's somehow proxying/mirroring the
| messages through my iPhone. It's very smooth and "just
| works" though.
|
| > interoperability nightmare that is currently texting.
|
| How about calling it an open competitive market?
| Centralizing everything on a single format would be a bad
| thing for the industry and for consumers. Having separate
| independent networks with drastically different feature
| sets is a good thing. Trying to find the intersection
| feature set of Discord, LINE and Signal would result in
| three applications drastically hampered in their
| features. LINE for example has an extensive independent
| industry of artists selling "stamps" that you can buy.
| rezonant wrote:
| > Nitpick, but I can text from my Mac laptop using the
| messages app. I haven't looked into exactly how exactly
| it works but I think it's somehow proxying/mirroring the
| messages through my iPhone. It's very smooth and "just
| works" though.
|
| Yes, SMS from iMessage on your non-iPhone (Mac, iPad)
| proxy through your iPhone. iMessages do not require your
| phone to be on, since Apple can deliver it directly
| without using SMS.
|
| However, without a phone you cannot send an SMS message,
| and most people use phone numbers as contacts in
| iMessage, which requires an SMS based registration done
| transparently by your phone.
|
| But all of this is just the technicals of how it works,
| to the end users it is just texting. The only reason non-
| technical users are even aware of, or care about, the
| distinction is because of how iMessage breaks group
| texting as soon as there's a non-iMessage user involved.
| oarsinsync wrote:
| > > You cannot, without elaborate workarounds, text from
| a consumer computer, tablet or other device as if it was
| a phone. Texting requires a phone number and a phone
| plan.
|
| > Nitpick, but I can text from my Mac laptop using the
| messages app. I haven't looked into exactly how exactly
| it works but I think it's somehow proxying/mirroring the
| messages through my iPhone. It's very smooth and "just
| works" though.
|
| Correct. I think the GP's remark meant to say "...as if
| it was a phone, _without a phone as well_ ".
|
| If you're sending or receiving an SMS from your Mac
| through the messages app, it absolutely depends on your
| phone being powered up and online, to route the message
| through.
| bambax wrote:
| > _in the eyes of most US consumers, texting is distinct
| from a chat app that you download from an app store even
| if it uses your phone number. (...) In the US, where
| adoption of Signal, Whatsapp, Discord, or insert hundreds
| of other apps is very small_
|
| But do we know why that is? In Europe everyone's on
| WhatsApp, and while I'm not especially fan of it, the one
| feature that I like is that it can be used from any
| browser on any device, including desktops, including a
| work laptop where one doesn't have admin rights to
| install anything, etc.
|
| I can leave my phone away in my pocket all day and still
| message anyone I please. I would hate it any other way.
| Why don't people in the US want that?
| rezonant wrote:
| > I can leave my phone away in my pocket all day and
| still message anyone I please. I would hate it any other
| way. Why don't people in the US want that?
|
| I have that already via Google Messages, and iMessage
| already has that as well.
|
| In the case of Google Messages, it's just a web app, you
| don't need to install it. You visit messages.google.com
| and scan a QR code from your phone and the devices are
| linked.
| ffgjgf1 wrote:
| > In Europe everyone's on WhatsApp
|
| Or FB messenger, or actually mainly use SMS/iMessage.
| Europe is not as homogeneous as some people here might be
| implying. WhatsApp is not even the most popular messaging
| app in quite a few countries (Messenger is).
|
| Also in Scandinavia, Britain and Switzerland iOS is about
| as popular as in the US while in some other countries
| it's closer to 10%.
| rezonant wrote:
| Thanks for this- perhaps it's all too easy for both sides
| of the pond to look across and generalize that the
| other's problems aren't happening in their backyard.
| Because what you describe sounds quite complicated.
| Wouldn't everyone just prefer a secure, modern texting
| app that could message literally anyone with a phone
| number? Without having them download a specific app? Then
| we could all text together without the headaches.
| ffgjgf1 wrote:
| > Wouldn't everyone just prefer..
|
| Sure, but I don't think personal preferences matter that
| much in this case, most people just end up using what
| everyone else is whether they like it or not, which makes
| perfect sense.
|
| But yeah, I think in most of Europe (not all, they were
| free/almost free since the late 2000s where I am) this
| started because SMS messages very relatively very
| expensive back when smartphones were becoming widespread.
|
| Now WhatsApp, Messenger, Telegram, Viber and whatever
| else there is are quite entrenched so even if Apple and
| Google get serious about properly supporting RCS it might
| get tricky to get users to switch back to the default
| client
|
| Popular non open-source 3rd party messaging apps don't
| really have much interest in supporting interoperability
| due to obvious reasons.
|
| > ..modern texting app that could message literally
| anyone with a phone number? Without having them download
| a specific app?
|
| Well on this thread it seems that WhatsApp might be
| exactly that from the perspective of some people (to the
| extent that they don't even believe that anyone in Europe
| could be using anything else)
| rezonant wrote:
| All this is fair and your accounting of the reasons for
| the situation around Europe match my research so far.
|
| I do want to say I've seen some others in this HN story
| contradict that Europe is as homogenous as your
| representing here though.
|
| Still though, I looked at Germany's Whatsapp numbers and
| it's like 68% of the population, ignoring the fact that 1
| account is not necessarily 1 person.
|
| That's super dominant compared to the US which is
| somewhere around 22% with the same account assumption.
| sbuk wrote:
| I like the separation that different messaging platforms
| offer.
| oarsinsync wrote:
| > Wouldn't everyone just prefer a secure, modern texting
| app that could message literally anyone with a phone
| number? Without having them download a specific app? Then
| we could all text together without the headaches.
|
| https://m.xkcd.com/927/
|
| I'm not sure what messaging standard you propose gets
| adopted, because the flavour du jour of most non-iMessage
| users is RCS, which as an open standard, is unencrypted
| and insecure.
| bambax wrote:
| I'm in France with friends in the UK and Germany, and
| have never been asked to join a group on anything else
| other than WhatsApp. Not once.
|
| (Well, at some point a year or two ago there was some
| controversy around WhatsApp, and some groups tried to
| migrate to Signal, but that all died out within a month
| -- never quite started, actually).
|
| Believe it or not, I had almost never heard about
| iMessage and its specific quirks before the Beeper story
| (and still don't understand why the colors of the
| messages in green or blue matter).
| ffgjgf1 wrote:
| Well.. I'm further north east and my experience is
| somewhat different. My only point was that Europe is not
| as homogenous as some people keep implying (most people
| still primarily communicate in their native language
| which creates a lot of more or less isolated bubbles)
|
| > and still don't understand why the colors of the
| messages in green or blue matter
|
| Because it indicates a fallback to standard SMS/text
| messaging which means all the more advanced features
| (which everyone expect messaging apps to have these days)
| stop working if you get a text from an Android device.
| inferiorhuman wrote:
| So adding another protocol into the mix solves, what?
| Answer: nothing, it solves nothing.
|
| Bob has a hardon for mastadon so then another subgroup is
| created. Joan finds out that her Google Fi service is
| incompatible with RCS so she decides to create an email
| list. Joe finds a bug with Beeper and then decides that
| really everyone needs to move to ICQ. Marley decides
| maybe everyone should just try MMS again except that
| nobody can fall back on that because everyone except Joan
| has opted into RCS.
|
| Apple's not going to solve your social problems (nor will
| any other company).
| rezonant wrote:
| > So adding another protocol into the mix solves, what?
| Answer: nothing, it solves nothing.
|
| Another protocol like RCS? RCS simply solves the problems
| of SMS/MMS. It doesn't add another protocol, it
| ultimately replaces two of them.
|
| > Bob has a hardon for mastadon so then another subgroup
| is created.
|
| Good for Bob. I don't think Mastodon supports group
| chatting and its DM support is super nascent, its weird
| choice but I wish him the best.
|
| > Joan finds out that her Google Fi service is
| incompatible with RCS
|
| Even though Google Fi is definitely compatible with RCS,
| we can assume it isn't supported for the scenario.
|
| > so she decides to create an email list.
|
| Joan doesn't know what RCS is and doesn't care. Joan
| makes a group of people on Messages. It works fine, as it
| falls back to MMS automatically.
|
| > Joe finds a bug with Beeper and then decides that
| really everyone needs to move to ICQ.
|
| Wait why is anyone using Beeper here. So the user used a
| unifying client and ran into a bug and blamed something
| about the underlying messaging system?
|
| > Marley decides maybe everyone should just try MMS again
| except that nobody can fall back on that because everyone
| except Joan has opted into RCS.
|
| Everyone on RCS can fall back to MMS just fine, just like
| iMessage can. The only difference is one of these is a
| standard that Apple can implement and the other is a
| proprietary protocol that Google cannot.
| inferiorhuman wrote:
| If this is true: It doesn't add another
| protocol, it ultimately replaces two of them.
|
| How does this work (assuming your carrier supports MMS,
| and not all do): Everyone on RCS can fall
| back to MMS just fine
|
| As for this: Even though Google Fi is
| definitely compatible with RCS
|
| https://old.reddit.com/r/GoogleFi/comments/l1czwh/google_
| fi_...
|
| More recently it looks like Google added some half assed
| support for RCS and broke other stuff in the process:
|
| https://old.reddit.com/r/GoogleFi/comments/12b8k2p/remind
| er_...
| oarsinsync wrote:
| > Everyone on RCS can fall back to MMS just fine
|
| My cell carrier provides SMS for free, both sending and
| receiving. My cell carrier charges for MMS, both sending
| and receiving, so I have MMS disabled. My cell carrier
| doesn't support RCS, and would probably charge if it did.
|
| Thankfully, nobody I know tries to send me pictures using
| SMS/MMS/RCS, and uses WhatsApp / Signal / iMessage
| instead.
|
| > Another protocol like RCS? RCS simply solves the
| problems of SMS/MMS. It doesn't add another protocol, it
| ultimately replaces two of them.
|
| Experience tells me this is false, and that nothing ever
| dies, nothing ever gets replaced, and augmentation always
| happens, in IT.
| empyrrhicist wrote:
| Yet you cannot set a new default messaging app...
| mlindner wrote:
| "Default messaging app" is a creation of Android,
| necessitated because every cell phone manufacturer wanted
| its own messaging app. It somehow later became a feature
| people needed because those pre-installed apps were often
| dreadful adware junk. This was never a problem on
| iPhones. No one wants to set a "default messaging app".
| It mixes up where messages go. I want my Signal messages
| in the Signal app. I want my LINE messages in the LINE
| app. Putting them in random different places doesn't make
| sense and confuses where they're coming from. I don't
| want my contacts showing up half a dozen times repeatedly
| for every messaging app they're using.
|
| I don't see anyone on Android wanting to put their SMS
| messages in the Discord app.
| rezonant wrote:
| On Android there is no such thing as a default messaging
| app. There is such a thing as a default SMS app, but my
| point is that messaging and texting represent two
| different things (texting is a subset of messaging) which
| has an extremely material impact on the dynamics of what
| is happening in the US, and why iMessage, RCS, and
| interoperability is a very big deal to users who use a
| texting app.
| seabrookmx wrote:
| Weird take. Default apps for certain file types and links
| (email, video, etc) are a precedent across multiple
| operatings systems.
|
| > No one wants
|
| Quite the assumption. I had Google Hangouts set as my
| default SMS app for a time.. this seems quite similar to
| your Discord example?
|
| It hurts nobody to have the _choice_. If you don't want
| to change the default that's totally OK.
| dwaite wrote:
| Do you mean a default "carrier SMS service" app?
|
| In everyday iPhone usage, you would either run an app
| directly, use sharing intents, or use a messaging service
| specific identifier (eg custom URI scheme) to converse
| with someone. The social graph is either in the messaging
| app itself or in individual contact entries. There's no
| expectation of a Trillian/Adium style app that
| consolidates all information and messaging options.
| rezonant wrote:
| The confusion is that there is only one _texting_ app on
| iPhone. Chat apps are done "over the top" and can be
| whatever you want. You or I can make one. There is only
| one texting app on iOS and most users in the US only use
| their phone's texting app. This is why Apple's iMessage
| is genius, insidious, and diabolical- because they took
| SMS which had universal adoption in the US and had it
| invisibly and transparently extended into a component of
| their walled garden. They didn't need to convince
| everyone to move from SMS to their own messaging app,
| because if you used SMS on an iPhone, iMessage just
| happened.
| oefnak wrote:
| The EU will soon require interoperability between messaging
| apps! Real Freedom!
|
| (for the users, not for the companies)
| skygazer wrote:
| iMessage seemingly was found exempt because too few
| Europeans use iMessage for business.
|
| Although to be fair, I have a hard time imagining a world
| where this ever happens. So large companies have to
| proactively share information on all their users with all
| the other large companies, and vice versa? Or do I become
| skygazer@iMessage and everyone on instagram has to know
| that? This just seems like an absurd thing to mandate.
| rezonant wrote:
| > Signal, Telegram and others make you validate your cell phone
| number
|
| For what it's worth Beeper Mini did support using Apple's
| iMessage registration system to use your phone number.
| thathndude wrote:
| And there was major hubris from the makers. They were arguing
| that because it was all totally above board Apple wouldn't be
| able to block the service without impairing iMessage entirely.
|
| Wrong
| ehsankia wrote:
| > because it was all totally above board
|
| What do you mean by above board? What they claimed is that
| there is no way of telling Beeper Mini clients from an old
| iPhone, therefore Apple wouldn't be able to block one without
| blocking the other.
|
| Clearly Apple managed to find a way, and who knows if there
| will be some more cat and mouse happening here. In theory
| though, I don't see why it wouldn't be possible to have a
| service that's indistinguishable from an old iPhone.
|
| Newer devices can use device attestation, but old iPhones
| don't have secure enclave.
| namdnay wrote:
| Interestingly enough, there are companies out there making a
| business of doing this with WhatsApp! I have no idea why Meta
| isn't cracking down in it, it seems absolutely insane
|
| https://www.telemessage.com/mobile-archiver/whatsapp-archive...
|
| It's literally a hacked WhatsApp binary (that logs all your
| messages) that they sell to corporate clients...
| password4321 wrote:
| https://twitter.com/LiamCottle/status/1406616490783117322
|
| Snapchat as a service is no more. But there may be other
| options:
|
| https://github.com/rhunk/SnapEnhance
| FriedPickles wrote:
| Can you say more about how Beeper is doing device attestation
| using ripped Apple device identifiers, or where you discovered
| that? Device attestation can be extremely user hostile, and if
| this is a true workaround it will be useful in other
| applications.
| busymom0 wrote:
| This reddit comment is exactly what I thought when I first saw
| this:
|
| > The sheer fucking hubris of these clowns to charge a
| subscription to forge device identifiers and transfer data
| through Apple's servers for users that have in no way actually
| paid Apple for that service and then say "there's no way they can
| shut us down!"
|
| https://www.reddit.com/r/apple/comments/18dy7ip/apple_has_se...
| gardenhedge wrote:
| I am very surprised that Beeper is a company with a CEO and
| everything. It's a hack on top of other services! This was always
| going to be the end result.
|
| Also, the whole use case is funny to me since everyone in my
| country (including iPhone users) use WhatsApp.
| russelg wrote:
| Where is the hacker spirit here? The number of Apple apologists
| that have crawled out to say "see? I told you so!!" is saddening.
| It is a bit dicey when you're charging for it, but since Mini was
| entirely client-side it would be feasible for a free version to
| exist.
|
| Apple claims iMessage is E2EE, do we have proof they aren't
| siphoning the messages from the client once it's been decrypted?
| The level of trust we have to have for Apple is approximately the
| same for any other iMessage client. Obviously Mini was using the
| encryption properly else it wouldn't have worked to begin with.
| Of course, it's very unlikely Apple is doing that. Just putting
| the thought out there.
|
| One other point raised that I saw was about how iMessage costs
| Apple money to run, and non-product owners should not have access
| since they haven't contributed. This falls apart if you own any
| Apple devices. Myself for example owns a Macbook, but an Android
| phone. Am I not allowed to use iMessage? I paid the toll.
| kmbfjr wrote:
| You are allowed, you get to use your iCloud account.
| runnerup wrote:
| I remember another post that was very well-received where an
| individual hacker wrote his own homebrew iMessage client for
| his own personal purposes. HN really liked that!
|
| I think HN exists at an intersection of individual hackerism
| and business. If a project is clearly by-hackers-for-hackers it
| gets a lot more leeway for unsustainable concepts /
| implementations. But this is building a business on adversarial
| interoperability, and many people who LOVE the concept and
| technical achievements will still post mostly critical things
| about the business model because it's fairly clearly a very
| very challenging business model.
| pilsetnieks wrote:
| You're allowed to admire the technical implementation while
| denouncing the business model at the same time.
| AndrewKemendo wrote:
| This is IMO the exact spirit we should have
| jorvi wrote:
| Is letting our hearts bleed for trillion dollar companies
| really the best way to spend our finite compassionate
| bandwidth?
| catach wrote:
| Observing that a particular business model is very likely
| to fail because of the conflict with another business
| model that happens to have much more powerful backing
| requires no compassion spend.
|
| But also, it seems to me that compassion is an
| involuntary reaction.
| WarOnPrivacy wrote:
| > also, it seems to me that compassion is an involuntary
| reaction.
|
| Compassion is very much a quality that can be developed
| and nurtured.
| catach wrote:
| I believe you're talking about capacity for compassion,
| and I'm speaking of the triggering of compassion.
|
| I'd agree that both capacity and scope of triggers can be
| altered, but it seems to me that that's a process that
| takes some time and effort. Distinct from choosing in the
| moment "I am going to feel a certain way about this,
| right now".
| lostlogin wrote:
| Pretty much all Adtech comes to mind here.
| pavel_lishin wrote:
| Are we talking about Beeper Mini, or Apple?
| keb_ wrote:
| youtube-dl, NewPipe, and uBlock Origin exist solely for the
| purpose of empowering the individual, yet they are constantly
| attacked on HN as being tools used unfairly to harm Google's
| profitability. Open-source projects like Matrix, PeerTube,
| Mastodon, are built to be free and open-source for the
| benefit of end-users and lack of vendor lockin. Yet each is
| derided on HackerNews for not being enough like their
| corporate counterparts. Yes, there are those here who don't
| do that, but as cynical as it sounds, I do think this site's
| audience is mostly folk who like the status quos set by
| FAANG-types and don't really care about hackerism outside of
| toy websites.
| Wowfunhappy wrote:
| The projects you listed are overwhelmingly celebrated on
| Hacker News! I'm sure you can find a critical post if you
| look hard enough--HN isn't a hive mind--but it's not a
| common sentiment.
| aprilthird2021 wrote:
| I pretty much found out about all these from HN. I think
| most of their traffic / downloads comes from this site.
| simfree wrote:
| Reddit and other social media platforms almost certainly
| drive in order of magnitude more downloads of these
| extensions than HN.
| rezonant wrote:
| Reddit and other social media platforms are at least an
| order of magnitude larger than HN. That's a good thing
| honestly.
| 55555 wrote:
| This is extremely false.
| oneplane wrote:
| The projects can be appreciated while also acknowledging
| that advertisements are part of the value exchange. There's
| nothing wrong with knowing that if your options are to
| either watch ads or pay for a service, and you privateer
| the service instead, that that is not as reasonable as it
| seems to some people.
|
| Note: this is very different from "but I want to block all
| ads", that's not what I'm writing here and also not what
| others might be writing.
|
| As for the audience, it varies, but this website is a VC
| thing, so it makes some sense that a bunch of visitors are
| from the VC ecosystem and as such might be very money-
| oriented.
| kibwen wrote:
| _> The projects can be appreciated while also
| acknowledging that advertisements are part of the value
| exchange._
|
| No, this is preposterous and I will continue to refute
| this silly idea every time it shows up here. It is not
| stealing from radio stations to change the station when
| ads come on. It is not stealing from TV channels to go
| get a drink when ads come on. _There is no moral
| compunction to watch ads, from anyone, anywhere._ Stop
| trying to normalize advertising, which is to say, stop
| trying to normalize the enshittification of the human
| mind.
|
| Meanwhile, a web browser is a _user agent_ running on my
| machine. Youtube 's content is a _guest_ on my hardware.
| Once it 's on my machine, I have the moral right to do
| whatever I please with it. If Google doesn't want to
| serve it to me, then it has the right to prevent me from
| accessing their server, such as in exchange for payment.
| But again, _advertising is not payment_ , it's just
| corporate-sanctioned, socially-acceptable brainwashing.
| freshpots wrote:
| PREACH. I love and 100% agree with your passion.
| crazygringo wrote:
| > _Once it 's on my machine, I have the moral right to do
| whatever I please with it._
|
| Sure, but Google also has the moral right to do
| everything possible with their code to make it as hard as
| possible for you to skip ads on their videos. You both
| get to try as hard as you can, so good luck to you both.
|
| There's no brainwashing here. It's just a business trying
| to make money, and trying to outsmart the users trying to
| outsmart it.
| aaomidi wrote:
| > but Google also has the moral right to do everything
| possible with their code to make it as hard as possible
| for you to skip ads on their videos
|
| So, like use an entirely different part of the company
| like Chrome to push for WEI to make adblockers not run?
|
| Or maybe use chrome to push for manifest v3?
|
| Maybe the __moral right to do everything possible__ isn't
| actually moral when it's using its leverage in a separate
| market to protect another one of its assets. Maybe we
| should see this as something to anti-trust them?
| crazygringo wrote:
| I dunno -- you've still got the moral right to use
| Firefox or Safari or a Chromium fork.
|
| Ads and adblockers are always going to be a cat and mouse
| game, so I don't see any reason to complain.
|
| Antitrust doesn't really enter the picture. Chrome
| doesn't even come preinstalled on PCs or Macs anyways --
| you've got to go out of your way to choose to install it.
| So just don't, if you don't like it.
| aaomidi wrote:
| > Antitrust doesn't really enter the picture.
|
| I don't think this is true. Google Meet, Youtube, etc all
| perform _worse_ on non-Chrome /Chromium based browsers.
|
| I do think that the world's most popular browser, being
| owned by the same entity that owns Youtube, actively
| working to block adblockers (adblockers which, do *not*
| harm Chrome but do harm Youtube) is something for
| regulatory bodies to take into consideration.
| I_Am_Nous wrote:
| >There's no brainwashing here.
|
| Advertising is at least _trying_ to make you think
| thoughts it feeds you. "Buy Brand X, you'll get women!"
| If the advertising is effective, you'll associate Brand X
| with something positive and want to buy it.
|
| It's kind of blanket brainwashing with extra steps
| because it's more indirect. Similar technological
| brainwashing might be joining an algorithmic social media
| site and becoming convinced of something the algorithm
| felt was the most engaging thing that day and spread,
| regardless of truth. Choosing to believe what social
| media or advertising tells without healthy skepticism you
| is willingly accepting some brainwashing.
|
| There are people who feel really strongly about ads, and
| I'm one of them. I hate them, they don't share my values,
| and they are only trying to extract value from me. I run
| ad blocker in my browser, but mute and skip any ads I can
| like a peasant on my TV or phone. So overall I end up
| watching more ads than not since I don't watch videos on
| my PC much.
| Nevermark wrote:
| I can't say I never see an ad, but I avoid/cancel
| services with ads, or happily sign up at the no-ad level.
|
| When I do see ads its shocking. Car ads have little to do
| with cars, and everything to do with insecurity and
| Pavlovian hacks. Idiocracy drip by drip.
|
| People expose themselves to crap influences day in and
| day out, then imagine this or that ad isn't impacting
| them. The stream has profoundly impacted them or they
| wouldn't tolerate any of it.
| somenameforme wrote:
| I can't really remember the last time I saw an ad. And as
| a result (probably?) I find I "want" for far fewer things
| than most people who let themselves be drawn in by ads.
| If a million dollars just hopped into my bank account,
| I'd probably just invest it and go back to living, more
| or less, the same. And I'm in no way whatsoever rich. But
| contentedness is cheap, and easy, when you don't let
| yourself get drowned into the endless vacuum of
| artificial demand. [1]
|
| I am absolutely certain that the exponential increase in
| advertising is probably going to ultimately have been
| found to be at least partly responsible for so many of
| the mental and psychological problems that seem to be on
| the exponential increase in places like America. Humans
| are not designed to live our lives as donkeys chasing a
| carrot on a stick.
|
| [1] - https://en.wikipedia.org/wiki/Artificial_demand
| kibwen wrote:
| _> People expose themselves to crap influences day in and
| day out, then imagine this or that ad isn 't impacting
| them._
|
| Precisely. Subjecting yourself to advertising (or
| allowing your children to be subjected to advertising) is
| simply bad mental hygiene.
| godelski wrote:
| > Car ads have little to do with cars,
|
| That's because most car ads aren't actually trying to
| sell you the car. They are instead trying to sell you the
| idea of the car's status[0]. While people are most
| familiar with ads that are blatant attempts to get you to
| buy something, many are much more indirect. It's also why
| native advertising is so nefarious. A large portion of
| ads actually aren't the direct version, but most often
| people don't notice they're taking in an ad, and that's
| kinda the point.
|
| [0] https://www.latimes.com/archives/la-
| xpm-1996-04-26-me-62995-...
| godelski wrote:
| > Advertising is at least trying to make you think
| thoughts it feeds you.
|
| BuT aDs DoN't AfFeCt Me!
|
| I'm honestly frequently impressed how how often people
| don't understand what ads are or do. Especially
| considering they funds most of our paychecks. Everyone is
| affected by ads and convincing yourself that you aren't
| makes you more vulnerable to them.
|
| I think the problem comes from people thinking ads
| exclusively are about selling things that have a monetary
| value. But ads sell ideas. Often that idea is that you
| should buy something, but sometimes it is a preference
| like a politician or a celebrity in their latest scandal
| or rise to fame. Ads can be good too, like public service
| announcements. But for sure we're over inundated with
| them and there's too many bad ones.
|
| I am also particularly peeved about the ads that come
| from email addresses I can't exactly block. I really
| don't think anyone should be accountable for missing an
| important email if the sender also sends 90% junk from
| the same address. I'm looking at you every university
| ever[0]
|
| > skip any ads I can like a peasant on my TV or phone.
|
| Maybe check out reVanced. You can recompile the YouTube
| APK to be ad free.
|
| [0] Here's the text from my uni's page when you click
| unsubscribe. What a joke. I don't need emails from the
| alumni association, publicity channels, or all that. And
| you have the audacity to try to convince me it isn't
| spam? What a joke. I'm glad I use a third party mail
| client that can filter this stuff but it is an absolute
| joke that we think this is acceptable. It shouldn't
| require special tools. There is a clear difference
| between police reports and the alumni association and
| they even come from different senders. In fact, not
| allowing for you to unsubscribe actually goes counter to
| the safety claim because it teaches people to ignore your
| emails.
|
| > In order to share information quickly and efficiently
| with faculty, staff, GEs, and students, the university
| uses email as its official form of communication. All
| emails that end in an @<theuniversity>.edu address are
| required to receive email communications sent by the
| university. As such, there is no option for
| @<theuniversity>.edu email accounts to unsubscribe from
| official university communications emails and these
| emails are not considered spam under applicable laws.
| I_Am_Nous wrote:
| I understand not all advertising is bad as a good product
| might not spread during the critical growth phase without
| it. It just raises a lot of red flags for me when someone
| is desperate for my attention like ads are. Google
| _reeeally_ wants me to buy a Pixel 8 lol
|
| Glad you can filter the crap, but I guess from a CYA
| perspective the school can say "we notified everyone
| through our official email channel" whether you were ever
| going to read that email or not.
| godelski wrote:
| There's also things like PSAs that can be good ads. I
| think it's important we remember that it's not always
| about consumerism.
|
| Haha there's only a few places I get ads and I lock as
| much down as I can. There's a certain sense of joy when
| you get ads so misaligned from you that you know they are
| reaching.
|
| Oh it's a constant battle to filter. But what worries me
| is actually that people honestly do not get it. These are
| clearly little metric hacking and I'm afraid we're just
| traveling deeper and deeper into Goodhart's Hell.
| kelnos wrote:
| > _Sure, but Google also has the moral right to do
| everything possible with their code to make it as hard as
| possible for you to skip ads on their videos._
|
| The person you're replying to acknowledges this, albeit
| indirectly.
|
| But the point still stands: if Google sends me the bits,
| I am free (morally, and, at least for now, legally) to
| discard the bits that correspond to the ads if I can
| figure out how to do so without watching them. If Google
| can figure out ahead of time that's what I'm planning to
| do, and refuses to give me the bits, that's of course
| Google's right.
|
| > _There 's no brainwashing here. It's just a business
| trying to make money_
|
| Advertising is psychological manipulation to coerce you
| to buy whatever product is on offer. The "best"
| advertising will convince you that you need a product
| that you'd never consider buying otherwise.
| "Brainwashing" might be a sensationalized way of putting
| it, but I don't think that's particularly inaccurate.
| geodel wrote:
| > Once it's on my machine, I have the moral right to do
| whatever I please with it.
|
| Huh, you can throw the guest out by not watching youtube.
| Ripping off guest seems strange moral right.
|
| > Stop trying to normalize advertising, which is to say,
| stop trying to normalize the enshittification of the
| human mind.
|
| Seems like you are deciding on everyone's behalf on what
| one should do with their mind.
| martimarkov wrote:
| The alternative is to leave to a for profit company. That
| company should not have that right.
|
| If the content is rendered in my browser I can manipulate
| the JS and HTML as much as like. If you don't like that
| -> feel free to put protections. But the same way a
| browser interprets the code I can put stuff on top of
| that interpretation.
|
| So morally I'm okay to use a blocker if that's what I
| want to do. It's also immoral to track me but Google
| seems to be okay with it. If that is the relationship
| they want to establish so be it. I will act in the
| reciprocal manner.
|
| The idea is not to decide on what someone else is going
| to do with their mind. Hence the idea that everyone is
| free to do what they want. Ads are not a natural part of
| the world so making the argument that not watching them
| is somehow wrong is what is actually a decision being
| pushed on others.
|
| If companies didn't try to normalize ads and tell you off
| for using adblockers then nobody would have a problem
| with it. But given that people say: You need to watch ads
| otherwise you are stealing is putting decisions in
| someone's mind.
| TedDoesntTalk wrote:
| Wow. Eloquent. Awesome!
| oneplane wrote:
| You're wrong. Radio and TV from your example get paid
| anyway and you count as a watcher in the statistics so it
| doesn't matter if you're there for the broadcast or not,
| transaction complete either way.
|
| When you are an on-demand user where the transaction is
| media in exchange for something (advertisements or a paid
| subscription), and you weasel your way out of exchanging
| something you're not 'moral' or whatever measure you
| take.
|
| It also doesn't matter what you think or feel with this
| transaction since the rules are known ahead of time, and
| you either agree to them or don't, and there is no third
| option that entitles you to free content. That includes
| your mental gymnastics about who is a server, who is a
| client and who did what. The technical details do not
| matter, they never did and they never will.
|
| Is it a shit experience? Definitely. It doesn't mean that
| the rules you agreed to suddenly don't apply anymore.
| lolinder wrote:
| There isn't _one_ Hacker News. Nearly every product you
| list also has it 's greatest champions here on HN.
|
| yt-dlp's post on HN garnered a lot of overwhelmingly
| positive attention [0].
|
| I learned about NewPipe from HN and am now an ardent fan.
| Also received an overwhelming amount of positive attention
| recently, with the top comment recommending a fork that
| blocks _even more_ advertising [1].
|
| Every release of uBlock Origin gets hundreds of upvotes
| (1.53 got 527 points [2]). Again, overwhelmingly positive
| attention.
|
| There's a subset of HN that is _obsessed_ with the
| fediverse, and another subset that is skeptical, but the
| skepticism is overwhelmingly technical in nature.
|
| If you _want_ to see corporate shills on HN, you 'll
| probably be able to find some, but it's certainly not a
| majority (much less unanimous!) view.
|
| [0] https://news.ycombinator.com/item?id=37474066
|
| [1] https://news.ycombinator.com/item?id=38144400
|
| [2] https://news.ycombinator.com/item?id=38094620
| jareklupinski wrote:
| > this site's audience is mostly folk who like the status
| quos set by FAANG
|
| something something someone's salary and getting them to
| see something
| zxt_tzx wrote:
| _"It is difficult to get a man to understand something
| when his salary depends upon his not understanding it."_
| Upton Sinclair
| flkenosad wrote:
| Difficult but not impossible. Like programming.
| rezonant wrote:
| The tools should exist and Google shouldn't fight them. But
| at least for me, I'm usually trying to remind people that
| the ad money is a large part of how the content creator
| survives too. If you block the ads, then please consider
| donating to your favorite creators Patreon or using YT
| premium (which is actually typically more lucrative for
| content creators than ads are).
|
| I don't care about Google's profits but I figure we should
| try to support the content we enjoy in some way or else all
| we'll be left with is MrBeast, PewDiePie and content farm
| videos (ie the stuff that is so hyper scale that no amount
| of ad blocking can effectively hurt them)
| somenameforme wrote:
| If it was literally impossible to profit from digital
| video content creation, there'd be still be countless
| videos, and the overall quality (in terms of content
| value, not production value) would also probably be
| higher. People like sharing content, even for free -
| hence sites like this one, which we've all probably spent
| far too many hours on, and I've yet to receive a single
| payment from Dang!? And Google will never scrap YouTube
| because they gain immense profit just from profiling you,
| regardless of how many ads they can force you to watch.
| And perhaps even scarier from their perspective is the
| rise in marketshare that'd give to competitors.
|
| In many ways it'd probably be far better for the world if
| making videos was not perceived as being profitable. The
| number of children who now want to be 'streamers' or
| 'youtubers' instead of astronauts, engineers, and
| scientists is not a good direction for society.
| fiddlerwoaroof wrote:
| I think there's a sorites paradox here: if it were
| actually impossible to make money from digital video,
| then YouTube wouldn't exist at all because it couldn't
| pay for the hosting and bandwidth it needs to distribute
| videos. What is true is that YouTube is basically not
| harmed by some fraction of their users blocking ads but,
| were that fraction to hit some percentage of the total
| traffic, YouTube would be forced to either discontinue
| free video hosting or charge to watch (or it would be
| killed as unprofitable).
| rezonant wrote:
| Exactly right. I think we are incredibly far from that
| breaking point, and what Google is doing is chasing
| growth for their shareholders more than anything else,
| especially at the end of the free money era.
|
| The platform itself may be replaced but the incredible
| result of the YouTube platform is that there are millions
| of excellent creators who are making a living by making
| their videos, and even making enough to keep raising the
| bar on their work.
|
| It's not a given that growing such a swelling stream of
| creative work will ever again be possible if this one
| dies out. YouTube was in the right place at the right
| time with the right subsidization available while they
| made the systems work at scale, and scale them up to
| insane hyper scale levels. This happened because of the
| advertising bubble, which is showing heavy signs of
| stress especially in the last few years. Society is
| already pushing back against the data collection that
| makes advertising at these scales as lucrative as it is,
| and if the bubble finally pops it's possibly it'll never
| inflate this way again.
|
| This is why it's important to support the small creators
| you enjoy in some way. Direct contribution is certainly
| the best of them all. Sure this might not be relevant for
| superstar YouTubers, but take for example Technology
| Connections. Alec is an amazing communicator who puts
| insane effort (full time) into producing super
| informative videos about electronics and engineering.
| redserk wrote:
| > If it was literally impossible to profit from digital
| video content creation, there'd be still be countless
| videos, and the overall quality (in terms of content
| value, not production value) would also probably be
| higher.
|
| A lot of YouTubers I enjoy watching are very tech/science
| focused and use proceeds from their videos to purchase
| equipment that is used to create content. I don't think
| their channels would be nearly as interesting if they
| didn't make shiny-toy-money from it.
|
| > The number of children who now want to be 'streamers'
| or 'youtubers' instead of astronauts, engineers, and
| scientists is not a good direction for society.
|
| People desiring to be famous isn't an idea that started
| in the age of YouTube and TikTok. The medium changes with
| what's the dominant platform. If anything, YouTube and
| TikTok democratized the process.
| kelnos wrote:
| "Democratized" is just a fancy way of saying "made it
| easier for more people to get into it". So you get the
| same result: more people seeing that becoming famous is
| actually attainable, which drains talent from more useful
| endeavors.
|
| (And yes, I'm going to assert that becoming an astronaut,
| engineer, scientist, etc. is immeasurably more useful
| than becoming an influencer or whatever. It's fine to
| disagree with me there, but that's my position.)
|
| Having said that, I do get a lot of value and
| understanding and useful information from some YouTube
| channels (which I do my best to support through Patreon
| and my YT Premium subscription). But not all channels are
| created equal.
| necovek wrote:
| TV, documentaries, movies and music videos are video
| content just the same. Even most sports is consumed in
| video format.
|
| Only served via a different platform (or not really
| anymore for some like music videos).
|
| People wanting to be streamers/youtubers is the same as
| them wanting to be any other celebrity.
|
| To be able to show some valuable content, there has to be
| something valuable happening, and hopefully that still
| directs enough people to be astronauts, engineers and
| scientists (so eg NASA can live stream their flying to
| Moon or something).
|
| All I am saying nothing has changed, really, other than
| the platform and accessibility.
| rezonant wrote:
| > and the overall quality (in terms of content value, not
| production value) would also probably be higher
|
| This is pretty questionable. Quality takes time. If you
| need an income to pay your rent, 40 hours or more of your
| work week are taken up. That leaves a few hours before
| dinner and sleep to work on your videos (since in this
| hypothetical, it is "literally impossible" to make money
| on your videos).
|
| Of course you could work on the weekend, and many do. But
| let's not forget that making videos is work, and it's
| important to do the things, you know, we invented
| weekends for. Like spending time with your family,
| reading a book, or playing a video game. How entitled
| this content creator must be to have a weekend. This is
| of course assuming that the creator's day job is a
| traditional one-- more than likely they work partial days
| 7 days a week at varying hours as is the norm for
| crappier jobs.
|
| That 40 hours gives you enough income to pay your
| expenses, but unfortunately, for most people, doesn't
| give you the income you need to get a real camera, so
| you're just using the webcam that you already had on your
| computer.
|
| The audio is terrible and the video looks like it came
| out of the early days of YouTube, but somehow that
| qualifies as "high production values".
|
| Sometimes it's easy to lose sight of reality when working
| in a highly paid specialized field like engineering.
|
| > In many ways it'd probably be far better for the world
| if making videos was not perceived as being profitable.
| The number of children who now want to be 'streamers' or
| 'youtubers' instead of astronauts, engineers, and
| scientists is not a good direction for society.
|
| Well you are watching that content, presumably. Do you
| feel it provides value to you?
|
| There are an awful lot of small science educators on
| YouTube. They are doing the work to inspire people to get
| into the sciences. Is that not valuable? Those people
| have an outsized dependency on the ad revenue and patreon
| income they receive so they can keep making videos that
| are accurate and engaging. For them, another hundred
| people blocking ads could mean the difference between
| doing what they love and releasing quality videos or
| having to go back to a day job that occupies all their
| time.
|
| If there was no YouTube, how do our kids get inspired to
| become scientists-- by watching the latest MCU movie? By
| watching cable programming?
|
| YouTube isn't all just MrBeast and dramatube videos but I
| get the impression that this is what you think of. It
| reminds me of the "algorithm slip" where users make broad
| assumptions about a platform because of what it serves to
| them, but really it says more about you than properly
| evaluating what content is on the platform.
|
| When I sum up your take, it sounds like only those people
| with passive income should have the privilege to make
| videos, and that's actually not a world I want.
| skydhash wrote:
| > If there was no YouTube, how do our kids get inspired
| to become scientists-- by watching the latest MCU movie?
| By watching cable programming?
|
| Same as everyone before YouTube. Role models and
| seeing/reading things.
| rezonant wrote:
| So only people with role models close to them or in a
| place where inspiring things are happening should be
| inspired?
|
| Before YouTube and the Internet in general, only affluent
| people had these things, and we left behind a huge
| portion of the worlds population. Those people have the
| same potential as people of means or the luck to be born
| in an affluent country or an urban area.
|
| I do get that you also include reading things on the
| Internet, but that's not always engaging enough to create
| a spark for people.
| somenameforme wrote:
| This is bordering on ridiculous. No, not only affluent
| people had role models FFS. Carl Sagan, for instance, was
| a 1st gen son of poor immigrants. His mother was a house-
| wife, his father a garment worker. His inspiration came
| from what scientifically curious people used to do before
| the internet - like going to the library, talking to his
| teachers, or even going to a museum every once in a
| while.
|
| Since the advent of the internet the entire developed
| world has been getting literally dumber, so far as IQ can
| measure. [1] That's, to my knowledge, the latest study
| but a quick search for 'reversal of flynn effect' will
| turn up a zillion hits. In other words, what I'm saying
| is not controversial in the least. And one of the
| hypothesis for why this is happening (as per the linked
| paper) is, unsurprisingly, increased media exposure.
| YouTube is playing a significant role in literally making
| the world more stupid.
|
| I love plenty of 'sciency' YouTubers - Veritassium,
| Cody's Lab, Smarter Every Day, and many more. But in
| reality, you're not like to learn much of anything from
| these sort of scientainment. It's just candy with a
| sciency coating, more likely to inspire people to want to
| make more candy, than to actually pursue science.
|
| [1] - https://www.sciencedirect.com/science/article/pii/S
| 016028962...
| boredhedgehog wrote:
| > Well you are watching that content, presumably. Do you
| feel it provides value to you?
|
| That's a pretty thorny question, come to think of it.
|
| Perhaps it's like eating chocolate. It provides value to
| some part of me, but at the same time, a more reasonable
| part can judge that I as a whole would be better off if
| the chocolate wasn't there and I'd eat something
| healthier instead. So I can both consume it and desire an
| environment where I wouldn't consume it.
| rezonant wrote:
| You're free to not eat the chocolate, but are you
| suggesting that it's the chocolate's fault for existing,
| and that chocolate should go away so you aren't tempted?
|
| I'd assert that a lot of content on YouTube is not
| chocolate. There are high quality "healthy" options right
| there on the app. How about Technology Connections or the
| 4 hour long retrospectives on your favorite book, film,
| or video game? What about the years of technical and
| learning content? Those aren't chocolate, those are
| spinach.
| nerdix wrote:
| This is just factually not true. A lot of YouTubers
| eventually quit their jobs and become full time content
| creators. That's means they are able to create more
| content and the quality of their content can increase as
| they are able to spend more time on production and
| editing.
|
| They are also able to invest in their channels. Many
| bigger YouTubers have small production studios, very
| expensive camera equipment (think $70k Red Dragon/ARRI
| cameras, 5 figure lighting setups,etc), and full time
| staff. They can production quality that rivals a TV
| studio. None of that would be possible if video content
| couldn't be monetized.
|
| I sort of agree about the obsession with being a "content
| creator". But at the same time, kids have always wanted
| to be rock stars, professional athletes, and movie stars.
| Content creator is just a new type of celebrity for kids
| to idolize.
| 2muchcoffeeman wrote:
| Who doesn't like the first few tools you mentioned?
| YouTube-do and ublock origin are great.
| mlindner wrote:
| I can't remember any of those being derided other than
| Mastodon, which has major issues nothing to do with the
| fact it's competing with something.
| kelnos wrote:
| My experience here is exactly the opposite: I see the
| projects you talk about get a lot of positive attention and
| praise. Sure, there are detractors as you say, but they
| seem to me to be a very small minority.
| badrabbit wrote:
| Hacking? Hacking means whining when what you are hacking
| fights back?
|
| I mean go for it, hack away! I hope apple keeps android far
| far away from me though lol
| rezonant wrote:
| Personally for me it's people who buy Frigidaire
| appliances. They are the worst!
| badrabbit wrote:
| Appliances don't talk to other people's appliances.
| Beeper users on imessage would be unpleasant. I used
| android for like a decade, my takeaway is that you all
| can't stand other people not enduring the chaos with you.
| kelnos wrote:
| > _I hope apple keeps android far far away from me though_
|
| What a bizarre thing to say.
| badrabbit wrote:
| Well, I try.
| dcow wrote:
| > on adversarial interoperability
|
| In what world is interoperability adversarial? What the
| actual?
| lolinder wrote:
| It's adversarial because one party explicitly does not want
| to interoperate and can be expected to try to break
| interop.
|
| OP didn't coin the term, it looks like it comes from Cory
| Doctorow [0].
|
| [0] https://www.eff.org/deeplinks/2019/10/adversarial-
| interopera...
| dcow wrote:
| Cory is talking about it in the sense that the tech
| industry at large said "adversarial interop" is stupid
| and lobbied against it. It seems HN has lost the plot
| judging by the number of people on this thread defending
| Apple engaging in such a slimy practice.
|
| > Big Tech climbed the adversarial ladder and then pulled
| it up behind them.
|
| Anyway the comment I was replying to was implying that
| Beeper is the adversary which is not a correct use of the
| term.
| lolinder wrote:
| > Anyway the comment I was replying to was implying that
| Beeper is the adversary which is not a correct use of the
| term.
|
| You can't have a single-party adversarial system. Each
| party is an adversary of the other: party A wants to
| interop against the wishes of party B, and party B wants
| to lock party A out. OP wasn't implying that Beeper is
| "the" adversary and Apple is in the clear, OP was just
| saying that trying to build a business around adversarial
| interoperability is extremely difficult and the outcome
| is unsurprising.
|
| Noting that the results are unsurprising does not imply
| that we condone the system that makes such results nearly
| inevitable.
| noirbot wrote:
| Are you trying to ignore the state of what's going on?
| Beeper's business model was as interoperable with Apple as
| my neighbors cracking my wifi password to use for their
| household. The interoperability wasn't intended.
|
| Forcing someone to interoperate with you doesn't
| immediately make it all collaborative any more than a
| stranger walking up to me at lunch and declaring they're my
| friend now makes me want to invite them home after.
| dcow wrote:
| The adversary is the incumbent that's working to
| artificially stifle innovation, strong arm the market,
| and exclude competition.
|
| Beeper is not someone who hacked your wifi. Beeper is
| sending legitimate packets to your router and Apple is
| saying "I don't like those packets because they threaten
| my artificial hold on the market".
| pilsetnieks wrote:
| The troll toll?
|
| > Just putting the thought out there.
|
| https://rationalwiki.org/wiki/Just_asking_questions
| kurisufag wrote:
| ratwiki is /literally/ a troll website. it has the same
| validity as encyclopedia dramatica.
| ribosometronome wrote:
| >Of course, it's very unlikely Apple is doing that. Just
| putting the thought out there.
|
| Is making wild claims and then immediately trying to disavow
| them in the next sentences the hacker spirit?
|
| How does it at all follow that Beeper Mini is using encryption
| properly (or else it wouldn't work) but it's unlikely Apple is?
| How would Beeper have been able to reverse engineer it if
| Apple's not using it? Who did they model their correct
| implementation of Apple's protocol off of?
| conradev wrote:
| Is implicitly trusting authority the hacker spirit?
| mirashii wrote:
| And by implicitly trusting authority, you mean trusting the
| device manufacturer with billions of sales and intense
| scrutiny from security researchers and state actors
| spanning decades, right? You mean trusting the entire of
| the security industry to have managed not to miss this
| glaring and easy to detect invasion or privacy? This isn't
| "it's not happening because Apple promises it's not". This
| is one of the most scrutinized platforms in the world.
| Making wild claims and disavowing them immediately is lazy
| rhetoric, just as oversimplifying this as an appeal to
| authority is lazy rhetoric.
| conradev wrote:
| Going back to the original claim:
|
| > Apple claims iMessage is E2EE, do we have proof they
| aren't siphoning the messages from the client once it's
| been decrypted?
|
| The answer here is no. Yes, making a wild claim
| afterwards is lazy, but the fact remains: there is no
| system in place to get anywhere close to "proof".
|
| The best we have is researchers reporting trust
| violations when they find them, escalating those
| violations in the media, and sometimes forcing the
| company to change behavior. Relying on (ever more
| skilled!) unpaid volunteer work to verify the claims of
| the largest company in the world seems like an appeal to
| authority. It also doesn't scale as they make more claims
| and build more complex software.
|
| Yes, breaking E2EE for everyone is so large that it would
| be impossible to do at scale without anyone noticing.
| Breaking it selectively to target individuals (the threat
| people are actually worried about!) is much harder to
| detect, no?
| spiderice wrote:
| > The answer here is no
|
| That's because it's a ridiculous premise. We don't have
| any evidence that Tim Cook isn't robbing banks in his
| spare time either. I'm not saying he does.. I'm just
| throwing it out there because he might be.
|
| Not to mention the fact that you can't prove a negative
| anyway.
| Kab1r wrote:
| You certainly can prove that a system is
| cryptographically or otherwise sound. There is an entire
| field of formal verification. Proving that an
| implementation is correct is often more difficult, but
| not impossible.
| conradev wrote:
| If it's a ridiculous premise, then why do we even try?
|
| Apple added Contact Key Verification to eliminate one
| possible class of attack involving a lack of user
| transparency. Still trusting a whole lot of trust in the
| stack, but is an improvement.
|
| What you think of as a ridiculous premise I think of as a
| goal to aspire to
| wrayjustin wrote:
| The claim is that (a) both entities are properly encrypting
| the data _in transit_ and (b) either company could _steal_
| the plaintext client-side (after decryption).
|
| Trust that a third-party application isn't stealing the
| decrypted messages requires the same type and amount of trust
| that Apple is not stealing the decrypted messages (or maybe
| less trust if the third-party solution is open source, etc.).
| brookst wrote:
| Except the stakes for Apple are so much higher. If they've
| lied to everyone and are stealing messages, that's a multi-
| billion dollar class action, against very little upside to
| Apple.
|
| For a tiny company like Beeper, the incentives are
| different. The upside of being dishonest far outweighs the
| risks.
|
| Not that I believe Beeper is nefarious. They probably
| aren't. But their risk/reward for abusing trust is very
| different from Apple's
| belltaco wrote:
| It was the same when Apple banned Fortnite for daring to accept
| payments outside of their walled garden and the forced 30% cut.
| People falling over themselves to hate on Epic and defend
| Apple's forced cut and the total removal of developer freedom.
| If it was Microsoft the entire tone would be completely
| different.
| tinus_hn wrote:
| You wonder why the company with 95% market share is treated
| differently than the company with 40% market share.
| simondotau wrote:
| Does Epic Games give developers "total freedom" with Unreal
| Engine or will they insist upon their royalty when
| applicable? You can read their FAQ and there's literally a
| section titled _" Why does Epic think it's fair to ask for a
| percentage of a developer's product revenue?"_
|
| What's good for the goose, etc.
| jocaal wrote:
| 5% Royalty past $1m for using the most high tech game
| engine in the world is a totally reasonable price. Just
| like 3% for using payment services is totally reasonable.
| But 30% for using a distribution service is just absurd.
| The only reason the app stores can charge that much is
| because of their iron grip on the platforms.
| TerrifiedMouse wrote:
| > But 30% for using a distribution service is just
| absurd.
|
| It's the market rate. Almost all retail stores online and
| offline charge 30%.
| simondotau wrote:
| Boxed software at physical retail stores was more like
| 70-90% of revenues, split between the retailer,
| distributor, publisher, and manufacturing.
| TerrifiedMouse wrote:
| I doubt manufacturing gets a percentage cut - doubt they
| want such a cut. Manufacturing likely charges by how much
| you ask them to produce. They will quote you a price for
| your order and maybe include a discount for large
| volumes.
| simondotau wrote:
| Manufacturers gets paid, and they'll expect to make a
| profit. No, they don't take a percentage, but that's a
| rather academic distinction when the unit cost for
| manufacturing is $5 and your product isn't marketable
| with a price exceeding $50.
| simondotau wrote:
| By agreeing that _some_ amount is acceptable, you 've
| conceded the principle. As the famous saying goes, _we're
| just haggling over the price._
|
| As for whether 3% is reasonable, again we can look to
| Epic for evidence. Epic's own Steam competitor takes a
| 12% cut -- and they admitted in court that it was a
| money-losing venture. That should stop and make you
| think. The Epic Games Store isn't even a complex
| ecosystem, it's just a glorified Windows app downloader
| and even then they couldn't make a profit at 12%.
|
| Apple argues that their 15% fee for most (30% for the
| ultra-successful) pays for a lot more than just payment
| services. It pays for absorbing the cost of fraud. It
| pays for dealing with refunds. It pays for developing the
| APIs. It pays for employing an enormous team to perform
| some imperfect-but-useful oversight over the 1,800,000
| apps in their store. It pays for a lot of things.
|
| If you think Apple makes too much money, fine. That's a
| perfectly fine argument to make. That's a very different
| one to claiming that they're not entitled to make money.
| Or that the government should dictate prices at them.
| jocaal wrote:
| But we are not haggling over the price. apple has control
| over an enormous portion of the market. I can't haggle
| because the big guy controls everything.
|
| And saying apples cut pays for more services is just
| hilarious. we are forced to use those services and forced
| to pay for them. Stripe does refunds and fraud detection.
| There are other app development platforms for API's like
| kotlin and flutter.
|
| And you and I both know that apple's margins on the app
| store is a joke. Thats why they dont report it seperatly
| in their financials. Whether epic couldnt make it is
| their problem.
| simondotau wrote:
| > But we are not haggling over the price.
|
| You argue that a 5% cut is reasonable and a 15% cut is
| not reasonable. You are haggling over the price.
| kaibee wrote:
| EGS only loses money because they have to buy their
| customers by giving away free games, to try to dislodge
| Steam's position. The infrastructure costs of EGS cannot
| be that high.
| simondotau wrote:
| Apple spends billions of dollars to get customers too.
| dylan604 wrote:
| It has nothing to do with a lack of spirit. It's a 800lbs of
| reality crashing down. There's nothing wrong with trying to
| hack the Gibson. However, this wasn't just a hack, but a severe
| threat to Apple's walled garden. As long as they are allowed to
| have it, they will protect it at all costs. Thinking any
| differently is just naive. So of course this is the ultimate
| result.
| martimarkov wrote:
| It's identical to a jailbreak which gets patched ASAP so not
| sure what is has to do with walled garden as much.
|
| I've played with the same idea of making an Android client
| but I would never build a product on that because I know the
| limitations on my side.
|
| As a company you are 100% allowed to break 3rd party client
| when they don't have an agreement with you. It's your product
| after all. Heck even with an agreement APIs don't support old
| versions.
| dylan604 wrote:
| > It's identical to a jailbreak which gets patched ASAP so
| not sure what is has to do with walled garden as much
|
| Why do you think they don't want you to run a jailbreak?
| It's to protect the walled garden. If you can install apps
| other than their store, that's lost revenue. They claim
| security blah blah, but it's removing mouths from the teet.
| So, it has everything to do with the walled garden. How
| does that not make sense to you?
| clnq wrote:
| The jailbreak patches are for the walled garden, too.
| Security is not a concern for those who use jailbreaks.
| They want to get their devices in the insecure state and go
| to lengths to do it.
|
| It's similar to how OpenAI uses "safety" to make sure their
| LLMs don't get them in hot water, and PlayStation uses
| "safety" to make sure their consoles do not become
| associated with piracy and make publishers think twice.
|
| This kind of "safety" is about business interests. :) Some
| companies can say it openly that they wish to protect their
| business, as fundamentally there is nothing wrong with
| that. Others can't as that will bode poorly for their
| monopoly status and they will suffer (overdue) legal
| repercussions. So it becomes "safety".
|
| Notice how companies that argue against user freedom for
| "safety" are always in circumstances where bringing up
| business interests behind "safety" won't bode well.
| boxed wrote:
| Seems like if this is allowed to stand you'll get massive
| spam issues on iMessage within a few months... better to kill
| it fast.
| crazygringo wrote:
| > _Where is the hacker spirit here?_
|
| The hacker spirit is the fun of reverse engineering. The hacker
| spirit is about personal use.
|
| It's _not_ expecting to be able to turn it into a _business_ ,
| or a popular app, that wouldn't quickly be shut down. That's
| just common sense.
|
| > _Myself for example owns a Macbook, but an Android phone. Am
| I not allowed to use iMessage? I paid the toll._
|
| Of course you can. It's sitting there on your Mac where you can
| use it as much as you like.
| paulmd wrote:
| It's also at severe risk of ruining the fun for numerous
| other _hacker-spirit_ communities like hackintosh or
| opencore. Apple can come down on this in ways that
| potentially make it much more difficult for hackintosh to
| operate, or for people to update their legitimate apple
| systems after the end of official support. Which was pointed
| out in those threads too.
|
| See also geohot taking some other PS3 exploits that were
| already published and combining them into a piracy kit that
| caused Sony to come down on them and patch the exploits,
| ruining it for the rest of the homebrew community.
|
| There's a reason homebrew people try to keep it low-key, it
| doesn't take many assholes to ruin it for everyone. Let alone
| turning it into an app on their own platform lmao.
|
| A decent number of other hobbies also involve some collective
| good-behavior and self-control lest the hammer come down for
| everyone. Doesn't take many assholes doing donuts on quads
| before you'll find motor access to that area removed or
| prohibited, etc. Drones also ruined in like 5 years what r/c
| airplanes had been safely doing for decades. Etc
| leidenfrost wrote:
| > it still puts the hackintosh and opencore communities in
| the middle as collateral damage.
|
| Hackintosh is already on a death march.
|
| Sooner or later Apple will remove support for all x86 OSX
| versions.
|
| Its life can be extended a bit by hackers who try to
| backport the software from ARM to x86.
|
| But you can't sustain the entire Apple ecosystem by
| volunteer work alone.
|
| Why spend resources trying to kill it when we all know it
| will die ln its own in a few years?
| ungamedplayer wrote:
| I feel that contributing to these closed source extension
| hostile software never ends up benefiting anyone long
| term.
|
| I know people gotta make a buck though. Sucks.
| dizhn wrote:
| Arm based PCs are becoming a thing too. Won't the
| hackintosh have a new home there?
| walterbell wrote:
| Arm-based PC SoC designed by former Apple M1 team
| leadership, no less.
| Nullabillity wrote:
| The only people ruining anything for anyone in your
| examples are Apple and Sony.
| thegiogi wrote:
| Sure, but when fighting asymmetric warfare self control
| is paramount is it not?
|
| Would you not be mad at the guy bragging that he's a
| member of the Resistance? They are not the Oppressor with
| the capital O, but they are at least an asshole.
| DANmode wrote:
| Recruiting reduces asymmetry.
| paulmd wrote:
| Nah, assholes ruining access to the beach is a very real
| phenomenon
| nine_k wrote:
| All these activities live in a grey area: "We are breaking
| some rules, but in such a small-time way that the big guys
| don't bother enforcing the them". Fly below radars, and you
| will have your small joys for indefinitely long.
|
| This raises the question: is that a space worth inhabiting?
| Are hackintosh or homebrew PlayStation games worth it,
| compared to more open platforms where you are not breaking
| ToS?
|
| Answers, of course, differ! But the question is worth
| asking.
| dotnet00 wrote:
| At least regarding homebrew PlayStation games, for me
| that was a very valuable grey area space on the PSP and
| then PSVita, since back then there weren't many other
| kid-friendly options for similar portable computers (this
| being relevant because as an adult I am not dependent on
| convincing someone else to buy me things).
|
| Nowadays smartphones are so much more capable and so much
| more accessible to kids, plus you can even get literal
| handheld PCs like the Steam Deck, so homebrew is a lot
| less worthwhile in my opinion (except for just the sake
| of hacking, since consoles at least tended to have very
| interesting security/DRM arrangements).
| s3p wrote:
| >Of course you can. It's sitting there on your Mac
|
| As I am sure we _all_ understood, OP meant on their Android.
| martimarkov wrote:
| The the OP should read what he is buying.
|
| I have a TV from 95 am I not allowed to watch Netflix? It
| runs on my phone.
|
| Yes the limitations are different but you know them
| beforehand you just go and say it's unfair I can't have
| everything just the way I want it.
|
| You don't like iMessage - we have plenty of alternatives.
| newaccount74 wrote:
| That's a pretty defeatist take. What if I want Android
| because SyncThing works better on it than on iOS? Then I
| can't have iMessage?
|
| If you told people in 1995 that operating system vendors
| and service providers would arbitrarily block certain
| apps to lock you into their ecosystem people wouldn't
| have believed you.
| op00to wrote:
| I want to use adb to communicate with my iPhones. Google
| is evil using adb as a moat and locking away my access to
| adb! See how silly that sounds?
| flkenosad wrote:
| It only sounds silly if you have a highly technical
| background.
| op00to wrote:
| What are you trying to say? That iMessage is somehow
| "required" to interoperate with others because it does
| not require a highly technical background to use, but adb
| is exempt? I'm not following your train of thought.
| krrrh wrote:
| "DOS ain't done til Lotus won't run"
|
| Whether that was ever fully policy at Microsoft, people
| sure believed it was.
|
| 1995 was also around the time MS was pursing its embrace-
| extend-extinguish strategy to the internet with internet
| explorer.
| ffgjgf1 wrote:
| > If you told people in 1995
|
| Really? Wasn't that somewhat common back then?
| positus wrote:
| > What if I want Android because SyncThing works better
| on it than on iOS? Then I can't have iMessage?
|
| Correct. iMessage is an Apple service. If you want to
| make use of Apple services you should probably use Apple
| products. \\_O_/
| berkes wrote:
| One of these is inherent, dictated by technological
| abilities. The other virtual, made up and kept in place
| by abusing a monopoly.
| inferiorhuman wrote:
| What monopoly would that be? Apple quite literally
| advertises alternatives to its Messages app on the app
| store landing page.
| ycombinatrix wrote:
| How many of those alternatives come pre-installed and
| can't be removed?
| inferiorhuman wrote:
| How is that even relevant? The stock Messages app doesn't
| conflict with any of the other messaging apps.
| yencabulator wrote:
| Lawsuits on Microsoft & IE pretty well established that
| defaults matter for antitrust actions.
| inferiorhuman wrote:
| One of the remedies was to prompt the user to pick a
| browser at install time. Apple is literally advertising
| all of the alternatives in perhaps the most obvious way
| that they can. There's no trust to bust here.
|
| IE had the majority of the market share on the most
| popular desktop platform (Windows). Neither Messages nor
| the iPhone are in that position. Phones are pretty evenly
| split between Apple and Google in the US (and it's more
| lopsided in favor of Google elsewhere). Again, by virtue
| of having competition and having that competition easily
| accessible there's no monopoly.
|
| There's just a bunch of butthurt Google fanbois who are
| lamenting the color of... well the color of someone
| else's text messages on that other person's device. All
| received messages have a grey background.
| berkes wrote:
| For the sake of the argumt, let's say there is no
| monopoly, but a competitive landscape filled with
| alternatives and switching costs are zero.
|
| Does that change my point about the difference in those
| examples?
| flkenosad wrote:
| You can get alternative SMS apps on iOS?
| rezonant wrote:
| iMessage is just the iOS texting app. When someone says
| "I'm having trouble getting Stranger Things to play on
| Netflix" you don't tell them "You should switch to Hulu".
| Netflix (iMessage / texting apps) has Stranger Things
| (texting) and Hulu ("alternatives" like Whatsapp et al)
| do not.
|
| As an Android user, in theory I shouldn't care about
| iMessage. However, because of the way that iMessage
| creates schisms, miscommunications, lost communications,
| broken texting experiences and more between my Android
| friends and my iPhone friends, I have to. I would like
| the texting features of these phones to interoperate so
| we can all text together in peace.
|
| I wrote up a scenario (user story?) that I think helps to
| explain the problems I think should be solved that seem
| to fly over so many people's heads, especially when they
| advocate for over-the-top messaging apps like Whatsapp to
| solve the problem (particularly in the US context):
| https://news.ycombinator.com/item?id=38578101
| dzikimarian wrote:
| No. Hacker spirit is owning your machine to its full extent.
| For fun, for profit or just for mayhem.
|
| Apple using instant messaging, where no meaningful innovation
| happened for decades to build their moat is pathetic and
| disgusting.
| tedunangst wrote:
| If your mayhem requires communicating with third party
| servers, who owns those computers?
| colinsane wrote:
| then to OP's "where's the hacker spirit" question: the
| answer would be "the hacker spirit is to replace iMessage
| with anything less controlled", right? that's still
| equally as subversive against The Powers in the sense
| that "hacker spirit" implies any form of subversion.
| rezonant wrote:
| Just like how all we needed to do to replace Facebook in
| its heyday was to make a better Facebook! Remember
| Diaspora? Any day now its going to dethrone the king and
| I'll be able to see all my friends updates on Diaspora!
|
| The social graph lock in problem is well documented and
| well understood. If most people use a certain solution
| (in this case texting, and particularly in regions where
| its dominant such as the US) then attempts to make a
| replacement solution whose success depends on mass
| adoption has an exponentially more difficult time in
| achieving adoption, because there's no incentive for
| users early on (because the social graph isnt there).
|
| At least in the US, texting has a ton of "gravity"
| compared to other forms of messaging because it is built
| in to every phone and entirely free with your phone plan,
| so every user knows they can reach every other person
| they meet via texting.
|
| New platforms gain critical mass more due to circumstance
| and luck than anything else. Or, such as the case with
| TikTok, via deep pockets and relentless advertising.
| colinsane wrote:
| > The social graph lock in problem is well documented and
| well understood.
|
| i don't actually think it is. i don't know _anyone_ who
| uses just a single messaging app (and thereby a single
| protocol-level social graph). i have some mental map in
| my head: "if i want to reach friend A, i do it on Signal.
| friend B: Discord. friend C: SMS/tel/PSTN. friend D:
| Matrix". i think this is a pretty common experience these
| days: i'd hazard that my mix of 4 apps is on the _small_
| side.
|
| i admire Beeper, JMP.chat, and other groups trying to
| improve messaging via better abstractions. i think it'd
| be cool if they could maintain iMessage support, i also
| think it's not critical to their success. the pain points
| caused by that graph problem you point to is 1)
| maintaining that mental map and 2) coordinating large
| group chats. i don't see that the client-side/Beeper-
| style solution to this is notably worse if they support
| only 29 protocols instead of 30: for as long as my peers
| are reachable by more than one messaging app, the odds of
| bridging between them isn't radically different.
| rezonant wrote:
| > The social graph lock in problem is well documented and
| well understood. > i don't actually think it is.
|
| Nitpicking but I was saying that the general social graph
| lock in problem (also referred to as chicken/egg) is well
| documented.
|
| > i don't actually think it is. i don't know _anyone_ who
| uses just a single messaging app (and thereby a single
| protocol-level social graph). i have some mental map in
| my head: "if i want to reach friend A, i do it on Signal.
| friend B: Discord. friend C: SMS/tel/PSTN. friend D:
| Matrix". i think this is a pretty common experience these
| days: i'd hazard that my mix of 4 apps is on the _small_
| side.
|
| Hi! Nice to meet you! I use only one messaging app for
| all of my friends! It's called texting. As far as I know,
| all of my friends do the same, with the only exception
| being a few Internet-only friends where we use Discord.
|
| The "mental map" that you are describing is _exactly what
| I want to avoid_. I am thankful that I have not had to
| make one yet, and when people tell me to use over-the-top
| chat apps like Whatsapp, I can see that the map must be
| made.
|
| Just because this is the norm, doesn't mean I'm going to
| do it, especially since we don't do it now. As much as
| the interoperability problem between RCS and iMessage is
| an incredibly annoying problem, I would take a single
| unified messaging experience over some crazy fragmented
| one with a zillion apps any day.
|
| > 2) coordinating large group chats. > for as long as my
| peers are reachable by more than one messaging app, the
| odds of bridging between them isn't radically different.
|
| A little confused by this, because Beeper and other
| unifying clients cannot in fact make groups which have
| participants on multiple platforms at all.
|
| You said you need 4 messaging apps right now to
| communicate with everyone you communicate with. How many
| of those users also have all 4 of those messaging apps?
| Obviously it's not all of them, or you'd just use one
| messaging app. The fact that you need four implies that
| for a given selection of contacts, there is a chance that
| it is impossible to create that group chat, because there
| is no shared platform they are all on. Then you factor in
| that in some scenarios you need your contacts to include
| additional contacts, and perhaps your 4 messaging apps
| needs to grow to make it happen. And of course if you
| already made the group and you need to just add _one more
| person_ then you might have to scrap and remake the group
| somewhere else. But then that group that already has some
| messages in it still exists, and people will keep texting
| it! Now you 've split your group chats!
|
| On top of this, I want to note that the mental map you
| have built is also prone to becoming stale. If one of
| your friends is on Signal and Whatsapp but prefers
| Whatsapp, but then uninstalls Whatsapp and forgets to
| tell you, then you very well may send a message to that
| person and have it never arrive. Of course they might
| bail out of both Whatsapp and Signal, and just go back to
| SMS. Now none of your messages will land- you didn't even
| think they were interested in SMS.
|
| Sure, if they are a close friend its likely they'll let
| you know. Most people have 1-5 close friends. But most
| people also have far more contacts in their contact book,
| and some of those people they might only message a few
| times a year. That's not a mental map that can be
| maintained, or if it can, I don't want to.
| colinsane wrote:
| > I use only one messaging app for all of my friends!
|
| i admire the resolve. on the other hand i think that
| rules out iMessage playing much role in that long-term,
| right? like, they're just never going to play nicely with
| others, it's not easy for the broader developer base to
| integrate with much less improve, and so on. so you're
| back to SMS, and the baseline SMS experience now is
| pretty limiting and stalled (much as SMTP stalled): a big
| part of why people leave for app-based messengers is for
| features like voice memos, video-chat, multi-device (e.g.
| PC) support, better multimedia support, etc. to say "SMS
| forever" i think is to say "i'm okay never having these
| features" -- which is a fine decision but important to
| note.
|
| > A little confused by this, because Beeper and other
| unifying clients cannot in fact make groups which have
| participants on multiple platforms at all.
|
| i'm pointing to where i understand the landscape to be
| headed. for channel-based chat systems like Discord, irc,
| Matrix, XMPP/jabber, Slack, it's common enough to find
| channels which are bridged across 2 or more of those
| protocols. my experience with ephemeral group chats is
| that if i want to plan a large enough event i just end up
| starting multiple group chats, and the unimportant
| details are chaotic but the important ones like
| where/when we're meeting i make sure find their way into
| both chats. there's a _possible_ future where i start two
| group chats and my client bridges messages between them
| in the same way those channel-based systems bridge.
| rezonant wrote:
| > i admire the resolve. on the other hand i think that
| rules out iMessage playing much role in that long-term,
| right? like, they're just never going to play nicely with
| others, it's not easy for the broader developer base to
| integrate with much less improve, and so on.
|
| Well Apple is implementing RCS, so that's good. But look,
| I don't really think the blue bubble stuff stems from not
| being able to put stickers on the conversation. It
| definitely doesn't come from not being able to emoji-
| react ("tapback" as Apple calls it) because that still
| works on SMS, but the SMS participant receives a text
| message describing the tapback. In Google Messages and
| other modern clients, that gets interpreted by the phone
| and turned back into an emoji reaction [1].
|
| I don't think the blue bubble hate comes from people not
| being able to do inline replies. I don't think it comes
| from the inability to edit your messages when in an SMS
| conversation.
|
| The source of the blue bubble hate comes from group chat
| splitting. When you have an iMessage group chat and you
| hit Add to add a new user, but that user is not an
| iMessage user, you are shown a prompt that says "Create a
| New Group? Contacts not using iMesage can only be added
| to a new MMS group with the same members. Contacts using
| email address handles will use a phone number instead."
|
| You are given two options: "Cancel" and "New Group".
|
| If you choose New Group, you'll now have two groups. If
| you do nothing else, no one knows a new group was
| created, since no messages were received. If you send a
| message, its still entirely possible for the other group
| members to message either or both group chats. Chaos
| ensues.
|
| It's not clear that Apple is actually going to fix this
| with RCS. Seems most likely they will not, that group
| chat splitting will still occur, just replacing SMS with
| RCS.
|
| > i'm pointing to where i understand the landscape to be
| headed. for channel-based chat systems like Discord, irc,
| Matrix, XMPP/jabber, Slack, it's common enough to find
| channels which are bridged across 2 or more of those
| protocols.
|
| Bridging is hacky, and involves not showing contact
| information for each user. You (of course), can't start a
| DM with such a user, and I'd assume things like @
| mentions are ambiguous or nonfunctional.
|
| Sure it _can_ be done, but it is kind of a terrible
| experience. Even Matrix and IRC have the same problem,
| and that's one I've actively experienced from both sides
| (IRC and Matrix).
|
| > my experience with ephemeral group chats is that if i
| want to plan a large enough event i just end up starting
| multiple group chats, and the unimportant details are
| chaotic but the important ones like where/when we're
| meeting i make sure find their way into both chats.
|
| I commend you, because you take a lot more effort than
| most humans to make sure things end up on both ends. In
| my experience, with the humans I have to deal with, its
| about a 5-10% of the time this happens, and usually its
| by sending a screenshot of the other group chat with half
| of the first line of the next message showing more
| important details that they decided "weren't relevant" or
| just didnt fit on the phone screen.
|
| Also it should be obvious but some kinds of planning are
| simply not possible or require people to perform special
| courier roles to complete. Things like planning for what
| weekend everyone's free or what elements of a potluck
| everyone's going to bring are pretty tedious to manage
| between 2 group chats.
|
| Furthermore, in my experience events that need planning
| aren't given dedicated ephemeral group chats, instead
| they are simply planned on whatever group chats they
| already have. People don't tend to put a lot of thought
| into making sure people are included, especially if the
| group chat is large. Some of the family group chats I'm
| in are 12-14 people. Not all of those people are coming
| to the potluck. They still use it, and honestly I think
| that's better than having to juggle every combination of
| every participant and keep track of whos in each one.
|
| [1] Side note here, after Google started interpreting the
| (fairly annoying) iPhone tapback SMS messages as
| tapbacks, Apple introduced a similar feature to interpret
| tapback SMS messages --- but only for iPhone sent
| tapbacks. So the scenario is a group chat with 2 iPhone
| users in it-- the tapbacks show as SMS to the receiving
| iPhone, but it gets turned back into a tapback emoji
| reaction. This only works for iPhone style tapback SMS
| messages. The slightly different format that Google
| Messages sends is... ignored...
|
| Pretty much the most smug Apple way they could possibly
| implement that feature... but now the Pixel in the chat
| works in all cases and the iPhone only works in half the
| cases, so it actually only hurts Apple users' experiences
| corobo wrote:
| Depends who you ask. Me personally? The hacker spirit is
| coming across an impossible task and doing it anyway.
|
| Figuring it out is much more fun than just using
| something else!
|
| Make money, don't make money, cash is unrelated to the
| definition.
| ed_elliott_asc wrote:
| This is a bit strong, "disgusting" conjures up other things
| for me.
| onethought wrote:
| What is the meaningful innovation in messaging that
| happened elsewhere?
| dzikimarian wrote:
| It didn't happen anywhere. Yet IM vendors (not only
| Apple) still pretend we need propertiary protocol to
| transport a few bytes of unicode. It should be
| standardized long time ago.
| flkenosad wrote:
| Is there an existing open standard that works just like
| iMessage?
| tristan957 wrote:
| You mean E2EE chat? Yes. There are even federated
| protocols.
| nurettin wrote:
| > Hacker spirit is owning your machine to its full extent.
|
| I thought it was about owning anyone's machine to the full
| extent. Did this change during the past 30 years?
| bongobingo1 wrote:
| hacking vs cracking
| segfaultbuserr wrote:
| Hacking vs. cracking is a useful system of
| classification, but the distinction is not absolute,
| there is a gray area between these two. Many well-
| respected hackers started their careers by compromising
| systems of other organizations, cracking copy-protection
| in commercial systems, or obtaining privileged
| information about proprietary systems (famously AT&T's
| telephone system), but these acts were committed mostly
| out of curiosity, as technical challenges, or as a
| protest of the perceived power imbalance that violates
| the spirit of hacking - rather than motivated by monetary
| gains or a desire to bring mayhem and destruction.
| Whether or not these activities are acceptable depends on
| someone's own personal interpretation in a case-by-case
| basis.
| mediumsmart wrote:
| you be the judge - https://www.catb.org/~esr/faqs/hacker-
| howto.html
| nurettin wrote:
| I probably contributed to the how to ask section at some
| point.
| dzikimarian wrote:
| Well 30 years ago owning your machine could be taken for
| granted. Today - not necessarily.
| fauigerzigerk wrote:
| _> Of course you can. It 's sitting there on your Mac where
| you can use it as much as you like._
|
| For what?
|
| I own a Mac an iPhone and an iPad but iMessage and FaceTime
| are entirely useless to me because no one I communicate with
| on a regular basis uses Apple devices. Same thing with
| various iCloud sharing features. Not using the family sharing
| offers is entirely uneconomical as well.
|
| So what happens is that I gravitate to other ecosystems. I
| use WhatsApp. I upload all my photos to Google Photos. I
| mirror my iCloud Drive to Google Drive to share and
| collaborate with people on various things.
|
| I have enabled Apple's advanced data protection for end to
| end encryption but it's entirely farcical as my stuff is all
| over the place anyway.
|
| Almost everything Apple does in terms of software and
| services is useless to me. They are not locking me in. They
| are locking me out.
|
| I'm paying for their excellent hardware, the m-series CPUs in
| particular, but I'm using my "spare" Pixel phone more often
| because the software suits me better.
|
| I appreciate a lot of things that Apple does but it's only a
| question of time until some other ARM based hardware catches
| up enough for me to stop overpaying Apple for software I
| can't use anyway.
| gms wrote:
| What's the problem here? Seems like you found fine
| alternatives.
| fauigerzigerk wrote:
| My problem is that I'm paying for something that could be
| far more useful than it is, and I haven't actually found
| satisfactory alternatives. For instance, I haven't found
| an end-to-end encrypted and still user friendly cloud
| option for my photos.
|
| Apple's problem is that they are selling less to me than
| they could and risk losing me as a hardware customer as
| well.
|
| Now, I totally get their strategy. It's a bet that net
| net they are locking more people in than they are locking
| out. It's hard to tell whether or not this is paying off
| for them. Not even Apple can know the counterfactuals.
| xattt wrote:
| I'm trying to figure out why it's a crappy experience
| elsewhere, but not on Apple devices. I don't think Apple
| deliberately contributes to Android hardware development
| to just make it less usable.
|
| The ball is in the court of Google et al. to make
| messaging and video chats less frustrating.
| Melatonic wrote:
| That's the thing - android to android with RCS and e2e
| enabled is pretty comparable to iMessage now. And apple
| could have just opted into adopting the open standard
| years ago
| avianlyric wrote:
| > For instance, I haven't found an end-to-end encrypted
| and still user friendly cloud option for my photos.
|
| iCloud Photos is E2EE if you turn on iCloud's "Advanced
| Data Protection". That migrates the vast majority of your
| iCloud data into E2EE storage.
| fauigerzigerk wrote:
| I know. That's my whole point. Apple has it but it's of
| little use to me because of their limited cross-platform
| sharing.
| Grustaf wrote:
| If you don't want to communicate with other Apple owners
| over iMessage, then there is no issue.
|
| What Beeper set out to do was to solve the opposite
| problem, people who don't have Apple devices, but want to
| use iMessage.
|
| And the poster above did have an Apple device, and wanted
| to use iMessage, but didn't seem to realise that iMessage
| works on Macs too.
| rezonant wrote:
| Only via email address. You need an iPhone to receive
| iMessage via phone number, and in a country where texting
| is dominant, you're going to be texted via that phone
| number, even by your iPhone friends.
| OJFord wrote:
| If you set it up on an iPhone once, is the number then
| linked somehow? Since fully Apple users do get phone
| number iMessages pop up on macOS too right? Or is that
| only locally synchronised by Bluetooth or something?
| rezonant wrote:
| Yes, you can receive iMessages to the phone number on
| linked devices when the phone is off. You cannot receive
| SMS when the phone is off.
| fauigerzigerk wrote:
| _> If you don't want to communicate with other Apple
| owners over iMessage, then there is no issue._
|
| The issue is that I as an Apple user want to be able to
| use iMessage to communicate with Android users.
| photonerd wrote:
| Given Android users don't have iMessage that's kind of
| not an issue then.
| fauigerzigerk wrote:
| This _is_ the issue and it's what this whole debate is
| about.
| ToucanLoucan wrote:
| It isn't a debate. You're demanding access to a walled
| garden on the grounds that you don't think the wall
| should be there.
|
| You're entitled to use or not use iMessage per your
| preference. You are not entitled to use of iMessage on a
| platform of your choosing. Where do we stop this? Is
| Apple then required to create iMessage clients for
| Windows Phone as well? Perhaps a Blackberry client too?
| Maybe a website?
|
| If you want to share an iMessage account and all the rest
| of the ecosystem benefits Apple provides, then get an
| iPhone. That's how you do that. And you can still
| absolutely talk to Android users once you have an iPhone,
| because the iPhone provides the essential middle-agent
| between iMessage and SMS that enables you to do that.
| Apple has done this forever and has designed Messages to
| degrade gracefully: you are not barred from texting
| anyone who doesn't have an iPhone, instead your message
| is converted to SMS completely seamlessly and sent from
| your phone even if you actually sent it from a Mac or
| iPad.
|
| The endless moaning and whining from people not in their
| ecosystem about iMessage is so, so fucking tired at this
| point: from the accusations of platform lockout to the
| bitching about the fact that SMS messages are green
| instead of blue, on and on. If you guys are SO HARD UP
| for that iMessage goodness then just pony up for an
| iPhone, holy shit. Or at the very least, go bitch up
| Google's tree so they'll develop a decent messaging
| client that won't be abandonware within 6 months.
| fauigerzigerk wrote:
| Quoting myself from this very thread:
|
| _" I own a Mac an iPhone and an iPad but iMessage and
| FaceTime are entirely useless to me because no one I
| communicate with on a regular basis uses Apple devices"_
|
| and
|
| _" The issue is that I as an Apple user want to be able
| to use iMessage to communicate with Android users."_
|
| To sum it up for you as succinctly as I can: I am an
| Apple customer expressing unhappiness about some aspects
| of the product and the product strategy.
| stanleydrew wrote:
| But that's not within your control. To use iMessage with
| Android users you'd need to convince them to use an
| iMessage client. Usually that means buying an Apple
| device, but with Beeper Mini the burden was reduced to an
| app install. But you still need Android users to take
| affirmative action for you to use iMessage with them.
| Melatonic wrote:
| The poster does - he was claiming that since he bought
| one Mac device capable of iMessage that he should then he
| allowed to use it also in his android device (where it
| would be far more useful) since he already paid the apple
| "tax" or what have you for iMessage access.
| rezonant wrote:
| > but I'm using my "spare" Pixel phone more often because
| the software suits me better.
|
| Welcome! Pixel is all you need.
| grishka wrote:
| > So what happens is that I gravitate to other ecosystems.
|
| I use a Mac but an Android phone. Android because I require
| the ability to install apps from arbitrary sources,
| including piracy. Mac because modern Windows is so
| contemptuous towards its users, and desktop Linux falls
| apart unless you know the intricacies of its internals.
|
| Anyway, transferring files between the two was a pain in
| the butt that eventually grew so immense I reverse
| engineered Google's Nearby Share and made this:
| https://github.com/grishka/NearDrop
|
| Though yes, I'm not North American so iMessage is just a
| non-issue to me. I don't know anyone who uses it. No one
| uses SMS for actual messaging between people, everyone's
| SMS inbox is 99% OTP codes and various other automatic
| notifications. Literally everyone who I communicate with is
| reachable through Telegram.
| pjmlp wrote:
| Actually it is more like knowing the intricacies of its
| distribution specific internals.
| bonney_io wrote:
| > I require the ability to install apps from arbitrary
| sources, including piracy.
|
| No one "requires" access to theft.
| 4ndrewl wrote:
| If you want to play semantics, you can't "buy" a digital
| service
| grishka wrote:
| Piracy isn't theft because it doesn't deprive anyone of
| anything, and English isn't my native language.
| pbhjpbhj wrote:
| Can you do what people did with Windows in the noughties,
| install a different OS and get a refund for the OS portion
| of your purchase (or for the apps portion??), it sounds
| like you're not using it?
| norman784 wrote:
| AFAIK macOS is free for people with an Apple device, so
| this won't work.
| danaris wrote:
| ...Where did you get that from their post?
|
| Unless my eyes are just completely missing it, I didn't
| see anywhere that they said or implied that they weren't
| using macOS or iOS on their Apple devices.
| pbhjpbhj wrote:
| They're obviously using an OS, but not the specific
| features of macOS - ie the bundled apps. So to me it
| sounds like they could use a different OS, so long as
| they could still run the apps they use.
|
| People often say they are happy to pay a premium for
| Apple because of the software. So, for someone who
| doesn't use the unique features of a particular OS+apps
| bundle maybe they could use another ... which reminded me
| of the lawsuits that resulted in Microsoft [partners?]
| having to refund the OS portion of the sale price for
| those who chose not to use Windows.
|
| It was a leap, but not a huge one IMO.
| danaris wrote:
| I think it's a pretty huge leap from "they're not using
| Apple's bundled apps" to "so they must not actually like
| macOS."
|
| I know a _lot_ of people who have MacBooks of various
| types who use Chrome as their browser (and only access
| their mail through the Gmail web interface), MS Office,
| etc, rarely using a single one of the Apple bundled apps
| (save perhaps the very basic ones, like Preview)...and
| yet, they would never give them up for a Windows
| computer, because so much of the OS is very fundamentally
| different to interact with.
| tibbydudeza wrote:
| Use WhatsApp - it works on both platforms.
| krrrh wrote:
| The hacker spirit uses Signal. Promoting WhatsApp over the
| more open community-supported alternative is worse than
| gloating over Beeper.
| fauigerzigerk wrote:
| I would very much prefer to use something other than
| WhatsApp (especially as Facebook has banned me for life
| from all their other apps), but my attempts keep failing.
|
| My wife won't use Signal because it includes a crypto
| wallet and crypto transactions are taxable.
|
| Matrix/Element would be my preferred option, but it
| causes so many security or encryption related issues that
| it has scared off everyone I tried using it with. Nobody
| knows what to do with the incessant popups demanding to
| "verify" something or other. Nobody (including myself)
| knows why older messages often can't be decrypted.
|
| Telegram is less secure than WhatsApp.
|
| Threema is not free, which makes it difficult for me to
| ask people to install it. It's not open source either.
|
| iMessage is Apple only.
|
| So what's left besides WhatsApp?
| kelnos wrote:
| > _My wife won 't use Signal because it includes a crypto
| wallet and crypto transactions are taxable._
|
| I think the crypto wallet is lame, and am disappointed
| the Signal folks decided to integrate something like
| that, but it's entirely opt-in. If she doesn't want to
| worry about being taxed on crypto transactions, she can
| simply not use that part of the app. I actually forgot
| for a second it was there until you brought it up, and
| I'm a daily Signal user.
| fauigerzigerk wrote:
| I told her it's not activated by default but she doesn't
| want to touch crypto with a 10 ft pole. She says if it's
| in there then tax authorities might eventually come
| asking if the feature becomes popular. And then she would
| have to keep evidence of not actually using it.
|
| I think her concerns are overblown, but it shows how
| incompatible taxable transactions are with a privacy
| focused app. The two things should be kept well apart.
|
| [Edit] Politically, it kind of defeats the purpose as
| well. You want to be able to argue that you have a right
| to privacy when it comes to personal communication. You
| don't want to be in a position of having to defend the
| privacy of trading securities.
| DANmode wrote:
| It does not show this.
|
| Separately, you've either misunderstood her position, or
| it's poorly thought out, and/or ideologically based.
|
| What path would tax authorities use to ask Signal users
| (and only Signal users) if they've used cryptocurrency?
| fauigerzigerk wrote:
| _> What path would tax authorities use to ask Signal
| users (and only Signal users) if they've used
| cryptocurrency?_
|
| Tax law. In the UK, every single payment in
| cryptocurrencies, however small, is a taxable disposal
| that you have to include in your tax return if your total
| proceeds or gains from all investments are above a
| certain threshold.
|
| I'm not ideologically opposed to cryptocurrencies and
| neither is my wife. She's just allergic to anything that
| could potentially raise tax questions.
| Maken wrote:
| Now I'm seriously wondering how hard is to fill taxes in
| the UK. I think I have done worse mistakes than a few
| cents in crypto and all I got was having to resubmit the
| forms.
|
| Edit: On second thought, I don't own a business, so I
| guess nobody is going to look into my tax fillings with
| the same suspicion since they do not expect me to be
| doing anything funny with my accounting.
| fauigerzigerk wrote:
| _> Now I'm seriously wondering how hard is to fill taxes
| in the UK_
|
| Doing it correctly is non-trivial. You have to submit a
| so called computation for each individual disposal, which
| can easily run into several pages.
|
| The algorithm for working out the cost of a disposal is
| actually a pretty interesting test case for learning a
| new programming language or paradigm. Try implementing UK
| share identification rules in SQL for instance :)
| Podgajski wrote:
| This is why I also have my signal set for automatically
| disappearing messages. I want you all to try to delete
| your messages if you have iCloud turned on. It's
| impossible and if you managed to do it they're stuck on
| the server for 30 days. Apple is a spy service.
| baq wrote:
| I wish watching ads on Facebook was treated as personal
| income that you have report to IRS. Social graph would
| fix itself in a nanosecond.
| dimask wrote:
| You do not have to activate the "crypto wallet", even
| less use it.
| worthless-trash wrote:
| TIL it even has one.
| fauigerzigerk wrote:
| I responded to this in the other thread:
| https://news.ycombinator.com/item?id=38580504
| viktorcode wrote:
| I use many messengers, Signal too. It lacks in polish and
| features compared to all the others. Its security premise
| is undermined by insistence of using a phone number -
| which can be spoofed or taken over - to sign up.
|
| I see it as the result of hacking spirit running the
| development, not the product team. Currently it can't
| compete.
| Podgajski wrote:
| not only does the hacker spirit use Signal, but they tell
| people that's the only way they want to communicate. At
| least that's what I do. It forced my friends to install
| Signal because of it six more people are using Signal.
|
| People who contact me over SMS get an immediate phone
| call from me in response.
| op00to wrote:
| What strange woman lying in a pond gave you a sword to
| make you Decider Of The Hacker Spirit?
| the_gipsy wrote:
| WhatsApp (meta / facebook) acts exactly like apple here:
| they're sending cease and desist letters to OSS projects.
|
| Better use matrix which is an open protocol.
| tibbydudeza wrote:
| Like ActivityPub ???. Problem is public mindshare and
| adoption.
| nicce wrote:
| > It's not expecting to be able to turn it into a business,
| or a popular app, that wouldn't quickly be shut down. That's
| just common sense.
|
| When I noticed that there is 2 dollar subscription required
| to use this app, then all my blame from Apple went to these
| developers.
|
| You can't really expect to do business with other company's
| service's without asking permission or cooperating.
| Especially, if the required interfaces are not exactly
| public.
|
| Maybe this App had hope as free version, but not as business.
| What they were thinking.
| unyttigfjelltol wrote:
| It's called a "phone". It works with the "phone network",
| AT&T communicates with Verizon. They each fund themselves
| and are interoperable.
| nicce wrote:
| For "phone" features, there are own standards and all the
| "phones" support them. They are public and everyone
| cooperates.
|
| iMessage is like Discord. It is messaging service tied to
| specific backend, and also devices in this case.
|
| What if I reverse-engineer Discord, make a commercial
| application which uses their non-public backend (not with
| webview) and never tell anything for Discord? Should the
| "phone" argument hold in this case?
|
| Discord is not the best example, because it 'allows'
| third-party level clients on some level, but above should
| not be the case.
| rezonant wrote:
| > iMessage is like Discord. It is messaging service tied
| to specific backend, and also devices in this case.
|
| It's different, because the only texting app on the
| iPhone automatically prefers iMessage. Did you make a
| group with 2 iPhone friends and now you're adding a non-
| iPhone? Congratulations you now have two group chats. No
| way to merge it, and you have to manually tell everyone
| not to use the first one. But they will anyway, and the
| conversation splits.
| nicce wrote:
| The problem you are describing is more like a social
| problem, and applies to many other aspects as well.
|
| Usually people know the consequences of their actions. If
| they don't use Facebook, Instagram, WhatsApp or any other
| "currently" popular social platform, there is always risk
| that you isolate yourself from the part of group which
| prefers the former.
|
| Is that one person important enough that other group
| members ditch the other groups?
|
| Here comes the reason why Meta, Discord or any other
| social platform with enough user base is highly valuable.
| Social pressure keeps users on their platforms.
|
| Apple is doing the same with iMessage in hopes of pushing
| device sales. But it is still messaging service. It does
| not forbid you using regular cellural standards.
|
| The question is that are the set defaults same as known
| decision? Not for everyone, but I don't think that
| conversation splitting is good enough argument here to
| reason why making business in this case would be good
| decision.
| rezonant wrote:
| > The problem you are describing is more like a social
| problem, and applies to many other aspects as well.
|
| Yes! But it's a social problem created by an intentional
| product choice that makes their own users have a worse
| experience in service of retaining their walled garden
| _at the expense of your customers relationships_ on a
| service that they are embracing and extending for their
| own ends...
|
| And they could fix it too. There is zero reason to leave
| that original iMessage chat around from a technical
| perspective. They can even put a big scary banner at the
| end of the iMessage history saying Hey this is not
| encrypted anymore! watch out!
|
| > Usually people know the consequences of their actions.
| If they don't use Facebook, Instagram, WhatsApp or any
| other "currently" popular social platform, there is
| always risk that you isolate yourself from the part of
| group which prefers the former.
|
| Yes, choosing not to use the three Meta apps you listed
| is your own damn fault. You're isolated because of your
| own poor choices. Just give up and feed the beast instead
| of, you know, trusting the phone/OS manufacturer you
| purchased your premium phone from and the carrier that
| you pay for your phone service.
|
| > But it is still messaging service. It does not forbid
| you using regular cellural standards.
|
| This is the part that's not actually true, because you
| cannot make an MMS group with only iMessage participants.
| You cannot opt out of iMessage on 1x1 conversations
| either.
|
| Using or not using iMessage isn't actually a choice, it's
| an automatic "upgrade"
|
| I'm not even sure it's possible to disable iMessage
| entirely. EDIT: This exists actually
|
| EDIT 2: "Messages app automatically chooses the type of
| group message to send based on settings, network
| connection, and carrier plan."
| https://support.apple.com/en-us/HT202724
| cowsandmilk wrote:
| In the scenario you describe, you can't add a third
| iPhone user either. You can only add people when there
| are already at least 3 participants.
| unyttigfjelltol wrote:
| The phone network in the US was basically the same 50
| years ago.[1] It took a major antitrust fight to bring
| about "cooperation". So strange, folk strenuously
| defending obviously anticompetitive conduct.
|
| [1] https://en.m.wikipedia.org/wiki/Breakup_of_the_Bell_S
| ystem
| nicce wrote:
| I would say that this is not proper comparison.
|
| It would be proper if iMessage would be the only
| messaging service phone users can use and installation
| and usage of the others are restricted.
|
| But anyway, my whole comment is about making commercial
| messenger with the expense of other product (aka. backend
| services of Apple) without permission, cooperation or
| anything else. There aren't official public APIs for
| iMessage other than for Business use.
| truegoric wrote:
| > The hacker spirit is the fun of reverse engineering. The
| hacker spirit is about personal use.
|
| ,,We make use of a service already existing without paying
| for what could be dirt-cheap if it wasn't run by profiteering
| gluttons, and you call us criminals."
|
| I believe that if you want to see hackers as only kids doing
| ,,fun stuff" at their desk at night making their
| (metaphorical and not) parents angry then either you are
| missing the bigger picture, or capitalism has gotten their
| ideological claws on the hacker culture and turned it into an
| obedient bunch of techbros that wouldn't even dream of making
| the information free, as it wants to be.
| GeekyBear wrote:
| > It's not expecting to be able to turn it into a business,
| or a popular app, that wouldn't quickly be shut down. That's
| just common sense.
|
| Can you even imagine the reaction if the uBlock Origin folks
| attempted to make the case that Youtube updating their site
| to prevent ad blockers from working was some sort of
| nefarious violation of "the hacker spirit"?
| rvz wrote:
| > Where is the hacker spirit here? The number of Apple
| apologists that have crawled out to say "see? I told you so!!"
| is saddening.
|
| You should not be surprised around the risk of depending on
| reverse engineered third party integrations which the provider
| can seek to cut you off of unauthorized interactions.
|
| > It is a bit dicey when you're charging for it, but since Mini
| was entirely client-side it would be feasible for a free
| version to exist.
|
| That makes no sense for Beeper.
| SaberTail wrote:
| Apple wouldn't even exist if not for this type of hacking. One
| of Steve Jobs and Steve Wozniak's first projects was selling
| blue boxes[1] to play around on AT&T's telephone system.
|
| [1] https://en.wikipedia.org/wiki/Blue_box
| JumpCrisscross wrote:
| > _One of Steve Jobs and Steve Wozniak 's first projects was
| selling blue boxes_
|
| Which didn't scale because it doesn't scale because the blue
| box stopped working. Sort of like Beeper.
| lofaszvanitt wrote:
| Beeper's true purpose was to show people that it's possible
| without an iPhone. What you don't know how many other
| clients like this worked and for how long...
| latexr wrote:
| > Beeper's true purpose was to show people that it's
| possible without an iPhone.
|
| What's your basis for saying that? Honestly asking. Seems
| like Beeper's true purpose could just as well have been
| to make money.
|
| _Of course_ this is possible without an iPhone. Apple
| could build it anytime they want, they just don't. Which
| I disagree with, but that's a different argument.
| epistasis wrote:
| And the penalty for getting caught wasn't merely having your
| connection turned off, it was a trial.
|
| Selling a device that transgressed the boundaries doesn't
| mean they thought that no boundaries should exist, it just
| means they knew it was possible to do something technically
| interesting and would allow them to make money.
|
| If Jobs and Woz thought there should be now penalties for
| using blue boxes, my guess is that they thought the telco
| should merely implement a better system, not that everybody
| should get free access to it.
| zer0zzz wrote:
| This should be the top comment
| Klonoar wrote:
| _> Where is the hacker spirit here?_
|
| The site is called "Hacker News" but it's predominantly existed
| over the years as a funnel for the business-centric Valley
| industry.
|
| Which is to say that I think you're trying to apply _one
| specific_ definition of "hacker" when it doesn't really work
| that way.
| lolinder wrote:
| There's that, but I'm not an SV person and my reaction was
| still "well, duh!".
|
| An app like Beeper Mini _wants_ to be something like NewPipe
| for YouTube: installable only if you know how to download
| F-Droid, maintained by a community of fans, used only by
| people who understand that Google can break it at any time
| and it might take days to weeks for it to recover.
|
| What Beeper did instead was build a startup and sell
| subscriptions to mainstream users, and now that it inevitably
| broke they come off as very whiny about it. It's not just
| Silicon Valley business types who see that and wince: it's
| offensive to old-school hackers too.
| smeej wrote:
| Know how to download F-droid? As in, "Google F-droid, click
| link to f-droid.org, click 'Download F-droid'"?
|
| I guess I can only speak for myself, but I'm pretty alright
| with people building apps with the expectation that would-
| be users will need to know how to install apps.
| lolinder wrote:
| I didn't say it was a high bar, but it's enough of a
| barrier to drive off most of the entitled complaints when
| Google periodically breaks the app.
| Nullabillity wrote:
| Everyone deserves a path around vendor bullshit, not just
| "true hackers".
| op00to wrote:
| Please, no. I do not want to have to clean malware off my
| inlaws phones in addition to their fucked up computers.
| anticensor wrote:
| This site was originally called "Startup News" then renamed
| to "Hacker News".
| oneplane wrote:
| iMessage is Apple's service, and they can do with it whatever
| they want. No other arguments are really relevant.
|
| As for whatever reasons Apple comes up with: that is probably
| also not going to be relevant as a multinational that is
| beholden to money is going to have the legal department and PR
| do that sort of messaging and not anyone on the technical side
| of things.
|
| Speculating as to why things are the way they are: Apple knows
| that people in some socioeconomic ecosystems value iMessage as-
| is, so we can expect their intent to be aligned with keeping
| that value. Reusing all in-house crypto and account management
| certainly makes it easier on the engineering side as well.
| tcfhgj wrote:
| They can't, if they have extreme market power, mich like
| Microsoft can't do anything they want with Windows
| oneplane wrote:
| And that's where that 'if' is important: iMessage isn't
| very relevant outside of the US. Worldwide it doesn't even
| reach the top 5. Inside the US, even Facebook Messenger is
| apparently used more than iMessage.
| charles_f wrote:
| I wouldn't take that as a lack of hacker spirit ; and honestly
| saying this was to be anticipated is not being an applogist.
| You could tell this would happen, notably because they were
| selling a product on top of a retro-engineered API, and it made
| quite the noise. Even if they hadn't closed it at a technical
| level, they'd probably have done it at a legal level.
|
| And to point out the obvious, Beeper was _also_ closed source.
| I don 't trust apple much, but I trust a random startup much
| less to believe that they're not either doing something dicey,
| or screwing up the encryption protocol and creating tons of
| security holes (esp. if it was retro engineered).
|
| Honestly, as you're pointing out the closed source character of
| all of that, I'd much rather use something like Signal.
| lxgr wrote:
| > since Mini was entirely client-side it would be feasible for
| a free version to exist.
|
| It uses a server for bridging APNs to GCM. Sure, that could be
| maintained on a donation basis, but it's not completely
| infrastructure-free in any case.
| rezonant wrote:
| If you think about it, it's actually not even a technological
| requirement. It's plenty possible to use an Android system
| service which maintains a connection for Beeper Mini
| persistently from the phone. After all that's what GCM does
| too. Yes, it would require backgrounding permissions, but
| that is something pretty justifiable for a messaging app, and
| when using the right UI practices, you can explain this to
| the user before they grant it.
|
| So yes, it's absolutely possible for this app to be 100%
| client side and I wish Beeper would've done that to start, if
| for no other reason than to dispel the misinformation around
| that BPNs is somehow required for the core operation of the
| app.
|
| To be fair, they probably thought making this explicit in
| their How It Works article would be sufficient.
| lxgr wrote:
| Is this actually still possible without (or even with) a
| foreground notification? I thought Google clamped down on
| that practice a while ago, since it increases power, data,
| and memory usage.
| thaumasiotes wrote:
| > I thought Google clamped down on that practice a while
| ago, since it increases power, data, and memory usage.
|
| I don't really follow the reasoning. If saving on power,
| data, and memory usage were more important than the
| ability to receive messages, it would follow that you
| were better off carrying around a cinder block than a
| phone.
| charcircuit wrote:
| Having n apps all actively querying various servers all
| the time will waste resources. The solution Google
| provides is Firebase Cloud Messaging which is the blessed
| notification service on the system which handles
| querrying notifications for all apps. FCM even avoids
| waking up the system from idle if the notification
| received is not high priority and can wait until sometime
| in the future when the device momentarily stops idling to
| processing everything at once before idling again.
| rezonant wrote:
| Well except that maintaining a connection to APNs is
| cheaper than spinning up periodic tasks to connect to
| APNs to check for new messages, and is exactly the same
| process that GCM itself uses (persistent connection),
| _and_ you probably only have one such messaging app, so
| unless GCM is considered a major battery drain (hint, it
| 's not) I think it would be fine.
|
| And in this case, GCM actually creates potential
| vulnerability. This should be allowed, and if Google sees
| it as a problem, they should implement a system service
| to retrieve from APNs. I believe the API is public.
|
| Backgrounding is problematic when devs do it wrong or
| disrespect the user, but this isn't one of those cases.
|
| Android preventing background processes in this case is
| worse for the user.
| lxgr wrote:
| > and you probably only have one such messaging app
|
| That sounds extremely unrealistic. If nothing else, you
| already have GCM - I don't think it deactivates the
| persistent connection even if you don't have any
| notification registrations.
|
| > Backgrounding is problematic when devs do it wrong or
| disrespect the user, but this isn't one of those cases.
|
| But how would Google distinguish "disrespecting" from
| intentional use cases?
|
| I've used Android for years, and uncontrollable
| background services were a big problem.
|
| > unless GCM is considered a major battery drain (hint,
| it's not)
|
| It's as much a battery drain as APNs. The point is that I
| want as few of these persistent connections and
| background services as possible, and the ideal number is
| one.
| rezonant wrote:
| > That sounds extremely unrealistic. If nothing else, you
| already have GCM -
|
| I'm confused. GCM is Google Cloud Messaging. It's also
| known as FCM or Firebase Cloud Messaging. It is the
| Google Play equivalent of Apple Push Notification Service
| (APNs). It's job is just to provide a persistent
| connection for delivering push notifications.
|
| > I don't think it deactivates the persistent connection
| even if you don't have any notification registrations.
|
| It seems almost impossible to be running an Android phone
| that has zero push notification subscriptions registered.
|
| > But how would Google distinguish "disrespecting" from
| intentional use cases?
|
| Via app review and banning apps that abuse those use
| cases. It turns out you can also decimate the user's
| battery using the stuff Google still lets you do (like
| periodic background tasks), but we don't ban those things
| because otherwise your phone would be useless at that
| point. Of course both the periodic task system and the
| persistent background service both would show up in your
| battery usage statistics, so the user and the system
| would be _plenty_ aware that the app is misbehaving. And
| of course Google Play Protect can send along that
| feedback back to the Play Store in both cases.
|
| > I've used Android for years, and uncontrollable
| background services were a big problem.
|
| Cool, I also have used Android for a long time! Started
| on the Nexus 5 back in 2013 and have used Android devices
| ever since.
|
| > and uncontrollable background services were a big
| problem.
|
| Hm, I wouldn't say they were a big problem but I guess I
| just used well behaved apps. Certainly restricting
| background behavior helped battery life, but at what
| cost?
|
| What you might not realize is that there are a number of
| permissions that you can declare in the Android manifest
| that trigger the Play Store review to be... just a little
| more thorough about your apps behavior. This should be
| one of those permissions. Using it for a persistent
| connection to a messaging service is absolutely a valid
| use case for this sort of thing. That's not the kind of
| thing that caused battery problems on your older Android
| phones though.
|
| This is also very analogous in App Store. You declare
| certain plist declarations that need to be justified, and
| cause your app to be more carefully reviewed.
| lxgr wrote:
| Well, Google just wants you to use GCM since it solves
| the same problem without reverting to a cinder block.
| oynqr wrote:
| Very possible on Android versions that are closer to
| AOSP. Shitty vendor forks, probably not.
| charcircuit wrote:
| Not really, unless the user goes to the settings and
| disables battery optimization for the app. If the device
| is idling the app will only be able to wake up
| periodically. Starting at 15 minutes and exponentially
| grows to up to 6 hours [0]. Element works around this by
| abusing exact alarms, which require the user to grant a
| permission, together with a wakelock, but this approach
| will probably not last forever.
|
| [0] https://cs.android.com/android/platform/superproject/
| +/maste...
| kelnos wrote:
| > _Not really, unless the user goes to the settings and
| disables battery optimization for the app_
|
| That sounds "very possible" to me. Apps can even pop up a
| dialog on first run instructing the user to disable
| battery optimization, and then load up that settings page
| when the user taps a button in the dialog. Certainly some
| people will be confused by it, still not know what to do,
| or not want to do it, but it's still quite possible.
|
| And if the user won't do it, the app can still spin up a
| service with a foreground notification if they really
| want to keep things working decently well, and use
| Android's scheduled jobs mechanism to restart the service
| every 10 minutes (or however often) to catch cases where
| the service still ends up getting killed.
| Kab1r wrote:
| I wanted to implement my own notification bridge and patch
| the app to use my self hosted instance. Now of course there
| may not be much point
| Brian_K_White wrote:
| There is a value to the iphone users, not just the android
| users, but neither Apple nor most iphone users will ever
| acknowledge that.
| midtake wrote:
| Their house, their rules.
| brookst wrote:
| Not much point in engaging with someone who sees all opposing
| views as "apologists" "crawling out"
| tinus_hn wrote:
| You need a device key to use an iCloud account, and all Beeper
| clients were using the same device key. So unsurprisingly, it's
| not hard for Apple to block. And this doesn't mean they peep
| into the messages.
| perryizgr8 wrote:
| > Where is the hacker spirit here?
|
| Kind of silly to buy apple devices (especially iphone) and
| expect to be able to hack their services. Apple is the last
| place to look for hacker friendly products. Ffs you can't even
| run your own software on an iPhone. Spend your hacker energy
| somewhere worthwhile, on devices and platforms that welcome
| that kind of tinkering (or at least tolerate it).
|
| There are so many relatively open messaging services. Telegram
| has a rich API and bots framework. Much more hacker like to
| build something interesting on that. People trying to force
| imessage are just fighting a battle that is already lost. Why
| spend time and energy on something that will perpetuate closed
| ecosystems even if they succeed?
| geodel wrote:
| Go support the hackers then. Here you seem to be heckling
| people who don't share your viewpoint.
| tlrobinson wrote:
| > Obviously Mini was using the encryption properly else it
| wouldn't have worked to begin with.
|
| Just want to point out this isn't inherently true. For example
| an insecurely generated session key would work fine but not be
| secure.
|
| > Of course, it's very unlikely Apple is doing that. Just
| putting the thought out there.
|
| Apple is doing what? Not using encryption properly? What reason
| do you have to believe that?
| silasdavis wrote:
| > Not using encryption properly?
|
| They didn't mean that, they meant siphoning off data client
| side, for reasons, like CSAM.
|
| The point, which I agree with, is having to trust a single
| closed source implementation of a client is not so different
| to trusting the servers of a non E2E service.
| simbolit wrote:
| The BIG difference is that you have to trust the hardware
| and the operating system already, and as these are made by
| apple, you already have to trust them.
|
| "Trusting the servers of a non E2E service" is adding
| another trusted party.
|
| If you don't trust apple, you don't have an iPhone.
| code_duck wrote:
| You can use iMessage on your MacBook, right?
| modeless wrote:
| > Apple claims iMessage is E2EE, do we have proof they aren't
| siphoning the messages from the client once it's been
| decrypted?
|
| Actually it is documented by Apple themselves that they receive
| the encrypted messages _and the key to decrypt them_ when
| iCloud backup is used (unless you _and the person you are
| messaging_ have specifically enabled their "advanced data
| protection" feature). They have decrypted messages in response
| to law enforcement requests.
| mlindner wrote:
| You left off the point that that only true if you had iCloud
| backup of iMessages enabled. If you didn't have iCloud backup
| enabled then they've always been E2EE.
| modeless wrote:
| No, I mentioned that.
|
| > If you didn't have iCloud backup enabled then they've
| always been E2EE.
|
| Correction: if you _and the person you 're messaging_ both
| didn't have iCloud backup enabled. And also it's worth
| noting that Apple forbids you from using any cloud backup
| system other than theirs.
| vezycash wrote:
| >Apple forbids you from using any cloud backup solution
| other than theirs
|
| If this is true, how is that legal?
| modeless wrote:
| What would make it illegal, short of antitrust law?
| flkenosad wrote:
| I the the argument is that it should be in the law.
| aryaneja wrote:
| You seem to have written a very misleading comment. Apple
| is offering privacy minded folks two options:
|
| 1. Don't turn on iCloud Backups and receive E2EE on your
| messages 2. Turn on iCloud Backups AND advanced data
| protection and recieve E2EE on your messages
|
| This is not some kind of nefarious plan on their end. Any
| user service will have a vulnerability on the user end of
| back-ups. For instance, Whatsapp backups will also have
| their keys available to Apple/Google. They need to offer
| this as for most users, the risk of losing their whole
| digital lives because they forgot their passwords
| outweights E2EE. For users who find that important, they
| have the two options listed above. Sounds like an
| appropriate trade-off to me.
| modeless wrote:
| iPhones with iCloud backup enabled without ADP are almost
| certainly the majority. I believe this is essentially the
| default configuration. Even if you disable backups or
| enable ADP Apple almost certainly still has most of your
| messages from the other end of the conversation. It is
| false advertising to claim your service is E2EE without
| any disclaimer when in reality you collect the keys to
| the majority of messages and decrypt them at the request
| of law enforcement.
| aryaneja wrote:
| I have addressed your concern in my comment
|
| > They need to offer this as for most users, the risk of
| losing their whole digital lives because they forgot
| their passwords outweights E2EE.
|
| There is no clear trade-off that is an option.
| modeless wrote:
| "I can't imagine a way for this feature we advertised to
| not suck" is not an excuse for false advertising! But
| there is a way to do better. Google's Android backup is
| E2EE by default. It does not require remembering a long
| password. All it requires is your phone unlock code,
| which you normally enter at least once per day and are
| extremely unlikely to forget. This is actually how
| Apple's works too, when ADP is enabled. Either it should
| be enabled by default or Apple should stop claiming
| iMessage is E2EE.
| tick_tock_tick wrote:
| Sounds like you're just confirming Apple tries very hard
| to make sure it's not E2EE.
| katbyte wrote:
| Turning on advanced data protection is not hard.
| the_gipsy wrote:
| Just because WhatsApp does it too, doesn't make it right.
|
| These apps are not e2ee if almost every user has in
| effect encryption disabled.
| aryaneja wrote:
| Which app would qualify in your case? Signal suffers from
| the same client-side problem.
| ycombinatrix wrote:
| not by default, which is a massive difference.
| aryaneja wrote:
| I am not sure what the answer is here. What you are
| arguing for will hurt regular users who will lose their
| digital lives if they lose their passwords.
|
| Signal will be backed-up on iCloud _by default_ and
| client side will be an issue.
| lupusreal wrote:
| _" lose their digital lives"_ is hyperbolic emotive
| language. We're talking about a loss of chat history, not
| the death of people. Lots of people lose their chat
| histories all the time, it hurts but people get over it.
| modeless wrote:
| > Signal will be backed-up on iCloud _by default_
|
| No, it absolutely is not. It seems like you don't have a
| good understanding of how actual E2EE systems work.
| _flux wrote:
| Matrix also provides the ability to back up keys in the
| server, but you select a separate passphrase for
| encrypting them before they're uploaded.
|
| (Yes, it would be nice if the user didn't need two
| passphrases for this use, but Matrix cannot safely revert
| to key derivation because client could accidentally leak
| the master password to the server due to existing
| implementations.)
| the_gipsy wrote:
| Don't know why you got downvoted, it's a very good
| question.
|
| I've been using matrix. It's e2ee and multiple client
| sessions seem to be working just fine, they all sync
| without problems.
| fsflover wrote:
| > Apple is offering privacy minded folks two options
|
| Here is the explanation why it's completely impractical
| and therefore doesn't provide actual privacy, along with
| other anti-privacy configurations:
| https://news.ycombinator.com/item?id=37875370
| clnq wrote:
| I was not mislead by that comment. It was clear that most
| people have their messages accessible to Apple, which is
| what the article also talks about - how privacy of "blue
| bubble" messages is at the center of this.
|
| There are ways to opt out. But that's for the margin of
| people who worry about these things. So what that comment
| said is very relevant and accurate.
| madeofpalk wrote:
| Not even that - Because Apple controls the key exchange,
| Apple could also just silenty register another recipient
| (their own mitm) and siphon off all your messages if they
| wanted to. You must trust that Apple (or Whatsapp or
| whatever) does not do that.
| nojito wrote:
| This isn't true because you will get notified that another
| device was added to your account.
| sbarre wrote:
| Who do you think sends that notification?
| kaibee wrote:
| And who delivers that notification?
| madeofpalk wrote:
| Do you think the Apple that would surreptitiously add
| another 'device' into your iMessage recipients would not
| be able to suppress that notification?
|
| Or, how could you verify that you've been notified about
| every device added?
| HenryBemis wrote:
| > siphoning the messages from the client once it's been
| decrypted?
|
| If you got iCloud backup enabled then they absolutely siphone
| everything that happens on your phone. And the disgusting part
| is that when enabling a new iphone it automatically has it
| switched on. I remember the case with some terrorists that
| Apple have to the US authorities everything on the dude's
| iCloud backups, but the authorities weren't content with only
| the backups and wanted to crack the phone - so backups have
| their keys managed by Apple.
| Terretta wrote:
| You mean the San Bernardino terrorist where Apple refused to
| break open the phone for the US government?
|
| And recently, they've released an updated version of cloud
| sync that doesn't even let Apple have your keys.
| keepamovin wrote:
| I like/love Apple, but it's not really about hacker spirit. I
| think Steve and Steve were at the start, for sure. But then,
| it's like Steve figured out how to "evolve" hacker spirit into
| a business model. And not just any business model: but a
| totalitarian vertically integrated model. I mean, fabulously
| successful and don't let the negative political connotations of
| totalitarian offend you here, it's but a minor jab, because
| there are downsides to this model in the Apple-verse, for sure:
| the lack of "hackability" of their devices.
|
| But it's perhaps a momentary cultural variation in a sea of
| changing priorities for Apple. They have embraced right to
| repair: perhaps in future, "hacker spirit" evolves further to
| become, a "right" for all citizenry of the Apple-verse, backed
| by their tremendous business model. In the same way that you
| can conceptualize (again, without judgement or making regard as
| to truth or not), that "human rights" emerge not out of a
| vacuum, but out of what the infrastructure of state can
| conceive and provide.
|
| In other words, today's action may be but the anachronistic
| kneejerk of some poobah in the Apple bureaucracy. A vestige of
| the old guard, perhaps soon dying out.
|
| If that makes sense? :)
| __loam wrote:
| I love my iPhone but apple is a publicly traded corp lol. The
| only reason they're embracing right to repair is because of
| huge efforts of people outside the company to get bills
| passed that make them embrace it.
| pjmlp wrote:
| To be fair, all computing business from the 1980's was
| vertical integration, the exception being CP/M, the
| university folks porting the UNIX tapes into their vertical
| integrated mainframes, and Compaq getting lucky on how they
| reverse engineered IBM PC's.
|
| CP/M systems eventually died, UNIX startups created by some
| of those university folks were just as vertically integrated
| as the mainframes they replaced, leaving only the PC clones.
|
| Had Compaq not gotten lucky, and today's computing landscape
| would look much different, probably like the laptops and all-
| in-one PCs that are being pushed nowadays as the OEM margins
| cannot get any thinner.
| mlrtime wrote:
| Not just that but it is no longer Steve's company (If he were
| alive). It is now a multinational public company with
| shareholders, employees and 1000's of vendors (and their
| employees, etc...)
|
| It is all but required for a company of this size to take
| action in this way.
| pjmlp wrote:
| The hacker spirit in relation to Apple was long gone when the
| Mac Classic was released.
|
| People that imagine otherwise haven't lived through those days.
| wraptile wrote:
| HN's obsession with Apple feels like some twisted mix of
| Stockholm syndrome, american nationalism and sunk cost falacy.
| Truly bizare to the point I wouldn't be surprised if we find
| out Apple is actively astroturfing this and many other topics.
| No other tech focused forum does this.
| nerdix wrote:
| No astroturfing needed. It's called the Apple Cult for a
| reason.
| Garvi wrote:
| Apple customers are the fur wearers of the tech world.
| kelnos wrote:
| > _Where is the hacker spirit here?_
|
| I'm torn on this. Is it following the hacker spirit to get more
| people plugged into Apple's closed ecosystem? Maybe? Maybe not?
| Reverse engineering a proprietary protocol is certainly
| hacker-y. But building a business around that -- essentially
| charging people to put more load onto someone else's
| infrastructure, who have to bear the costs (even a rich
| behemoth like Apple) -- I'm not sure that qualifies. If we were
| talking about some open source project that was releasing this
| app to F-Droid, maybe it'd be more clear?
|
| > _The number of Apple apologists that have crawled out to say
| "see? I told you so!!"_
|
| I don't think that's Apple apologism, that's just "duh,
| obviously Apple is going to try to shut them down, and probably
| succeed". It's lame. It's just as lame as when AOL kept
| breaking Gaim/Pidgin's ability to talk AIM's OSCAR protocol.
| But acknowledging that Apple is going to pull something like
| that isn't apologism, it's just stating reality.
|
| (As for the AOL/AIM example, I think reverse-engineering OSCAR
| _was_ actually hacker-spirit-y, as AIM was a free service open
| to anyone, just they didn 't feel like supporting Linux users,
| as was the SOP of many companies at the time. Linux users were
| a fairly small percentage of users, so it wasn't a big thing.
| But there are tons of Android users; more than iOS users,
| globally, even. That's not really the same, to me.)
|
| In the context of the overwhelmingly saturated messaging space,
| I think it'd be a lot more hacker-y to bring something like
| Signal up to the usability standards of iMessage, Whatsapp,
| Telegram, etc., and evangelize the hell out of it to get people
| out of closed platforms. Even Signal isn't perfect there, since
| they refuse to enable federation in the protocol, and only
| release updates to their server-side software a long time after
| it's been running in production. But it's certainly better than
| getting more people hooked in Apple's walled garden.
| methuselah_in wrote:
| You need android an flash linageOs. Welcome to the club.
| rezonant wrote:
| > I'm torn on this. Is it following the hacker spirit to get
| more people plugged into Apple's closed ecosystem? Maybe?
| Maybe not?
|
| Agreed here. But I understand deeply why it's appealing for
| my fellow android users who are tired of being bullied into
| buying phones they just don't want by their friends who
| overwhelmingly drink the Kool aid. it's not great, and in the
| US the effect is very real.
|
| > I think it'd be a lot more hacker-y to bring something like
| Signal up to the usability standards of iMessage, Whatsapp,
| Telegram, etc.,
|
| Good idea... what about an existing open standard that is
| already adopted by a billion devices and can be implemented
| by any mobile phone manufacturer and carrier network.
|
| Something that takes what's good about SMS and adds all those
| nice features. I bet we'd have to work together to make end
| to end encryption interoperable, and some of the fancier
| stuff is too new to be in the spec yet, but that's not too
| hard in the grand scheme of things.
|
| Oh, RCS exists.
| grishka wrote:
| > Is it following the hacker spirit to get more people
| plugged into Apple's closed ecosystem?
|
| Yes -- it's adversarial interoperability, and _that_ is
| always a good thing because it breaks lock-ins. Though mostly
| irrelevant to this particular case, adversarial
| interoperability also forces the service owner to compete
| with third-party clients which always put the user first; it
| removes the service owner 's of control over the UX and
| presentation.
|
| I don't know about AIM, but ICQ also used OSCAR protocol. The
| official ICQ clients were bloated, shitty and full of ads.
| Not many people used them. Most people used QIP, Miranda,
| Pidgin, Adium, Jimm, or even NatICQ. No one cared about how
| ICQ's owner would make money -- and, really, no one _should_
| care about that, it 's their own problem. Maybe if they made
| a client that's better than third-party offerings, then
| people would switch to it. But they never did.
| llm_nerd wrote:
| >I don't think that's Apple apologism, that's just "duh,
| obviously Apple is going to try to shut them down, and
| probably succeed"
|
| As one of the top posts that presumably the GP post is
| talking about, _precisely_. Nowhere was I apologizing for
| Apple, nor did I "crawl out".
|
| When this product was first announced I observed that Apple
| was going to shut it down, and that they had obvious avenues
| (both technically given the way messages are attested to, and
| legally -- this product is the textbook definition of
| computer misuse! And they're charging for it making it a slam
| dunk). Loads of people "crawled out" to gloat that this is
| it, Apple has no avenue to do anything about it. And then
| Apple did something. Apple did the easiest, lightest option,
| but they could go full scorched Earth if they wanted to. I
| don't want them to, and am not celebrating that, but these
| are basic obvious facts.
|
| To your other point, exactly. The hacker spirit is getting
| your friends and family on Signal. It isn't cementing
| iMessages as the foundation.
| amelius wrote:
| > how iMessage costs Apple money to run
|
| This assumes that Apple can periodically extract money from
| users after they bought the product.
| dijit wrote:
| > Obviously Mini was using the encryption properly else it
| wouldn't have worked to begin with.
|
| I tried beeper before (not Mini though, so could be wrong about
| Mini) but it seemed to be running a VM somewhere and passing
| messages to the MacOS Messages.app via some kind of scripting
| interface.
|
| So beeper itself (the full version) was not "speaking" iMessage
| protocol at all.
| djxfade wrote:
| The old version indeed worked that way. Mini was implementing
| a fully reverse engineered protocol.
| viktorcode wrote:
| > Where is the hacker spirit here?
|
| There was none to begin with. It was an attempt to build a
| business on top of a virtual macOS.
|
| Edit: sorry, confused them with a different service. This one
| used previously published research on reverse engineering
| iMessage to build the business.
| bluedays wrote:
| I'm probably leaping to conclusions here but I think this is
| going to end up in court, and that was beeper's intention to
| begin with. It just seems way too easy to block so they had to
| know this was going to happen.
| mattbee wrote:
| Apple could have been a lot meaner about this.
|
| If they really wanted to discourage 3rd-party clients they could
| just _subtly_ break them for users of Beeper Mini: Late messages.
| Truncated messages. A blue bubble that slowly turns brown. The
| wrong font. Zalgo text.
| sgjohnson wrote:
| That's something that Microsoft would do in the 90s.
|
| Apple's MO clearly is breaking something and refusing to
| elaborate further.
| leshokunin wrote:
| Reminder that BlueBubbles and AirMessage both are working and
| fairly robust. I've used them daily over a year. The downside
| being that they need a Mac and iPhone to run. But in the spirit
| of self hosting, you do run the server yourself and don't share
| your credentials. I don't see a more viable path in the near
| future.
| meepmorp wrote:
| > The downside being that they need a Mac and iPhone to run.
|
| Then why would anyone use BlueBubbles? If you already need the
| hardware, and presumably an Apple account, what advage would
| there be? Legitimately curious.
| leshokunin wrote:
| Well I use a Samsung Fold 4 as my daily phone. I want
| imessage too. I use a cheap iPhone 8 and Mac Mini to get the
| feature.
| FridgeSeal wrote:
| Is anyone genuinely surprised by this?
|
| My mate and I had a bet on how long this would take (since the
| thread the other day), my guess of "3 weeks tops" was far too
| generous.
| lxe wrote:
| Hope they don't go after Beeper "cloud" version.
| m3kw9 wrote:
| Just look one step ahead, they got the attention on their names
| and company, it was all expected. The play was to be first to
| donut and get lots of new. Apple allowing it to work means pigs
| fly
| mjg59 wrote:
| For those arguing that this is a privacy or security response:
| the first pypush commit was in April, with the first working demo
| commit at the beginning of May. If it's a security or privacy
| issue, that means it's been exploited for over 6 months without
| Apple taking action. How many other iMessage conversations have
| already ended up in non-Apple clients? Why didn't Apple notice
| until there was a big public splash about it?
|
| (edit: typo)
| AndrewKemendo wrote:
| Say it with your chest:
|
| Building an application on someone else's platform means they
| control your product
|
| Doesn't matter that "we all know that" this will continue to
| happen as long as closed platforms are the only thing people are
| incentivized to build/use.
| INGSOCIALITE wrote:
| i will never understand the absolute hatred people have toward
| imessage. it's an app that runs on apples platform, for apple
| users. people can still communicate or text between android and
| apple. if you want inter-OS encryption then use whatsapp or
| signal or whatever the hip new thing is today.
|
| apple owes nothing to anyone. they have created an ecosystem for
| their walled / gated devices that works extremely well. they
| don't have to let anyone else play in their pool.
|
| this is really about blue bubbles vs green bubbles, it's the most
| asinine thing to waste thought on.
| angry_octet wrote:
| Inevitable, and correct of Apple to do so.
| ipcress_file wrote:
| I remember the webOS iTunes fiasco. This kind of thing isn't
| worth the waste of your time.
| sotix wrote:
| I would love to see hackers continue making it viable to use
| iMessage on Android until Apple concedes and launches their own
| client. Sometimes you have to ruffle some feathers to enact
| change.
| resters wrote:
| My iPhone receives dozens of robocalls per week yet Apple blocks
| Beeper Mini in a few days! Each of those calls use my minutes,
| battery life, voicemail, time, etc.
| diebeforei485 wrote:
| Of all the text message spam I receive, 100% of them has been
| green bubbles.
|
| I don't want spam in my blue bubbles.
| chatmasta wrote:
| I get a fair amount of iMessage spam, which always disturbs me
| because does the sender get a confirmation it was delivered to
| an iMessage account such that I'm tagged as an Apple user?
| diebeforei485 wrote:
| I disabled the setting where people can send me iMessages
| using my email address.
| mgh2 wrote:
| Beeper video reference:
| https://www.youtube.com/watch?v=S24TDRxEna4
| jamesdepp wrote:
| I feel like this could be a part of a weird plan to trap Apple
| into an antitrust lawsuit about iMessage. Beeper's CEO has been
| claiming that the existence of Beeper Mini actually improves
| iPhone users' experiences. He could argue that Apple shutting off
| access is not meant to improve Apple users' experiences, but
| rather, to keep people off of Android.
|
| Honestly, I have mixed feelings. I REALLY think that iMessage
| needs to be opened up, but this was not the way to do it. Really
| hoping the EU swoops in and saves the day here.
| aslilac wrote:
| it's absolutely the right way to do it. third party clients are
| a dying breed, because people have forgotten why they're
| necessary.
| hu3 wrote:
| iMessage is mostly a US problem.
|
| EU usage of iMessage is minimal compared to WhatsApp, Telegram,
| Signal and Facebook Messenger.
|
| So there's little incentive for EU to get involved.
| badrabbit wrote:
| Personally I don't want anything to do with a google device, so
| on the other end as a recipient I am glad apple did this swiftly.
| But I applaud and encourage people to try and get around it,
| perhaps they might even help find vulns in imessage.
| chatmasta wrote:
| I'm pretty sure this quote from the founder is wrong on multiple
| levels:
|
| > "That means that anytime you text your Android friends, anyone
| can read the message. Apple can read the message. Your phone
| carrier can read the message. Google... literally, it's just like
| a postcard. Anyone can read it. So Beeper Mini actually increases
| the security of iPhones," he [the founder of Beeper] had told
| TechCrunch.
|
| The phone carrier can read the contents of the unencrypted SMS.
| But the contents of the message never traverse Apple or Google
| networks.
|
| If an iPhone user's device attempts to send an iMessage, and it
| fails to send, then the device falls back to sending an SMS via
| the cellular network (actually, it's not even a fallback - the
| user needs to long-press the message and resend it as an SMS).
|
| The content of the message never reaches Apple because the device
| never sends it to them. It doesn't even send the encrypted
| content because it wasn't able to exchange keys. I'm not even
| sure it sends the unencrypted _phone number_ of the recipient to
| Apple...
|
| And certainly, no part of the message is ever sent to Google's
| network... that doesn't even make sense.
|
| Now, maybe he's arguing "Apple can see it because they control
| the operating system," but that's a ridiculous argument because
| you may as well say they can access every iMessage too...
| wkipling wrote:
| Push notifications
| chatmasta wrote:
| Are you sure? So if I disable cellular data, I won't receive
| a notification for an incoming SMS?
|
| I would assume that text message notifications are generated
| locally on the device when it receives an SMS message.
| yellow_lead wrote:
| SMS doesn't go through APNS, that's not how cellphones work.
| voongoto wrote:
| Stopped using beeper when random bearded dude appeared randomly
| in my private facebook group chat. And he's not even in that
| group. Then, checkedy fb logins and saw some weird google pixel 4
| logged in somewhere in the states. Deleted beeper and not using
| again ever
| npalenchar wrote:
| No one is surprised at all by this, right?
| smeej wrote:
| Sometimes I think this whole "blue bubble" thing is a gigantic
| opt-in psych experiment about how biases like racism can start
| absolutely anywhere.
| azubinski wrote:
| First you need to infantilize them to the level of "I'm ready
| to do anything to be in their gang."
|
| But at the same time, you need to feed snobbery so that you get
| a safe mixture of 80% immaturity and 20% snobbery.
|
| Let's add two drops of self-deprecation, that boring feeling of
| "I don't have blue bubbles, I'm worthless and a loser."
|
| And now you can take a large bag for money and leave it open -
| they will fill it themselves, tie it and send it to the address
| :)
| garysahota93 wrote:
| What if they create a version of Beeper Mini that spoofs an apple
| device you own? For example: I don't want to own an iPhone, but I
| do have a MacBook. So rather than use a randomly generated device
| that tricks Apple's servers to allow me to connect, I can just
| use a device a legitimately own (and just trick apple to think my
| phone is my laptop).
|
| I know this won't work for everyone (especially folks that don't
| have an Apple device). But this might be better than losing the
| app all together -\\_(tsu)_/-
|
| (PS - I don't know much about how Beeper Mini's reverse
| engineering worked. Just going off what I believe I understood)
| eiiot wrote:
| This already exists!
|
| https://airmessage.org
| jaktet wrote:
| I was using this before beeper and switched to beeper since I
| could also use WhatsApp on my iPad. Worked just fine on an
| old otherwise unused MacBook Air I keep in my garage. I only
| used airmessage for iMessage on windows
| _fzslm wrote:
| not quite what the parent comment was referring to -
| AirMessage is cool but needs a server Mac to run 24/7.
|
| parent is asking if it's possible to spoof the secure
| identifiers from the Mac in Beeper - extracting the secure
| IDs, inputting them into Beeper - at which point Beeper can
| communicate directly with Apple as if it is that Mac.
|
| a clever workaround!
| garysahota93 wrote:
| Precisely! Would be a cool workaround & I would be
| completely happy with this approach (vs losing access all
| together).
|
| But I wonder if that'd even be possible. I hope someone
| from the Beeper team sees this!
| benkarst wrote:
| So they built an entire company betting that little old Apple
| wouldn't mind hacking a proprietary protocol? Hmm.
| satchlj wrote:
| Beeper Cloud has also been cut off, even though they are running
| virtual MacOS machines for every Beeper Cloud user... not sure
| how they managed that
| lxe wrote:
| That's a shame :/
| apfsx wrote:
| I think I saw somewhere (somewhere in the Beeper updates
| channel) that Beeper Cloud switched to using their new method a
| little while back before releasing Beeper Mini, which would
| explain the cut off.
| poundtown wrote:
| shocker.. be serious youre never going to out wit apple. esp if u
| have the nerve to charge for it.
| pradn wrote:
| What's between the lines is that iMessage is critical as a way to
| lock in users to iOS. People care about security somewhat but
| they care way more about being ostracized for having green
| bubbles. I bet few common users could tell you the security
| properties of major messaging apps. This app, if allowed, would
| have shaved off a parentage points off iPhone market share.
| Aeolun wrote:
| To the surprise of absolutely no-one. Seriously, what did they
| think was going to happen?
| quickthrower2 wrote:
| Maybe this. 2 HN blow ups in a week. Any publicity as they
| say...
| mlindner wrote:
| How did these guys raise $16M? Do the VCs have no understanding
| of things? The round was apparently led by the CEO of Y
| Combinator. Makes no sense.
| howenterprisey wrote:
| Seems to be back now for original beeper, although not yet for
| beeper mini, the app in question (beeper ceo just sent out a
| global message). Your move, Apple...
| lstamour wrote:
| Latest updates from Beeper as of two hours ago:
|
| ### Beeper Mini - fix coming soon
|
| Our fix for Beeper Mini is still in the works. It's very close,
| and just a matter of a bit more time and effort.
|
| In the meantime, we have deregistered your phone numbers from
| iMessage so your friends can still text you. Sorry, you're
| temporarily a green bubble again. Annoyingly, the iPhone
| Messages app 'remembers' that you were a blue bubble for 6-24
| hours before falling back to SMS, so it's possible that some
| messages will not be delivered during this period.
|
| Also, we are extending your 7 day trial by one additional week.
|
| I just want to say thank you for bearing with us through this
| wild day (week!). I feel awful about important messages you may
| have missed today because our iMessage connection stopped
| working. My sincere apologies for this.
|
| Tomorrow is a new day. Onwards!
|
| ### Beeper Cloud - iMessage works again!
|
| I am very proud to say that iMessage is now working again on
| Beeper Cloud. After a Herculean effort from my amazing
| colleagues, our iMessage bridge is back in action.
| Unfortunately, messages received during the outage are not
| recoverable.
|
| If you have a Mac or iPhone, you may see an alert that a new
| device has been added to your account. This due to the bridge
| update. The update is rolling out over the next hour.
|
| And...it's not working for everyone yet. We're going to call it
| a night and get back to it tomorrow.
| raverbashing wrote:
| This green bubble/blue bubble crap is too much ado about nothing
|
| Just use literally _any other messaging app_
| KingOfCoders wrote:
| Predictable comments.
|
| If Facebook does it, uhhh evil.
|
| If Apple does it, right so!
| realusername wrote:
| A bit sad but that's Apple we're talking here, we all know how
| despicable they are.
| tibbydudeza wrote:
| Using the same device serial number and not having Apple onboard
| was bound to end up like this.
|
| Epic Games tried the same thing with Fortnite to force Apple's
| hand, it worked in the court but Apple only bends to laws of the
| land.
|
| I don't see the big deal over iMessage - we use WhatsApp for
| chats in our family and it is cross platform.
| aizyuval wrote:
| Good advertisement for beeper. Now we'll see if they're true.
| kbenson wrote:
| The way Beeper-mini addressed the "criticism" that Apple would
| shut them down in their show HN post to me seemed like their were
| either completely naive, or far more likely that they understood
| that it would only last a short time and that it was all a PR
| stunt to get you to notice their product and become a user to try
| it out, and maybe switch to it.
|
| It's not bad marketing strategy at all, I'm sure they gained a
| huge number of new users, and some percentage of them will stick
| around even without iMessage support (because there's not really
| someone else to switch to), but it seemed a bit too manipulative
| for my personal taste. They could have just said "try us out and
| see if you like us, we'll keep iMessage support going as long as
| we can" but instead they dodged the question entirely.
| pat64 wrote:
| This immediately reminded me of the Palm Pre iTunes/iPod protocol
| reverse engineering debacle from the oughts.
|
| It became a game of whackamole where by Palm would update their
| OS (RIP WebOS) to reintroduce support for iTunes to their devices
| and Apple would bend over backwards to break it again.
|
| Did Beeper not anticipate that this was inevitably coming and put
| fallbacks and rotational serial numbers in place if Apple start
| getting blocky?
| methuselah_in wrote:
| How can someone has thought, they will create a app that can work
| with apple messages and they can make it able to work with
| android? Now they disconnected the access.You will never be
| allowed to have money over apple or google. Choose XMPP, it will
| reach there. who needs blue green bubbles lol.
| maxdo wrote:
| RCS will be on iPhone next year . Problem solved
| irdc wrote:
| This is likely going to be buried, but: now Bleeper has standing
| to argue that Apple, as owner of the largest mobile messaging
| platform in the US, is a monopolist.
| jonplackett wrote:
| Most predictable headline award goes to...
| faverin wrote:
| Jesus i'm old. This happened twenty years ago with the
| ICQ/Yahoo/MSN messenger wars. Everything old does become new
| again. I wish Congress and the EU figured this out with crypto
| expert advice - surely we can have apps that only show you the
| recent messages or something. All on phone so secure but
| convenient.
|
| A/S/L anyone? +5 Insightful
|
| Some links for the befuddled
|
| An overview: This made the front page
| https://www.nytimes.com/1999/07/24/business/in-cyberspace-ri...
| https://www.theguardian.com/media/2005/oct/13/yahoo.digitalm... A
| delightful internal MS assembly hacking rivals message apps
| interview. https://www.nplusonemag.com/issue-19/essays/chat-wars/
| jFriedensreich wrote:
| We finally need a giant lawsuit and final verdict to end
| messenger lock ins. This has been going on for nearly a decade
| now and all started with facebebook and google closing their xmpp
| apis. I just hope that the EU Digital Market Act interoperability
| requirements have teeth and we can finally get some freedom.
| ben_w wrote:
| This may explain why I got my first ever "who dis?" iMessage
| yesterday, from an unknown number, on a device with cellular
| switched off.
| TheMagicHorsey wrote:
| What if people ran their own local gateway that forwarded
| messages to a third party message broker?
| Melatonic wrote:
| It was a great party trick while it lasted !
| nickez wrote:
| The reason gsm, 3g, 4g, sms and so on succeeded was because
| everyone could implement them. I guess you had to pay license or
| patent fees, but they are not walled gardens. Phones from
| different manufacturers and/or different operators can
| communicate. I'm surprised that "chat"-protocols are allowed to
| be monopolies by the regulators. The regulators probably don't
| understand tech.
| vitiral wrote:
| It is indeed confounding how something as simple as chat and
| messaging can be so difficult to standardize. I suppose looking
| at the shitshow that is email standards (and how difficult it
| is to ensure valid senders) gives some insight, but yikes.
| Spivak wrote:
| Because "chat" is pretty much meaningless as a term. The only
| common thread between chat apps is "bidirectional data
| transfer between at least two devices." SMS and Discord are
| both chat but have wildly different completely incompatible
| semantics, iMessage embeds full iOS apps and a payment
| network into the chat.
|
| I can't see any world where chat gets standardized that
| doesn't involve throwing out everything except the most basic
| sms-style semantics which is basically what RCS is.
| nickez wrote:
| You can have different standards for different use cases.
| So you mean that iMessage and rcs are so different that
| Android can't use iMessage or apple couldn't use rcs? We
| don't need to find one standard to rule them all. But we
| need to stop anti-competition behavior like allowing these
| protocols to be exclusive.
| Spivak wrote:
| Used as a common denominator for basic communication,
| yes. Use for the kinds of rich interactions and
| modalities (like the "server" metaphor) that Apple,
| Google, and everyone else wants to add to chat, no. And
| that's where we get lost in "extension hell."
| trinsic2 wrote:
| Didn't see that coming (Sarcasm)
| dkga wrote:
| Seriously what I don't get is the number of people complaining
| about iMessage for Android vs Apple when free, encrypted and
| widely used system-agnostic alternatives like WhatsApp exist.
| 4oo4 wrote:
| Network effects. In the US at least WhatsApp and Signal are
| barely used in comparison to iMessage, despite them being solid
| cross platform alternatives.
| nilespotter wrote:
| Beeper would have interested me, maybe in 6 months if it had
| seemed like Apple was willing to live with it. I don't want to
| use iMessage though, I just want to use it more than SMS or RCS.
| I have gotten a few of my close contacts on Signal. The whole
| landscape is completely chaotic. All I really want is to be able
| to send and receive e2ee messages with everyone else who has an
| extremely capable computer in their pocket.
| thatkid234 wrote:
| To my understanding, Beeper uses some random Mac's serial number
| to complete device attestation. Would this be salvageable if I
| could provide my own legitimately purchased iPhone or Mac serial
| number?
| ghqst wrote:
| Beeper fixed their other iMessage bridge service last night by
| rotating device serial numbers on their server farm, so I would
| guess this would work? To my knowledge the pypush library
| itself isn't broken.
| system2 wrote:
| Huh, I was expecting 1 month after launch but it took 1 week.
| Silly PR stunt by Beeper.
| LanzVonL wrote:
| I've always had trouble meeting women because of my text bubble
| color. This was perhaps my only chance to find love. Now I'm
| never getting a girlfriend.
| konaraddi wrote:
| Genuine question, what's Beeper's angle? They knew they could be
| cut off. I'm guessing they envisioned being the mouse in a cat
| and mouse game, or they're laying some tracks for future
| lawsuit(s) to open up iMessage.
| wackget wrote:
| Techcrunch is an absolute abomination of a website. For those
| using uBlock and/or uMatrix, have a look at the list of third-
| party domains the site uses.
|
| No less than 18(!) of them:
|
| * ads-twitter.com
|
| * bizzabo.com
|
| * dscg1.akamai.net
|
| * facebook.net
|
| * google-analytics.com
|
| * googlesyndication.com
|
| * googletagmanager.com
|
| * mrf.io
|
| * oath.com
|
| * sail-horizon.com
|
| * twitter.com
|
| * twitter.map.fastly.net
|
| * typekit.net
|
| * vidible.tv
|
| * wp.com
|
| * yahoo.com
|
| * yahoodns.net
|
| * yimg.com
|
| There's also two (!) layers of cookie consent redirects and the
| page simply will not load without JavaScript.
|
| Even with first-party scripts enabled the main article doesn't
| load and at this point I don't give enough of a shit to work out
| why.
|
| @dang should consider banning Techcrunch URLs from Hacker News
| IMHO.
| cjmcqueen wrote:
| TechCrunch runs on WordPress, so at least wp.com is a legit
| domain to have on this list.
| 1vuio0pswjnm7 wrote:
| "If it's Apple, then I think the biggest question is - if Apple
| truly cares about the privacy and security of their own iPhone
| users, why would they try to kill a service that enables iPhones
| to send encrypted chats to Android users?"
|
| "Why force iPhone users back to sending unencrypted SMS when they
| chat with friends on Android?," he asked."
|
| Thought experiment: What if Apple trains an "AI" on peoples' text
| messages. What laws could stop them.
| Vicinity9635 wrote:
| I was under the impression iMessage is e2e encrypted, meaning
| Apple doesn't have access to them.
| jetpackjoe wrote:
| Yes, but messages from iPhones *to* androids is not
| encrypted.
| paulmd wrote:
| of course they can't be, because google's RCS encryption
| extensions are proprietary and they've refused interop.
|
| https://arstechnica.com/gadgets/2021/06/google-enables-
| end-t...
|
| people forget that google has every interest in playing up
| the situation, and perversely this incentivizes them to
| refuse compromise or half-measures that might actually
| improve user experience. It's in google's interest for your
| apple<->google experience to be as poor as possible too,
| not just apple.
| danShumway wrote:
| > of course they can't be
|
| They absolutely can be. Apple could officially do what
| Beeper Mini did unofficially.
|
| There's clearly a market of people on Android who would
| be willing to install an Apple messaging app in order to
| have secure messaging with their iOS contacts, and we
| know now that there's no technical barrier in front of an
| app like that existing.
|
| Even if not every Android user installed that app, even
| if it was only a portion -- it would still represent a
| large security increase for a non-trivial number of
| messages sent from Apple devices. It would not require
| Google's permission for Apple to launch a messaging app
| on Android, nor would it require Apple to use Google's
| proprietary encryption extensions (or to even use RCS at
| all).
|
| I agree that both Google and Apple have a vested interest
| in refusing interop, but it's not a stalemate -- both
| companies, individually, could take actions to improve
| security regardless of the other's position. It's not
| Apple's fault that Google has completely botched the
| entirety of RCS. It's not Apple's fault that Google is
| now disingenuously pushing a broken standard under the
| deceptive guise of interop. But it's also not Google's
| fault that Apple is forcing iOS users to use less secure
| communication methods for their Android contacts even in
| situations where Android users are demonstrating that
| they would be willing to install separate applications
| just to secure those communications.
|
| Both companies have -- completely of their own free will
| -- chosen to leave the situation in its current state,
| and both companies could take steps to actually address
| these problems on their own if they wanted to. And
| neither Google nor Apple can blame the other for their
| failures to protect their own users.
| meepmorp wrote:
| SMS is a feature of the mobile network and those messages
| are handled directly by carriers, without any involvement
| by Apple.
| catlifeonmars wrote:
| Isn't RCS coming to Apple? Wouldn't that obsolete beeper anyway?
___________________________________________________________________
(page generated 2023-12-10 23:02 UTC)