[HN Gopher] Apple cuts off Beeper Mini's access ___________________________________________________________________ Apple cuts off Beeper Mini's access Author : coloneltcb Score : 1213 points Date : 2023-12-08 21:41 UTC (1 days ago) (HTM) web link (techcrunch.com) (TXT) w3m dump (techcrunch.com) | nicklevin wrote: | Saw that coming. Just like Google did with the SEO heist a person | bragged about a couple weeks ago, if you make big tech companies | look foolish they are going to react quickly. | blinding-streak wrote: | SEO heist? | minimaxir wrote: | https://news.ycombinator.com/item?id=38433856 | minimaxir wrote: | When did Google react to the SEO heist? I can't seem to find a | source for it. | nicklevin wrote: | https://x.com/rosshudgens/status/1729889490947518868 | gruez wrote: | This is still baffling. The tweets make it sound like | they're competing against google and stole traffic from | google, but their landing page makes it look like they're | some sort of business modeling SaaS? Why would they be | competing against google? | travem wrote: | They are competing against another business (not google), | and through AI generation of content (based information | gathered from the competitors site map) they were able to | capture web traffic from Google that would previously | have gone to their competitor. | ribosometronome wrote: | Isn't it just fighting over already low effort affiliate | spam pages, anyway? The ideal result is seeing none of | them. | jacoblambda wrote: | The issue isn't just low effort affilate spam pages piss | fighting with each other. It's that they were trying to | sell the technique as a product to people who make actual | content so that they could steer viewership of their | other high-quality-content competitors towards AI | generated garbage. | | Basically a weapon to taint your competitors brands by | redirecting their viewers away from their content to ad | saturated AI garbage. | ec109685 wrote: | The follow up tweet says he typo'd the company name in the | screenshot: | https://twitter.com/RossHudgens/status/1729927440112189820 | | And the tweet fundamentally misunderstands how ahref works. | If google killed the site in question, ahref would have no | idea given they have their own crawl. | mchanson wrote: | Smart to do it Friday afternoon. | vinberdon wrote: | That was fast! | cloudking wrote: | I wonder what Apple will do with the number registrations that | came from Androids. | frizlab wrote: | Unregister them, just like when so switch from iOS to android I | guess | mchanson wrote: | Done late on a Friday. | spzb wrote: | If I know anything about software dev, it'll be someone at | Bleeper who fat-fingered something in their haste to get the | weekend started. | ReptileMan wrote: | The EU will probably look closely into that. | superb_dev wrote: | Why? iMessage so far isn't a part of the EU's plan. There's no | requirement for it to be open. | duskwuff wrote: | It was for a while, but they reversed course: | | https://arstechnica.com/apple/2023/12/imessage-will- | reported... | snthd wrote: | It might be a breech of the GDPR's data portability | requirements. | | It comes down to if, by having people send you messages, you | are the one providing the data to the data controller, or | not. | | Currently I think it's ambiguous. | rplnt wrote: | Apple isn't blocking competitive messaging apps from their | platform. They are simply blocking unauthorized access to their | services. EU won't look at Slack for blocking your irc client, | and EU won't look at this. | HPsquared wrote: | Potato, potato. Would they authorize it if asked? | etchalon wrote: | No, and, at the moment at least, they have no legal | requirement to do so. | jimbob45 wrote: | If you can't come up with at least a specious argument as | to why your [insert thing] should be locked down, you | should expect EU Antitrust at your door in the near | future. | etchalon wrote: | "Cause it's ours and we don't want to." is a very | legitimate reason. | | I don't have to let you into my house. I don't owe you a | reason. It's my house. | turquoisevar wrote: | Wishful thinking. | | The EU set up the rules of the game, and it turns out iMessage | falls outside the rules (to the EU's dismay). | | Even if it would fall within the rules, EU regulations work on | a policy level, not a technical one. In other words, they can | force Apple to change their policy and facilitate | interoperability, but there's no legal mechanism to force Apple | to allow unauthorized use of their service. | | The best you can do, if you're so inclined, is hope that the EU | will change the rules of the game, but that would be such a | transparent attempt at targeting a specific company (a big no- | no in the legal reality within the EU) that the European courts | will strike it down before they finish their breakfast. | hnuser435 wrote: | Brutal. Will there be refunds? | graypegg wrote: | Well, to be fair, wasn't this always going to be the end state? | I wouldn't be surprised if the choice of subscription plan was | mostly because it makes "total value-time received" a really | easy calculation. It worked for 2 months, you're not getting | your 4$ back. | | Surprised it only lasted this long though, I'm sure they | weren't betting on that. I still wouldn't expect a refund for | the 1,50$ of 3 weeks this payment cycle that you didn't use. | sgjohnson wrote: | > I still wouldn't expect a refund for the 1,50$ of 3 weeks | this payment cycle that you didn't use. | | I would. They sold a service that they clearly cannot | reliably provide. | jmkni wrote: | You and I know that, but your average consumer has no idea, | and could absolutely argue they have been swindled. | DeIlliad wrote: | Beeper Mini starts as a 7 day trial and its been 24 hours so I | imagine they'll be fine. | focusedone wrote: | Why can't we have nice things? | sonicanatidae wrote: | Humans. Humans are why we can't have nice things. | waffleiron wrote: | Greed I'd argue, there are many that aren't greedy but enough | to ruin many things. | aidenn0 wrote: | Oh, so we just kill all the humans, and _then_ we can have | nice things? | fasquoika wrote: | Personally nearly every nice thing in my life either is a | human or was made by one | thomastjeffery wrote: | It's a bit redundant to mention "is a human" separately, | since humans are made by... wait a minute | quickthrower2 wrote: | Reproduction isn't really a human making a human. Where | making means using your cognitive power to apply focus to | a creative task. It is more akin to natural biological | processes. Do humans make poo, or hair? | thomastjeffery wrote: | OK, what about IVF? | sonicanatidae wrote: | And every atrocity, driven by greed, envy or just sheer | assholery? | | Also humans. | StressedDev wrote: | I suspect you are asking why Apple will not allow Beeper Mini | to send and receive iMessages. The answer is probably Apple | does not want non-customers to use iMessage or iMessage's | infrastructure. iMessage costs money to run and Apple is not | interested in letting people who do not use its products use | iMessage. | JohnMakin wrote: | this comment predicted it: | https://news.ycombinator.com/item?id=38536577 | madeofpalk wrote: | I'm pretty sure _everyone_ predicted it. It was exceptionally | clear to anyone that Apple would block this and patch the hole | that allows it to work. | JohnMakin wrote: | but, if you read the comment, he points out why/how, which | other commenters seemed confused about. | sgjohnson wrote: | I actually thought that Apple might not care for now and that | they'd just wait and see what happens. | etchalon wrote: | You mean the company who controls the protocol, and the clients, | and the servers for a given service somehow found a way to stop a | third-party from utilizing that service without permission? | | I am shocked at this outcome, and shall write my senator. | sonicanatidae wrote: | Make sure you mention the tubes! | rplnt wrote: | And IIRC it used some old OSX binaries to do so? Just | terminating the access might be a lucky outcome if that's the | case, considring the money involved. | tadfisher wrote: | pypush uses the old binary pulled from macOS. Beeper Mini | uses another workaround for the device UUID/serial/etc. | requirement. | turquoisevar wrote: | > Beeper Mini uses another workaround for the device | UUID/serial/etc. requirement. | | Have you got a source on that? As far as I know, there's no | workaround possible because the authentication blob is | based on the UDID/serial. Put differently: without | UDID/serial, there's no way of authenticating with the | message servers. | | Beeper keeps referring to pypush when it comes to details | in their write-up[0], and pypush, in turn, clearly | states[1] the need for information like serial and UDID | when dealing with the albert server and IDS registration | request. | | As a "workaround," they simply stuff fake serials, etc., | and cross their fingers that it gets through Apple's | scoring mechanism. | | 0: https://blog.beeper.com/p/how-beeper-mini-works | | 1: https://jjtech.dev/reverse-engineering/imessage- | explained/ | chrisbrandow wrote: | I mean, what did they really expect when accessing a private | messaging service without permission? | | Maybe it shouldn't be private or whatever, but it still seemed | weird to me that they thought this would "just work". | wmf wrote: | One may wonder if the real goal was to create an antitrust case | rather than a working app. | madeofpalk wrote: | How is this a demonstration of "antitrust"? Apple does not | unfairly prevent competition for messaging apps, as evidenced | by a plethora of competition for messaging apps, plenty of | which are far more popular _on iPhone_ outside of the US. | | Apple faces the heat of this competition - it frequently adds | features to iMessage to make it equal or better than it's | competition. Voice notes through iMessage was a direct | reaction to popularity of that feature in other platforms. | jethro_tell wrote: | Additionally, didn't they just announce that RCS would be a | first class citizen in '24? | | Feel free to use the open standard but don't be iMessage. | | I'm a long time beeper user. It's been nice to sign up with | my email, and at least be in a few of the iPhone only | chats. | | When I saw Eric's post the other day, my first thought was | 'what an arrogant dumbass.' My guess was that they though | they have an anti trust case, and my guess is that apple | may have thought the same, and so they enabled 'iMessage' | access to RCS. | | This was so predictable, especially after the RCS | announcement, that I messaged my group threads and said | they'd be borked by the end of the week, please switch back | to signal. | | So, I think I'll ride that train until RCS is a thing and | be done with beeper. I honestly think they just shot | themselves in the foot. | | https://www.theverge.com/2023/11/16/23964171/apple-iphone- | rc... | thomastjeffery wrote: | The only reason that an alternative iMessage client is | newsworthy _at all_ is because Apple uses iMessage as a | moat to keep people using Apple devices. | Jtsummers wrote: | How would this be used for an anti-trust case? | kxrm wrote: | I think it is odd that they chose to make a product out of a | hack. Seems like a lot to invest on the bet a few Apple | security people wouldn't patch this up. | | Not discouraging the endeavour but now they are on the hook for | all of these customers who bought on this promise. Feels like | it should have started as a free product to see how Apple would | handle it. | amelius wrote: | It's for your own good. Those Android users cannot be trusted. | skeaker wrote: | To downvoters, the above appears to be sarcasm. Apple would | love you to believe this even though it's just blatantly silly, | which is why it's funny. | yodon wrote: | Any time one is tempted to post a sarcastic comment, it's | good to re-read Poe's law[0] first. It does in fact always | apply when posting on the internet. | | [0]https://en.m.wikipedia.org/wiki/Poe%27s_law | dang wrote: | Recent and related: | | _Show HN: Beeper Mini - iMessage client for Android_ - | https://news.ycombinator.com/item?id=38531759 - Dec 2023 (863 | comments) | | _iMessage, explained_ - | https://news.ycombinator.com/item?id=38532167 - Dec 2023 (143 | comments) | crazysim wrote: | This was the way with GAIM and Adium and stuff back in the old | days. It'll be back. | malfist wrote: | Oh man this brought back memories. I had forgotten those words | phailhaus wrote: | Crazy that the CEO even tried to create an entire company based | on something that they absolutely cannot control. Was this an | acquisition play? | maelito wrote: | The entire company is not based on Beeper Mini. | rglullis wrote: | Beeper is doing a lot more than just an iMessage proxy. | slowbdotro wrote: | Technically it's not a proxy. As every device (apparently) | connects directly to Apple's servers. | wffurr wrote: | Beeper Mini talks directly to Apple servers from your | device. | | Beeper the company also has Beeper (Cloud) which bridges a | whole lot of chat apps via Matrix to their other client | app, including iMessage via a Mac relay. | corobo wrote: | Beeper (not mini) is already a company - it's an app that | aggregates the various other networks friends and family insist | on using. WhatsApp, FB Messenger, Telegram, Instagram, etc. | | Been using it a while now, pretty good. | | This was a proof of concept to expand that app, it's not the | entire company | gnicholas wrote: | What's the pricing model? I would think that many people | would not be potential customers because the vast majority of | their networks are on a single platform (whatsapp or | messages), or because they don't really care if messages live | in 2 different places. I could imagine paying a one-time fee | for something like this, but I assume the ongoing upkeep | required would not work with such a model. | kevincox wrote: | I would agree if they hadn't completely redone their website | to remove every reference to Beeper Cloud. They really made | it look like a deprecated product, not a good alternative | that won't get blocked. | corobo wrote: | Oh wow aye, admittedly I've had no reason to go to their | main site recently (and in hindsight should have before | responding). They really went all in on marketing this eh | | There's always a possibility of me being wrong! It does | look like a bit of a pivot doesn't it.. Good point, well | made. | | I think I'll go double check I can still log in to my chat | apps directly just in case haha | mwidell wrote: | I used to think like this before I saw companies like Instagram | and Tiktok thrive in the app store, which they absolutely | cannot control. It is often worth a shot. | wilsynet wrote: | Relying on the App Store to distribute your app is more than | a little different than building an extension to iMessages. | Apple and Google want you to use their app stores in this | way. Apple does not want you to bridge iMessages to other | platforms. | LeonB wrote: | True, but I think this sentence buries the key point: | | "Apple and Google want you to use their app stores in this | way." | | ...they want you to use their app stores, their way, | because they retain 100% control of what you can and cannot | do. | LeonB wrote: | Yep, agree++. | | It's impossible to avoid relying on other people's platforms. | (Unless you want approximately zero customers, I guess) I | _wish_ these monopolistic corps didn't have such an iron | grip, but I'm not demanding creators single handedly remove | every dependency on them. There is no ethical consumption (or | production) in late stage capitalism. | jejeyyy77 wrote: | this - basically a backdoor trick/hack | ElijahLynn wrote: | > Reached for comment, Beeper CEO Eric Migicovsky did not deny | that Apple has successfully blocked Beeper Mini. "If it's Apple, | then I think the biggest question is... if Apple truly cares | about the privacy and security of their own iPhone users, why | would they stop a service that enables their own users to now | send encrypted messages to Android users, rather than using | unsecure SMS? With their announcement of RCS support, it's clear | that Apple knows they have a gaping hole here. Beeper Mini is | here today and works great. Why force iPhone users back to | sending unencrypted SMS when they chat with friends on Android?" | | Does it come down to The Law of Leaky Abstractions? | | >> https://www.joelonsoftware.com/2002/11/11/the-law-of- | leaky-a... | | Which means that if Apple wants to change something eventually, | then they will possibly break downstream abstractions and then | people will complain and the downstream abstraction will say | "Well Apple changed their API, it is their fault". Letting | someone do it from square one would be enabling that future | scenario, as it isn't "if" it changes, it is "when". | | If it was an open source API that would be different, but Apple's | is closed source, that is Apple's philosophy at the core. It is a | closed API yah? Not even an open spec right? | ElijahLynn wrote: | The good thing though is that Apple finally announced RCS | support > | | https://9to5mac.com/2023/11/16/apple-rcs-coming-to-iphone/ | graphe wrote: | Good? RCS isn't universal. Am I gonna be sending and | receiving Google, Verizon, TMobile, or Samsung messages? It's | not universally encrypted either. No way am I turning it on. | LordDragonfang wrote: | So instead of being possibly unencrypted RCS when sending | outside iMessage, you'd rather guarantee it be unencrypted? | graphe wrote: | The only texts I get are unwanted spam or some | confirmation codes and no it is not worth it to use RCS | with the amount of unsent messages it keeps having | problems with, maybe for some "possible encryption". It | is trash all the way around. | unstatusthequo wrote: | It will end up like home IoT crap. Zigbee, Zwave, Matter, | ten other shits... GL with this | dwaite wrote: | RCS Universal Profile. | | Vendors are going to have to actually work on improving the | standard (and Apple has committed to working within GSMA on | an appropriate multi-vendor E2EE mechanism) | | In the absence of interoperable standards through GSMA, | there will likely still be quite a bit of broken behavior, | e.g. when it's not a Google RCS Server and all Google | clients. | graphe wrote: | They don't have to, as they haven't for over a decade. It | will suck and I doubt anyone will use it unless they're | forced to (for 2fa). This is too little too late, if not | iMessage, they'd use Snapchat, Facebook messenger, or IG | before switching over to texting. | | There is zero benefit for apple to make it good and no | commercial reason for these vendors to make it good for | multi vendors. | jejeyyy77 wrote: | lol that is such a reach from Eric | ma2rten wrote: | Apples cares about the privacy and security of iPhones as a | differentiator. | threeseed wrote: | Apple employees also care deeply about the privacy and | security of iPhones. | dev_tty01 wrote: | I agree. There are already third party E2E messaging apps that | work across platforms. Anyone who decided to build a business | on unauthorized use of another company's servers was just | setting themselves up for disappointment. I have a hard time | understanding how anyone thought Apple would not cut this off. | m3kw9 wrote: | Is like saying if they care about privacy why do Apple allow | users to buy android? Why not give your iPhone away for free so | they don't get to use it. | trynumber9 wrote: | The EU should, like they did years ago with PC operating systems, | mandate a default browser selection screen. And a default | messenger selection screen. And a default app store selection | screen. | | Not that we'd get it in the US but it would help reduce | Apple/Google market capture efforts. | gafage wrote: | >And a default messenger selection screen. | | What for? Everybody in the EU already uses whatsapp. That shows | how unnecessary these selection screens are. | i5-2520M wrote: | Incorrect meme, almost no one is on whatsapp in Hungary for | example. We use Messenger, Viber mainly and other social | media apps that have a chat feature. | gafage wrote: | So basically you are making my own argument: we use tons of | different apps. What would be the selection screen useful | for? | | Going further: if we download different messengers, it | stands to reason we can download different browsers, | therefore if safari is the most used it's because it's the | one we choose. | umanwizard wrote: | Common case of people seeing that something is common in | Western Europe and Latin America and then claiming "the | U.S. is the only country that doesn't do X". Happens all | the time. | 3836293648 wrote: | That's assuming Europe is way more homogeneus that it is. I | have never heard of anyone using whatsapp in Sweden | not2b wrote: | That's probably why Apple will get away with keeping iMessage | closed (unless the US government pushes them), probably not | enough European use to count as a gatekeeper. | schrodinger wrote: | You say that like it's a bad thing ("get away"). iMessage | has nowhere near a majority and Apple doesn't put in any | restrictions against alternative messaging software (...not | that they're perfect, and haven't in other areas...). | not2b wrote: | I don't believe in closed protocols or crappy | interoperability. There are several approaches that could | improve things, like adopting Google's encryption | improvements to RCS so that mixed iPhone/Android | conversations are secure ("but that's not in the | standard!", well, then, get it or something similar in | the standard); they don't have to let others into | iMessage necessarily. Apple claims to care strongly about | their users' privacy and correctly attacks Google for | caring a whole lot less. Encrypted, full-featured | messaging would benefit their own users. | aaomidi wrote: | Nah I rather them do what they're doing right now and enforce | chat applications be cross platform. | madeofpalk wrote: | 'Nobody' in the EU uses iMessage, even on iPhones. Everyone | here already uses Whatsapp. This demonstrates a lack of a | monopoly and how competition can flourish. | | Honestly - and EU-regulation that Apple faces over iMessage | would just be collateral damage from EU targeting Whatsapp. | dgellow wrote: | WhatsApp and Telegram (varies by country) | NBJack wrote: | I mean, if everyone is using Whatsapp, that is effectively a | monopoly. I am curious as to what the runner ups are in the | EU however. | | Meanwhile, wait until Mr. Zuckerberg looks for new ideas to | monetize their messaging ecosystem. | Semaphor wrote: | Both Telegram and Signal. Threema is a distant 3rd ime. | chmod775 wrote: | There's no monopoly. Messengers hardly have any lock-in and | there's plenty of competition available. Entire continents | will switch messengers essentially overnight once the | current market leader becomes too enshittified and there's | something better. Remember how AOL, ICQ, MSN, Skype, etc. | died? | | WhatsApp is the current leader because it's no-nonsense and | works everywhere. The moment Facebook fucks that up even a | little bit, people will have moved on to the next thing. | ImJamal wrote: | There is major lock-in. If I want to move Signal but | everybody I message uses WhatsApp then I can't message | them unless they switch. | chmod775 wrote: | I can use multiple messengers in parallel without issue, | as I did each time in those transitional periods. | | The last messages on a dying messenger are always | instructions on how to move on to the next thing. In | skype, my status and most recent messages are just | informing people of my discord handle. I accept that I | may not be the norm, because generally I don't reach out | to people and don't initiate contact, meaning that the | onus is on them to use the appropriate channel to reach | me. | | Maybe it's worse for people who voluntarily stay in | contact with many others using different messengers, but | I don't see the problem with just having multiple | messaging apps, especially since modern phones just | consolidate all messaging services's contacts into your | contacts app (at least on Android). You don't even need | to remember who is reachable where. | ImJamal wrote: | >Maybe it's worse for people who voluntarily stay in | contact with many others using different messengers | | This is the problem I was expressing. If I want to | contact Joe I have to use Signal, if I want to contact | Sarah it is WhatsApp. Sam is SMS. Its hard to remember | who is using which app. | | > but I don't see the problem with just having multiple | messaging apps, especially since modern phones just | consolidate all messaging services's contacts into your | contacts app (at least on Android). You don't even need | to remember who is reachable where. | | That is easy enough if you use the contacts app. I | usually go straight to the app I want. Regardless, it | doesn't solve the core problem because people use | multiple apps. How am I supposed to remember which app | they prefer? I could message them on their non-prefered | app, but I don't like doing that if I can avoid it. | krater23 wrote: | What do you think why suckerberg didn't done that until | now? Facebook knows exactly that they need to be extremely | cautiones to don't lose all their users to threema, signal | or telegram. | | Thats the reason why until now they only added non | intrusive monetizing ideas than company accounts and so on. | And when you ask me, they found a way to make whatsapp | better. I can now order sushi via whatsapp. Here in Germany | I know no other messenger that makes this possile. | pdntspa wrote: | God I really wish we Americans would get on whatsapp | sentientslug wrote: | No thanks, iMessage is much better and not owned by | Facebook. | 123sereusername wrote: | Damn Straight. | etrautmann wrote: | My sense is that zeitgeist has shifted on this in the | last year no? | umanwizard wrote: | In what way? | krater23 wrote: | It's owned by Apple. Thats not better. Same shit, other | asshole. | gardenhedge wrote: | How is iMessage better? WhatsApp is a great app. | icehawk wrote: | Apple's business model is predicated on me buying things | from them. | | Facebook's business model is predicated on being able to | sell access to me to third parties. | | I can control the first one directly. | DanAtC wrote: | So I can give my data to Meta? No thanks. | mardef wrote: | I really don't want to give meta any of my business. | umanwizard wrote: | Why? What is so great about it? It seems practically | identical to signal and, if everyone is already on iOS, | strictly worse than iMessage. | dgellow wrote: | Runs on android, windows, web, macOS, iOS. | umanwizard wrote: | So does signal. | KomoD wrote: | I can't find a web client? | umanwizard wrote: | Guess you're right. | dgellow wrote: | Sure, and telegram does too. I was responding to someone | talking about iMessage | bombcar wrote: | I can't really tell the difference between signal | telegram teams discord et al. | | But messages falls back to sms and that I can notice. | krater23 wrote: | Tried it in the early days where Whatsapp was buyed by | facebook. Signal lost messages in group chats, Signal | lost messages in normal chats. | | Thats was the way to my blacklist. Droped Signal caused | by unreliability. | | Additionally, same as now iMessage, close out of other | clients. Other asshole, same shit. | dgellow wrote: | > Tried it in the early days where Whatsapp was buyed by | facebook. | | Wasn't that in 2014, so literally 9 years ago? Things are | pretty different now. | mattl wrote: | Signal group chats are shit by comparison. | zoklet-enjoyer wrote: | I've been using Signal since it was Text Secure and Red | Phone. I've got most of my friend group switched over to it | mattl wrote: | British-American here. WhatsApp is very good despite its | owners. Way better than anything else which is why we | continue to use it for group chats. | | There's no other good group chat encrypted option for both | iPhone and Android. | ivanjermakov wrote: | I don't consider any of these as a viable option. | etrautmann wrote: | It felt like most of the US was on whatsapp and then | everyone moved to signal and telegram | ggm wrote: | These assertions need those quotes around 'nobody' because I | work with a bunch of apple device owners across Europe and | they certainly do use Apple messages. | | At scale yes, signal, telegram and whatsapp are perhaps more | significant than the apple ecology and the ratio of android | to apple outside the USA and canada probably shows why. | madeofpalk wrote: | Yes, I'm sure that there is at least one person who uses | iMessage in all of Europe. | diligiant wrote: | 10 if you count my family, parents and siblings ;) | tiahura wrote: | Is anyone aware of actual statistics on this? | spacebanana7 wrote: | It's surprisingly difficult to measure. | | "Installs" are muddied by the fact that everyone with a | Facebook account has a Messenger capability, and every | Apple user has an iMessage app downloaded. | | "Messages received" is distorted by group chat dynamics | and commercial messages. | | "Messages sent" is distorted by the unequal value of | relationships. | | For example, I generally communicate with FB marketplace | sellers & acquaintances from high school on Messenger, | but use WhatsApp for talking with overseas family | members. | | More generally, there are social dynamics which make | messenger apps radically different from one another. Even | when the feature sets of the applications are very | similar. | ggm wrote: | Beeper had a good approximation | mig39 wrote: | I know some that use it in Portugal, but most of my | relatives use Facebook Messenger first, then WhatsApp, then | SMS or iMessage. | trynumber9 wrote: | I'm aware almost no one uses iMessage in Europe. Most would | choose WhatsApp in Europe. And if we had the choice most | would choose iMessage in the US. | | But it gives normal users a choice if they want it. Maybe it | would get some to think oh maybe I should try Signal. That's | how some people found out about Firefox - unimaginable I | know. | madeofpalk wrote: | But Whatsapp's popularity on iOS already shows that | "normal" (whatever that means) users already have a choice. | The market is not being constrained by Apple. | trynumber9 wrote: | Not by Apple anyway. But it'll save them having to search | WhatsApp :) | johnbellone wrote: | Every person I interact with in the EU uses iMessage. Let's | avoid making sweeping generalizations. | sbuk wrote: | That's a pretty sweeping generalisation on it's own. You | personally interacting via iMessage with people in the EU | has absolutely no bearing on this. When people say that | 'no-one' uses iMessage, they are really saying saying that | it's a very small percentage. It's like saying 'no-one uses | Yahoo! mail' - relative to GMail and Outlook.com, it's use | is vanisingly small these days, but I guaruntee that there | is a not-insignificant number of mail originating from | Yahoo domains. | johnbellone wrote: | It's an anecdote just like yours. | SahAssar wrote: | Your view is clearly not representative for the whole of EU. | | Most of my family, friends and colleagues are on iMessage. I | often need to explain why facetime will not work. | | Whatsapp is also common, but different as it does not as | easily replace SMS. | rglullis wrote: | Let's think higher than that. Let's just get rid of | megacorporations: let's mandate that any company with more than | amount of X employees should be broken down into smaller | divisions, with a separate board and CEO, and make it that no | one can be on more than one board at the same time. | | Make X low enough, 250, and all of this would go away: no more | corporatism, no more monopolies, no more special groups | interests paying for government lobbying, no more abuse of | power from a handful of companies... | spacephysics wrote: | This sounds like some utopic conjecture, that honestly, | wouldn't solve the root problem | tombozi wrote: | As with any system, it is just a matter of time before | loopholes are found and exploited. | rglullis wrote: | As with any policy, it will be up to the Government to use | its three branches of power to determine and enforce their | laws. | tombozi wrote: | The government is just another layer of the system. | judge2020 wrote: | Sure, it might seem appealing to do this now, but had this | existed 20 years ago the convenience and pros of the Apple | ecosystem wouldn't exist. You don't get the hardware+software | experience that Apple provides. You'd get stuff like handoff | (such as the handoff to Homepod functionality where you tap | your phone to the top of it) maybe 10 years later when enough | people finally get together to make a standard for it. Apple | Silicon and the Rosetta translation layer never happens. | rglullis wrote: | You make it sound like that is bad thing. | umanwizard wrote: | I never understood what the point of comments like this is. | You _know_ what you're describing is never going to happen. | So is it just philosophical musing about what the ideal | society would look like? | hellotomyrars wrote: | What is the point of asking what the point of someone's | comment is because it seems fanciful and impractical? Good | grief. They're not hurting anyone. | | Also there are a lot of things people could say "You know | what you're describing is never going to happen." That did | happen. | | I'm not suggesting this one is. I don't think so either, | but it isn't a very productive attitude. | zoklet-enjoyer wrote: | 250 is a bit low, but otherwise, interesting idea | sleepybrett wrote: | lol, what if china says no? | | Now I have a company that cannot compete at the scale some | chinese company can. OK so we close the border to imports | from companies that are larger than our rules. When has that | ever worked out? | rglullis wrote: | Can the US (or Europe or Japan) compete with China today? | seanmcdirmid wrote: | How many people are still using safari on Mac? Everyone I know | uses chrome, but maybe that's just in the states? | nomel wrote: | Chrome being viable is fairly recent: | https://9to5google.com/2023/02/28/chrome-safari-battery- | life.... | | In fact, I didn't realize it's actually viable until now. | 123sereusername wrote: | I live in the states and dropped Chrome for Safari Pick | your poison. | caseyohara wrote: | I use Safari as my daily driver on Mac because it syncs | nicely with my iPhone and iPad (I don't see any point using a | browser besides Safari on iOS/ipadOS), and is better on | battery life. I also regularly use Chrome on Mac for things | like front-end development. | seanmcdirmid wrote: | I'm the opposite. The only reason I ever use chrome on my | iPad to s because I need to use my password manager (since | I use chrome for everything on my desktops). Even my non | techie wife uses chrome on her MBP (and I didn't set it up | for her). | CharlesW wrote: | According to StatCounter, Safari has a 13% browser market | share on desktops. (Similarweb shows 11% on desktops, so not | terribly different.) | | https://gs.statcounter.com/browser-market- | share/desktop/worl... | umanwizard wrote: | I know a few people who use safari on Mac. Either because | they just don't care enough to install another browser, or | because they prefer the more "native Mac" look and feel. | MBCook wrote: | > Either because they just don't care enough to install | another browser... | | Why does so many people have this attitude that Safari | sucks and the only people who use it are idiots who don't | know better? | | It's so incredibly insulting. | | Not that putting native Mac in quotes implies anything nice | either. | umanwizard wrote: | I don't use Mac, nor care what browser people use on it. | I use safari on iOS because I too don't care enough to | install another browser. | | It's absolutely baffling that you could read my post as | saying safari sucks or that people who use it are idiots. | | Let me try to be more clear... there are two reasons | someone uses Safari on macOS, in my experience: | | 1. They like it better. Usually, the reason they like it | better is because it feels more "native Mac". This term | is in quotes because it's not a technical term and my | understanding of what it actually means is vague, but I | by no means dispute that it's real. | | OR... | | 2. They don't care, so they use the default. | MBCook wrote: | > Either because they just don't care enough to install | another browser | | The way this is written implies to me you think they | should install something else, but obviously they just | don't care. | | Whenever there are discussions about Safari on hacker | news they tend to be a lot of people who seem to have the | opinion it should die and that anyone with a brain uses | chrome. | | Between your word choice and that seemingly common | sentiment here that's what I thought you were saying. I'm | sorry if I misunderstood. | FirmwareBurner wrote: | Why do you care about other peoples' opinion on a | fricking browser? Did you write it to feel insulted? | | I'm trying to understand the reason for the white knight | HN commenters NPC reactions coming with their "stop | insulting my favorite trillion dollar corporation". | MBCook wrote: | I really like safari and have used it ever since the day | it was released. It's my favorite browser. | | There's a very common sentiment on HN and other technical | places that safari is a serious problem that needs to be | removed from the web so that things can be "better". | | That's why I'm insulted. Not because someone is insulting | Apple, do that all you want if they deserve it. Because | I'm tired of people implying that the browser I like is | shit because it's not chrome and its only used because | people have no choice or can't figure out how to switch. | FirmwareBurner wrote: | So you're feeling insulted because someone insulted your | favorite browser made by a multi trillion dollar | corporation? You need to get a life mate and stop | shilling for mega corporations. | | People are entitles to their own opinion regarding | products. If they think it's shit, it's their opinion | same how you're entitled to your own different opinion, | no need to be Apple's unpaid white knight and froth at | the mouth at everyone calling their stuff shit. | sleepybrett wrote: | the password manager integration tempts me to switch on my | mac... | MBCook wrote: | Me? I love Safari and Chrome drives me nuts. I can't see a | single reason to switch. | dgellow wrote: | I do use safari on macOS, and edge on windows. What am I | missing? I only use chrome when debugging web stuff because | I'm more used to their web console and tooling, but I don't | see a need to use it as my main browser. | samcat116 wrote: | Famously those default selection screens for browsers failed | horrendously. | trynumber9 wrote: | Did it? Firefox still has lingering popularity in Europe it | doesn't have elsewhere. | jeroenhd wrote: | The EU's DMA is supposed to basically do this: break up | gatekeepers and closed platforms for user choice. | | Not every app needs to be compatible with every other app, | though. There is a user base cutoff (and even then there is | some room for interpretation) of 45 million users (10% of the | EU population)/10k business users. | | Negotiations aren't done yet, but it seems iMessage isn't | popular enough to meet this cutoff. Alternatives like WhatsApp | definitely are, though; I'm pretty sure that's exactly why | Facebook is working on cross-platform messaging for WhatsApp: | https://www.theverge.com/2023/9/10/23866912/whatsapp-cross-p... | | This law doesn't just effect chat app developers: it also | applies to app stores and other methods of digital gatekeeping. | | That being said, Apple argues the app store for its iPads | aren't popular enough to cross the threshold (they split up the | iOS app store and the iPadOS app store in their statistics), so | the impact of these requirements will depend on what specific | iDevice you use. | turquoisevar wrote: | No, thank you. | | When the EU forced that implementation, it was already behind | the ball. | | It all but ensured Chrome's dominance by killing Firefox's | momentum and proved unsuccessful, which is why the browser | selection screen got killed. | mh8h wrote: | An open source client for iMessage is going to be used for fraud | and spam. Before this, a device being blocked by Apple because it | was used for fraud or spam would increase the cost of business | for fraudsters and spammers. But now it's a matter of picking a | new phone number. Of course Apple would try hard to stop this. | Banditoz wrote: | Is spam a good reason for Apple to keep their iMessage garden | exclusive? SMS is also widely used for spam. | MBCook wrote: | Yes. It exists but (for me) is non-existent. I know others do | get it. | | I've never thought about it but that would be a huge black | mark and could end up pushing a lot of people to | WhatsApp/FaceBook Messenger/whatever. | mh8h wrote: | I am not in the position to judge that. But reducing spam on | iMessage is beneficial for Apple customers, and as a | customer, I want Apple to be able to do that. | lawgimenez wrote: | I'm in Asia, my phone number has been with me for almost a | decade. I haven't received spam in a blue bubble, only on SMS | (green). Just want to give you a perspective in the other | part of the world. | | This are not just spam but most are sms phishing with links. | We have poor, inadequate cyber laws, so we are glad Apple is | doing its part sealing this off. | jeroenhd wrote: | This is exactly why Signal closed their source code: if you | allow access to your network, you're only accepting spam. For | their users' security, it's essential that they must guard | access to their network as much as possible. | yjftsjthsd-h wrote: | > if you allow access to your network, you're only accepting | spam. | | Well no; spam yes, _only_ spam no. | meonkeys wrote: | I feel the need to get a bit pedantic here. I'm not trying to | pick a fight; I truly hope it helps clear up a few things. | | Signal _is_ open source. It 's a fair argument that they make | it difficult to use servers other than theirs, and we can't | be sure exactly what they run server-side, but their code is | possible to fork and all that. Their licensing is clear. Even | the choice of AGPL is significant here: they _must_ provide | the source for exactly what they run on their server. | | Network access is orthogonal to source availability/openness. | Closing source as a means to limit access is security through | obscurity. Not to say that it wouldn't work, but we certainly | wouldn't expect the Signal Foundation to take this approach. | | The most significant measure Signal uses to manage access to | their network has to do with the phone number requirement. | That's an intentional choice on their part (arguably | controversial, but I don't have an opinion about it). | | I've never received a spam message from another Signal | user... is this common for you (or anyone)? I think in all | the years I've used Signal I've only received less than 5 | spammy "message requests" that are quite obvious/easy to | decline because I don't already have their phone number in my | contacts. I've always had to first ask someone "hey, can we | use Signal?" so I'm already expecting legitimate message | requests when they arrive. | KomoD wrote: | This is what Snazzy Labs said about Beeper Mini... hilarious: | | > This doesn't appear to be some easy thing Apple can just turn | off. | | > It will require a complete redesign of their entire | authentication and delivery strategy for not just iMessage but | Apple ID account access as a whole. | aaomidi wrote: | To be fair, this could be a heuristic based ban which wouldn't | be too hard to bypass. | | It'll be interesting if beeper mini ends up bypassing it. | dagmx wrote: | This is why people shouldn't listen to tech YouTubers who don't | actually work in tech as engineers. | | They're tech fans, not experts but act like they know the | domain space enough to make strong authoritative claims since | that's what gives them an audience. | ShamelessC wrote: | There were a number of similar comments on HN when they | announced. The real lesson? The internet is a shit show. | twodave wrote: | I don't know about you, but I've worked with plenty of | "engineers" who can't even properly read a stack trace. Not | meaning to offend, most software developers are unable to | reason about a system even as straightforward as a | messaging client with accuracy, especially a closed source | one. | sbuk wrote: | This is true, we see it anytime a discussion around email | comes up. | dagmx wrote: | True, but there's a difference in seeing a random anonymous | account parroting things and someone with a following | pushing it. | | Honestly many people here, myself too probably at points, | tend to just repeat what they've heard elsewhere as fact. | You can see it if you try and notice phrasing patterns | repeating. | | My real lesson is less that the internet is a shit show (it | is though), and more that people like to take a very strong | opinion as fact, over a more nuanced opinion that requires | understanding of a topic. | znpy wrote: | The guy is a fine youtuber but i think he was talking about | stuff outside of his area of competence wrt to this specific | matter. | IMTDb wrote: | Usually the correct course of action is to just... say | nothing then ? Or at least take some caution. But hey, it | makes for a less sensationalist headline. The thing is that | trustworthiness is typically something you look for in a | reviewer, clearly not something that can be found there. | acherion wrote: | Say nothing? They can't do that, what else are they going | to talk about in the next video that they have to release | to appease the Youtube Algorithm?! | | /s obviously! | wildrhythms wrote: | The bar for 'tech journalist' is... none. There is no bar. | throw310822 wrote: | Do sms/mms received from iMessage users on Android look anything | in particular? Because a possible move for Google would be to | reject them by default in some future version (hm hm, "security | reasons"). End of "yes you're still in but you look like a | cripple" and begin of "this app _doesn 't allow_ me to talk to | that person, if I want to reach him I _need_ to switch to | something that supports Android ". | umanwizard wrote: | If they tried that in the US basically everyone on android | would switch to iOS the next day. | robertoandred wrote: | iMessage doesn't send SMS/MMS messages. | kstrauser wrote: | Of course it does. | MBCook wrote: | You think it would be a good idea for android to reject all | SMSes? | throw310822 wrote: | No, obviously not, that's why I specified "if it's possible | to tell apart those coming from iMessage". | MBCook wrote: | It's not. They don't come from iMessage. They're went like | any other SMS. | meepmorp wrote: | SMS is handled by carriers, so google couldn't really block | messages from iPhone users specifically. And that's not | considering what an incredibly bad move it would be for them if | they could somehow reject only iPhone texts. | throw310822 wrote: | Do the SMSes come straight from the other users' phones, or | are they relayed via some Apple server? | | > what an incredibly bad move it would be for them | | I don't see it very different from Apple's choice to degrade | arbitrarily the experience of messaging with android users. | There are infinitely better alternatives to sms for private | messaging, Google could say it's encouraging its users to | move on them. | meepmorp wrote: | From the device to the carrier SMSC. | | Edit: to respond to your edit | | Apple is blocking 3rd party access to their own services. | Google blocking access to messages delivered via an 3rd | party isn't at all the same thing. And the optics of it | would be incredibly bad for Google. | throw310822 wrote: | Anyway, look. If I had this issue (I don't since I live | in Europe where everyone uses Whatsapp) that's what I | would do: I would download an app that blocks SMSes from | selected (known) numbers and auto-responds to them with a | message like "SMSes from this number are blocked by the | receiver - Please contact me on Whatsapp/ Telegram/ | Signal". | meepmorp wrote: | Sure, I guess. Seems like performative outrage, but at | least it'd send a signal to people that they should stop | talking to you entirely. | MuffinFlavored wrote: | It lasted 3 days? :) | MBCook wrote: | Surprisingly long, really. I expected it to die much faster. | gnicholas wrote: | Maybe Apple was waiting for a Friday afternoon to issue their | update. | quickthrower2 wrote: | You could do a few OpenAI hokey pokeys in that time. | dmillar wrote: | As usual, Gruber was right on the money. Via Threads yesterday: | | _" My prediction is that Apple will make changes--fixing bugs | and/or closing loopholes--that break Beeper Mini. It's untenable | that there's unsanctioned client software for a messaging | platform for which privacy and security are a primary feature._ | | _It's a very nice app, remarkably clever, and for now works like | a charm, but if Apple wanted an iMessage client for Android | they'd release an iMessage client for Android. Seems | irresponsible for Beeper to charge a subscription for an | unsupported service. "_ | | https://www.threads.net/@gruber/post/C0k1VgyMGZN?hl=en | goodluckchuck wrote: | It looks to me like there is an advantageous business | relationship between Beeper and their customers. As a general | rule, Apple is free to change their programs and how they work. | However, I think there's a plausible argument for tortious | interference here if the sole purpose was to prevent | interoperability. | umanwizard wrote: | Are you a lawyer because Apple stopping third parties from | using their service being in any way illegal sounds extremely | hard to believe | MBCook wrote: | > The CFAA prohibits intentionally accessing a computer | without authorization or in excess of authorization, but | fails to define what "without authorization" means. | | - From the National Association of Criminal Defense Lawyers | | Other way around. If anything, it sounds to me like _Beeper | Mini_ was acting illegally by accessing Apple's servers in | a way they didn't give permission for. | | The CFAA is ripe for abuse. I'm not saying applying it here | would be just or not, only that Apple likely wasn't the one | acting illegally. | bee_rider wrote: | Wouldn't it be the users, rather than Beeper Mini, that | are doing the accessing? | dwaite wrote: | Beeper mini includes a hosted service to receive APNS | notifications (meant for Apple software) | | So I would summarize it as the corporate entity | connecting to an Apple API and using it in undocumented | ways that they reverse engineered, intercepting messages | meant only for Apple software, doing so without prior | permission, for purpose to selling access to services | which would normally be covered by an Apple EULA. | | It is not quite like a smaller word processor wanting to | be able to import Word documents - without tying into | Apple's service, Beeper Mini has zero value. | goodluckchuck wrote: | I think that's certainly an argument that Apple would | make. However, it seems that this app was simply sending | requests and receiving responses that there was no code | injection or compromise of Apple servers, or of | credentials, or anything of that sort. | chmod775 wrote: | Yes, they didn't violate the law as you think it _ought_ | to be written. | | They may very well have violated the law as it is | _actually_ written. | simondotau wrote: | It's also entirely possible that no law has been violated | by anyone at all. What Beeper Mini did is probably not | illegal. What Apple did in response is probably not | illegal. | ntqvm wrote: | Not particularly relevant due to lawsuits involving game | cheating, where the circumstances are very similar. | | Beeper is lucky they weren't sued under the DMCA anti- | circumvention clause, as they clearly were bypassing the | technological measures Apple uses to prevent genuine | devices from connecting to iMessage & Apple services. | tadfisher wrote: | The DMCA protects copyright, not APIs. If iMessage was a | DVD then this would be a point. | MBCook wrote: | I wonder if any of the encryption stuff Apple uses would | give them an argument, like convincing their system to | generate keys. | | I think you're likely right though. If they had such a | claim I think their lawyers would have been on it | instantly. | | That's why I mentioned the CFAA. Accessing servers | without someone's permission is the exact kind of thing | people have gotten very stiff punishments for under the | CFAA in the past. It's basically the main reason I know | the law exists, stories about peoples ridiculous | punishments for relatively benign things. | | Sure it's useful for real things. I bet you can prosecute | ransom under it. Or hacking to break into a rival | company. | | But it's also great for when someone embarrasses a | politician with stuff that they published on their own | website and "something has to be done". | goodluckchuck wrote: | That's fair, but compare it to SMS. What if Apple blocked | SMS messages sent via cellular carriers, which are also | using their services (software on phones, etc.) Then | suppose it wasn't malicious SMS or spam, but legitimate | messages sent using a competitor's product (e.g. from all | Samsung phones). | freedomben wrote: | Maybe (or maybe not) plausible, but I think it's irrelevant, | because there's no way a small company like Beeper could beat | Apple's lawyers at this game. It will end up bankrupting | Beeper long before it would even matter. | gnicholas wrote: | This is unfortunate, but not untrue. Even just going | through discovery on this issue would be quite expensive -- | and would be critical to proving Beeper's case. | madeofpalk wrote: | That's like getting upset after getting bad dating advice | from a vending machine. | tptacek wrote: | There's a bunch of reasons why this is unlikely to be | tortious interference, but one of the obvious ones is the | contractual Terms & Conditions that apply between Apple and | its users; I doubt Beeper is liable here, but if interference | was a thing, my bet (not a lawyer!) is that the liability | would point the other direction. | gnicholas wrote: | My read of GP's comment was that the claim of tortious | interference would be by Beeper against Apple (for | interfering with Beeper's relationship with Beeper's | customers). | tedunangst wrote: | Apple is not preventing anyone from downloading beeper, | or giving beeper money, or running beeper software. They | are exercising control over their own servers. | paulryanrogers wrote: | Blocking interpretability could be illegal, especially as | they near market dominance | lotsofpulp wrote: | iMessage is nowhere near market dominance. As evidenced | by the ease of use and popularity of alternatives such as | SMS/Whatsapp/Signal/Wechat/etc | AlexandrB wrote: | I agree. The obsession with "blue bubbles" is something I | only hear about from tech writers. No one I communicate | with in the real world has ever mentioned it. | _Supposedly_ teenagers care about this, but that seems | like a poor basis for anti-trust action. | | At the same time, I miss the era of rich third party | client ecosystems for things like AIM or MSN messenger. | Blocking interoperability is a bummer for innovation. | lotsofpulp wrote: | >Supposedly teenagers care about this, | | Android vs iPhone is definitely a thing people in their | 20s and 30s even use to judge others. I have polled quite | a few family/friends, and it is near unanimous that it is | a dealbreaker in dating, mostly because they assume there | is a higher likelihood they will not mesh with the type | of person the non iPhone user is. | | >but that seems like a poor basis for anti-trust action. | | Correct. | simondotau wrote: | Apple would claim that you pay for the iMessage service | as part of the purchase price of hardware and software. | From this perspective it's not blocking interoperability, | it's blocking theft. | | Whether that argument holds is for governments and courts | to decide, ultimately. | gnicholas wrote: | My understanding of tortious interference is that it is | broader than actually preventing others from using a | service. Even just saying things to dissuade them from | doing business with a company can qualify. | tedunangst wrote: | Really weird that a disinterested third party like Apple | would even make loud public statements about Beeper. | tptacek wrote: | Yes. And I'm saying, were this a live issue (I don't | think it is), the graver liability might be for Beeper | interfering with Apple's contracts with its users. | gnicholas wrote: | In what way would Beeper's action cause Apple's customers | to breach a contract with Apple? I would think most of | the people who would purchase a service like this would | be Android users, not iPhone users. Some of them might | own Macs, but what would be the contract that the user | would be breaching that would result in damage to Apple? | tptacek wrote: | If they're "just Android users", they don't have iMessage | accounts. | gnicholas wrote: | So your thinking is that these end-users have signed some | sort of agreement with Apple, and that agreement says | they won't use any unauthorized services to connect to | Apple servers, or some such thing? | tptacek wrote: | That's not "my thinking" so much as it is a fact. | gnicholas wrote: | If it's a fact then it should be no trouble to share the | relevant provision. | | I was sharing that theory as a conjecture, since I have | no reason to believe such a provision exists. | goodluckchuck wrote: | There's certainly a contract there, but it's not obvious | how a customers compliance the terms and obligations create | a profit for Apple. I think most outside observers would | generally assume that Apple's profits come from the | payments the customers make to Apple, when purchasing | devices or making subscriptions. After all, the only people | subject to, and breaching the terms of service are Apple | customers who did pay for their phones, etc.. | tptacek wrote: | In a California interference case, Apple would need to | prove: | | 1. An enforceable contract existed (check!) | | 2. Beeper knew about the contract (check!) | | 3. Beeper's actions intentionally caused a breach of that | contract (check!) | | 4. An actual breach of Apple's Terms & Conditions | occurred | | 5. Apple had damages | | None of those elements have much to do with profit. | gnicholas wrote: | Not sure why this is getting downvoted - IAAL and this is | definitely something worth considering. This particular type | of law varies from state to state, and can be quite broad. | I've talked with other lawyers about it in the past, and my | understanding is that it's frequently asserted when companies | make counterclaims in business litigation. | | That doesn't mean it's a sure winner, just that it's a live | question until more info is known. I imagine Apple would say | they need to tighten up any parts of their system that could | allow for spoofing or other security issues, and that was | their 'legitimate' reason to make these changes. | cqqxo4zV46cp wrote: | I'm not a lawyer, but I do know how computers work. I'd bet | the farm on the very safe assumption that any protocol | change that blocks a third-party client at the very least | can plausibly be claimed to be in service of security, and | most likely be a legitimate claim in reality. It is | probably being downvoted because it's incredibly far- | fetched. | gnicholas wrote: | I agree that this would be their argument. But as other | commenters mention, this area could be a minefield for | Apple due to their dominance in various markets. It's | possible they wouldn't want to get sucked into a lawsuit | about this, even if they thought they could win, since | they might end up making statements that would have a | larger detrimental effects in other cases/potential | cases. | D13Fd wrote: | I think most or all states recognize that the defendant's | actions must not be justified or privileged. It's hard to | imagine how Beeper would meet that element on these facts. | willseth wrote: | How are you going to make a case for tortious interference | when the would be interferee is profiting by using the | interferer's resources without payment? | goodluckchuck wrote: | From beepers website, there's no use of apples servers when | iMessages are sent from a beeper user to a beeper user. | Rather, they only pass through Apple when sent to an iPhone | user and in that case it's the iPhone user that's utilizing | apples resources. And in that case there's an Apple device | owner, who is paid for the right to use iMessage servers. | willseth wrote: | Wow that's a hell of a stretch, but A+ for effort I | guess. By that logic, they're only stealing 50% of | Apple's iMessage resources for iPhone users. | tedunangst wrote: | Well, obviously, if those messages aren't using Apple's | servers, then Apple hasn't stopped them, so there's no | interference. | tiahura wrote: | Not sure that's worth much congratulation. Is there anyone that | didn't think the exact same thing as soon as they saw the | story? | kyleyeats wrote: | The "well duh" crowd says "well duh" no matter what happens. | jjulius wrote: | Mmm, absolutes. | tiltowait wrote: | I heard/saw quite a few people saying Apple either couldn't | or wouldn't cut them off--and that even if they did, it would | take a while. They were ridiculous takes, yes, but apparently | made in earnest. | jeroenhd wrote: | While it would ruin the experience in practice (not being | able to receive any notifications), I don't see why someone | couldn't perfectly reverse engineer the protocol. | | Beeper made several design decisions that made the app | super easy to use (i.e. using a single certificate that | wasn't supplied by a user's phone), but if you extract the | necessary source material from an old jailbroken iDevice, | you could create an iMessage clone that Apple can't ban | without either legal action or breaking compatibility with | all easily jailbroken iOS devices. | | Back in the days of AIM and MSN, even large companies used | reverse engineering to get chat interoperability, and it | was so successful that AIM left open an RCE vulnerability | to push shellcode so that Microsoft couldn't chat through | their service. | _rs wrote: | Any source/articles about the AIM RCE and it being left | open? Would love to read about that | jeroenhd wrote: | Here's a long writeup by someone who worked at Microsoft | at the time: | https://www.nplusonemag.com/issue-19/essays/chat-wars/ | willseth wrote: | There were a lot! Usually taking the form of: 1. They'll have | to do a major update to iMessage, 2. But what about | Hackintosh?, or 3. EU regulators will stop it | vGPU wrote: | A good chunk of the posters on the release thread seemed to | think otherwise. | treyd wrote: | >It's untenable that there's unsanctioned client software for a | messaging platform for which privacy and security are a primary | feature. | | I don't follow this logic at all. Shouldn't supporting | thirdparty clients be desirable if security is a primary | feature in the interest of transparency? Especially if the | reference client is proprietary and undocumented. | Grustaf wrote: | How would third-party clients _increase_ security (other than | indirectly, by people using SMS less)? On the contrary, | third-party clients is a gigantic security hole, since Apple | can't even know if a client app is spying on users. | jlarocco wrote: | > On the contrary, third-party clients is a gigantic | security hole, since Apple can't even know if a client app | is spying on users. | | Security isn't about _Apple_ knowing if an app is spying on | users, but about _THE USERS_ knowing that nobody is spying | on them. | | At best a third party iMessage client can only be as secure | as iMessage itself because the back end is still closed and | has no transparency, so it's the weakest link. If Apple (or | a third party) is spying on the back end then no client can | be safe. | | > How would third-party clients _increase_ security (other | than indirectly, by people using SMS less)? | | They can increase security by breaking a single target into | multiple targets, by increasing competition around security | and privacy issues, by having more people use and work with | the protocols and able to spot potential problems, by | encouraging more transparency around issues when they | arise, and by having alternatives readily available if one | of the clients is found to be compromised or insecure. | | And of course open source clients can be verified and | validated by other developers and security professionals. | dwaite wrote: | > They can increase security by breaking a single target | into multiple targets, by increasing competition around | security and privacy issues, by having more people use | and work with the protocols and able to spot potential | problems, by encouraging more transparency around issues | when they arise, and by having alternatives readily | available if one of the clients is found to be | compromised or insecure. | | I believe you are speaking to transparency, not third | party clients. | | Beeper Mini actually bundled binaries that they didn't | understand to bootstrap registration. They could only | attempt to be compatible with messages that they have | received, and verify messages they send show up correctly | - they cannot know they covered all available options. | | I speak to this as someone who reverse engineered MSN | Messenger back in the early 2000s for an XMPP gateway - | you'd occasionally find an entirely new type of message | (requiring an entirely new parsing code path for their | undocumented/bespoke messaging protocol) because someone | registered for a stock ticker or the like. | | There was no fuzzing the official servers or clients to | see if they were robust or secure - the goal was to have | a salable product. In fact, we saw other messaging | systems where we had significant concerns based on our | understanding of the protocols through reverse | engineering, and we saw one vendor exploit a security | vulnerability in their own shipping product in order to | verify authenticity and block third party clients (which | worked for a period of time) | | From what I saw of the iMessage system, third party | support is not going to be feasible even with a | documented protocol without partnership, because there is | an assumption of attestation of real, unique hardware as | part of registration to prevent mass abuse. | person3 wrote: | I don't know a lot about how it works, so forgive me if | this is a silly idea. I wonder if attestation could be | done using real Apple devices, while leaving the private | key on the user's android. So similar to the old beeper | to get the signed attestation, and send the result to the | phone. Still could be secure since you can keep the | private key used to encrypt messages local on the users | device. I guess the issue might be a cat and mouse game | if detecting beepers flock of Apple hardware to try and | disable them all... (given many people would be using the | same Apple devices) | poisonborz wrote: | > Security isn't about Apple knowing if an app is spying | on users, but about THE USERS knowing that nobody is | spying on them. | | True, but Apple caters specifically to a consumer base | that can't know this and does not want to think about | this. Whether this is health or sustainable in the future | is another matter. | Grustaf wrote: | > Security isn't about Apple knowing if an app is spying | on users | | Clearly, what matters to Apple is what _they_ believe is | secure, and they of course trust themselves more than | they trust Beeper. | | > At best a third party iMessage client can only be as | secure as iMessage itself | | Exactly, they can never be safer, and given that Apple, | or we as users, know very little about the company behind | the client, third-party clients are much less secure. | cdata wrote: | We've really done one over on ourselves by adopting the | mental model that only a vertically integrated corp can | deliver privacy and security to users. This rigid tendency | towards homogeneity is bound to suffer a tragic systemic | failure before too long. | | It would be healthier to assume multi-polarity and lean into | it. | zxt_tzx wrote: | > We've really done one over on ourselves by adopting the | mental model that only a vertically integrated corp can | deliver privacy and security to users. This rigid tendency | towards homogeneity is bound to suffer a tragic systemic | failure before too long. | | Look no further than the other news that came out this week | re: government spying via push notifications. (https://www. | reuters.com/technology/cybersecurity/governments...) | Consumers rationally trust the few big companies which are | incentive-aligned to protect their data and government then | goes after those few big companies. I thought this was | particularly galling: | | > _In a statement, Apple said that Wyden 's letter gave | them the opening they needed to share more details with the | public about how governments monitored push notifications._ | | > _" In this case, the federal government prohibited us | from sharing any information," the company said in a | statement. "Now that this method has become public we are | updating our transparency reporting to detail these kinds | of requests."_ | ChrisMarshallNY wrote: | I suspect there's more where that came from. The only | reason we learned of this, is because the cat was let out | of the bag, and Apple was able to talk about it (gag | order). | | People might want to think about how AirTags and Find My | Phone work... | paulmd wrote: | > People might want to think about how AirTags and Find | My Phone work... | | rotating BTLE identifiers controlled by a cryptographic | key pattern, tunneled over end to end encryption? | simondotau wrote: | > We've really done one over on ourselves by adopting the | mental model that only a vertically integrated corp can | deliver privacy and security to users. | | Who is saying that? Certainly nobody anywhere in this HN | thread. It is, however, fair to say that the only guarantor | of privacy and security is a network of trust. There are | plenty of examples where trust is partially decentralised, | the most notable being the system of certificates used for | establishing trust in HTTP over TLS. | zucker42 wrote: | > Who is saying that? | | There is a quote in the top level comment of this thread | that says that. | | > It's untenable that there's unsanctioned client | software for a messaging platform for which privacy and | security are a primary feature. | simondotau wrote: | That is not even remotely similar to the claim you made. | Nowhere in that sentence is the claim that privacy and | security cannot exist without a vertically integrated | corporation. | | All they're saying is that the existence of third party | software compromises Apple's ability to make blanket | statements about the security and privacy of this one | specific platform. An unofficial third party client | breaks an established network of trust -- which is an | objective fact. If you doubt this, then you really should | use this Chromium fork I just developed. Use it to log | into your internet banking. Don't be scared. There's | nothing to worry about. See, there's a lock symbol in the | address bar and everything. | cdata wrote: | Sure, but also recognize: web browsers constitute a | mature, multi-polar ecosystem; we do not clutch pearls | when a user chooses Firefox, or Safari, or Chrome (or | myriad others) to transact on the web. | | Can a bad actor slap a green lock on an insecure browser | clone and harm users? Certainly. And yet, in a survey of | the _systemic_ threats to security and privacy on the | open web, such attacks are relegated to the margins. | | Apple encourages a popular narrative that centralization | and control beget trust, and from there may enable | privacy and security. Look no further than the comments | on this HN post to see the narrative echoed! | | It's fair to point out that it's not literally what | Gruber wrote, but readers will fill in the negative space | around his uncritically apologetic commentary. To state | the implied message: trust in Apple's way, and remember | that third parties (who are not accountable to Apple) | will ultimately deprive you of privacy and security! | simondotau wrote: | Having a system where trust is embodied in a single | entity is one valid solution. It's also not the only | solution and I haven't heard anyone claim that it is. | cdata wrote: | That is technically a remark I agree with, but you're | skipping past the actual point of my comment: it may be a | valid strategy on its face but it is fragile and makes | users vulnerable to systemic exploitation. | | The web browser ecosystem has its own (different) | problems, but iMessage lacks requisite variety to back up | its particular claims to privacy and security (see that | Reuters article for a preview). | photonerd wrote: | Plenty of people clutched pearls (rightly) about IE tho. | And https by default. And much more. | | That it's _not currently_ a problem is due to 25 years of | _strongly_ pushing for privacy & security. | | We're still not there (see Google & adblockers in chrome) | al_borland wrote: | This would be the case if it were a protocol designed to be | opened up for use by 3rd party clients. As it stands, this | was a clever hack which would undermine the integrity of the | system if left in place. Within a few weeks we'd see 100 3rd | party iMessage clients, and it would be luck of the draw if | the one someone downloads is secure or not. | eptcyka wrote: | How is using another client undermining the security of the | whole system? | al_borland wrote: | The system wasn't designed with those 3rd party clients, | and security around them, in mind. Beeper Mini is | spoofing/reusing device IDs, pretending to be some random | person's Mac, for example. True support for 3rd party | clients wouldn't not require this kind of thing. | | From what I understand Beeper Mini is interfacing with | iMessage on-device, what's to stop another clients from | using a server and intercepting messages? While I don't | have time to look it up again, I think there was also | something on how Beeper Mini is handling the push | notifications when the app isn't open. While that may not | leak a lot of information, and there is also the news of | Apple/Google sharing push info with some governments, | that's something that can at least raise some eyebrows | when it comes to how private it is. | danShumway wrote: | > The system wasn't designed with those 3rd party | clients, and security around them, in mind. | | It sure as heck better have been designed with that in | mind, because it sends SMS messages to uncontrolled 3rd | party clients that could be stealing your information or | spying on push notifications every single time you | message an Android user. | | I genuinely don't understand this argument. Do people | think that SMS messages don't generate push | notifications? Does Apple have a 1st-party SMS messenger | available on Android that I'm not aware of? You're | already communicating with 3rd-party clients that could | be spying on you, and you're already receiving messages | from those clients in the iMessage app. The biggest | difference is that your messages with those clients today | are fully unencrypted, so spying on them doesn't even | require compromising an app. | | It's weird for people to be so concerned about push | notifications as if that's a decrease in security when | the alternative system they're proposing is for iOS | messages to be sent to Android devices fully unencrypted. | Apple/Google can share all of that information with the | government as well; if they're not being asked to it's | only because the government can get it even more easily | directly from the telcos. | shadowfiend wrote: | There is no iMessage app. There is a Messages app that | implements two systems: iMessage and SMS/MMS. iMessage is | the system whose security model is being discussed here, | and the security model of SMS/MMS is mostly irrelevant to | it. | jvolkman wrote: | If the existence of a working unsanctioned client | undermines the integrity of a system as prominent and | security- and privacy-focused as iMessage proclaims to be, | then that system has big problems. | | Certainly this is not the first time some entity in the | world has reverse-engineered iMessage; it's just the first | time that it was publicized. | ceejayoz wrote: | Every system has holes that get discovered in time. | Leaving those holes _open_ is a different thing. | danShumway wrote: | This is also notable, because the technology that Beeper | Mini is based on was public and available to potential | attackers before Beeper Mini launched. Beeper didn't | invent this, they contracted the developer and based the | project off of their open Github repository. | | Apple did leave the hole open; they left it open until it | threatened their customer lock-in. Only at that point did | they decide that it was a security risk. | bombcar wrote: | Third party clients offer many more cases for average users | to lose their security, because you can't prevent malicious | actors from releasing "SuperMessengerSecure" that just | mirrors everything off to a server somewhere. | cqqxo4zV46cp wrote: | No. This is an entirely self-centred view. The only people | that equate this sort of transparency with genuine security | are computer nerds. These tend to be the sorts of people that | don't sit very highly on my internal list of "people who | stand to benefit the most from increased privacy measures". | For...literally every other member of society, this sort of | implementation detail doesn't mean _anything^. They hear some | (from their perspective) very abstract words like 'open', and | all that means is that they're trusting some league of | computer nerds to tell them that something is 'secure'. This | is somehow meant to be more convincing than Apple, who, to | most people, is at the very least another mob of computer | nerds, but in reality also happen to have a pretty good track | record of making phones that seem to work alright for people. | | Beyond optics, let's just look at attack surface. The | implication that the sort of security holes that "openness" | would fix are anywhere near the top of the list is...where's | that xkcd about cryptography and crowbars? It's very clearly | in the realm of nerdy cosplay. You know what _is* a much more | realistic threat? Some stupid third-party client on the Play | store that exfiltrates all messages sent and received. Apple | has absolutely no control over that. No protocol security | accounts for that. | danShumway wrote: | > You know what is a much more realistic threat? Some | stupid third-party client on the Play store that | exfiltrates all messages sent and received. | | One way to avoid that outcome would be to have a first- | party client on the Play store. | | Instead, Apple drops all message security entirely from | cross-platform communications for iOS users, allowing | anyone to read those messages whether or not they have a | crowbar. This is security 101: users do dangerous crap when | the secure options don't have affordances for their use- | cases. Users are lazy. If an official 1st-party secure | client exists that meets their needs, they won't install a | 3rd-party client. Users resort to dangerous and unsupported | options when the safe, obvious options either don't work or | aren't available. | | And thankfully, we now know that it would be entirely | possible for Apple to fix that problem and to move its own | users off of SMS for communication with Android contacts, | and we know that because a 16 year-old high-schooler was | able to build that support with zero documentation. | Presumably Apple is capable of doing the work of a 16 year- | old. We now know that it would in fact be entirely possible | for Apple using a 1st-party controlled, proprietary client | with a proprietary protocol, to encrypt virtually every | message that Apple users send to every one of their | contacts, rather than what Apple does today where it | encrypts... some of them. | | None of this requires Apple to Open Source anything or to | document or make available any of their protocols. The only | reason Apple is in this position right now of needing to | deal with 3rd-party clients is because of a lack of support | from their 1st-party client. | hoistbypetard wrote: | > Instead, Apple drops all message security entirely from | cross-platform communications for iOS users, allowing | anyone to read those messages whether or not they have a | crowbar. | | I think that's my biggest gripe with the situation. Or my | second-biggest. My biggest gripe is that the only | notification that your messages are now not end-to-end | encrypted is the green bubble. They don't tell you | anywhere that the green bubble (also) means that. | m3kw9 wrote: | No need for transparency here. Just know that no one has | broken the encryption is all you need. Also you likely will | not know if beeper sends a copy of your messages to their | servers to sell, but who would you trust more won't sell your | info, beeper or Apple? | oehpr wrote: | I'm trying to figure out if this post is sarcasm. | | The first half definitely made me think sarcasm, then the | second half... I mean I know some people actually believe | this... Then I noticed you said "encryption" instead of | "protocol". Breaking an encryption standard is obviously | very hard, breaking a protocol is obviously not nearly so | hard. | | On the other hand, taking this stance would be insane given | the post we're talking about. A company that actively | circumvented apples security measures. So you must be being | sarcastic. You just have to be. | | Remember, on the internet it's kinda hard to tell. Make | sure to throw in a /s unless you really _REALLY_ sell it. | m3kw9 wrote: | I wasn't being sarcastic, I mean you do know there exist | closed source for a reason whatever that is. For Apple to | open their protocol would mean your messages sent to 3rd | party clients, which means they could sell your messages | for ad targeting or worse. | danShumway wrote: | When Apple sends messages via SMS, they are sending your | messages to 3rd party clients who could sell your | messages for ad targeting or worse. Apple already does | this. They already send your messages to random clients | who could be spying on you. | | It's just that in addition to sending your messages to | 3rd party clients that could be stealing the data, Apple | goes the extra step to make it even more insecure and | also sends your messages completely unencrypted, so that | everybody along the path from your device to the 3rd- | party client can join in and also read your messages and | can also use them for ad targeting or worse. | | I'll make the argument that this is strictly worse for | security than tolerating an encrypted 3rd-party client | (or better, releasing their own _1st-party_ client rather | than relying on SMS). | yurishimo wrote: | Beeper was acquired by Automattic about a month ago. | massel wrote: | That was texts.com, not Beeper | mixdup wrote: | What's untenable is that the third party software is | unsanctioned. You can make the argument that it would be a | good or better system with third party clients, or that Apple | should open the system up, but it is ridiculous that anyone | would trust a client/integration that depended on some kind | of hack (regardless of the nature of that hack--such as | whether it's decrypting and proxying or getting into the | ecosystem in a "secure" way) | masto wrote: | Gruber is effectively an Apple employee. | sneak wrote: | Gruber is a shill, bribed with special access for his blog. | | Everything you said is correct. | michaelcampbell wrote: | Sure, but I don't think anyone can legitimately claim Gruber | hasn't had some generally pro-Apple stance for decades. | LanzVonL wrote: | Yeah but then that one Israeli company that spies on | everybody will just pump these apps out. | orangecat wrote: | If an "unsanctioned" client can compromise iMessage security, | then there was no actual security other than obscurity. | sdfhbdf wrote: | I didn't compromise the security of iMessage as a whole, it | just exploited a way to get people into the system that was | not planned. | | Imagine there is a theme park that has normal ticket booths | and some requirements there to get in. Then there comes a | Beeper that finds a hole in the fence on the perimeter and | sets up their ticket booths there. It's in theme park's best | interest to close that hole and cut off the revenue stream of | somebody pigging back on their theme park. | ancientworldnow wrote: | Except they charge a thousand dollars to enter and then let | everyone else in for free but they have to wear a badge and | the pictures they get from the roller coaster photo booth | are 240p. | sircastor wrote: | And no one is obligated to come to the Theme park. | There's an entire world of people who never visit the | theme park, mock the people who do, and couldn't care | less about it. But some people want to be included as | going to the park, when they don't. Some people are very | judgy and don't want to talk to people who don't go to | the park... | | Okay, I've stretched the metaphor out enough. | hamandcheese wrote: | Almost 60% of America is in the theme park. | simondotau wrote: | > _Except they charge a thousand dollars_ | | A Lamborghini Urus costs $230k so I guess it's morally | acceptable to break into a dealership and steal it. | BobaFloutist wrote: | Kind of, yeah. Once something is expensive enough it's no | longer common theft, it's a _heist_. | simondotau wrote: | _Blackmail is such an ugly word. I prefer extortion. The | "x" makes it sound cool._ | quickthrower2 wrote: | Easy to be right on the money here. This is the default MO. | Regardless of if you are paying for it or are licensed or are | doing it despite the tech giant whose toe you are tickling. | Twitter API springs to mind. | jlarocco wrote: | His first sentence about privacy and security is nonsense, but | his second sentence hits the nail on the head. | | If the richest company in the world wanted their chat app to | run on Android, it would by now. | | It's strange Apple doesn't sell an iMessage Android app, but | I'm sure they've had somebody do the math and found out that | it's more money for Apple in the long run if they don't. | shultays wrote: | Because there are people that buys iphone just to get a blue | bubble, why would Apple want to stop that? | Zuiii wrote: | Completely agreed about the nonsensical first claim. We have | many third-party clients for other messaging platforms where | privacy and security are a primary feature. It's completely | tenable, especially for a player like Apple. | | Or put another way: If the privacy and security of imessage | is compromised by someone building another client, I'd argue | that you never had either to begin with. | dwaite wrote: | > Completely agreed about the nonsensical first claim. We | have many third-party clients for other messaging platforms | where privacy and security are a primary feature. | | I can't think of an any with independent implementations. | | For instance, have a few third party Signal clients, which | work by using the official libSignal . These are not third | party clients, but third party GUIs. Use of libSignal on | the official Signal network is also not supported or | recommended. | | Likewise, all the third-party Telegram clients I know of | are forks using Telegram source. | | This makes sense, because neither of these are stable | systems. A third party has to stay up-to-date with features | and changes made to the official servers and clients. | | Do you know of a security and privacy focused messaging | platform which is both: | | 1. documented | | 2. has multiple independent implementations of the | networking and security protocols? | twicetwice wrote: | Does Matrix not qualify? | mlrtime wrote: | Look no further than blackberry... Their days were always | numbered as the only reason to keep it is the messaging (and | a bit the keyboard). | | Another theme here is BBM (Bloomberg Messaging). | People/Companies pay BB five figures per year just to get | BBM. Why would they ever release a messaging app outside of | the terminal. They will die before this happens. | mcfedr wrote: | The primary feature of iMessage is lock-in. Everything else is | secondary. | tempodox wrote: | > Seems irresponsible for Beeper to charge a subscription for | an unsupported service. | | Completely wrong. It's a job-seeking ad. "Look, I'm ruthless | enough to fuck over users who buy this bogus subscription." | Which SV startup wouldn't pay millions for a crook of that | caliber? | crest wrote: | > It's untenable that there's unsanctioned client software for | a messaging platform for which privacy and security are a | primary feature. | | What a stupid take on the situation. At most it's untenable to | Apples short term financial interests. A well designed protocol | and implementation would be even better at protecting _user_ | privacy and security especially from a privileged attacker like | the service provider and anyone able to put covert pressure on | them. | | The only way in which vendor lock-in helps the the existing | users is that spammers and scammers have to invest additional | money to acquire Apple devices to create new accounts instead | of just phone numbers and a labor to create accounts. | ComputerGuru wrote: | This was why I never shared my iMessage for Windows: | https://neosmart.net/blog/imessage-for-windows/ | | They'd block an account out of spite without a second thought. | Shawnj2 wrote: | Does it still work? | ComputerGuru wrote: | Still using it daily. | nchase wrote: | Love this. Congrats and thank you for the writeup! | Hackbraten wrote: | This is amazing. Truly a labor of love. Kudos to you for | accomplishing this, and then polishing it to perfection. Good | on you to withhold it, as proved again today. I'm so glad that | I finally left the Apple ecosystem. | graphe wrote: | Loved your post, thanks for sharing! | froggertoaster wrote: | Your article was the first I thought of when Beeper Mini was | released. I knew it had already been done by you and never saw | the light of day for a reason! | Grustaf wrote: | > "if Apple truly cares about the privacy and security of their | own iPhone users, why would they stop a service that enables | their own users to now send encrypted messages to Android users, | rather than using unsecure SMS?" - Eric Migicovsky | | 1. If Apple sees this as a gap, it is very obvious that they | would address that themselves, rather than by allowing a hack to | exploit loopholes in their architecture | | 2. Since Apple has no control over the Beeper mini client, they | would not consider it safe, it could easily be spying on users | without their knowledge. | CivBase wrote: | > 2. Since Apple has no control over the Beeper mini client, | they would not consider it safe, it could easily be spying on | users without their knowledge. | | Since I have no control over iMessage, I would not consider it | safe. It could easily be spying on me without my knowledge. | diligiant wrote: | The basic assumption here is trusting Apple, provided that | numerous security researchers have access to the platform. If | you don't trust Apple, don't buy their products. | 0cf8612b2e1e wrote: | It's a two party marketplace. Even if I don't like Apple, | the alternative is not great either. | judge2020 wrote: | "they would not consider it safe" is from Apple's | perspective, which is the only thing that matters when Apple | is the steward of legally and technically enforcing who can | use their APIs. | CivBase wrote: | Sure. They have every right to do what they're doing. I'm | just mocking Apple because I think their implication that | they're the only trustworthy entity is ridiculous. We have | no reason to trust them any more than we do Beeper or any | other company. | | If Apple _actually_ cared about security they 'd implement | an open protocol that is provably secure. Imagine if they | supported something like Matrix. But that's clearly not | their primary concern here. It's just a convenient excuse | to maintain their walled garden. | addandsubtract wrote: | Which is why most people (should) opt to use a cross platform | messenger, such as Signal. | SahAssar wrote: | If signal would officially allow third party clients, non- | phone-number-bound users and maybe federation that'd be | great. | | It does not. | anigbrowl wrote: | Signal does allow third party clients, Beeper is one. I | agree about other things, and would expand on the list. | SahAssar wrote: | They do not officially and discourage it. Moxie and the | rest of the company has been extremely clear that all | third party clients are not considered supported or | allowed, regardless if they can and do interact with | signal services. | anigbrowl wrote: | Useful (though somewhat dispiriting) to know. I would | feel a lot more forgiving toward Signal's UI shortcomings | if I had a choice of alternative front-ends. | kccqzy wrote: | Does iMessage allow third party clients? No? Then why the | double standard? | SahAssar wrote: | I'm saying that if we hold something to a higher standard | lets actually hold them to a higher standard. | | Is signal better than iMessage? Probably. Should we ask | for them to be better than they are? Yes. | thomastjeffery wrote: | It looks like we are comparing standards here, and that | neither passes the bar. | cqqxo4zV46cp wrote: | As very recently made evident, Signal spends a | significant amount of money maintaining their phone- | number-bound infrastructure, with an entirely plausible, | reasonable, user-focused reason for doing so. As a Signal | user, and donator, I'm 100% okay with the trade-off | they've made, and would hate to see it reversed just to | appeal to some nerdy pipe-dream for how services should | work. | SahAssar wrote: | > As very recently made evident, Signal spends a | significant amount of money maintaining their phone- | number-bound infrastructure, with an entirely plausible, | reasonable, user-focused reason for doing so. | | If there is some recent revelation that makes phone | numbers all of a sudden a secure, portable and | censorship-resistant identifier please link me that. | | Until then I'd prefer to not have my private | communication determined by telephone companies that | often have not cared for either security, censorship or | privacy. Regardless of signals e2e encryption having my | access to the network determined by a telephone company | is not the right way to go. | noirbot wrote: | I'll continue to restate the thing that made me | immediately quit Signal forever - I made an account, and | 10 minutes later, it had alerted someone I hadn't talked | to in years that I had an account, simply because they | had my phone number at some point in the past, and they | messaged me. | | For a nominally privacy focused app, for them to | literally alert people to my new Signal account I'd | gotten to securely message someone violated all trust I | had in them. What's to stop someone from just adding a | Contact for every single valid phone number on their | phone and then getting an alert for any time anyone makes | a Signal account? I may as well just use Facebook then. | Grustaf wrote: | As pointed out below, "they" is Apple, but I would also | assume that at least 99.9% (really) of users would trust | Apple more than Beeper, i they had to choose. | cqqxo4zV46cp wrote: | Let's add a few more 9s to that, just to make it even more | realistic. | willseth wrote: | If you don't trust Apple, then obviously you don't use it. If | you do, then it shouldn't be possible for a 3rd party client | to break that trust. Users only see iMessage vs no-iMessage | and have no other way to identify the client to decide for | themselves whether to trust it. | johnbellone wrote: | Not what he said. He said he doesn't trust them (safe). The | question you should be asking is why do you? | vGPU wrote: | Because they've proven to be the most trustworthy and if | you can't trust the manufacturer of the device and OS you | also can't trust any app running on said hardware. | thomastjeffery wrote: | > If you do, then it shouldn't be possible for a 3rd party | client to break that trust. | | A correctly implemented end-to-end encrypted protocol would | be safe for all participating clients. | | The only way to break that security is by copying messages | outside the protocol in the app itself. | | Neither of us knows whether iMessage or Beeper Mini does | this. To bring up the possibility is to criticize _both_ | apps equally. | willseth wrote: | > A correctly implemented end-to-end encrypted protocol | would be safe for all participating clients. | | As long as the clients are closed source, this is a | circular argument. The client itself is a vector. Not | just for a good E2E implementation but for the 3rd party | company to not outright steal everyone's messages, create | a backdoor, etc. You have to be willing to trust every | client used in the thread. | thomastjeffery wrote: | That was my second point. | | If we must be willing to _distrust_ one closed source | client, then we ought to distrust _both_. | willseth wrote: | This is tantamount to saying we should only trust open | source software. If that's your point, then you lost me. | If not, then it's obvious that some companies are more | trustworthy than others. (P.S. the many active exploits | found in core low level open source software after months | or years because despite the source being open almost no | one audits it because they're cheap and/or assume someone | else is doing it) | thomastjeffery wrote: | Well why in the world would I trust iMessage _and_ | distrust Beeper Mini? | willseth wrote: | Are you seriously asking why someone would trust Apple | over a small generally unknown Android-only app company? | CivBase wrote: | I don't actually think it's that unreasonable. Apple has | broken people's trust many times and come out just fine | in the end because they are a huge company with many | products participating in many markets. A small company | like Beeper is dependent on a small user base and a | significant breach of trust could easily spell the end | for them. | | That said, I don't personally trust either of them. When | it comes to matters of security, I prefer open protocols | which can be proven to be secure over pinky swears from | companies. | dwaite wrote: | Trust is generally something you build and lose, rather | than something you are given by default. That reputation | can be a massive asset or liability. | | The level of trust I currently give in Beeper is that | identity verification happened such that someone could | potentially be prosecuted for abuses after-the-fact. | | They have not built up a reputation, and in the face of | potential scams or privacy abuses their reputation may | not be as valuable as the user information they can gain | access to. | | Small incidents can cause significant reputation harm to | Apple, and those equate to billions of dollars lost in | corporate value. | | Even the recent notification monitoring announcement | harms their reputation, where the government itself | mandated non-transparency. (For this reason, I somewhat | expect they are trying to design an oblivious | notification system, where role separation prevents a | single intermediary from knowing both where a | notification is from and where it is going to.) | thomastjeffery wrote: | Apple has done plenty to lose my trust, and very little | to build it. But that's not really the subject at hand, | though I do see where word choice is misleading here. | | You just brought up a better word: "liability". I'll go | one step further: "attack surface". | | When it comes to security in software, we don't need to | work with many unknowns. The unknowns we do work with are | the attack surface. By presenting a greater domain of | unknown behavior, closed source software effectively | presents me (the user) a larger attack surface. Sure, I | could _trust_ that the extra attack surface is actually | covered; but I can 't _know_. With open source, I don 't | have to trust, because I can know instead. | | If I am to choose between open and closed source | software, then I am choosing between knowledge and trust. | That is a completely different position than choosing | between closed and closed: trust vs. trust. So long as | any securely-designed open-source messaging app exists, | iMessage is at a disadvantage in end-user security. Even | if Apple can know for certain that iMessage's attack | surface is not larger than an open-source alternative, we | the users can't. Closed source software will _always_ | present a higher demand for trust. | verandaguy wrote: | > Since I have no control over iMessage, I would not consider | it safe. | | Generally fair assumption. There's been some research (both | positive and negative) around their E2EE claims, though AFAIK | much of what's known about iMessage's E2EE guts has been | learned through unofficial means. I think that for the vast | majority of users, iMessage is probably _safe enough_. | | As a user, you have the agency to choose a messenger app that | better suits your privacy/convenience balance, though in | fairness, I think even among users who care about privacy, | many don't know how to judge privacy features and | implementation details well. | | Like others in this thread, I personally recommend Signal. | It's widely available, easily usable, has been audited and | researched a fair bit, and though it doesn't have a self- | hosted option, it does have white papers out about its | protocol which IMO are worth a read. | LordDragonfang wrote: | (1) is exactly what that quote is pointing out. If Apple | _actually_ cared about its users ' security, they _would_ see | this as a gap, and would have addressed it already. The fact | that they haven 't means that, despite all their posturing | about being a security-first platform, they care more about | lock-in and marketing than they do about user security. | robertoandred wrote: | An intentional gap? Or a bug that they've now fixed? | Dylan16807 wrote: | Fixing this bug leaves the gap intact. | Grustaf wrote: | It's a pretty indirect gap, since it has nothing to do with | Apple's infrastructure, it's about users choosing to interact | with users of non-Apple platforms using insecure means. There | are dozens of secure cross-platform messenger apps that they | could be using, and SMS is a legacy technology. | georgespencer wrote: | Putting aside that I count at least two glaring examples from | this list[^1] in your reply, I suspect Apple would argue that | it is in fact _solely_ preoccupied with its users' security: | that's why iMessage is end to end encrypted and Apple does | not offer 2FA / OTPs via SMS. Apple does not generally try to | mitigate security issues which are beyond its control (e.g. | non-Apple devices, protocols). | | [^1]: https://en.wikipedia.org/wiki/List_of_fallacies | jeroenhd wrote: | > and Apple does not offer 2FA / OTPs via SMS | | Last time I checked, Apple still used security questions | any hacker can get answers to on Facebook. I'm not all that | confident about Apple's approach to account security. | | Apple has the ability to control security issues on | Android: they can release an Android app, like every other | E2EE messenger out there. | | Apple _chooses_ not to, and it 's their choice, of course. | It doesn't care about the privacy of it's non-users, and it | doesn't care about the privacy of its users when they | communicate with non-users. From what I can tell, it only | cares if you stay within the Apple bubble. | philistine wrote: | Those security questions are now very much optional. I | made sure to lock down my Apple account. If I lose either | my password or access to all my devices, the only thing | that can unlock my account is a long printed code or | permission from a trusted family member. My account no | longer has security questions. | | Apple is doing it optionally because they're trying to | balance two opposing forces here: helping its users | access a locked account, and giving users tightly locked | accounts. | georgespencer wrote: | My points are narrowly related to the parent's assertion | that Apple preventing Beeper Mini interoperability / | allowing SMS is evidence of their convictions relating to | privacy being hokum, but since you're not one of those 3 | month old accounts I see making specious arguments... | | > Last time I checked, Apple still used security | questions any hacker can get answers to on Facebook. | | Apple's default for a number of years has been to use | trusted devices IIRC. Their kb article on resetting a | forgotten Apple ID password even suggests that it's | better to wait until you're back with a trusted device | than to immediately try to reset without one, suggesting | that the process is somewhat intensive and perhaps | subject to human review? I just kicked it off online and | the first question _is_ to confirm an obfuscated cell | phone number, but I can't imagine that after that it's | mother's maiden name dreck? | | > Apple has the ability to control security issues on | Android: they can release an Android app, like every | other E2EE messenger out there. | | Which would thus expose them to security weaknesses of a | device and OS they do not control, and potentially expose | iPhone and iOS customers to increased risk should an | Android iMessage user's phone have malware, or screen | scraping, or keylogging, etc. | | > Apple chooses not to, and it's their choice, of course. | It doesn't care about the privacy of it's non-users, and | it doesn't care about the privacy of its users when they | communicate with non-users. From what I can tell, it only | cares if you stay within the Apple bubble. | | Nail on the head, but I do think that folks overstate the | simplicity with which Apple could provide a comparably | secure iMessage experience on Android. | reaperducer wrote: | _Last time I checked, Apple still used security questions | any hacker can get answers to on Facebook._ | | Check again. | | I recently reset a forgotten iTunes password. This | required: - An email verification | - An SMS verification - A verification code | sent to another device on the account - A ten- | day wait - Another second device verification | | That's 5FA authentication just to reset a password. | | The days of answering personal trivia questions to reset | passwords are long gone. | saintfire wrote: | > Apple has the ability to control security issues on | Android: they can release an Android app, like every | other E2EE messenger out there. | | I'm surprised I haven't seen this mentioned more. They | could even make a green (or whatever colour they wish) | iMessage bubble to denote that it is not from an Apple | device. Seems like it solves all the problems people | present with E2EE/iMessage with Android interop. On the | issue of spam, which I feel is just grasping at straws, | You could allow blocking unknown non-Apple iMessages by | default. Unless I am mistaken, this really only leaves | the walled-garden as the thing that stops Apple from | implementing something like this. | | In fact, you could even only allow Android iMessage | conversations that include at least one genuine Apple | device. This combats the argument that they shouldn't | have to give resources away to Android users for free. | This would be added-value to their own customers by | providing more streamlined messaging with their Android | contacts. Such as situations where group chats are forced | to swap to MMS for a single Android user, sending | pictures/video to a friend, etc. | goosedragons wrote: | They do offer 2FA via SMS. This is AFAIK the ONLY option | for Android/non-Mac users. Why are those users less | deserving of decent security? Apple still sells and offers | services outside their platforms, so they're still | customers potentially with hundreds or thousands of dollars | worth of purchases and CCs attached. FFS Nintendo has | better 2FA options than Apple for non-Apple platforms. | georgespencer wrote: | > Why are those users less deserving of decent security? | | Because they don't own an Apple device or have iMessage, | which is the entire point of this discussion? | goosedragons wrote: | So Apple only cares about security for Apple platform | users and not all users of Apple services? Such | commitment to security... | kevincox wrote: | This is like making a car where the airbags only deploy if | you hit another car of the same brand. | | Sure, if this car is super safe it may be better if both | you and the other driver both had it. But it is clearly | better to have airbags, even if the other car is less safe | than it could be if it was from the first-party brand. | | It is one thing to not try to mitigate security issues | outside their control and another thing to remove possible | security because you don't control it entirely. | 7e wrote: | A third party client in iMessage allows for spam attacks, and | (worse) malicious payload attacks. It's very much in the | interests of security that Apple fence them out. | danShumway wrote: | I don't think it's at all clear that the approach you | describe is working: https://www.wired.com/story/imessage- | interactionless-hacks-g... (2019), https://www.forbes.com/s | ites/daveywinder/2023/06/02/warning-... (2023) | | Of course, this is a hard problem. I'm not saying Apple is | bad at security, many good messaging platforms run into | these kinds of problems. But the way you fix these problems | (and the way Apple in fact did fix the bugs above) was | through patching their own software, not by trying to | control what attackers can send. | | If security researches can send a malicious payload attack | that compromises iMessage, the solution is not to make sure | they can't send that payload (which would be impossible to | guarantee anyway), the solution is to patch iMessage to no | longer be vulnerable to that payload attack. | | One hopes that the only thing preventing your iMessage | client from being compromised is not whether or not the | attacker has a spare $1,000 lying around. | api wrote: | The longer term solution is to stop using memory unsafe | languages. | danShumway wrote: | Regardless, when a buffer overflow happens, it's not | reasonable to say, "well, we'll just make sure nobody | sends us badly formatted or maliciously formatted data. | As long as only iPhone users can send us data then we can | trust it." | | The actual solution is to make the client/server not be | vulnerable to malicious payloads that would cause a | buffer overflow. Whether you do that by patching bugs | individually or switching to a memory safe language, or | whatever strategy is used -- "don't send our messaging | platform bad data" isn't a security fix. | maxlin wrote: | Since apple has no control over your fire extinguisher, they | sent a man to securely take it from your house and dispose of | it. It could have been a bomb for all you know. | vosper wrote: | Except that the iMessage system belongs to Apple, not to you | | > The app doesn't connect to any servers at Beeper itself, | only to Apple servers, the way a "real" iMessage text would. | | https://techcrunch.com/2023/12/05/beeper-reversed- | engineered... | georgespencer wrote: | Do you really consider Apple's control over a proprietary | protocol which they invented and maintain to be comparable to | a scenario in which Apple "sends a man" to take "your fire | extinguisher [...] from your house"? | | I've re-written this comment five or six times in an attempt | to find the most charitable interpretation, but I just cannot | comprehend how it made it through your filter and out onto | the internet. | iAMkenough wrote: | There's an open standard they're refusing to adopt that | would be more secure than forcing users back to SMS. | Hamuko wrote: | Are you referring to the one that they're adopting? | georgespencer wrote: | Apple is adopting RCS, but as far as I can tell your | reply has nothing whatsoever to do with my comment. | kamilner wrote: | If you mean RCS, end-to-end encryption is not part of the | standard, it is a non-standard extension supported only | by the google messages app | https://support.google.com/messages/answer/10262381?hl=en | Rebelgecko wrote: | Does RCS need E2E to be better than SMS when it comes to | privacy/security? | llm_nerd wrote: | Yes, it does. RCS without E2E is following the SMS model | and putting your telco in charge. It uses transport | encryption but that is basically meaningless when every | relay sees the entire contents of the message. | Rebelgecko wrote: | Does that mean Stingrays and just regular old SDRs can | still pick up RCS messages? | llm_nerd wrote: | RCS uses transport encryption and I honestly have no idea | if it uses cert pinning or server certs or the like. The | bigger concern to me is that it puts your telco in | charge, just like the old days of SMS. Without E2E they | get to see all of the contents of messages and to share | it with whoever they deem they want to share it with, | which history has shown is too many people. Telcos were | very willing partners in the development of RCS for a | reason. And there's a reason the base spec doesn't | include E2E. Telcos want a return to the good old days. | | SMS is insecure and no one should use it. RCS isn't that | much better and history is a lesson that it returns to a | partner that isn't trustworthy. | NavinF wrote: | Yeah anything that's not E2E encrypted is pretty useless | for privacy/security these days. Might as well just use | DMs on reddit, twitter, etc if you don't care about E2E | dwaite wrote: | IMHO profiled RCS is notably worse than SMS for privacy, | because the vast majority of RCS servers are hosted by | Google. | | SMS can be read but it is still at least somewhat | decentralized. It isn't being funneled to a single party | whose business model is profiling users. | zem wrote: | i am just flabbergasted that we are living in a timeline | where the phrase "proprietary protocol" is a real thing | NavinF wrote: | Aren't most protocols proprietary? Every app builds their | own on top of standard protocols like HTTP, TLS, and IP. | Not all services are hostile to third party clients | though | zem wrote: | well, there's proprietary in the sense of "not a | standard" and proprietary in the sense of "no one else | can make software that uses this protocol". the latter is | very weird if you think about it. | NavinF wrote: | Eh not really that weird. Consider how Microsoft | repeatedly reverse engineered AOL for compatibility | reasons and AOL actively blocked their efforts with every | update: https://youtu.be/w-7PjunSxLU | | Stuff like this happens all the time and the internet has | always been like this. I'm sure older users will remember | even older examples | maxlin wrote: | It's not a super serious comment, it's more about how | ridiculous the tone of "We are doing this for YOUR | protection" would be. | | On a more serious note though, in the end Apple absolutely | has the power of increasing everyone's capability and | security by doing something like setting up a playbook of | how iMessage could just use Signal protocol and how other | actors could join in, or really anything else but doing | this. | georgespencer wrote: | > It's not a super serious comment, it's more about how | ridiculous the tone of "We are doing this for YOUR | protection" would be. | | Right now I can presume a basic level of device security | across all iMessage threads I have. Beeper deranges that: | E2EE is still there, but Beeper exposes my correspondence | to device security weaknesses from other OEMs, malware, | keyloggers, screen scrapers, etc. as a result of lax app | marketplace security & privacy. | | It seems to me to be entirely disingenuous to suggest | that Beeper _increases_ security: in fact, the opposite | is true. | | > in the end Apple absolutely has the power of increasing | everyone's capability and security by doing something | like setting up a playbook of how iMessage could just use | Signal protocol and how other actors could join in, or | really anything else but doing this. | | I don't see why any company should be denigrated for not | helping the users of another competing platform, | particularly when doing so likely comes at the cost of | increasing the risk to its own users. | scatters wrote: | Does Apple block imessage on rooted phones? If not, what | level of device security do you really have? | georgespencer wrote: | In addition to explicitly prohibiting it as a violation | of the iPhone EULA, Apple goes to extraordinary lengths | to close the exploits which allow jailbreaking. Apple | doesn't just block iMessage on rooted phones, it tries to | prevent jailbreaking _outright_. | lelandbatey wrote: | If more users are sending encrypted messages over APNS | instead of SMS (remember, SMS is effectively unencrypted | plaintext), that sounds like the definition of "more | security". | | Hmmming and hawing over "OEMs... and ...lax app | marketplace security" seems like quite a high bar to | hold, a bar so high it ceases to be useful. Remember, | iPhone users can disable passwords on their iPhone | entirely; if that's not something you ever worry about, | then worrying about a minority of OEM's seems like mere | pretext to keep your comfy walled garden all to yourself. | maxlin wrote: | The whole underlying point is that Apple will do anything | to virtue signal when in reality they are making a | decision on improving their profit regardless if it | decreases security of its customers and other people. It | is undeniable and silly to argue against. | georgespencer wrote: | > Apple will do anything to virtue signal | | Subjective, speculative. | | > when in reality | | I think you mean "when in my opinion". | | > they are making a decision on improving their profit | | Speculative, and "improving their profit" is clumsy | enough vocabulary that it's a red flag on continuing to | discuss this with you. | | > regardless if it decreases security of its customers | and other people | | The plurality of countervailing perspectives in this | thread - which you have failed to address or refute, as | far as I can tell - ought to indicate to you that it is | arguable that Apple's decision in this case _increases_ | security of its customers. | | > It is undeniable and silly to argue against. | | I'll let others judge who seems silly here. | maxlin wrote: | You know, one doesn't really even need to read the whole | of your comment to know your way of "debating" is dead in | the water. Take the argument as a whole. "Isolating" | parts of it just makes you look like you're debating for | flat earth or the like lol. "Red flag" rofl grammar | police | | My point stays exactly the same. You haven't said | anything real against it. | cremp wrote: | > a basic level of device security across all iMessage | threads I have | | Is that really true though? Jailbroken phones, iMessage | may still work. Any device security gets thrown out the | window. | | You also can't expect everyone to have an Apple device | for security, which we've seen time and time again SS7 | being weak - So is the requirement to remove SS7, for | everyone to jump on the Apple train? | | I see Beeper as doing Apple a service, not so much a | competing platform, but a gateway to the iMessage | ecosystem - 'Hey, this would be pretty cool to use | without this app and have it native' vs the 'Only Apple | devices can use this.' | georgespencer wrote: | > Is that really true though? Jailbroken phones, iMessage | may still work. Any device security gets thrown out the | window. | | Apple closes exploits which allow jailbreaking, precludes | it in the EULA. What more would you have them do? | feitingen wrote: | > Apple closes exploits which allow jailbreaking, | precludes it in the EULA. What more would you have them | do? | | Preventing jailbreaking is not a good thing, in part | since that's what allows us to check on what Apple is | doing on the device, in regards to privacy, security and | e2e encryption. If nobody can check, do you suppose we | just accept their statements about the device as fact? | danShumway wrote: | > comes at the cost of increasing the risk to its own | users. | | iMessage using SMS to communicate with Android devices | increases the risk to iOS users. Apple customers are | still Apple customers when they communicate with Android | users. | | Every risk you describe is still present in the current | implementation of iMessage when communicating with | Android users, except the risks are much greater because | SMS is much easier to exploit and intercept than an E2EE | protocol would be. | | A message platform that forces Apple users to use an | insecure protocol when communicating with Android users | decreases the security and privacy of Apple users. | | So even an imperfect implementation of real E2EE between | Apple and Android users, even with all the risks you | describe above, is still an improvement in security over | what we have right now: a situation where Apple forces | iMessage users to use to what is quite possibly the least | secure communication method possible when communicating | with their friends and family in different ecosystems. | | It's not necessarily about helping the users of another | competing platform, _Apple users_ who are using normal | iPhones are sending unencrypted and unsecured messages to | their friends and family members because Apple is more | interested in vendor lock-in than it is interested in | making sure that its customers are able to communicate | securely with their contacts. | | The idea that Apple users would suddenly stop caring | about security or that they wouldn't want their | conversations encrypted just because they're talking to | someone else who's on an Android device is very strange | to me -- it suggests that Apple is willing to sacrifice | security for paying iOS users just to keep Android users | from seeing any of the benefits of those security | improvements. | | Yes, there may exist reasons to distinguish between | locked down vendor-controlled devices where users do not | have the autonomy to change device settings that could | damage encryption, and devices where users do have that | autonomy. I understand that concern, even if I think it's | usually disengenous. But there is really no reason and no | excuse (especially now that we know how easy it would be | for Apple to take its encryption multiple-platform) for | going beyond distinguishing between those devices, and | going so far as to actively drop all security measures | and all encryption from those conversations. It's like | saying that because a window can be broken we might as | well take the door off of its hinges and put up a | "burglars welcome" sign -- and, incredibly, it's claiming | that anyone who tries to replace the door without | permission is somehow _decreasing_ security. Apple doesn | 't just distinguish between controlled and uncontrolled | environments, it removes the door entirely by dropping | its users into a messaging format with no end-to-end | encryption at all. It's a bad policy that hurts Apple | users and decreases their safety. | willseth wrote: | What? Does a fire extinguisher connect to Apple servers? Does | a fire extinguisher secretly being a bomb affect the security | of others? I don't know if you could have come up with a | worse metaphor. | jrflowers wrote: | If you think about it, blocking an app and stealing your | fire extinguishers are both actions that a person or | corporation could theoretically do. Since they are both | actions, they are equivalent. Therefore blocking an app, | burning down your house, baking a pie, writing a sonnet, | doing a backflip are all the same thing. | willseth wrote: | Ahhh and to think all this time I thought I knew what a | metaphor was. It's literally any comparison! Silly me! | jrflowers wrote: | It's spooky. If you think about it if Apple can block an | app what is to stop them from breaking into your garage | and modifying your car to talk like KITT from Knight | Rider but instead of being helpful it makes mean remarks | about your clothes that make you cry?? What if Apple | filled your refrigerator with concrete? They could build | a brick wall in front of your house and paint a replica | of the outside on it so you run into it like a looney | toon! | willseth wrote: | Shit. E2EE encrypting my refrigerator brb | JumpCrisscross wrote: | Really, your comment is equivalent to a black hole or | pomegranate, since they're all things. | willseth wrote: | I didn't even realize my mind could expand to this level. | JumpCrisscross wrote: | It was always that level! Those are both things too! | willseth wrote: | Ok giving up software to become a monk now. | ysofunny wrote: | It's a new more advanced fire extinguisher that is 'smart' | and has a touchscreen and it smells really nice* and what's | even better, | | it's going to become illegal not to have one in california! | so you better invest NOW!!! | | go to double U double U double U blah blah blah dot yadda | yadda yadda | | *full disclaimer, this technology is patent pending** | | **doubly full disclaimer, "patent pending" in the sense | that the invention is still to be invented, the panel of | experts said 20 (more) years! | maxlin wrote: | It does work as a metaphor because if Apple could force you | to use their iExtinguisher and ban others they absolutely | would, with the argument that they are improving fire | safety. | echelon wrote: | It's time that we as an industry push back against Apple and | Google. | | The smartphone is the single most important device for modern | life and society. It's news, photos, communications with | loved ones, work, entertainment, food, paying for practically | everything... | | And it's just two companies. Two companies with an iron grip | over such a wide and diverse set of functionalities that, | taken together, should be as inalienable as free speech. | | - They control what you can put on the devices (or in the | cases where they're open, they _scare you_ or make it | exceedingly difficult). | | - They tax all innovation happening on the platform. Because | web is second class. If you build an app, you have to pay for | ads against your own brand. You can't have a customer | relationship (yet Google and Apple get that). You have to | keep up with their release cycles on their timeline. They can | deny you or ban you at any point. They take 30% of your | margin. You're forced to use their billing. In many cases, | they actively develop software that competes with you. | | - They're extremely user hostile. The devices aren't easily | repairable, the batteries force upgrade cycles, and they do | stupid things that make your kids want to buy the most | expensive model for clout. Green and blue bubbles, etc. | | - On top of this, they're gradually eating away at every | related industry. The music industry. The credit cards and | payments and finance industry. The film industry. It's all | getting absorbed into the blob that is the locked down | smartphone. | | - They turn their devices into "CSAM detection dragnets" | (read: five eyes, US, China, and every other entity that | wants to surveil). | | This is fucking absurd and it needs to stop. | | We need more than two device and platform manufactures. | | Apps should be at least one of: (1) portable, (2) freely | installable from the web without scare tactics, (3) web | should be first class / native | | The device provider shouldn't be able to use their platform | play to maintain dominance. The cost of switching should be | zero until there are enough new peer-level competitors. | | I could keep going... the status quo is a tax on the public, | a tax on innovation, and a really overall unfortunate | situation. | fsflover wrote: | The alternative phones outside the duopoly exist. | | Sent from my Librem 5. | nvy wrote: | Have Purism solved the problem where it will randomly | burn through an entire battery charge in an hour? | | That basically makes it a non-option for the overwhelming | majority of people, and it was still an issue 6 months | ago. | | I really want to like the Librem but it's hard to justify | the price tag when you're going to have to carry another | phone around with you anyway. | Hackbraten wrote: | I use a Librem 5 as my daily driver without carrying a | second phone around. | | The battery thing is not an issue for me in practice. I | carry a spare battery (they're swappable), but I never | actually need it because there's USB-C chargers | everywhere I go, and I made it a habit to plug it in | whenever I can. | fsflover wrote: | I don't have such issue. The battery is sufficient for | one day unless I use the phone heavily. | | Edit: Actually it did happen when I opened a Firefox tab | with a heavy js and left it open with deactivated | suspend, which you shouldn't do on any phone (and even | then it's more than a couple of hours). | rezonant wrote: | Agreed with all of this. I'm happy to see others who care | about these issues- all too often on HN that's not the case | :-\ | chx wrote: | > They take 30% of your margin. | | that would be nicer than the current situation where they | take away 30% of your revenue | WWLink wrote: | It's really not just two companies trying to pull this | bullshit. Microsoft and Samsung also try to do the | "ecosystem" bullshit. If you try to use a streaming music | service other than Spotify, you'll eventually notice almost | all social media has an exclusive connection with Spotify | to do things like share "now playing" songs or your | playlists or whatever. Retail companies tried to force | everyone into their payment platform lol. Banks try to | force you to only use iOS or locked-down android distros. | (Some are even deprecating their desktop websites and | forcing you to download the app now, apparently). | | There's also the mountain of 'mobile first' (aka mobile- | only) garbage out there, and stuff that is nerfed on mobile | unless you download the app (so they can squeeze telemetry | out of you). | | Don't get me wrong, I'm not defending Apple or Google - far | from it - but I'm saying there's a lot of real crap going | on in tech right now. | | To be fair, I am a curious person and use both android and | iOS. I use onedrive and (sigh) icloud for storing photos. | On my android phone, I can actually have it sync pictures | to onedrive and nowhere else (and it'll free up the | storage, even! I think...). On iOS it either fills your | phone up and then nags you constantly to manually delete | pictures, or you use iCloud. There's no other choice. | CharlesW wrote: | Keep in mind that this is spin -- Erik's statement is | ridiculous, and he knows it. To think that Apple would somehow | not treat Beeper like any other bad actor hacking iMessage | protocols is delulu. | Grustaf wrote: | Sure, that's fair. But if he knows that, why spend the time | to build this app in the first place? Is it a marketing play? | It did buy them a whole lot of attention. | lisper wrote: | > It did buy them a whole lot of attention. | | Ding ding ding! We have a winner! | pjz wrote: | Besides the obvious attention play, he might be going for | an acquisition play... "Why bother writing our own iMessage | for Android when we can just buy this little company that's | already done it?" There's obvious issues with that plan, | but that doesn't keep delusional founders from being | delusional. | paulryanrogers wrote: | Apple chose not to support Android on purpose. They know | iMessage exclusivity drives hardware sales. The emails | have come out proving as much. | | It's the same reason they dragged their feet supporting | RCS, until regulatory pressure started mounting. | cyanydeez wrote: | exclusivity is all Apple runs on after it's tech succeeds | politician wrote: | As much is apparent to anyone who has used Xcode or has | encountered the special appeals process behind the | official appeals process behind the ostensibly fair and | evenly-applied public AppStore review process. | AlexandrB wrote: | > They know iMessage exclusivity drives hardware sales. | The emails have come out proving as much. | | I find this incredibly hard to believe. And just because | the Apple marketing department believes something is | true, doesn't make it so. | | Maybe I run in a weird crowd, but I've never met anyone | who cares whether "text messages" are delivered over SMS | or iMessage. In general most messaging I do happens over | Signal, WhatsApp, Discord, or (in a few unfortunate | cases) Instagram messenger. | paulryanrogers wrote: | Hard for you perhaps. Disclosures from the Apple v Epic | litigation indicate it's true. | | https://www.thurrott.com/apple/248931/apple-didnt-bring- | imes... | vagrantJin wrote: | I must be an idiot. Never even heard of iMessage before | this debacle - I wouldnt even know I was using it. | | On a more serious note regarding the Hardware sales- | Apple inc does not make that much profit based on "what" | they sell, its "who" they are selling to. | threeseed wrote: | They didn't spend much time building this feature. | | It was an acquihire involving a 16 year old who was doing | it for fun. | singpolyma3 wrote: | Except they didn't hire him? He gave them some kind of | info about the sms verifications, which they then had | their devs implement. | selectodude wrote: | The Github page for the iMessage hack said something | about Beeper "acquiring" it. Not entirely sure what that | means in practice since it was open source code on | Github. | kyawzazaw wrote: | They contracted him | dylan604 wrote: | But what kind of attention did it garner? Now, we all know | that these folks are pretty delusional. They spent time | developing an app that everyone except them knew was not | long for the world. A rational company would realize that | it wouldn't live long enough to recoup any money. Releasing | such a still born product doesn't make me feel warm and | fuzzy about it. Hell, Google releases products that live | longer than this. | SCM-Enthusiast wrote: | Continue to watch this space, remember - He created the | pebble. The cost of this "Experiment", to put forward a | point at a super simple level. reverse engineering | architecture and providing a service on top of this would | be a huge space, if it were allowed. | ysofunny wrote: | but the real problem some of use have with Apple's behavior | is the real underlying reasons they're doing this | | I am reasonably sure that their main driver is profit which | really means exploitation of people; | | I consider their public arguments lies made up to cover up | the fact that what they account for as profit comes from what | are in the end some really ugly historical and traditional | imperialistic (colonial, neocolonial, and occulted) practices | threeseed wrote: | > I am reasonably sure that their main driver is profit | which really means exploitation of people | | Just wondering if you've forgotten what site you're on. | | This is YC which exists to build companies whose main | driver will always be profit. | singpolyma3 wrote: | There are companies who have come out of YC who have main | drivers other than profit. | meindnoch wrote: | Yeah. E.g. cashing out and leaving the business to | bagholders. | anomaly_ wrote: | so buy/use something else? | KerrAvon wrote: | > I am reasonably sure that their main driver is profit | which really means exploitation of people; | | What phone do you use that does not have the same issue? | theshackleford wrote: | I'm poorer for having read this unsubstantiated drivel. | JumpCrisscross wrote: | > _reasonably sure that their main driver is profit_ | | As opposed to Beeper? | foobiekr wrote: | Spam. Spam is the reason and the Beeper guys know it. | doctoboggan wrote: | My guess is Beeper calculated this was likely to happen | eventually (maybe not this fast), but that they would get good | press on the initial launch and on the shutdown announcement and | that press would be worth the technical investment they made. | They do have a different service they still offer and some | percentage of people are looking at that now. | evbogue wrote: | Yah, this is a great runway to launch a chat app with real | encryption. | jeroenhd wrote: | They already sell a wide ecosystem based on Matrix. The whole | point of this app was to connect without relying on Matrix | bridges. | etrautmann wrote: | I find this a bit confusing though. It seems like this was an | inevitable outcome, but what do they gain from this technical | investment aside from exposure. Their website doesn't steer | users to anything other than the now cut-off Beeper mini? | MBCook wrote: | Exposure is something. The fact the developer had the chops | to do this is now on the public record. That could be very | valuable for getting a job or a college scholarship (since | they're in HS). | yellow_lead wrote: | Are you referring to the developer of the GitHub project | they bought or the Beeper Mini devs? | MBCook wrote: | Were they not the same person? You're right that doesn't | make sense. | | The GitHub developer I guess. Still his project got | noticed because of all of this so it still sort of fits. | iKlsR wrote: | I did something similar, built an entire app around an | undocumented developer api, got a lot of users and then | ended up in a good enough position to find out there was a | "hidden" official api for sale and it opened a lot of doors | as well even to the same site had gotten it from. For | someone as young as that with nothing but time, I'm sure | they knew the outcome and it blowing up was probably more | than they could ask for. | MBCook wrote: | Anyone who has paid any attention to Apple knew this was | gonna happen relatively fast. | | Doesn't mean it wouldn't be an awesome project to do. I | don't blame them one bit. It's an awesome achievement. | lolinder wrote: | What do the Beeper investors get out of the kid having | better job prospects? I don't think anyone is questioning | that the whole situation has been great for the kid, the | question is what the Beeper execs were thinking. | KomoD wrote: | They have another product, Beeper Cloud, does the same thing | + includes a bunch of other messaging services but (as the | name implies) runs in the "Cloud" | okdood64 wrote: | Wait, how do they run cloud with iMessage? | dlazaro wrote: | They send your Apple credentials to a machine (possibly | virtual) that runs macOS, which sends and receives | messages. Those messages get relayed through Beeper. | aftbit wrote: | Why? Because they could! | sgjohnson wrote: | > from this technical investment | | What technical investment? They bought an open-source project | from a high-school student. | | Beeper Mini is an app they would have built anyway. They | simply implemented the bare minimum of iMessage functionality | there. Which is a couple of days worth of work, maximum. | Maybe a week. And some for testing. | | I'm somewhat certain it cost them less than 5 figures. And if | it did, what a great marketing campaign. I had no idea what | Beeper even was before this whole fiasco. | manmal wrote: | More like a few weeks to months since there's also emoji | support and endless scrolling etc, but yeah. I agree it's | doable by one developer and that's quite affordable to do, | considering the scale Beeper is at now. | lolinder wrote: | I still have no idea what Beeper is, because beeper.com | only talks about Beeper Mini. I'm getting from some people | here on HN that there's another product... somewhere... but | if the purpose of the whole exercise were to draw attention | to that product shouldn't they be _doing that_ somehow? | | As is all I know about is the chat app whose primary sales | pitch is the now-broken iMessage interop. | willseth wrote: | Agree. It shows off their technical chops and gets a lot of | press attention and goodwill for their target market of Android | users who mostly don't like Apple. | LeafItAlone wrote: | That seems like a possibility. But if I was a user (and I am | admittedly not), I would be _less_ likely to continue with | their services after something like this. This experience would | not instill confidence in me that any of their services would | be stable. | neilv wrote: | Of course, open standards are part of the answer. | | Even if Apple would permit something like Beeper Mini for now, | that would not only relieve demand for actual open standards | efforts, but also put more people at the mercy of Apple. | | (This is not a new idea. For example, every time I see another | open source project push people to Discord for | support/discussion/community, I make a big sad and disappointed | face.) | 123sereusername wrote: | Why not just use signal? | wffurr wrote: | No one is stopping you and everyone you know from switching to | Signal. | | You can even use Beeper (Cloud) as a client if you don't mind | using a relay. They also had plans to extend Beeper Mini to | support Signal and other e2e encrypted chat apps with no relay. | mrweasel wrote: | This comes up in just about any conversation regarding | iMessage, and it's pretty out of touch with the real world. | Apple backed iMessage into the same app that does SMS, so you | can't not use that app, SMS is still relevant. So iPhone users | are going to use that app. Now imagine that 90% of your friends | and family use iMessage, but not by some deliberate choice, but | because they just view it as fancy text messaging. How on earth | are you going to convince all those people that they should | download Signal, WhatsApp or Telegram? The answer is that you | don't. You might get a few people who already use Signal to | start contacting you that way, but the rest... they aren't | going to install yet another app just because you don't like | iMessage, and when SMS still works just fine. But now you're | excluded from all group chats and videos or largish images. | blindriver wrote: | As someone in tech, I think it's awesome they were able to find a | way into iMessage. | | As an iPhone user, I hate the idea that spammers can now use | iMessage, and I'm glad the service was taken down. | | Both things can be true at once. | makeitdouble wrote: | Won't spammers just continue using the macos bridged other | services instead of the direct to Apple way ? | MBCook wrote: | What do you mean? There are no services bridged to iMessage. | 1123581321 wrote: | He refers to Mac apps like AirMessage that relay | information from iMessage's SQLite database or control the | screen, and are connected to a messages app on Android. | tredre3 wrote: | Beeper Cloud, their other product, does exactly this... | | https://help.beeper.com/en_US/chat-networks/imessage | mh8h wrote: | If they have to use real Apple hardware, and those devices | are blocklisted by Apple when the spam is reported, spamming | stays cost prohibitive. | nomel wrote: | I also assume there are iMessage rate limits in place, that | if exceeded, trigger some analysis. If that's true, then | hardware costs would also be proportional to rate. | | I suspect there's some dark market for broken iPhones, and | perhaps some rate limit for activations within a city | block/building. The last time I had iMessage spam was years | ago, so maybe it's not so practical. | lotsofpulp wrote: | The first time I received iMessage spam was Aug 22, 2023 | from +1 626 453 4929. And the second time was Oct 11, | 2023 from edgardonikko@gmail.com trying to get me to | click a link to malware. | jeroenhd wrote: | With how many "rent a mac mini stuffed in a datacenter" | services are out there, I wonder how cost-prohibitive | blacklisting specific devices really is. | sdfhbdf wrote: | If a serial number of the mac mini is blacklisted by | apple from registering for example with apple updates or | any other apple connected services, then probably it's in | datacenters' best interest to keep spammers out of them. | aeyes wrote: | Cutting anyone off from security updates is a step too | far. | xyst wrote: | Spam is not really an issue. For me, it just goes to the | "Unknown Senders" tab. No notification, so I am not bothered. | Occasionally check it if I am expecting a message from a random | number. | cqqxo4zV46cp wrote: | Not really an issue for you. There are plenty of people for | whom this is not viable. | Arch485 wrote: | but... Spammers can still message you via SMS? In either case, | they just need to get your phone number. SMS vs iMessage | doesn't make much of a difference. | lotsofpulp wrote: | The difference is that spam is so rare on iMessage that the | blue color message has the trait of being more trustworthy. | In 15 years, I have only received 2 blue message, both within | the last few months. | bastard_op wrote: | I knew that was going to happen, it's become a status symbol of | like good vs. bad, the blue vs. green. | | Its become like a racial slur the blue vs. green, and that's | exactly what Apple wants to sell cellphones. You can't contact | the cool kids until you have a blue bubble, that means you're | like, cool or something. You can message me if you can afford an | iphone apparently. | meepmorp wrote: | > Its become like a racial slur the blue vs. green | | Take a moment to say this out loud to yourself, so you can hear | how fucking ridiculous it sounds. Notwithstanding the | trivialization of actual racism, it's just a throughly silly | statement. | z7 wrote: | This is a wake-up call. It's high time we demand open-source | messaging standards across all platforms. Imagine a world where | communication isn't dictated by corporate interests but by user | needs and innovation. | madeofpalk wrote: | There actually a bunch of competition for messaging apps, which | put forward user needs and drives innovation though. | schrodinger wrote: | Apple is probably the company that most has my interests at | heart: they're very privacy focused, masterful at encryption | and making it simple, and makes products I love. | | Do you really think they're the worlds most valuable company | because of "corporate interests" and not because people like | their products? | doublerabbit wrote: | > Apple is probably the company that most has my interests at | heart: they're very privacy focused, masterful at encryption | and making it simple, and makes products I love. | | Apple is a business, they have no users interests at heart. | They may be very privacy focused, and maybe masterful at | encryption but for sure they do not make products I love. | Their instant change of UI, forceful updates and | territoriality behaviour are some of the toxic behaviours | that drive me mad. | | As the same of Google. After Google banning my email for | "non-inclusive" reasons wolfcub@gmail.com when I was 17, I | will never return. | | So within mobile, while only real alternative is Apple. Apart | from my computer which is FreeBSD which will soon to be Haiku | once it matures. I just couldn't get everything working with | OpenIndiana and how I wanted it to be. | schrodinger wrote: | We can all have our preferences. But I love having a very | fast laptop that lasts 18 hours on a single charge, for | under $1,000, with a high-dpi screen. My Macbook Air M1 is | a product I and a lot of people love. | doublerabbit wrote: | I'm sure, and I'm not one to launch flame at those who do | love. If it works for them, great! I'm glad those find | pleasure in them. They have pros/cons, as does cloud | services which stems off for me in to another dislike. | I'm used to my own ways, as everyone else is. | | There's not much else I can say to the discussion but | just wanted to reiterate my point that I'm not hating | others for the reason but just disliking for the reasons. | I've never been a laptop fan. | | With awkward hands, handheld consoles, controllers, | laptops have never jelled for me. Yet constantly | disappointed for that they've have never been taken | catered for. As VR with glasses, Netflix non-continuing | content I enjoy; everything I seem to enjoy just | vanishes. Sad, as after experiencing tech at such a young | age with so much potential; for it to be regurgitated to | how it is, singular devices makes it depressing. | | I must be a niche but I just assume companies have to | cater to the majority, for which I'm not one. | schrodinger wrote: | I was only giving an example of an Apple product that _I_ | love, and can just as easily described my iPhone, except | I think and Android is probably just as good, or very | close, where the Macbook Air's leaped ahead of | competition. | | But anyway, this is only _my_ beloved product, and I | certainly hadn't even considered a disability that would | get in the way, and apologize for my ignorance. I hope | you can find some setup that works well for you | specifically that you end up loving :) | | Truly sorry--certainly didn't mean to offend. | doublerabbit wrote: | Oh, no offence taken at all. If anything it's something | I've been willing to express found the right time to | comment. | | I'm not psychically disabled as I have no deformities, | have fingers which work but it just seems that any | portable device I use gives me hand cramps or just not | enough room to flow. | | It would just be nice for the factory default to just be | usable. Thank you. | schrodinger wrote: | Btw I can totally understand your point. If I wasn't happy | with the choices that Apple "made for me" I'd be on your | side here. And getting blocked for that gmail address is | ridiculous! Just trying to find common ground--I think | you're reasonable for disliking Apple for blocking an | other-platform iMessage clone, but I also understand some | logical reasons for it and am ok with it. I hope that we | can all have our preferences without hostility (not that | I'm accusing you of it, but these convos often degenerate | into it imo). | | Hope you're having a great day :) | sbuk wrote: | > _It 's high time we demand open-source messaging standards | across all platforms._ | | What, like this https://github.com/signalapp? | | The only thing holding this back are end users. Not | corporations or governments. A safe, vetable 'standard' exists, | it just needs ratifying by a standards body. It is available | cross platform and is free of charge and free-as-in-beer | (mostly AGPL I believe). | | Messages app exists to send SMS, MMS and soon RCS. Apple | developed a convenience feature that allows users to send | enhanced messages to other users of the platform. Since the | platform is successful and has had compelling and useful | features added, it has found popularity in territories that | traditionally had free or cheap SMS bundles. The rest of the | world didn't have this golden noose and settled on other | platforms (WhatsApp, FB Messenger, Telegram, Line, WeChat, | Signal, Viber, etc...) _across all platforms_. | | Edited spelling/layout. | greyface- wrote: | Signal isn't a protocol; it's a centralized service that | wants you to use their official client only. The Signal | Foundation gets weird and starts making trademark threats | whenever someone makes moves towards interoperability (see | e.g. https://github.com/LibreSignal/LibreSignal/issues/37#iss | ueco...). | foobiekr wrote: | It isn't weird, its completely straightforward why this is | a problem. | globular-toast wrote: | Nope. You can't blame uses for this. The reason we have | governments at all is because individuals all operating | independently cannot get out of local optima like this | sbuk wrote: | I can and I did - installing alternatives is easy, as is | using them, as proven by literally the rest of the world | oustside of North America. In fact, _free and open_ | alternatives exist. | MBCook wrote: | Tell me when Facebook Messenger, WhatsApp, Line, WeChat, and | all the others are opened. | | Oh right. No one cares. Apple's iMessage is the only one a | large number of people seem to care about. | | I've never seen anyone call for opening the others. But Apple? | Constantly. | StressedDev wrote: | One thing which is really confusing is why are Android users | obsessed with iMessage? Android users can send text messages to | iPhones, the can call iPhone users, and they can use third party | messaging apps to communicate with iPhone users. | | It really isn't clear to me why so many people are so angry they | cannot use iMessage on Android. | LordDragonfang wrote: | Because I want the pictures and videos my iPhone-using parents | send me to not be crunched to shit, and I'm not going through | the effort of teaching non-technical users to use a different | messaging client. Same with the group chats that my partner's | extended family keep including me in. | MBCook wrote: | Apple announced RCS support. That will provide what you want. | LordDragonfang wrote: | Right, but that's likely not coming out for another year | yet, and requires everyone involved to update their phones | (yet another hassle for non-technical users, they will put | updates off for as long as they can). As the quote in the | article says, Apple clearly recognizes the issue, and | beeper mini fixes it _now_ , not "at some point in the | future". | cqqxo4zV46cp wrote: | Getting someone to update their iPhone is a matter of | them not actively dismissing iOS's repeated attempts at | updating itself. This isn't a good-faith argument. | MBCook wrote: | You know that's a great question. I've never thought to ask | that but boy does it seem to come up a lot. | jgaxn wrote: | The iPhone user experience for messaging with Android users | (especially MMS) is awful and the Android users in the group | chat get blamed for it. Having blue text bubbles show up when | someone texts you can be seen in some circles as a status | symbol. | cqqxo4zV46cp wrote: | Let's be clear here: Apple not yet implementing RCS aside, | the experience is horrible because SMS/MMS are horrible. | mission_failed wrote: | I can send the same mms from Android to Android and Apple | recipients and they receive the same media. Yet sending | from Apple to both the Apple users get good quality and | Android Apple deliberately sends pixelated rubbish. | MBCook wrote: | Apple to Apple is not MMS. | increscent wrote: | I recently switched from Android to iOS just for iMessage. SMS | is quite unreliable even in 2023. SMS messages don't have the | same delivery guarantees as IP-based messaging services. And | often I have internet access, but spotty cellular service. The | thing that pushed me over the edge was that my carrier happened | to block all my SMS for a day. I only found out about it later | in the day, after I had missed many (unrecoverable) messages. | To avoid this, I could either blindly trust some other carrier, | or use IP-based messaging. In my area, all my friends use | iMessage. Ideally, people would use Telegram, WhatsApp, or even | Matrix, but they don't. It's not uncommon to leave someone out | of a group chat just because they don't have iMessage--the | alternative is a subpar MMS experience. At some point, I'll | probably buy a cheap Mac Mini and run BlueBubbles, but for now | it's nice to not have to worry about messaging reliability, and | I get the added bonus of being able to Facetime my family | members, who all use iOS. | girvo wrote: | FaceTime is the real lock-in service for me. I use it for all | my video and most of my audio calls, it's second to none in | terms of reliability and quality. I wish that was accessible | from my work laptop! | HKH2 wrote: | I don't get why Americans cling so dearly to SMS. | inoop wrote: | As a European living in the US, it's been baffling to me. | Everywhere else in the world people use WhatsApp, Telegram, | Signal, etc. This iMessage green/blue bubble nonsense just | isn't a thing outside the US. | rtkwe wrote: | Apple has 56% of the US market compared to just 36% in | the EU, afaik the number gets even higher as you go | younger so the clique-iness is a lot stronger. | noirbot wrote: | I mean, isn't this just trading one bad monopoly for | another? It's weird to me that everyone's like "oh, the | backwards US where they gave in to the Apple monopoly. We | enlightened rest of the world use Facebook's Whatsapp | like real free people". | iforgotpassword wrote: | Yes, but at least you get the same experience on every | device with the other monopolies. | Pulcinella wrote: | My understanding is that unlimited SMS text messages have | basically been included free with cellphone plans in the | US for a very long time while that's generally still not | the case in Europe. So there hasn't been a need to find a | cheaper way to send messages. | JeremyNT wrote: | This thread basically sums it up: | | * Apple is really popular in the US | | * Apple users tend to rely heavily on Apple's default | applications | | * Apple's messaging app is the default, and works fine with | other Apple devices, but sends shitty SMS or MMS to non- | Apple devices | | SMS would disappear tomorrow if Apple adopts RCS. | | And if they allowed iMessage clients on other platforms, | they could corner the entire messaging market. | throw310822 wrote: | I don't understand, why don't you _force_ them to use | Whatsapp (or Signal, or whatever) to contact you? Get an app | that rejects by default SMSes coming from certain numbers. | They want to text you at all? They need to use Whatsapp, | otherwise they can go fuck themselves. (It worked for me when | a friend wanted to force me to contact him on Telegram rather | than Whatsapp- I resisted for weeks but at the end I gave | in). | | Once you automatically reject SMSes from those contacts, such | that _you don't even know_ they 're trying to contact you, | the ball is entirely in their park to take action. | Raicuparta wrote: | I don't use SMS myself but in this case it sounds like I'd | be better off just not being your friend. | throw310822 wrote: | Sounds like you'd prefer to keep inflicting to me and to | yourself a degraded experience rather than making the | tiny, one-time effort of installing a free app. Because | that's the whole point of this issue: the fact that you | can still get what you want (reaching me) is what | prevents you from making the smallest effort to make both | our lives better and easier. And I also don't expect my | friends to behave like that. | doubledash wrote: | Is this a legitimate question? No one is going to download | an app and use it to message one guy. | throw310822 wrote: | No one? I did. Normal, if you really care about that guy. | In any case, the app is free, what does it cost you? | Plus, the more people do it, the easier is for everyone | to move to an app that works for everyone. | ciabattabread wrote: | Fashion statement | haswell wrote: | An android user in an otherwise iMessage only group chat tends | to mess things up. Those Apple users tend to get frustrated by | it and group chat exclusion is a real thing. | | It's less about a specific feature set and more about inclusion | and acceptance from/by peers. | | This is especially prevalent among the younger crowd. Think | high school group dynamics playing out with phones. | | And then on top of that, photos/videos are terrible quality. | cycomanic wrote: | I realised this the other day, a friend send me a video via | mms (I'm on android) and the quality was super poor (like 90s | gif like quality). I though she must have some issue with her | camera or so, no next time I saw her we looked at her phone | (which is an iPhone), perfectly fine video. It's just apple | degrading the performance for who is not on an iPhone. | | I mean just imagine they'd degrade sound to nearly noise if | you'd call a non-iPhone. | meepmorp wrote: | > It's just apple degrading the performance for who is not | on an iPhone. | | The reason the video looks like ass is because MMS messages | aren't meant to be very large. While (iirc) there isn't a | hard limit, the recommended maximum message size is ~600KB. | The only way to fit a video into that range is to compress | the hell out of it. | hu3 wrote: | That's the technical reason. | | Apple knows of such limitations and does nothing to | improve the situation. In fact they ban those who try. | FTA. | haswell wrote: | Apple announced RCS support in 2024, so they're doing | more than nothing. Don't think we know yet how fully | they'll support it though. | meepmorp wrote: | > Apple knows of such limitations and does nothing to | improve the situation. | | Why would they? It's not their problem, nor does it seem | to be a big deal for their customers because they're not | clamoring for a fix. | | > In fact they ban those who try. FTA. | | They don't, thiugh. The App Store has tons of photo and | video sharing services, email, and other messaging | services; I'm sure any number of them would let your | iPhone-using friends and family easily send you a non- | mangled videos. This is a solved, dozens of times over. | | iMessage, on the other hand, is a service Apple provides | for Apple customers. They get to set the terms under | which it's used, and Beeper did not abide by those terms. | prmoustache wrote: | Are these iMessage group chat really a thing? | | In my part of the world Whatsapp is the defacto standard for | group chat and even for things like scheduling anpointment to | a doctor/dentist/hairdresser. | | And that is because it is available on android, apple devices | and even those cheap kaios halfsmartphones. | lotsofpulp wrote: | > Are these iMessage group chat really a thing? | | For some, but everyone knows and has the capacity to | download WhatsApp. | | The root issue is there is a lot of judgment about Android | users, hence wanting to restrict chats to iMessage. It's a | signal that you are part of the in group vs out group. | | Although, it is objectively convenient to have a group of | all iMessage users at events, because any pics/video get | shared at high quality with no extra work. | adaptbrian wrote: | Walled garden development practices sold under the guise | of privacy and security. It's a very tired and old | playbook that has real societal damage. So. Tired. Of. | It. | sneak wrote: | There's a reason why robocalls and spam emails and spam | paper mail are a nearly universal thing and iMessage spam | is not. | prmoustache wrote: | Ironically in the initial beep announcement some people | mentionned in the comments that imessage spam was already | a thing. | wbobeirne wrote: | At least in the US, it's very common. The iPhone has ~60% | market share here, skewed even higher if you limit to | higher income individuals. Text messaging is still the | lingua franca of communication here, likely due to the lack | of a single dominant messaging app. For those iPhone users, | the UX of texting someone on an iPhone with iMessage is | vastly superior to texting via MMS with Android users. | rtkwe wrote: | The US is odd that way that unified chat apps haven't made | as much of a headway. iMessage way more dominant in the US | and is the leader. | interpol_p wrote: | In my family they are. I am in Australia and almost | everyone I text has their phone number come up in blue, | signifying iMessage/iPhone | | For example, when RSVPing to a kid's birthday party, other | parents' numbers are inevitably blue. When selling and | buying items, the contacts for those sales have always been | blue numbers, it's rare to encounter a number that doesn't | "turn blue" when I enter it into the "to" field | | I would say maybe 5% of the people I know and text use | Android. For one of those people I use Signal, one other | has asked me to use Facebook Messenger, one has asked me to | use WhatsApp, and the remaining few use SMS. It's a pain to | use three separate apps to message just these three people! | | One of my cousins switched to an Android phone. This broke | our long-standing group message in iMessage, so she was no | longer able to be included in it. After two years of this | her siblings simply ordered her a new iPhone and she is | back in the group chat | | Getting everyone to move their default messaging behaviour | for one person is a huge ask. It was easier for one person | to just relay the group chat info instead, but when this | became annoying, it was even easier to buy her a new phone | octodog wrote: | It's highly dependent on the demographic I think. I'd | guess that I'm younger than you based on your comment | about having kids, and everyone in my social circles use | Facebook messenger or instagram. | georgyo wrote: | My daughter's parents group is all iMessage. The group is | too large to even downgrade to SMS. I am excluded entirely | unless I figure out methods to get into that group. | | It is very annoying and quite real. | trevor-e wrote: | From Google themselves: https://www.android.com/get-the- | message/ | | Apple is arbitrarily and intentionally making it a worse | experience than it needs to be. | dvngnt_ wrote: | it's the other way around | Brian_K_White wrote: | I think they don't like being spit on and excluded by iphone | users. Iphone users don't like when there are android users in | group chats. | | The reason the iphone users don't like it is because Apple | specifically and artificially makes the experience annoying and | shitty in several different ways, for the iphone users not just | for the Android users. | Pulcinella wrote: | Good grief! No one is spitting on people with Android phones. | If you really feel this way you need to put your screen down | and spend time talking to people in real life. No one is | persecuting you. | somebodythere wrote: | No one is literally spitting, but Apple intentionally | creates enough friction that Android users really do | regularly get excluded from group chats in the US where | iMessage is the convention for group chats. | Pulcinella wrote: | Chat app friction is not being spat on which is what the | OP literally said. Perceived inconvenience is not | persecution. | inoop wrote: | You may not have ever experienced this yourself, but it's | a known cultural phenonemon. Here's a New York Times | article: https://www.nytimes.com/2023/11/29/technology/pe | rsonaltech/a... | | > Over time, the annoyance and frustration that built up | between blue and green bubbles evolved into more than a | tech problem. It created a deeper sociological divide | between people who judged one another by their phones. | The color of a bubble became a symbol that some believe | reflects status and wealth, given a perception that only | wealthy people buy iPhones. | | ... | | > On dating apps, green-bubble users are often rejected | by the blues. Adults with iPhones have been known to | privately snicker to one another when a green bubble | taints a group chat. In schools, a green bubble is an | invitation for mockery and exclusion by children with | iPhones, according to Common Sense Media, a nonprofit | that focuses on technology's impact on families. | | > "This green-versus-blue issue is a form of | cyberbullying," said Jim Steyer, the chief executive of | Common Sense, which works with thousands of schools that | have shared stories about tensions among children using | messaging apps. | Pulcinella wrote: | That's very unfortunate and all, but, again, it's not | spitting. I don't think it's correct or good to say you | were spat on by iphone users for having an android phone | as if you were being persecuted for your religious | beliefs or race, especially if it literally never | happened. You can just factually describe events. The OP | doesn't need to lie or grossly exaggerate. | Brian_K_White wrote: | Yes in fact they are. I have the amazing ability to | recognize a problem even if I don't have it myself*. If you | really can't do that, perhaps you should try. | | * Android user in the US where this dynamic primarily | exists, but I just don't care because I'm not 20 any more. | I only very occasionally need to send a video or picture to | anyone, and in those cases, I know enough to use email or a | google photos link or something, which probably annoys the | recipient a little and makes me weird to them, but I'm just | ok with that since I know where the blame really lies. | Similarly in the occasional times I txt with family members | or friends, we're not in high school and so they don't care | about my green bubble, and I just accept the annoying | stupid extra txts I get that say "x smiled" or whatever. | That ux don't bother me in the sense that I don't spend any | time thinking and caring about it, but that doesn't make it | not utterly stupid and ridiculous, and especially so when | you know it's a deliberate act and not an honest technical | limitation. Astonishingly it's possible to both recognize | that something is not worth investing much care over, and | recognize that it's wrong and that it's a deliberate wrong | commited by someone and not just the weather. Amazing! | Pulcinella wrote: | Do you have a single piece of evidence that anyone using | an iphone has spat on anyone with an android phone | because of imessage? | Brian_K_White wrote: | Are you really this obtuse? | hu3 wrote: | Took 5 seconds to search and copy first link: | | https://www.wsj.com/articles/why-apples-imessage-is- | winning-... | Pulcinella wrote: | No one in that article mentions spitting. By your and the | OP's definition, everyone downvoting me is literally[0] | spitting on me and the WSJ locking the article behind a | paywall is also literally[0] spitting on me. | | This is of, of course, silly. The OP could have just said | they didn't like being excluded and doesn't like what | Apple is doing. That's fine. But spitting? That isn't | something that is happening. The language of "spitting" | is far to strong a description for what is effectively | console war, consumer electronic purchase fandom BS. Some | of use face actual prejudice you know! | | [0]metaphorically | LargeTomato wrote: | I can anecdotally confirm this is real. And not only | that, I'm actually surprised you've never seen this or | heard of this. Maybe you aren't in the US? Surely you're | not arguing in bad faith. | jaktet wrote: | They're just asking for actual evidence that iOS users | think down on Android users. There are multiple articles | that talk about this in the social circle of teens, and | likely exist in various adult circles as well. What I can | say is that it is extremely frustrating that texts don't | just work between users of different platforms. Some | Android users don't want to use WhatsApp, Signal, etc. | and that's totally fine. This feels like a closed wall | two party system debate, it shouldn't just be one or the | other they should just work together. | | As an iOS user I do not look down on Android users, I | have separate reasons for not using Android. That said I | think it's dumb that we need to use a different app to | communicate effectively in a group setting, and I'm | willing to use other apps, but not everyone is. So we end | up with the current state where sometimes new groups are | created when someone responds from a different device, or | a different experience occurs when someone reacts to a | message in a group thread. | gkbrk wrote: | > They're just asking for actual evidence that iOS users | think down on Android users. | | From their reply after you commented, no. That user is | asking for actual evidence that iOS users throw saliva | from their mouth at Android users. Not a figure of | speech, real liquid saliva. | paulryanrogers wrote: | Which is absurd. "To spit upon" is a common figure of | speech, and the person using it was clearly being | metaphorical. Even iMessage doesn't support saliva | transfer among iPhones ... as of 2023-12. | Pulcinella wrote: | I have literally never, ever, ever in my entire life | heard people say "I was spit upon" as a figure of speech. | Ever. Please don't accuse me of being absurd just because | I have not had the same life experience as you. | paulryanrogers wrote: | The context should be clear in their comments. If not a | web search usually helps me clear up any such | misunderstandings before any doubling down. | Pulcinella wrote: | People literally spit on you for having an Android phone? | Like they literally hacked up a glob of saliva and spat | on you as if you were doing a lunch counter sit in during | the civil rights movement? | gkbrk wrote: | > > Surely you're not arguing in bad faith. | | > People literally spit on you for having an Android | phone? Like they literally hacked up a glob of saliva and | spat on you? | | Soooo, you're arguing in bad faith. Could have saved | people some time and said so. | Pulcinella wrote: | No. "Spit on" is a serious accusation with real life | historical analogs. I have literally never, ever, ever in | my entire life heard people say "I was spit upon" as a | figure of speech. Ever. It's not a figure of speech I | would personally ever use because of the implications. | | Please don't accuse people of arguing in bad faith just | because they haven't had the same life experiences you | have had. You are spitting in me when you do so. | SOLAR_FIELDS wrote: | Go on /r/tinder and the like and you see posts like this | all the time: https://www.reddit.com/r/Tinder/comments/v7 | a7s3/your_phone_s... | lotsofpulp wrote: | "You're in for a treat buddy" is a weird response and | probably confirmed her biases. | Despegar wrote: | It's just become a meme among tech enthusiasts (on Reddit, HN, | etc) and tech journalists that "blue bubbles" are a real social | problem. The origin of the meme was this amusing post by Paul | Ford 8 years ago [1]. They took it and ran with it for their | own purposes. For some it was to explain away the iPhone's | success versus Android and for some interested actors like Epic | it was part of their antitrust campaigning to illustrate the | "lock in" effects. It however was never a social problem in the | real world (more than, say, young people feeling depressed | about seeing their peers' manicured lives on Instagram) or the | reason why iPhones sell well (you only had to look to China, or | now India, to see the success of the iPhone in places where | iMessage wasn't the dominant messenger). | | [1] https://archive.ph/OcDaO | haswell wrote: | Even if this was a meme at some point in the past, it's a | very real issue now. | | I know multiple people who have switched to iPhone just for | iMessage. And the kids these days won't accept anything but | the blue bubble. This is no longer a meme. Or if it is, it's | also real. | LargeTomato wrote: | I switched because people think android users are poor and | I don't want to signal to others that I am poor. | nani8ot wrote: | It's a self fulfilling prophecy. Once everyone has an | iPhone to not be perceived as poor, the only people still | using Android will actually not be able to afford an | iPhone. | | At least it sounds like that's what happens across the | ocean. | lotsofpulp wrote: | Even the bottom income quintile in the US uses iPhones, | especially young people. They are not that expensive. | | Knowing someone has an iPhone tells you nothing about | their wealth/power. | | What people think it does tell them is where someone is | on the cool / weird spectrum. See: | | https://news.ycombinator.com/item?id=38578103 | im_thatoneguy wrote: | Because iMessage users won't let you join iMessage group chats. | They don't want to lose features. So your choice is to just not | be friends anymore or have an iphone device. | | I have an ipad just to chat with people who refuse to use | anything other than imessage. | | I don't want anything to do with iMessage, but I have to. | azubinski wrote: | This is the first time I've heard that people who put | features above friendship are called friends. | | Well, the time has come. | graphe wrote: | I use features of programs with people who can use it. I | don't want to call friends that have bad audio quality as | often and I'm not as comfortable on unencrypted services. I | prefer facetime for the quality. We all use something | Android users can use when we want to include them, but it | degrades the experience. | | Most people don't talk to people they don't communicate as | well with. | bitwize wrote: | Green bubbles means you won't be called back for a second date. | zappb wrote: | No, the holier-than-thou attitude of typical Android users | shitting on the Apple Sheep is why they don't get called | back. | bigstrat2003 wrote: | That's a feature, not a bug. Anyone who does that would be a | miserable significant other. | esrauch wrote: | My mother sends me videos from her phone and I literally can't | see what she's trying to show me. | cphoover wrote: | My whole family uses iMessage because it is the default client | on their iphones. I'd love to partake in the family group chat. | | For those technically savvy enough to download an additional | client like Meta's Whatsapp or Messenger... it's no problem, | but for the less technically inclined (like my mother) they | will just use the default client. | mission_failed wrote: | Because Apple deliberately screws with messages to non Apple | users. Every video my family sends to me is low res heavily | pixelated trash, to the point that you can't even recognise | faces. | Pulcinella wrote: | That's cellphone carriers. MMS messages generally have to fit | within 300-600KB[0] so they are horribly, horribly | compressed. | | https://m.gsmarena.com/glossary.php3?term=mms | system2 wrote: | I have a group chat with mainly female iPhone users. One of the | users switched to Android. They created a new group without | her. Bizarre but real. | tedunangst wrote: | I was told this was impossible. What happened? | nickorlow wrote: | I'm guessing the binary they use from Apple (IMDAppleServices) to | generate part of the registration information probably adds | metadata to the "validation blob" that gets sent to apple when | registering beeper mini as an iMessage device. | | If the metadata includes the OS version, Apple probably | blacklisted any new devices registered in the past few days with | validation blobs generated from that binary. | | (The binary was sourced from OS X 10.8 which is ~11 years old | now) | threeseed wrote: | My suspicion is this is going to be a cat-mouse situation for a | while. | | Apple would've found some easy way to identify these users and | Beeper will likely release a patch to fix it. | nickorlow wrote: | Agreed. I think Apple wins easily though. If they can break | it once a month for a day or two, I think that makes it | inconvenient for beeper mini users. | | Maybe not though, who knows | winterqt wrote: | It doesn't look like that binary is used for Beeper Mini, | unlike pypush: https://blog.beeper.com/p/how-beeper-mini-works | nickorlow wrote: | I wouldn't be surprised if whatever they reverse engineered | from the binary had similar behavior | rickreynoldssf wrote: | I'm not sure what was expected after they reverse engineered a | private API and used it. | tantalor wrote: | Blue bubbles is not a business model. | hellotomyrars wrote: | For third parties at the mercy of Apple? No. | | For Apple? Demonstrably so. Apple has stated as much in court | filings against Epic. This is largely an American trend, third | party messengers are much more popular outside of the US as the | defacto standard, Apple sees clear value in the blue bubble. | cirrus3 wrote: | Building a startup around this neat trick was always as doomed. | It is incredible the amount of delusion they would have needed to | assume this was sustainable. | | Edit: not a whole company, just a side project within a company I | guess. Still, seems like a waste of time/effort to have even | attempted. | circuit10 wrote: | While I do wish this was allowed I think it's pretty clear that | using Apple's iMessage servers without permission is probably not | legal | anigbrowl wrote: | The security argument is all very well, but I don't care for | iMessage distinction between iP* users and Android/others. It | reminds me of Jane Elliot's experiments*. Reinforcing your brand | identity by structuring the private conversations of your users | is weird and somewhat creepy. | | *https://ca.pbslearningmedia.org/resource/osi04.soc.ush.civil... | justin_oaks wrote: | Thanks for sharing the link about Jane Elliot's classroom | lessons. I only learned about this today. | benreesman wrote: | I'll give a fuck one way or the other when shifting capital | markets don't make it a Wozniak moment to participate at all. | | Ranking how much it's all captured and handed out to buds and | pre-IPO AirBnB stock funded. Snooze. | | Call me when you want to knock this thing over. | g42gregory wrote: | This is what monopolies (or duopolies) usually do. Basically, | they can do whatever they like in the market. I think that the | antitrust enforcement is critical in a "free" market. But neither | parties would do it. I am guessing Democrats think that they can | get some benefits from Apple's control. And Republicans are | simply paid off. The consumers end up bearing a brunt of it. | Arch485 wrote: | Small correction: Republicans _and_ democrats get paid off. | Both groups are made up of politicians, after all. | gigatexal wrote: | Absolutely hilarious. Did people actually think this was going to | be allowed? iMessage is a huge moat and only an act of Congress | or a case verdict will force their hand. Maybe the EU legislation | might. | jeroenhd wrote: | Apple and the EU don't agree on iMessage's status as a | gatekeeper. Apple's argument is that it doesn't have the | required amount of users (10% of EU population/10k business | users). | | If they're right and Apple doesn't have the user base, the EU | gatekeeper laws won't have an effect on iMessage. | sbuk wrote: | > _Maybe the EU legislation might._ | | Why? iMessage simply does not have the market share enjoyed by | WhatsApp, Facebook Messenger or Telegram EU-wide. iMessage was | temporarily removed from the DMA in September and noises coming | out of the commission favour Apple's stance that it is simply | not big enough to warrant inclusion as a gatekeeper for | messaging apps. | thomastjeffery wrote: | Those lucky bastards... | | If the EU won't solve America's problems for us, who will? | SirMaster wrote: | So does this also now break iMessage for older iOS devices too? | | I thought someone said something about that to block beeper mini, | Apple would have to also block older iOS devices as that's the | method they were using that wasn't as locked down. | SparkyMcUnicorn wrote: | Looks like iMessage stopped working on my hackintosh... | usui wrote: | Your Hackintosh is not working properly not because of this | reason, then. Or if it is because of this, then it's not | blanket-wide and it's based on generic model-based | identifiers or heuristics. iMessage still works. | SilverBirch wrote: | There's been a lot of speculation about this, and in principle | it's correct. At the end of the day Beeper can work to spoof | genuine devices until its indistinguishable from an old iPhone | and to block it Apple would essentially have to either force | push an update to every device and enforce its installation | (they probably can't/won't do this). But in reality Beeper | probably leaks a load of data to Apple that Apple can use to | block it and it's just a cat and mouse game between Beeper | bringing in new workaround vs Apple blocking whatever they | notice abusing the system. It really just depends how motivated | Apple is to chase this down, and the low cost way for Apple to | chase this down is.... to sue Beeper. Beeper might actually be | able to outsmart them over time in engineering, but they sure | as hell can't outspend them on lawyers. | turquoisevar wrote: | They were wrong insofar as there are multiple ways to combat | this. | | One of the easiest ways is to block Beeper's encryption key | from generating encryption tokens. Another way is to block the | fake serial numbers and UDIDs Beeper uses. Yet another way is | to block Beepers push notification servers. | | A more long-term solution is to require device attestation. | This functionality is already built into iOS, and on newer | devices, it utilizes the Secure Enclave on the device. | | This doesn't require older iOS devices to be excluded from | iMessage because the attestation can partially be done via | Apple's servers. For the most secure method, however, you'd | want the device to have a Secure Enclave. | | Breaking compatibility with older devices isn't unheard of, | however, when Apple upgraded the FaceTime protocol, older | devices that didn't support the newer iOS versions were left | out and couldn't make FaceTime calls with more recent devices | on the more recent protocol. | | All in all, many tech tubers were talking out of their behind | because they didn't understand the inner workings and were | parroting what others told them. | sbuk wrote: | Take _anything_ any of these "tech" YouTubers say with a | dumpster-full of salt. It makes my blood boil when I read "But | Linus says..." or "MKBHD did a s test where..." They are all | just fanboys in the truest sense. | dishsoap wrote: | I for one am shocked | llm_nerd wrote: | This was the obvious outcome. People were being willfully blind | about how this "hack" works. | | Using an exfiltrated binary they used its blackbox functions to | perform a sort of device attestation using ripped Apple device | identifiers. Clearly Apple simply needs to blacklist any device | attestation that this service uses, which is obviously trivial. | These aren't just RNGs they're fabricating, they're sets of | legitimate Apple device data that isn't plainly evident to any | random user-mode app. | | Why would they block it? Every service has _some_ sort of gate on | who can message or it will be overrun by bad actors and spammers. | Signal, Telegram and others make you validate your cell phone | number -- there 's a finite number of those, and they can | blacklist them as necessary. Online services make you validate an | email, do bot checks, etc. Beeper, and more importantly the | technique they used, offers none of those gates. It was a plainly | problematic free for all that was guaranteed to be closed. | asylteltine wrote: | This is actually a great point I didn't originally consider. | People could easily infiltrate the iMessage fort with spam and | other stuff which at the moment requires a genuine Apple | device. | spullara wrote: | I'm pretty sure some of the spam I am getting was using this | vector. Hopefully it kills it now. | ysofunny wrote: | that's one of the reasons they're doing this | | but I don't think it's their main reason, if anything I see | that argument as convenient posturing which aids in covering | the uglier underlying reasons | singpolyma3 wrote: | Still need a valid phone number with a SIM that can do the | special SMS needed for this, so it's hardly going to produce | a big spam farm too fast. | boxed wrote: | Better to kill it early. I get spam calls on WhatsApp (an | app which I absolutely loathe) | asylteltine wrote: | It's completely trivial to get a real number for sms these | days thanks to scum like twilio. You can use your | legitimate Apple device identifiers to run something like a | hackintosh and then use iMessage that way, or use the | script linked last week. | grupthink wrote: | Wouldn't your iPhone still receive spam SMS text messages | with Apple Messages? And isn't Apple Messages commonly | exploited by NSO Group (Zero-clicks)? Maybe I'm wrong, but | this does not appear to be very fort-like. | rezonant wrote: | Yes. I believe people are just saying that they assume | unknown-contact SMS is spam and that sort of sounds like | Apple's SMS spam filtering isn't very good. | dwaite wrote: | For iPhone there are two tiers - the carrier provided SMS | spam filtering, and apps written to provide such | filtering[1]. | | 1: https://developer.apple.com/documentation/sms_and_call | _repor... | rezonant wrote: | Oh, so there's no builtin message filtering at all?? | | This explains some things. Why wouldn't they just add a | spam filter. Is there still iCloud email addresses? Do | they have spam filtering? | yincrash wrote: | They had a cloud of Apple devices that they already used for | their relay service, and could easily generate keys using | several devices. From my understanding, the best vector for | Apple was to actually block their "BPN", the push server. | pxeboot wrote: | And Apple didn't even need to block any device identifiers, | just the IPs Beeper Mini was using to connect to the APN | service. | | This could have been blocked in minutes. The delay was likely | to get approval from Legal. | lelandbatey wrote: | I think you've got Beeper Mini mixed up with other iMessage | bridges. The whole thing with Beeper Mini (vs other iMessage | bridges) was that it was entirely client side on the phone, | no server to block. So the "IPs Beeper Mini was using to | connect to the APN service", those IPs were just the IP | addresses of every individual phone with Beeper Mini | installed on it, no centralized place to block. | kaladin-jasnah wrote: | No, the BPN server is a server side service that | persistently recieves APNs to forward to the phone (that | don't contain the message data) since unlike iPhones, | Android phones can't persistently check for APNs (at least | that's what I understood from the announcement article). | AIUI that's what you're paying for. But that wouldn't | explain why sending is broken. | rezonant wrote: | The How It Works article is clear that BPNs is only used | to serve push to your phone when the app isn't running. | Disabling it would not cause send/receive failures. | pxeboot wrote: | If you check the How it Works post, they do show the Beeper | Push Notification Service running in the cloud [1] to | intercept 'new message available' APNs and then notify the | Android device a new message is available. | | [1] https://blog.beeper.com/p/how-beeper-mini-works | rezonant wrote: | Only required when Mini isn't running. | wkat4242 wrote: | If it were purely client based, why did I leave to log in | with Google to something then? | zxt_tzx wrote: | > just the IPs Beeper Mini was using to connect to the APN | service. | | Hmm, wouldn't blocking IPs be overly broad and risked | affecting regular users? Considering that IPs are scarce and | constantly recycled by ISPs etc. Blocking device identifiers | sounds more targeted and, for that reason, realistic. | pxeboot wrote: | If you take a look at their How it Works post [1] this is | not an entirety client side implementation, so there would | presumably be a small number of IPs that would need to be | blocked. | | [1] https://blog.beeper.com/p/how-beeper-mini-works | zxt_tzx wrote: | Are you referring to the step where Beeper's servers make | a persistent connection with Apple's APN service to | listen to new messages ? | | So your point is Apple can presumably distinguish between | an actual iOS connection and Beeper's connection by | looking at "how many connections per IP"? Still seems | prone to false positives to me, unless there is something | else I missed. | | (Upon re-reading the post, I realized that the phone | number registration is actually done by Apple. Wonder if | this might provide another basis to block Beeper, i.e. | all this SMS infrastructure is not cheap to maintain and | Beeper's integration is arguably using it in an | "unauthorized" way.) | pxeboot wrote: | Yes. An Apple sysadmin could just install Beeper, watch | what IP their APN requests are coming from and block it. | Then repeat the process occasionally. | | They don't need to break it completely. If Beeper is | unreliable, nobody is going to pay for it. | rezonant wrote: | In that very article they mention you can turn BPNs off, | it is just used to listen to APNs when the app is not | running. If that's what they blocked, Beeper Mini would | still work while the app is running, or at least when | that setting is turned off. | turquoisevar wrote: | I can't speak for Cupertino et al., but I would take that | risk, even if it weren't IP-based but instead UDID/serial- | based. | | The amount of legitimate users it would affect would be | trivial and can be taken care of by customer support. | | The benefit of that is that I can then, at that point, | verify if we're dealing with a legitimate device or not. | Geniuses at Apple Stores can obviously do this physically, | and remote support has the option to run remote diagnostics | and even share screens. | rezonant wrote: | Only BPNs used Beeper hosted services, and this is an | optional component of the app (which enables push | notifications when Mini is not running). | | Otherwise the IP Apple sees is those of the individual | handsets on whatever network they are on. | | It's pretty likely that they blocked Mini based on the IDS | (Identity Service) which requires the device to pass it's | hardware model, serial number, and disk UUID as described | elsewhere. | explaininjs wrote: | This should have been obvious to anyone who saw the code where | it simply contained the raw literal string | `FAIRPLAY_PRIVATE_KEY = b64decode("...")`. I suppose now we'll | see how accurate the commenter's claim "if this becomes a | problem, I know how to generate new keys" is. | | https://github.com/JJTech0130/pypush/blob/main/albert.py#L16 | mintplant wrote: | What's the link between this repo and Beeper? | gabeio wrote: | > What's the link between this repo and Beeper? | | https://news.ycombinator.com/item?id=38531759 | jaktet wrote: | I might be missing it but still don't see how that | answers the question about how that repo is related to | beeper mini. Did they use this directly or the same | methodology? | FoeNyx wrote: | In https://news.ycombinator.com/item?id=38531759 its OP | states "A team member has published an open source Python | iMessage protocol PoC on Github: | https://github.com/JJTech0130/pypush." | jaktet wrote: | Maybe there's an easy way to just read all their replies | but I see now that in the linked blog post it links | https://blog.beeper.com/p/how-beeper-mini-works which | goes over the technical details and mentions the python | repo. Thanks | FoeNyx wrote: | Oh, it wasn't lost among all their replies, it was in the | 4th paragraph of the header text section of that Show HN | post. | yurishimo wrote: | Beeper Mini's implementation was built on top of this | repo. I'm sure it was cleaned up and modified for the | production release, but the gist is largely still the | same. | jaktet wrote: | Thanks I see that mentioned here | https://blog.beeper.com/p/how-beeper-mini-works | commandersaki wrote: | Not disagreeing, but I do not think Beeper Mini used the binary | method for registering accounts. I think that was the way to do | it for non-mobile devices that couldn't receive SMS, but there | is also a way to register an account using SMS which I believe | Beeper Mini uses. | winterqt wrote: | I believe that you are correct: | https://blog.beeper.com/p/how-beeper-mini-works | empyrrhicist wrote: | Yes, totally understandable that this would be blocked within | our legal system... but its a proof of concept that it would | not be burdensome for apple to enable interoperability. We | should be demanding support for open standards for messaging | from mono/duopolists like Apple/Google. | seanp2k2 wrote: | Yearly reminder that a long time ago, chat services used XMPP | and we were on the verge of having GChat interoperability | with FB messages and I think Yahoo or something similar at | the time. None of them really wanted to do it for business | reasons, so they could "add value" (and charge for | it)....same reason RSS has fallen out of favor (no good way | to inject ads and tracking). IRC and Matrix still exist. | verst wrote: | On the Google side the XMPP federation got killed when | Google Hangouts and Google+ became the core strategy. The | company wanted to focus on "social" (but their own social | network) and didn't care about other chat. Back then I | worked on the App Engine team which had a XMPP Chat API. | When GChat killed XMPP Federation that API lost the | majority of target users as a result. I tried to make the | case for maintaining XMPP support - taking it up with some | VP of Engineering. Alas, nobody cared about the opinion of | this random guy in developer support (~2012, early days of | Google Cloud) | kyrra wrote: | You forget that Google was worried about other XMPP | services stealing user data. If I remember right, some | services (maybe it was FB) was not sending out all data | to Google in the federation system (I forget if it was | names or friends lists or something). So it would allow | other services to ingest data Google was sharing, but the | sharing wasn't reciprocal. | zaik wrote: | Can we make XMPP popular again? We really could need an | universal internet standard for IM. | acka wrote: | There is hope. The European Union's Digital Markets Act | allows new messaging platforms to demand interoperability | with the existing walled gardens. All it takes is for other | jurisdictions to follow suit. | dwaite wrote: | You can't use regulations to change physics, and (demands | or no) it is unclear what sort of interoperability is | really possible. | | What will really happen is that there will be some subpar | common denominator. An existing "walled garden" (WeChat?) | would add support for this as well. | | But this would wind up being rather insecure, because | messaging services tend to use email addresses they don't | control or phone numbers they don't control as | identifiers. We'd have to wait for carriers and email | providers to be regulated with the burden of solving this | mess (for markets they aren't in). | rjzzleep wrote: | Yeah and how did that work out for google? Hangouts was | their most popular product and most of my friends were | using it. Incredibly stupid management decisions right | there. | skygazer wrote: | In my experience, incoming SMS are mostly spam, and other low | trust notifications, while incoming iMessages, even if | unknown to me, are likely to be real people. Buying an Apple | device is an expensive signal, and Apple will quickly shut | down abusers, maintaining that relatively high bar. | | Letting (actual) Android users use iMessage probably wouldn't | affect that, but the open source hack/reversing of it opened | the door to iMessage spam that Apple, for the sake of | reputation, and customer satisfaction, is obliged to close. | | Anyway, I guess my point is that there are some "burdens" | that are less obvious than others. | vachina wrote: | Huh, I used to receive spam on iMessage with blue bubbles. | In fact the only blue bubbles I receive are spam. | empyrrhicist wrote: | Who is talking about SMS? Not I. | skygazer wrote: | I mention SMS as a natural contrast to iMessage and to | illustrate the annoyances which may burden iMessage if | opened up blindly to any bot -- a different variety of | burdensome. | bradleybuda wrote: | Also WhatsApp, Facebook Messenger, WeChat, Telegram, LINE, | and a handful of others with more than a half-billion users. | Are those heptopolists or septopolists? | | The word "monopolist" in 2023 seems to mean "a company whose | corporate values are different than my personal ones and/or | whose pricing and packaging don't match my consumption | function and/or who has a lot of money and of whom I am | jealous". | rezonant wrote: | I think you might be mistaking what monopoly/duopoly is | being mentioned here. Those companies aren't phone | manufacturers and they don't make phone texting apps. The | distinction might not matter to you, but it's clearly the | meaning of the GP. | | You can say iMessage isn't a texting app because iMessage | functionally (as in, the technical details) works like a | non-texting app, but it is the only texting app on those | phones and is the way normal texting is done. Perhaps it | would be different if iMessage was just installable from | the app store. | eek2121 wrote: | You are aware that iPhones have many alternative | messaging apps right? The second part of your comment is | simply not true. | rezonant wrote: | Texting is a feature of a phone. You cannot, without | elaborate workarounds, text from a consumer computer, | tablet or other device as if it was a phone. Texting | requires a phone number and a phone plan. | | I understand that the distinction might seem slight, but | in the eyes of most US consumers, texting is distinct | from a chat app that you download from an app store _even | if_ it uses your phone number. | | The absolute one way that everyone with a phone has to | send a textual message to another person is to text them | with their phone number. | | In the US, where adoption of Signal, Whatsapp, Discord, | or insert hundreds of other apps is very small, the | percentage of your real world contacts using a particular | app is also extremely small. Convincing all of them to | use Signal would certainly be great, but in reality you | will be using _all_ of those apps if you are trying to | escape the interoperability nightmare that is currently | texting. | | Given that everyone has a phone and they are all texting | already, it would be awfully nice if we could just use | texting without these interoperability problems without | having to manage all of the apps, and without having to | remember who prefers which one. | | Group texting is also hugely popular in the US. If no | single third party messaging app covers the set of | friends you want to group text, what do you do? You text | them. Because everyone has it. Let's say when you started | your group everyone was on Whatsapp. Phenomenal! Start | the group on Whatsapp. Then you meet Joe, and Joe is very | cool and you definitely want him in the group chat. Joe | doesn't trust Meta products and doesn't want to use | Whatsapp. Should Joe capitulate, install another chat app | used only for a single group chat, and grant access to | their device to a Meta app? Should a negotiation occur | amongst the rest of the group where they select a new | common app to run the group on and split the conversation | history, while also adding an app that they only use for | that group chat? | | Let's say they choose to switch to Signal, but Josh keeps | forgetting (dammit Josh) and keeps messaging the group on | Whatsapp. And instead of yell at Josh that the group is | on Signal now, folks reply! Because Josh's joke was super | funny. Conversation also continues on Signal. Someone on | Signal now does a reference to Josh's joke on Whatsapp. | Joe is confused, but everyone else gets the joke. Someone | realizes what happens and sends a screenshot of the joke | and ensuing replies from within Whatsapp so Joe can catch | up, but the messages around the joke are longer than one | phone screen so there's a lot more context that he | misses. Joe is annoyed but he gets over it. | | A few months pass and Sandra seems to have a bug where | Signal is chewing through her battery life. Since only | one of her group conversations is on Signal (she uses | Whatsapp mostly) and she is fine not getting the work | related banter that is often the topic of the group chat. | But then she finds an article that's super interesting | and she wants to share it with the group. She remembers | that the group moved to Signal, but who cares, that | Whatsapp group still exists and there's only, like, one | person that isn't in it. She sends the link in the | WhatsApp group instead. This leads organically to the | group wanting to get together for a holiday. They plan | out that July 12th would be a perfect weekend, and since | they want to do a potluck, they all choose what part of | the meal they'll bring. | | A few days before the potluck, someone mentions on the | Signal chat that they are excited to see everyone at the | potluck. Joe is very confused and asks what they mean. | They realize that this was in the WhatsApp group chat and | explain what everyone is bringing. Unfortunately Joe is | working that weekend, and can't come. | | Should the group chat reschedule? | drdaeman wrote: | Just to explain - some people may think different because | they have different experience. | | Personally, I don't use default texting, like, at all. | Except for those notification/2FA SMSes and couple of | contacts, I don't ever open it. For me, mentally, | chatting with people (with 2 exceptions) is done through | different apps, not the built-in one. And this forms a | view that default app is just "one rarely used messenger, | of many". | | But then, even though I'm in the US, most of my chats are | international. | mlindner wrote: | > You cannot, without elaborate workarounds, text from a | consumer computer, tablet or other device as if it was a | phone. Texting requires a phone number and a phone plan. | | Nitpick, but I can text from my Mac laptop using the | messages app. I haven't looked into exactly how exactly | it works but I think it's somehow proxying/mirroring the | messages through my iPhone. It's very smooth and "just | works" though. | | > interoperability nightmare that is currently texting. | | How about calling it an open competitive market? | Centralizing everything on a single format would be a bad | thing for the industry and for consumers. Having separate | independent networks with drastically different feature | sets is a good thing. Trying to find the intersection | feature set of Discord, LINE and Signal would result in | three applications drastically hampered in their | features. LINE for example has an extensive independent | industry of artists selling "stamps" that you can buy. | rezonant wrote: | > Nitpick, but I can text from my Mac laptop using the | messages app. I haven't looked into exactly how exactly | it works but I think it's somehow proxying/mirroring the | messages through my iPhone. It's very smooth and "just | works" though. | | Yes, SMS from iMessage on your non-iPhone (Mac, iPad) | proxy through your iPhone. iMessages do not require your | phone to be on, since Apple can deliver it directly | without using SMS. | | However, without a phone you cannot send an SMS message, | and most people use phone numbers as contacts in | iMessage, which requires an SMS based registration done | transparently by your phone. | | But all of this is just the technicals of how it works, | to the end users it is just texting. The only reason non- | technical users are even aware of, or care about, the | distinction is because of how iMessage breaks group | texting as soon as there's a non-iMessage user involved. | bambax wrote: | > _in the eyes of most US consumers, texting is distinct | from a chat app that you download from an app store even | if it uses your phone number. (...) In the US, where | adoption of Signal, Whatsapp, Discord, or insert hundreds | of other apps is very small_ | | But do we know why that is? In Europe everyone's on | WhatsApp, and while I'm not especially fan of it, the one | feature that I like is that it can be used from any | browser on any device, including desktops, including a | work laptop where one doesn't have admin rights to | install anything, etc. | | I can leave my phone away in my pocket all day and still | message anyone I please. I would hate it any other way. | Why don't people in the US want that? | rezonant wrote: | > I can leave my phone away in my pocket all day and | still message anyone I please. I would hate it any other | way. Why don't people in the US want that? | | I have that already via Google Messages, and iMessage | already has that as well. | | In the case of Google Messages, it's just a web app, you | don't need to install it. You visit messages.google.com | and scan a QR code from your phone and the devices are | linked. | ffgjgf1 wrote: | > In Europe everyone's on WhatsApp | | Or FB messenger, or actually mainly use SMS/iMessage. | Europe is not as homogeneous as some people here might be | implying. WhatsApp is not even the most popular messaging | app in quite a few countries (Messenger is). | | Also in Scandinavia, Britain and Switzerland iOS is about | as popular as in the US while in some other countries | it's closer to 10%. | rezonant wrote: | Thanks for this- perhaps it's all too easy for both sides | of the pond to look across and generalize that the | other's problems aren't happening in their backyard. | Because what you describe sounds quite complicated. | Wouldn't everyone just prefer a secure, modern texting | app that could message literally anyone with a phone | number? Without having them download a specific app? Then | we could all text together without the headaches. | ffgjgf1 wrote: | > Wouldn't everyone just prefer.. | | Sure, but I don't think personal preferences matter that | much in this case, most people just end up using what | everyone else is whether they like it or not, which makes | perfect sense. | | But yeah, I think in most of Europe (not all, they were | free/almost free since the late 2000s where I am) this | started because SMS messages very relatively very | expensive back when smartphones were becoming widespread. | | Now WhatsApp, Messenger, Telegram, Viber and whatever | else there is are quite entrenched so even if Apple and | Google get serious about properly supporting RCS it might | get tricky to get users to switch back to the default | client | | Popular non open-source 3rd party messaging apps don't | really have much interest in supporting interoperability | due to obvious reasons. | | > ..modern texting app that could message literally | anyone with a phone number? Without having them download | a specific app? | | Well on this thread it seems that WhatsApp might be | exactly that from the perspective of some people (to the | extent that they don't even believe that anyone in Europe | could be using anything else) | rezonant wrote: | All this is fair and your accounting of the reasons for | the situation around Europe match my research so far. | | I do want to say I've seen some others in this HN story | contradict that Europe is as homogenous as your | representing here though. | | Still though, I looked at Germany's Whatsapp numbers and | it's like 68% of the population, ignoring the fact that 1 | account is not necessarily 1 person. | | That's super dominant compared to the US which is | somewhere around 22% with the same account assumption. | sbuk wrote: | I like the separation that different messaging platforms | offer. | bambax wrote: | I'm in France with friends in the UK and Germany, and | have never been asked to join a group on anything else | other than WhatsApp. Not once. | | (Well, at some point a year or two ago there was some | controversy around WhatsApp, and some groups tried to | migrate to Signal, but that all died out within a month | -- never quite started, actually). | | Believe it or not, I had almost never heard about | iMessage and its specific quirks before the Beeper story | (and still don't understand why the colors of the | messages in green or blue matter). | ffgjgf1 wrote: | Well.. I'm further north east and my experience is | somewhat different. My only point was that Europe is not | as homogenous as some people keep implying (most people | still primarily communicate in their native language | which creates a lot of more or less isolated bubbles) | | > and still don't understand why the colors of the | messages in green or blue matter | | Because it indicates a fallback to standard SMS/text | messaging which means all the more advanced features | (which everyone expect messaging apps to have these days) | stop working if you get a text from an Android device. | inferiorhuman wrote: | So adding another protocol into the mix solves, what? | Answer: nothing, it solves nothing. | | Bob has a hardon for mastadon so then another subgroup is | created. Joan finds out that her Google Fi service is | incompatible with RCS so she decides to create an email | list. Joe finds a bug with Beeper and then decides that | really everyone needs to move to ICQ. Marley decides | maybe everyone should just try MMS again except that | nobody can fall back on that because everyone except Joan | has opted into RCS. | | Apple's not going to solve your social problems (nor will | any other company). | rezonant wrote: | > So adding another protocol into the mix solves, what? | Answer: nothing, it solves nothing. | | Another protocol like RCS? RCS simply solves the problems | of SMS/MMS. It doesn't add another protocol, it | ultimately replaces two of them. | | > Bob has a hardon for mastadon so then another subgroup | is created. | | Good for Bob. I don't think Mastodon supports group | chatting and its DM support is super nascent, its weird | choice but I wish him the best. | | > Joan finds out that her Google Fi service is | incompatible with RCS | | Even though Google Fi is definitely compatible with RCS, | we can assume it isn't supported for the scenario. | | > so she decides to create an email list. | | Joan doesn't know what RCS is and doesn't care. Joan | makes a group of people on Messages. It works fine, as it | falls back to MMS automatically. | | > Joe finds a bug with Beeper and then decides that | really everyone needs to move to ICQ. | | Wait why is anyone using Beeper here. So the user used a | unifying client and ran into a bug and blamed something | about the underlying messaging system? | | > Marley decides maybe everyone should just try MMS again | except that nobody can fall back on that because everyone | except Joan has opted into RCS. | | Everyone on RCS can fall back to MMS just fine, just like | iMessage can. The only difference is one of these is a | standard that Apple can implement and the other is a | proprietary protocol that Google cannot. | empyrrhicist wrote: | Yet you cannot set a new default messaging app... | mlindner wrote: | "Default messaging app" is a creation of Android, | necessitated because every cell phone manufacturer wanted | its own messaging app. It somehow later became a feature | people needed because those pre-installed apps were often | dreadful adware junk. This was never a problem on | iPhones. No one wants to set a "default messaging app". | It mixes up where messages go. I want my Signal messages | in the Signal app. I want my LINE messages in the LINE | app. Putting them in random different places doesn't make | sense and confuses where they're coming from. I don't | want my contacts showing up half a dozen times repeatedly | for every messaging app they're using. | | I don't see anyone on Android wanting to put their SMS | messages in the Discord app. | rezonant wrote: | On Android there is no such thing as a default messaging | app. There is such a thing as a default SMS app, but my | point is that messaging and texting represent two | different things (texting is a subset of messaging) which | has an extremely material impact on the dynamics of what | is happening in the US, and why iMessage, RCS, and | interoperability is a very big deal to users who use a | texting app. | seabrookmx wrote: | Weird take. Default apps for certain file types and links | (email, video, etc) are a precedent across multiple | operatings systems. | | > No one wants | | Quite the assumption. I had Google Hangouts set as my | default SMS app for a time.. this seems quite similar to | your Discord example? | | It hurts nobody to have the _choice_. If you don't want | to change the default that's totally OK. | dwaite wrote: | Do you mean a default "carrier SMS service" app? | | In everyday iPhone usage, you would either run an app | directly, use sharing intents, or use a messaging service | specific identifier (eg custom URI scheme) to converse | with someone. The social graph is either in the messaging | app itself or in individual contact entries. There's no | expectation of a Trillian/Adium style app that | consolidates all information and messaging options. | rezonant wrote: | The confusion is that there is only one _texting_ app on | iPhone. Chat apps are done "over the top" and can be | whatever you want. You or I can make one. There is only | one texting app on iOS and most users in the US only use | their phone's texting app. This is why Apple's iMessage | is genius, insidious, and diabolical- because they took | SMS which had universal adoption in the US and had it | invisibly and transparently extended into a component of | their walled garden. They didn't need to convince | everyone to move from SMS to their own messaging app, | because if you used SMS on an iPhone, iMessage just | happened. | oefnak wrote: | The EU will soon require interoperability between messaging | apps! Real Freedom! | | (for the users, not for the companies) | skygazer wrote: | iMessage seemingly was found exempt because too few | Europeans use iMessage for business. | | Although to be fair, I have a hard time imagining a world | where this ever happens. So large companies have to | proactively share information on all their users with all | the other large companies, and vice versa? Or do I become | skygazer@iMessage and everyone on instagram has to know | that? This just seems like an absurd thing to mandate. | rezonant wrote: | > Signal, Telegram and others make you validate your cell phone | number | | For what it's worth Beeper Mini did support using Apple's | iMessage registration system to use your phone number. | thathndude wrote: | And there was major hubris from the makers. They were arguing | that because it was all totally above board Apple wouldn't be | able to block the service without impairing iMessage entirely. | | Wrong | ehsankia wrote: | > because it was all totally above board | | What do you mean by above board? What they claimed is that | there is no way of telling Beeper Mini clients from an old | iPhone, therefore Apple wouldn't be able to block one without | blocking the other. | | Clearly Apple managed to find a way, and who knows if there | will be some more cat and mouse happening here. In theory | though, I don't see why it wouldn't be possible to have a | service that's indistinguishable from an old iPhone. | | Newer devices can use device attestation, but old iPhones | don't have secure enclave. | namdnay wrote: | Interestingly enough, there are companies out there making a | business of doing this with WhatsApp! I have no idea why Meta | isn't cracking down in it, it seems absolutely insane | | https://www.telemessage.com/mobile-archiver/whatsapp-archive... | | It's literally a hacked WhatsApp binary (that logs all your | messages) that they sell to corporate clients... | password4321 wrote: | https://twitter.com/LiamCottle/status/1406616490783117322 | | Snapchat as a service is no more. But there may be other | options: | | https://github.com/rhunk/SnapEnhance | FriedPickles wrote: | Can you say more about how Beeper is doing device attestation | using ripped Apple device identifiers, or where you discovered | that? Device attestation can be extremely user hostile, and if | this is a true workaround it will be useful in other | applications. | busymom0 wrote: | This reddit comment is exactly what I thought when I first saw | this: | | > The sheer fucking hubris of these clowns to charge a | subscription to forge device identifiers and transfer data | through Apple's servers for users that have in no way actually | paid Apple for that service and then say "there's no way they can | shut us down!" | | https://www.reddit.com/r/apple/comments/18dy7ip/apple_has_se... | gardenhedge wrote: | I am very surprised that Beeper is a company with a CEO and | everything. It's a hack on top of other services! This was always | going to be the end result. | | Also, the whole use case is funny to me since everyone in my | country (including iPhone users) use WhatsApp. | russelg wrote: | Where is the hacker spirit here? The number of Apple apologists | that have crawled out to say "see? I told you so!!" is saddening. | It is a bit dicey when you're charging for it, but since Mini was | entirely client-side it would be feasible for a free version to | exist. | | Apple claims iMessage is E2EE, do we have proof they aren't | siphoning the messages from the client once it's been decrypted? | The level of trust we have to have for Apple is approximately the | same for any other iMessage client. Obviously Mini was using the | encryption properly else it wouldn't have worked to begin with. | Of course, it's very unlikely Apple is doing that. Just putting | the thought out there. | | One other point raised that I saw was about how iMessage costs | Apple money to run, and non-product owners should not have access | since they haven't contributed. This falls apart if you own any | Apple devices. Myself for example owns a Macbook, but an Android | phone. Am I not allowed to use iMessage? I paid the toll. | kmbfjr wrote: | You are allowed, you get to use your iCloud account. | runnerup wrote: | I remember another post that was very well-received where an | individual hacker wrote his own homebrew iMessage client for | his own personal purposes. HN really liked that! | | I think HN exists at an intersection of individual hackerism | and business. If a project is clearly by-hackers-for-hackers it | gets a lot more leeway for unsustainable concepts / | implementations. But this is building a business on adversarial | interoperability, and many people who LOVE the concept and | technical achievements will still post mostly critical things | about the business model because it's fairly clearly a very | very challenging business model. | pilsetnieks wrote: | You're allowed to admire the technical implementation while | denouncing the business model at the same time. | AndrewKemendo wrote: | This is IMO the exact spirit we should have | jorvi wrote: | Is letting our hearts bleed for trillion dollar companies | really the best way to spend our finite compassionate | bandwidth? | catach wrote: | Observing that a particular business model is very likely | to fail because of the conflict with another business | model that happens to have much more powerful backing | requires no compassion spend. | | But also, it seems to me that compassion is an | involuntary reaction. | WarOnPrivacy wrote: | > also, it seems to me that compassion is an involuntary | reaction. | | Compassion is very much a quality that can be developed | and nurtured. | catach wrote: | I believe you're talking about capacity for compassion, | and I'm speaking of the triggering of compassion. | | I'd agree that both capacity and scope of triggers can be | altered, but it seems to me that that's a process that | takes some time and effort. Distinct from choosing in the | moment "I am going to feel a certain way about this, | right now". | lostlogin wrote: | Pretty much all Adtech comes to mind here. | pavel_lishin wrote: | Are we talking about Beeper Mini, or Apple? | keb_ wrote: | youtube-dl, NewPipe, and uBlock Origin exist solely for the | purpose of empowering the individual, yet they are constantly | attacked on HN as being tools used unfairly to harm Google's | profitability. Open-source projects like Matrix, PeerTube, | Mastodon, are built to be free and open-source for the | benefit of end-users and lack of vendor lockin. Yet each is | derided on HackerNews for not being enough like their | corporate counterparts. Yes, there are those here who don't | do that, but as cynical as it sounds, I do think this site's | audience is mostly folk who like the status quos set by | FAANG-types and don't really care about hackerism outside of | toy websites. | Wowfunhappy wrote: | The projects you listed are overwhelmingly celebrated on | Hacker News! I'm sure you can find a critical post if you | look hard enough--HN isn't a hive mind--but it's not a | common sentiment. | aprilthird2021 wrote: | I pretty much found out about all these from HN. I think | most of their traffic / downloads comes from this site. | simfree wrote: | Reddit and other social media platforms almost certainly | drive in order of magnitude more downloads of these | extensions than HN. | rezonant wrote: | Reddit and other social media platforms are at least an | order of magnitude larger than HN. That's a good thing | honestly. | 55555 wrote: | This is extremely false. | oneplane wrote: | The projects can be appreciated while also acknowledging | that advertisements are part of the value exchange. There's | nothing wrong with knowing that if your options are to | either watch ads or pay for a service, and you privateer | the service instead, that that is not as reasonable as it | seems to some people. | | Note: this is very different from "but I want to block all | ads", that's not what I'm writing here and also not what | others might be writing. | | As for the audience, it varies, but this website is a VC | thing, so it makes some sense that a bunch of visitors are | from the VC ecosystem and as such might be very money- | oriented. | kibwen wrote: | _> The projects can be appreciated while also | acknowledging that advertisements are part of the value | exchange._ | | No, this is preposterous and I will continue to refute | this silly idea every time it shows up here. It is not | stealing from radio stations to change the station when | ads come on. It is not stealing from TV channels to go | get a drink when ads come on. _There is no moral | compunction to watch ads, from anyone, anywhere._ Stop | trying to normalize advertising, which is to say, stop | trying to normalize the enshittification of the human | mind. | | Meanwhile, a web browser is a _user agent_ running on my | machine. Youtube 's content is a _guest_ on my hardware. | Once it 's on my machine, I have the moral right to do | whatever I please with it. If Google doesn't want to | serve it to me, then it has the right to prevent me from | accessing their server, such as in exchange for payment. | But again, _advertising is not payment_ , it's just | corporate-sanctioned, socially-acceptable brainwashing. | freshpots wrote: | PREACH. I love and 100% agree with your passion. | crazygringo wrote: | > _Once it 's on my machine, I have the moral right to do | whatever I please with it._ | | Sure, but Google also has the moral right to do | everything possible with their code to make it as hard as | possible for you to skip ads on their videos. You both | get to try as hard as you can, so good luck to you both. | | There's no brainwashing here. It's just a business trying | to make money, and trying to outsmart the users trying to | outsmart it. | aaomidi wrote: | > but Google also has the moral right to do everything | possible with their code to make it as hard as possible | for you to skip ads on their videos | | So, like use an entirely different part of the company | like Chrome to push for WEI to make adblockers not run? | | Or maybe use chrome to push for manifest v3? | | Maybe the __moral right to do everything possible__ isn't | actually moral when it's using its leverage in a separate | market to protect another one of its assets. Maybe we | should see this as something to anti-trust them? | crazygringo wrote: | I dunno -- you've still got the moral right to use | Firefox or Safari or a Chromium fork. | | Ads and adblockers are always going to be a cat and mouse | game, so I don't see any reason to complain. | | Antitrust doesn't really enter the picture. Chrome | doesn't even come preinstalled on PCs or Macs anyways -- | you've got to go out of your way to choose to install it. | So just don't, if you don't like it. | aaomidi wrote: | > Antitrust doesn't really enter the picture. | | I don't think this is true. Google Meet, Youtube, etc all | perform _worse_ on non-Chrome /Chromium based browsers. | | I do think that the world's most popular browser, being | owned by the same entity that owns Youtube, actively | working to block adblockers (adblockers which, do *not* | harm Chrome but do harm Youtube) is something for | regulatory bodies to take into consideration. | I_Am_Nous wrote: | >There's no brainwashing here. | | Advertising is at least _trying_ to make you think | thoughts it feeds you. "Buy Brand X, you'll get women!" | If the advertising is effective, you'll associate Brand X | with something positive and want to buy it. | | It's kind of blanket brainwashing with extra steps | because it's more indirect. Similar technological | brainwashing might be joining an algorithmic social media | site and becoming convinced of something the algorithm | felt was the most engaging thing that day and spread, | regardless of truth. Choosing to believe what social | media or advertising tells without healthy skepticism you | is willingly accepting some brainwashing. | | There are people who feel really strongly about ads, and | I'm one of them. I hate them, they don't share my values, | and they are only trying to extract value from me. I run | ad blocker in my browser, but mute and skip any ads I can | like a peasant on my TV or phone. So overall I end up | watching more ads than not since I don't watch videos on | my PC much. | Nevermark wrote: | I can't say I never see an ad, but I avoid/cancel | services with ads, or happily sign up at the no-ad level. | | When I do see ads its shocking. Car ads have little to do | with cars, and everything to do with insecurity and | Pavlovian hacks. Idiocracy drip by drip. | | People expose themselves to crap influences day in and | day out, then imagine this or that ad isn't impacting | them. The stream has profoundly impacted them or they | wouldn't tolerate any of it. | somenameforme wrote: | I can't really remember the last time I saw an ad. And as | a result (probably?) I find I "want" for far fewer things | than most people who let themselves be drawn in by ads. | If a million dollars just hopped into my bank account, | I'd probably just invest it and go back to living, more | or less, the same. And I'm in no way whatsoever rich. But | contentedness is cheap, and easy, when you don't let | yourself get drowned into the endless vacuum of | artificial demand. [1] | | I am absolutely certain that the exponential increase in | advertising is probably going to ultimately have been | found to be at least partly responsible for so many of | the mental and psychological problems that seem to be on | the exponential increase in places like America. Humans | are not designed to live our lives as donkeys chasing a | carrot on a stick. | | [1] - https://en.wikipedia.org/wiki/Artificial_demand | kibwen wrote: | _> People expose themselves to crap influences day in and | day out, then imagine this or that ad isn 't impacting | them._ | | Precisely. Subjecting yourself to advertising (or | allowing your children to be subjected to advertising) is | simply bad mental hygiene. | godelski wrote: | > Car ads have little to do with cars, | | That's because most car ads aren't actually trying to | sell you the car. They are instead trying to sell you the | idea of the car's status[0]. While people are most | familiar with ads that are blatant attempts to get you to | buy something, many are much more indirect. It's also why | native advertising is so nefarious. A large portion of | ads actually aren't the direct version, but most often | people don't notice they're taking in an ad, and that's | kinda the point. | | [0] https://www.latimes.com/archives/la- | xpm-1996-04-26-me-62995-... | godelski wrote: | > Advertising is at least trying to make you think | thoughts it feeds you. | | BuT aDs DoN't AfFeCt Me! | | I'm honestly frequently impressed how how often people | don't understand what ads are or do. Especially | considering they funds most of our paychecks. Everyone is | affected by ads and convincing yourself that you aren't | makes you more vulnerable to them. | | I think the problem comes from people thinking ads | exclusively are about selling things that have a monetary | value. But ads sell ideas. Often that idea is that you | should buy something, but sometimes it is a preference | like a politician or a celebrity in their latest scandal | or rise to fame. Ads can be good too, like public service | announcements. But for sure we're over inundated with | them and there's too many bad ones. | | I am also particularly peeved about the ads that come | from email addresses I can't exactly block. I really | don't think anyone should be accountable for missing an | important email if the sender also sends 90% junk from | the same address. I'm looking at you every university | ever[0] | | > skip any ads I can like a peasant on my TV or phone. | | Maybe check out reVanced. You can recompile the YouTube | APK to be ad free. | | [0] Here's the text from my uni's page when you click | unsubscribe. What a joke. I don't need emails from the | alumni association, publicity channels, or all that. And | you have the audacity to try to convince me it isn't | spam? What a joke. I'm glad I use a third party mail | client that can filter this stuff but it is an absolute | joke that we think this is acceptable. It shouldn't | require special tools. There is a clear difference | between police reports and the alumni association and | they even come from different senders. In fact, not | allowing for you to unsubscribe actually goes counter to | the safety claim because it teaches people to ignore your | emails. | | > In order to share information quickly and efficiently | with faculty, staff, GEs, and students, the university | uses email as its official form of communication. All | emails that end in an @<theuniversity>.edu address are | required to receive email communications sent by the | university. As such, there is no option for | @<theuniversity>.edu email accounts to unsubscribe from | official university communications emails and these | emails are not considered spam under applicable laws. | I_Am_Nous wrote: | I understand not all advertising is bad as a good product | might not spread during the critical growth phase without | it. It just raises a lot of red flags for me when someone | is desperate for my attention like ads are. Google | _reeeally_ wants me to buy a Pixel 8 lol | | Glad you can filter the crap, but I guess from a CYA | perspective the school can say "we notified everyone | through our official email channel" whether you were ever | going to read that email or not. | godelski wrote: | There's also things like PSAs that can be good ads. I | think it's important we remember that it's not always | about consumerism. | | Haha there's only a few places I get ads and I lock as | much down as I can. There's a certain sense of joy when | you get ads so misaligned from you that you know they are | reaching. | | Oh it's a constant battle to filter. But what worries me | is actually that people honestly do not get it. These are | clearly little metric hacking and I'm afraid we're just | traveling deeper and deeper into Goodhart's Hell. | kelnos wrote: | > _Sure, but Google also has the moral right to do | everything possible with their code to make it as hard as | possible for you to skip ads on their videos._ | | The person you're replying to acknowledges this, albeit | indirectly. | | But the point still stands: if Google sends me the bits, | I am free (morally, and, at least for now, legally) to | discard the bits that correspond to the ads if I can | figure out how to do so without watching them. If Google | can figure out ahead of time that's what I'm planning to | do, and refuses to give me the bits, that's of course | Google's right. | | > _There 's no brainwashing here. It's just a business | trying to make money_ | | Advertising is psychological manipulation to coerce you | to buy whatever product is on offer. The "best" | advertising will convince you that you need a product | that you'd never consider buying otherwise. | "Brainwashing" might be a sensationalized way of putting | it, but I don't think that's particularly inaccurate. | geodel wrote: | > Once it's on my machine, I have the moral right to do | whatever I please with it. | | Huh, you can throw the guest out by not watching youtube. | Ripping off guest seems strange moral right. | | > Stop trying to normalize advertising, which is to say, | stop trying to normalize the enshittification of the | human mind. | | Seems like you are deciding on everyone's behalf on what | one should do with their mind. | martimarkov wrote: | The alternative is to leave to a for profit company. That | company should not have that right. | | If the content is rendered in my browser I can manipulate | the JS and HTML as much as like. If you don't like that | -> feel free to put protections. But the same way a | browser interprets the code I can put stuff on top of | that interpretation. | | So morally I'm okay to use a blocker if that's what I | want to do. It's also immoral to track me but Google | seems to be okay with it. If that is the relationship | they want to establish so be it. I will act in the | reciprocal manner. | | The idea is not to decide on what someone else is going | to do with their mind. Hence the idea that everyone is | free to do what they want. Ads are not a natural part of | the world so making the argument that not watching them | is somehow wrong is what is actually a decision being | pushed on others. | | If companies didn't try to normalize ads and tell you off | for using adblockers then nobody would have a problem | with it. But given that people say: You need to watch ads | otherwise you are stealing is putting decisions in | someone's mind. | TedDoesntTalk wrote: | Wow. Eloquent. Awesome! | oneplane wrote: | You're wrong. Radio and TV from your example get paid | anyway and you count as a watcher in the statistics so it | doesn't matter if you're there for the broadcast or not, | transaction complete either way. | | When you are an on-demand user where the transaction is | media in exchange for something (advertisements or a paid | subscription), and you weasel your way out of exchanging | something you're not 'moral' or whatever measure you | take. | | It also doesn't matter what you think or feel with this | transaction since the rules are known ahead of time, and | you either agree to them or don't, and there is no third | option that entitles you to free content. That includes | your mental gymnastics about who is a server, who is a | client and who did what. The technical details do not | matter, they never did and they never will. | | Is it a shit experience? Definitely. It doesn't mean that | the rules you agreed to suddenly don't apply anymore. | lolinder wrote: | There isn't _one_ Hacker News. Nearly every product you | list also has it 's greatest champions here on HN. | | yt-dlp's post on HN garnered a lot of overwhelmingly | positive attention [0]. | | I learned about NewPipe from HN and am now an ardent fan. | Also received an overwhelming amount of positive attention | recently, with the top comment recommending a fork that | blocks _even more_ advertising [1]. | | Every release of uBlock Origin gets hundreds of upvotes | (1.53 got 527 points [2]). Again, overwhelmingly positive | attention. | | There's a subset of HN that is _obsessed_ with the | fediverse, and another subset that is skeptical, but the | skepticism is overwhelmingly technical in nature. | | If you _want_ to see corporate shills on HN, you 'll | probably be able to find some, but it's certainly not a | majority (much less unanimous!) view. | | [0] https://news.ycombinator.com/item?id=37474066 | | [1] https://news.ycombinator.com/item?id=38144400 | | [2] https://news.ycombinator.com/item?id=38094620 | jareklupinski wrote: | > this site's audience is mostly folk who like the status | quos set by FAANG | | something something someone's salary and getting them to | see something | zxt_tzx wrote: | _"It is difficult to get a man to understand something | when his salary depends upon his not understanding it."_ | Upton Sinclair | flkenosad wrote: | Difficult but not impossible. Like programming. | rezonant wrote: | The tools should exist and Google shouldn't fight them. But | at least for me, I'm usually trying to remind people that | the ad money is a large part of how the content creator | survives too. If you block the ads, then please consider | donating to your favorite creators Patreon or using YT | premium (which is actually typically more lucrative for | content creators than ads are). | | I don't care about Google's profits but I figure we should | try to support the content we enjoy in some way or else all | we'll be left with is MrBeast, PewDiePie and content farm | videos (ie the stuff that is so hyper scale that no amount | of ad blocking can effectively hurt them) | somenameforme wrote: | If it was literally impossible to profit from digital | video content creation, there'd be still be countless | videos, and the overall quality (in terms of content | value, not production value) would also probably be | higher. People like sharing content, even for free - | hence sites like this one, which we've all probably spent | far too many hours on, and I've yet to receive a single | payment from Dang!? And Google will never scrap YouTube | because they gain immense profit just from profiling you, | regardless of how many ads they can force you to watch. | And perhaps even scarier from their perspective is the | rise in marketshare that'd give to competitors. | | In many ways it'd probably be far better for the world if | making videos was not perceived as being profitable. The | number of children who now want to be 'streamers' or | 'youtubers' instead of astronauts, engineers, and | scientists is not a good direction for society. | fiddlerwoaroof wrote: | I think there's a sorites paradox here: if it were | actually impossible to make money from digital video, | then YouTube wouldn't exist at all because it couldn't | pay for the hosting and bandwidth it needs to distribute | videos. What is true is that YouTube is basically not | harmed by some fraction of their users blocking ads but, | were that fraction to hit some percentage of the total | traffic, YouTube would be forced to either discontinue | free video hosting or charge to watch (or it would be | killed as unprofitable). | rezonant wrote: | Exactly right. I think we are incredibly far from that | breaking point, and what Google is doing is chasing | growth for their shareholders more than anything else, | especially at the end of the free money era. | | The platform itself may be replaced but the incredible | result of the YouTube platform is that there are millions | of excellent creators who are making a living by making | their videos, and even making enough to keep raising the | bar on their work. | | It's not a given that growing such a swelling stream of | creative work will ever again be possible if this one | dies out. YouTube was in the right place at the right | time with the right subsidization available while they | made the systems work at scale, and scale them up to | insane hyper scale levels. This happened because of the | advertising bubble, which is showing heavy signs of | stress especially in the last few years. Society is | already pushing back against the data collection that | makes advertising at these scales as lucrative as it is, | and if the bubble finally pops it's possibly it'll never | inflate this way again. | | This is why it's important to support the small creators | you enjoy in some way. Direct contribution is certainly | the best of them all. Sure this might not be relevant for | superstar YouTubers, but take for example Technology | Connections. Alec is an amazing communicator who puts | insane effort (full time) into producing super | informative videos about electronics and engineering. | redserk wrote: | > If it was literally impossible to profit from digital | video content creation, there'd be still be countless | videos, and the overall quality (in terms of content | value, not production value) would also probably be | higher. | | A lot of YouTubers I enjoy watching are very tech/science | focused and use proceeds from their videos to purchase | equipment that is used to create content. I don't think | their channels would be nearly as interesting if they | didn't make shiny-toy-money from it. | | > The number of children who now want to be 'streamers' | or 'youtubers' instead of astronauts, engineers, and | scientists is not a good direction for society. | | People desiring to be famous isn't an idea that started | in the age of YouTube and TikTok. The medium changes with | what's the dominant platform. If anything, YouTube and | TikTok democratized the process. | kelnos wrote: | "Democratized" is just a fancy way of saying "made it | easier for more people to get into it". So you get the | same result: more people seeing that becoming famous is | actually attainable, which drains talent from more useful | endeavors. | | (And yes, I'm going to assert that becoming an astronaut, | engineer, scientist, etc. is immeasurably more useful | than becoming an influencer or whatever. It's fine to | disagree with me there, but that's my position.) | | Having said that, I do get a lot of value and | understanding and useful information from some YouTube | channels (which I do my best to support through Patreon | and my YT Premium subscription). But not all channels are | created equal. | necovek wrote: | TV, documentaries, movies and music videos are video | content just the same. Even most sports is consumed in | video format. | | Only served via a different platform (or not really | anymore for some like music videos). | | People wanting to be streamers/youtubers is the same as | them wanting to be any other celebrity. | | To be able to show some valuable content, there has to be | something valuable happening, and hopefully that still | directs enough people to be astronauts, engineers and | scientists (so eg NASA can live stream their flying to | Moon or something). | | All I am saying nothing has changed, really, other than | the platform and accessibility. | rezonant wrote: | > and the overall quality (in terms of content value, not | production value) would also probably be higher | | This is pretty questionable. Quality takes time. If you | need an income to pay your rent, 40 hours or more of your | work week are taken up. That leaves a few hours before | dinner and sleep to work on your videos (since in this | hypothetical, it is "literally impossible" to make money | on your videos). | | Of course you could work on the weekend, and many do. But | let's not forget that making videos is work, and it's | important to do the things, you know, we invented | weekends for. Like spending time with your family, | reading a book, or playing a video game. How entitled | this content creator must be to have a weekend. This is | of course assuming that the creator's day job is a | traditional one-- more than likely they work partial days | 7 days a week at varying hours as is the norm for | crappier jobs. | | That 40 hours gives you enough income to pay your | expenses, but unfortunately, for most people, doesn't | give you the income you need to get a real camera, so | you're just using the webcam that you already had on your | computer. | | The audio is terrible and the video looks like it came | out of the early days of YouTube, but somehow that | qualifies as "high production values". | | Sometimes it's easy to lose sight of reality when working | in a highly paid specialized field like engineering. | | > In many ways it'd probably be far better for the world | if making videos was not perceived as being profitable. | The number of children who now want to be 'streamers' or | 'youtubers' instead of astronauts, engineers, and | scientists is not a good direction for society. | | Well you are watching that content, presumably. Do you | feel it provides value to you? | | There are an awful lot of small science educators on | YouTube. They are doing the work to inspire people to get | into the sciences. Is that not valuable? Those people | have an outsized dependency on the ad revenue and patreon | income they receive so they can keep making videos that | are accurate and engaging. For them, another hundred | people blocking ads could mean the difference between | doing what they love and releasing quality videos or | having to go back to a day job that occupies all their | time. | | If there was no YouTube, how do our kids get inspired to | become scientists-- by watching the latest MCU movie? By | watching cable programming? | | YouTube isn't all just MrBeast and dramatube videos but I | get the impression that this is what you think of. It | reminds me of the "algorithm slip" where users make broad | assumptions about a platform because of what it serves to | them, but really it says more about you than properly | evaluating what content is on the platform. | | When I sum up your take, it sounds like only those people | with passive income should have the privilege to make | videos, and that's actually not a world I want. | skydhash wrote: | > If there was no YouTube, how do our kids get inspired | to become scientists-- by watching the latest MCU movie? | By watching cable programming? | | Same as everyone before YouTube. Role models and | seeing/reading things. | rezonant wrote: | So only people with role models close to them or in a | place where inspiring things are happening should be | inspired? | | Before YouTube and the Internet in general, only affluent | people had these things, and we left behind a huge | portion of the worlds population. Those people have the | same potential as people of means or the luck to be born | in an affluent country or an urban area. | | I do get that you also include reading things on the | Internet, but that's not always engaging enough to create | a spark for people. | somenameforme wrote: | This is bordering on ridiculous. No, not only affluent | people had role models FFS. Carl Sagan, for instance, was | a 1st gen son of poor immigrants. His mother was a house- | wife, his father a garment worker. His inspiration came | from what scientifically curious people used to do before | the internet - like going to the library, talking to his | teachers, or even going to a museum every once in a | while. | | Since the advent of the internet the entire developed | world has been getting literally dumber, so far as IQ can | measure. [1] That's, to my knowledge, the latest study | but a quick search for 'reversal of flynn effect' will | turn up a zillion hits. In other words, what I'm saying | is not controversial in the least. And one of the | hypothesis for why this is happening (as per the linked | paper) is, unsurprisingly, increased media exposure. | YouTube is playing a significant role in literally making | the world more stupid. | | I love plenty of 'sciency' YouTubers - Veritassium, | Cody's Lab, Smarter Every Day, and many more. But in | reality, you're not like to learn much of anything from | these sort of scientainment. It's just candy with a | sciency coating, more likely to inspire people to want to | make more candy, than to actually pursue science. | | [1] - https://www.sciencedirect.com/science/article/pii/S | 016028962... | boredhedgehog wrote: | > Well you are watching that content, presumably. Do you | feel it provides value to you? | | That's a pretty thorny question, come to think of it. | | Perhaps it's like eating chocolate. It provides value to | some part of me, but at the same time, a more reasonable | part can judge that I as a whole would be better off if | the chocolate wasn't there and I'd eat something | healthier instead. So I can both consume it and desire an | environment where I wouldn't consume it. | rezonant wrote: | You're free to not eat the chocolate, but are you | suggesting that it's the chocolate's fault for existing, | and that chocolate should go away so you aren't tempted? | | I'd assert that a lot of content on YouTube is not | chocolate. There are high quality "healthy" options right | there on the app. How about Technology Connections or the | 4 hour long retrospectives on your favorite book, film, | or video game? What about the years of technical and | learning content? Those aren't chocolate, those are | spinach. | nerdix wrote: | This is just factually not true. A lot of YouTubers | eventually quit their jobs and become full time content | creators. That's means they are able to create more | content and the quality of their content can increase as | they are able to spend more time on production and | editing. | | They are also able to invest in their channels. Many | bigger YouTubers have small production studios, very | expensive camera equipment (think $70k Red Dragon/ARRI | cameras, 5 figure lighting setups,etc), and full time | staff. They can production quality that rivals a TV | studio. None of that would be possible if video content | couldn't be monetized. | | I sort of agree about the obsession with being a "content | creator". But at the same time, kids have always wanted | to be rock stars, professional athletes, and movie stars. | Content creator is just a new type of celebrity for kids | to idolize. | 2muchcoffeeman wrote: | Who doesn't like the first few tools you mentioned? | YouTube-do and ublock origin are great. | mlindner wrote: | I can't remember any of those being derided other than | Mastodon, which has major issues nothing to do with the | fact it's competing with something. | kelnos wrote: | My experience here is exactly the opposite: I see the | projects you talk about get a lot of positive attention and | praise. Sure, there are detractors as you say, but they | seem to me to be a very small minority. | badrabbit wrote: | Hacking? Hacking means whining when what you are hacking | fights back? | | I mean go for it, hack away! I hope apple keeps android far | far away from me though lol | rezonant wrote: | Personally for me it's people who buy Frigidaire | appliances. They are the worst! | badrabbit wrote: | Appliances don't talk to other people's appliances. | Beeper users on imessage would be unpleasant. I used | android for like a decade, my takeaway is that you all | can't stand other people not enduring the chaos with you. | kelnos wrote: | > _I hope apple keeps android far far away from me though_ | | What a bizarre thing to say. | badrabbit wrote: | Well, I try. | dcow wrote: | > on adversarial interoperability | | In what world is interoperability adversarial? What the | actual? | lolinder wrote: | It's adversarial because one party explicitly does not want | to interoperate and can be expected to try to break | interop. | | OP didn't coin the term, it looks like it comes from Cory | Doctorow [0]. | | [0] https://www.eff.org/deeplinks/2019/10/adversarial- | interopera... | dcow wrote: | Cory is talking about it in the sense that the tech | industry at large said "adversarial interop" is stupid | and lobbied against it. It seems HN has lost the plot | judging by the number of people on this thread defending | Apple engaging in such a slimy practice. | | > Big Tech climbed the adversarial ladder and then pulled | it up behind them. | | Anyway the comment I was replying to was implying that | Beeper is the adversary which is not a correct use of the | term. | lolinder wrote: | > Anyway the comment I was replying to was implying that | Beeper is the adversary which is not a correct use of the | term. | | You can't have a single-party adversarial system. Each | party is an adversary of the other: party A wants to | interop against the wishes of party B, and party B wants | to lock party A out. OP wasn't implying that Beeper is | "the" adversary and Apple is in the clear, OP was just | saying that trying to build a business around adversarial | interoperability is extremely difficult and the outcome | is unsurprising. | | Noting that the results are unsurprising does not imply | that we condone the system that makes such results nearly | inevitable. | noirbot wrote: | Are you trying to ignore the state of what's going on? | Beeper's business model was as interoperable with Apple as | my neighbors cracking my wifi password to use for their | household. The interoperability wasn't intended. | | Forcing someone to interoperate with you doesn't | immediately make it all collaborative any more than a | stranger walking up to me at lunch and declaring they're my | friend now makes me want to invite them home after. | dcow wrote: | The adversary is the incumbent that's working to | artificially stifle innovation, strong arm the market, | and exclude competition. | | Beeper is not someone who hacked your wifi. Beeper is | sending legitimate packets to your router and Apple is | saying "I don't like those packets because they threaten | my artificial hold on the market". | pilsetnieks wrote: | The troll toll? | | > Just putting the thought out there. | | https://rationalwiki.org/wiki/Just_asking_questions | kurisufag wrote: | ratwiki is /literally/ a troll website. it has the same | validity as encyclopedia dramatica. | ribosometronome wrote: | >Of course, it's very unlikely Apple is doing that. Just | putting the thought out there. | | Is making wild claims and then immediately trying to disavow | them in the next sentences the hacker spirit? | | How does it at all follow that Beeper Mini is using encryption | properly (or else it wouldn't work) but it's unlikely Apple is? | How would Beeper have been able to reverse engineer it if | Apple's not using it? Who did they model their correct | implementation of Apple's protocol off of? | conradev wrote: | Is implicitly trusting authority the hacker spirit? | mirashii wrote: | And by implicitly trusting authority, you mean trusting the | device manufacturer with billions of sales and intense | scrutiny from security researchers and state actors | spanning decades, right? You mean trusting the entire of | the security industry to have managed not to miss this | glaring and easy to detect invasion or privacy? This isn't | "it's not happening because Apple promises it's not". This | is one of the most scrutinized platforms in the world. | Making wild claims and disavowing them immediately is lazy | rhetoric, just as oversimplifying this as an appeal to | authority is lazy rhetoric. | conradev wrote: | Going back to the original claim: | | > Apple claims iMessage is E2EE, do we have proof they | aren't siphoning the messages from the client once it's | been decrypted? | | The answer here is no. Yes, making a wild claim | afterwards is lazy, but the fact remains: there is no | system in place to get anywhere close to "proof". | | The best we have is researchers reporting trust | violations when they find them, escalating those | violations in the media, and sometimes forcing the | company to change behavior. Relying on (ever more | skilled!) unpaid volunteer work to verify the claims of | the largest company in the world seems like an appeal to | authority. It also doesn't scale as they make more claims | and build more complex software. | | Yes, breaking E2EE for everyone is so large that it would | be impossible to do at scale without anyone noticing. | Breaking it selectively to target individuals (the threat | people are actually worried about!) is much harder to | detect, no? | spiderice wrote: | > The answer here is no | | That's because it's a ridiculous premise. We don't have | any evidence that Tim Cook isn't robbing banks in his | spare time either. I'm not saying he does.. I'm just | throwing it out there because he might be. | | Not to mention the fact that you can't prove a negative | anyway. | Kab1r wrote: | You certainly can prove that a system is | cryptographically or otherwise sound. There is an entire | field of formal verification. Proving that an | implementation is correct is often more difficult, but | not impossible. | conradev wrote: | If it's a ridiculous premise, then why do we even try? | | Apple added Contact Key Verification to eliminate one | possible class of attack involving a lack of user | transparency. Still trusting a whole lot of trust in the | stack, but is an improvement. | | What you think of as a ridiculous premise I think of as a | goal to aspire to | wrayjustin wrote: | The claim is that (a) both entities are properly encrypting | the data _in transit_ and (b) either company could _steal_ | the plaintext client-side (after decryption). | | Trust that a third-party application isn't stealing the | decrypted messages requires the same type and amount of trust | that Apple is not stealing the decrypted messages (or maybe | less trust if the third-party solution is open source, etc.). | brookst wrote: | Except the stakes for Apple are so much higher. If they've | lied to everyone and are stealing messages, that's a multi- | billion dollar class action, against very little upside to | Apple. | | For a tiny company like Beeper, the incentives are | different. The upside of being dishonest far outweighs the | risks. | | Not that I believe Beeper is nefarious. They probably | aren't. But their risk/reward for abusing trust is very | different from Apple's | belltaco wrote: | It was the same when Apple banned Fortnite for daring to accept | payments outside of their walled garden and the forced 30% cut. | People falling over themselves to hate on Epic and defend | Apple's forced cut and the total removal of developer freedom. | If it was Microsoft the entire tone would be completely | different. | tinus_hn wrote: | You wonder why the company with 95% market share is treated | differently than the company with 40% market share. | simondotau wrote: | Does Epic Games give developers "total freedom" with Unreal | Engine or will they insist upon their royalty when | applicable? You can read their FAQ and there's literally a | section titled _" Why does Epic think it's fair to ask for a | percentage of a developer's product revenue?"_ | | What's good for the goose, etc. | jocaal wrote: | 5% Royalty past $1m for using the most high tech game | engine in the world is a totally reasonable price. Just | like 3% for using payment services is totally reasonable. | But 30% for using a distribution service is just absurd. | The only reason the app stores can charge that much is | because of their iron grip on the platforms. | TerrifiedMouse wrote: | > But 30% for using a distribution service is just | absurd. | | It's the market rate. Almost all retail stores online and | offline charge 30%. | simondotau wrote: | Boxed software at physical retail stores was more like | 70-90% of revenues, split between the retailer, | distributor, publisher, and manufacturing. | TerrifiedMouse wrote: | I doubt manufacturing gets a percentage cut - doubt they | want such a cut. Manufacturing likely charges by how much | you ask them to produce. They will quote you a price for | your order and maybe include a discount for large | volumes. | simondotau wrote: | Manufacturers gets paid, and they'll expect to make a | profit. No, they don't take a percentage, but that's a | rather academic distinction when the unit cost for | manufacturing is $5 and your product isn't marketable | with a price exceeding $50. | simondotau wrote: | By agreeing that _some_ amount is acceptable, you 've | conceded the principle. As the famous saying goes, _we're | just haggling over the price._ | | As for whether 3% is reasonable, again we can look to | Epic for evidence. Epic's own Steam competitor takes a | 12% cut -- and they admitted in court that it was a | money-losing venture. That should stop and make you | think. The Epic Games Store isn't even a complex | ecosystem, it's just a glorified Windows app downloader | and even then they couldn't make a profit at 12%. | | Apple argues that their 15% fee for most (30% for the | ultra-successful) pays for a lot more than just payment | services. It pays for absorbing the cost of fraud. It | pays for dealing with refunds. It pays for developing the | APIs. It pays for employing an enormous team to perform | some imperfect-but-useful oversight over the 1,800,000 | apps in their store. It pays for a lot of things. | | If you think Apple makes too much money, fine. That's a | perfectly fine argument to make. That's a very different | one to claiming that they're not entitled to make money. | Or that the government should dictate prices at them. | jocaal wrote: | But we are not haggling over the price. apple has control | over an enormous portion of the market. I can't haggle | because the big guy controls everything. | | And saying apples cut pays for more services is just | hilarious. we are forced to use those services and forced | to pay for them. Stripe does refunds and fraud detection. | There are other app development platforms for API's like | kotlin and flutter. | | And you and I both know that apple's margins on the app | store is a joke. Thats why they dont report it seperatly | in their financials. Whether epic couldnt make it is | their problem. | kaibee wrote: | EGS only loses money because they have to buy their | customers by giving away free games, to try to dislodge | Steam's position. The infrastructure costs of EGS cannot | be that high. | dylan604 wrote: | It has nothing to do with a lack of spirit. It's a 800lbs of | reality crashing down. There's nothing wrong with trying to | hack the Gibson. However, this wasn't just a hack, but a severe | threat to Apple's walled garden. As long as they are allowed to | have it, they will protect it at all costs. Thinking any | differently is just naive. So of course this is the ultimate | result. | martimarkov wrote: | It's identical to a jailbreak which gets patched ASAP so not | sure what is has to do with walled garden as much. | | I've played with the same idea of making an Android client | but I would never build a product on that because I know the | limitations on my side. | | As a company you are 100% allowed to break 3rd party client | when they don't have an agreement with you. It's your product | after all. Heck even with an agreement APIs don't support old | versions. | dylan604 wrote: | > It's identical to a jailbreak which gets patched ASAP so | not sure what is has to do with walled garden as much | | Why do you think they don't want you to run a jailbreak? | It's to protect the walled garden. If you can install apps | other than their store, that's lost revenue. They claim | security blah blah, but it's removing mouths from the teet. | So, it has everything to do with the walled garden. How | does that not make sense to you? | clnq wrote: | The jailbreak patches are for the walled garden, too. | Security is not a concern for those who use jailbreaks. | They want to get their devices in the insecure state and go | to lengths to do it. | | It's similar to how OpenAI uses "safety" to make sure their | LLMs don't get them in hot water, and PlayStation uses | "safety" to make sure their consoles do not become | associated with piracy and make publishers think twice. | | This kind of "safety" is about business interests. :) Some | companies can say it openly that they wish to protect their | business, as fundamentally there is nothing wrong with | that. Others can't as that will bode poorly for their | monopoly status and they will suffer (overdue) legal | repercussions. So it becomes "safety". | | Notice how companies that argue against user freedom for | "safety" are always in circumstances where bringing up | business interests behind "safety" won't bode well. | boxed wrote: | Seems like if this is allowed to stand you'll get massive | spam issues on iMessage within a few months... better to kill | it fast. | crazygringo wrote: | > _Where is the hacker spirit here?_ | | The hacker spirit is the fun of reverse engineering. The hacker | spirit is about personal use. | | It's _not_ expecting to be able to turn it into a _business_ , | or a popular app, that wouldn't quickly be shut down. That's | just common sense. | | > _Myself for example owns a Macbook, but an Android phone. Am | I not allowed to use iMessage? I paid the toll._ | | Of course you can. It's sitting there on your Mac where you can | use it as much as you like. | paulmd wrote: | It's also at severe risk of ruining the fun for numerous | other _hacker-spirit_ communities like hackintosh or | opencore. Apple can come down on this in ways that | potentially make it much more difficult for hackintosh to | operate, or for people to update their legitimate apple | systems after the end of official support. Which was pointed | out in those threads too. | | See also geohot taking some other PS3 exploits that were | already published and combining them into a piracy kit that | caused Sony to come down on them and patch the exploits, | ruining it for the rest of the homebrew community. | | There's a reason homebrew people try to keep it low-key, it | doesn't take many assholes to ruin it for everyone. Let alone | turning it into an app on their own platform lmao. | | A decent number of other hobbies also involve some collective | good-behavior and self-control lest the hammer come down for | everyone. Doesn't take many assholes doing donuts on quads | before you'll find motor access to that area removed or | prohibited, etc. Drones also ruined in like 5 years what r/c | airplanes had been safely doing for decades. Etc | leidenfrost wrote: | > it still puts the hackintosh and opencore communities in | the middle as collateral damage. | | Hackintosh is already on a death march. | | Sooner or later Apple will remove support for all x86 OSX | versions. | | Its life can be extended a bit by hackers who try to | backport the software from ARM to x86. | | But you can't sustain the entire Apple ecosystem by | volunteer work alone. | | Why spend resources trying to kill it when we all know it | will die ln its own in a few years? | ungamedplayer wrote: | I feel that contributing to these closed source extension | hostile software never ends up benefiting anyone long | term. | | I know people gotta make a buck though. Sucks. | dizhn wrote: | Arm based PCs are becoming a thing too. Won't the | hackintosh have a new home there? | walterbell wrote: | Arm-based PC SoC designed by former Apple M1 team | leadership, no less. | Nullabillity wrote: | The only people ruining anything for anyone in your | examples are Apple and Sony. | thegiogi wrote: | Sure, but when fighting asymmetric warfare self control | is paramount is it not? | | Would you not be mad at the guy bragging that he's a | member of the Resistance? They are not the Oppressor with | the capital O, but they are at least an asshole. | DANmode wrote: | Recruiting reduces asymmetry. | paulmd wrote: | Nah, assholes ruining access to the beach is a very real | phenomenon | ycombinatrix wrote: | what a comment. "geohot bad sony good" is certainly one of | the more unusual takes i've seen on HN. however, i don't | quite care for the taste of boot myself. | ffgjgf1 wrote: | That's not quite or hardly at all what they said. Nuance | is a thing.. | nine_k wrote: | No, it's "geohot unwise, Sony bad". | nine_k wrote: | All these activities live in a grey area: "We are breaking | some rules, but in such a small-time way that the big guys | don't bother enforcing the them". Fly below radars, and you | will have your small joys for indefinitely long. | | This raises the question: is that a space worth inhabiting? | Are hackintosh or homebrew PlayStation games worth it, | compared to more open platforms where you are not breaking | ToS? | | Answers, of course, differ! But the question is worth | asking. | dotnet00 wrote: | At least regarding homebrew PlayStation games, for me | that was a very valuable grey area space on the PSP and | then PSVita, since back then there weren't many other | kid-friendly options for similar portable computers (this | being relevant because as an adult I am not dependent on | convincing someone else to buy me things). | | Nowadays smartphones are so much more capable and so much | more accessible to kids, plus you can even get literal | handheld PCs like the Steam Deck, so homebrew is a lot | less worthwhile in my opinion (except for just the sake | of hacking, since consoles at least tended to have very | interesting security/DRM arrangements). | s3p wrote: | >Of course you can. It's sitting there on your Mac | | As I am sure we _all_ understood, OP meant on their Android. | martimarkov wrote: | The the OP should read what he is buying. | | I have a TV from 95 am I not allowed to watch Netflix? It | runs on my phone. | | Yes the limitations are different but you know them | beforehand you just go and say it's unfair I can't have | everything just the way I want it. | | You don't like iMessage - we have plenty of alternatives. | newaccount74 wrote: | That's a pretty defeatist take. What if I want Android | because SyncThing works better on it than on iOS? Then I | can't have iMessage? | | If you told people in 1995 that operating system vendors | and service providers would arbitrarily block certain | apps to lock you into their ecosystem people wouldn't | have believed you. | op00to wrote: | I want to use adb to communicate with my iPhones. Google | is evil using adb as a moat and locking away my access to | adb! See how silly that sounds? | flkenosad wrote: | It only sounds silly if you have a highly technical | background. | op00to wrote: | What are you trying to say? That iMessage is somehow | "required" to interoperate with others because it does | not require a highly technical background to use, but adb | is exempt? I'm not following your train of thought. | krrrh wrote: | "DOS ain't done til Lotus won't run" | | Whether that was ever fully policy at Microsoft, people | sure believed it was. | | 1995 was also around the time MS was pursing its embrace- | extend-extinguish strategy to the internet with internet | explorer. | ffgjgf1 wrote: | > If you told people in 1995 | | Really? Wasn't that somewhat common back then? | positus wrote: | > What if I want Android because SyncThing works better | on it than on iOS? Then I can't have iMessage? | | Correct. iMessage is an Apple service. If you want to | make use of Apple services you should probably use Apple | products. \\_O_/ | berkes wrote: | One of these is inherent, dictated by technological | abilities. The other virtual, made up and kept in place | by abusing a monopoly. | inferiorhuman wrote: | What monopoly would that be? Apple quite literally | advertises alternatives to its Messages app on the app | store landing page. | ycombinatrix wrote: | How many of those alternatives come pre-installed and | can't be removed? | inferiorhuman wrote: | How is that even relevant? The stock Messages app doesn't | conflict with any of the other messaging apps. | yencabulator wrote: | Lawsuits on Microsoft & IE pretty well established that | defaults matter for antitrust actions. | berkes wrote: | For the sake of the argumt, let's say there is no | monopoly, but a competitive landscape filled with | alternatives and switching costs are zero. | | Does that change my point about the difference in those | examples? | flkenosad wrote: | You can get alternative SMS apps on iOS? | rezonant wrote: | iMessage is just the iOS texting app. When someone says | "I'm having trouble getting Stranger Things to play on | Netflix" you don't tell them "You should switch to Hulu". | Netflix (iMessage / texting apps) has Stranger Things | (texting) and Hulu ("alternatives" like Whatsapp et al) | do not. | | As an Android user, in theory I shouldn't care about | iMessage. However, because of the way that iMessage | creates schisms, miscommunications, lost communications, | broken texting experiences and more between my Android | friends and my iPhone friends, I have to. I would like | the texting features of these phones to interoperate so | we can all text together in peace. | | I wrote up a scenario (user story?) that I think helps to | explain the problems I think should be solved that seem | to fly over so many people's heads, especially when they | advocate for over-the-top messaging apps like Whatsapp to | solve the problem (particularly in the US context): | https://news.ycombinator.com/item?id=38578101 | dzikimarian wrote: | No. Hacker spirit is owning your machine to its full extent. | For fun, for profit or just for mayhem. | | Apple using instant messaging, where no meaningful innovation | happened for decades to build their moat is pathetic and | disgusting. | tedunangst wrote: | If your mayhem requires communicating with third party | servers, who owns those computers? | colinsane wrote: | then to OP's "where's the hacker spirit" question: the | answer would be "the hacker spirit is to replace iMessage | with anything less controlled", right? that's still | equally as subversive against The Powers in the sense | that "hacker spirit" implies any form of subversion. | rezonant wrote: | Just like how all we needed to do to replace Facebook in | its heyday was to make a better Facebook! Remember | Diaspora? Any day now its going to dethrone the king and | I'll be able to see all my friends updates on Diaspora! | | The social graph lock in problem is well documented and | well understood. If most people use a certain solution | (in this case texting, and particularly in regions where | its dominant such as the US) then attempts to make a | replacement solution whose success depends on mass | adoption has an exponentially more difficult time in | achieving adoption, because there's no incentive for | users early on (because the social graph isnt there). | | At least in the US, texting has a ton of "gravity" | compared to other forms of messaging because it is built | in to every phone and entirely free with your phone plan, | so every user knows they can reach every other person | they meet via texting. | | New platforms gain critical mass more due to circumstance | and luck than anything else. Or, such as the case with | TikTok, via deep pockets and relentless advertising. | colinsane wrote: | > The social graph lock in problem is well documented and | well understood. | | i don't actually think it is. i don't know _anyone_ who | uses just a single messaging app (and thereby a single | protocol-level social graph). i have some mental map in | my head: "if i want to reach friend A, i do it on Signal. | friend B: Discord. friend C: SMS/tel/PSTN. friend D: | Matrix". i think this is a pretty common experience these | days: i'd hazard that my mix of 4 apps is on the _small_ | side. | | i admire Beeper, JMP.chat, and other groups trying to | improve messaging via better abstractions. i think it'd | be cool if they could maintain iMessage support, i also | think it's not critical to their success. the pain points | caused by that graph problem you point to is 1) | maintaining that mental map and 2) coordinating large | group chats. i don't see that the client-side/Beeper- | style solution to this is notably worse if they support | only 29 protocols instead of 30: for as long as my peers | are reachable by more than one messaging app, the odds of | bridging between them isn't radically different. | rezonant wrote: | > The social graph lock in problem is well documented and | well understood. > i don't actually think it is. | | Nitpicking but I was saying that the general social graph | lock in problem (also referred to as chicken/egg) is well | documented. | | > i don't actually think it is. i don't know _anyone_ who | uses just a single messaging app (and thereby a single | protocol-level social graph). i have some mental map in | my head: "if i want to reach friend A, i do it on Signal. | friend B: Discord. friend C: SMS/tel/PSTN. friend D: | Matrix". i think this is a pretty common experience these | days: i'd hazard that my mix of 4 apps is on the _small_ | side. | | Hi! Nice to meet you! I use only one messaging app for | all of my friends! It's called texting. As far as I know, | all of my friends do the same, with the only exception | being a few Internet-only friends where we use Discord. | | The "mental map" that you are describing is _exactly what | I want to avoid_. I am thankful that I have not had to | make one yet, and when people tell me to use over-the-top | chat apps like Whatsapp, I can see that the map must be | made. | | Just because this is the norm, doesn't mean I'm going to | do it, especially since we don't do it now. As much as | the interoperability problem between RCS and iMessage is | an incredibly annoying problem, I would take a single | unified messaging experience over some crazy fragmented | one with a zillion apps any day. | | > 2) coordinating large group chats. > for as long as my | peers are reachable by more than one messaging app, the | odds of bridging between them isn't radically different. | | A little confused by this, because Beeper and other | unifying clients cannot in fact make groups which have | participants on multiple platforms at all. | | You said you need 4 messaging apps right now to | communicate with everyone you communicate with. How many | of those users also have all 4 of those messaging apps? | Obviously it's not all of them, or you'd just use one | messaging app. The fact that you need four implies that | for a given selection of contacts, there is a chance that | it is impossible to create that group chat, because there | is no shared platform they are all on. Then you factor in | that in some scenarios you need your contacts to include | additional contacts, and perhaps your 4 messaging apps | needs to grow to make it happen. And of course if you | already made the group and you need to just add _one more | person_ then you might have to scrap and remake the group | somewhere else. But then that group that already has some | messages in it still exists, and people will keep texting | it! Now you 've split your group chats! | | On top of this, I want to note that the mental map you | have built is also prone to becoming stale. If one of | your friends is on Signal and Whatsapp but prefers | Whatsapp, but then uninstalls Whatsapp and forgets to | tell you, then you very well may send a message to that | person and have it never arrive. Of course they might | bail out of both Whatsapp and Signal, and just go back to | SMS. Now none of your messages will land- you didn't even | think they were interested in SMS. | | Sure, if they are a close friend its likely they'll let | you know. Most people have 1-5 close friends. But most | people also have far more contacts in their contact book, | and some of those people they might only message a few | times a year. That's not a mental map that can be | maintained, or if it can, I don't want to. | colinsane wrote: | > I use only one messaging app for all of my friends! | | i admire the resolve. on the other hand i think that | rules out iMessage playing much role in that long-term, | right? like, they're just never going to play nicely with | others, it's not easy for the broader developer base to | integrate with much less improve, and so on. so you're | back to SMS, and the baseline SMS experience now is | pretty limiting and stalled (much as SMTP stalled): a big | part of why people leave for app-based messengers is for | features like voice memos, video-chat, multi-device (e.g. | PC) support, better multimedia support, etc. to say "SMS | forever" i think is to say "i'm okay never having these | features" -- which is a fine decision but important to | note. | | > A little confused by this, because Beeper and other | unifying clients cannot in fact make groups which have | participants on multiple platforms at all. | | i'm pointing to where i understand the landscape to be | headed. for channel-based chat systems like Discord, irc, | Matrix, XMPP/jabber, Slack, it's common enough to find | channels which are bridged across 2 or more of those | protocols. my experience with ephemeral group chats is | that if i want to plan a large enough event i just end up | starting multiple group chats, and the unimportant | details are chaotic but the important ones like | where/when we're meeting i make sure find their way into | both chats. there's a _possible_ future where i start two | group chats and my client bridges messages between them | in the same way those channel-based systems bridge. | rezonant wrote: | > i admire the resolve. on the other hand i think that | rules out iMessage playing much role in that long-term, | right? like, they're just never going to play nicely with | others, it's not easy for the broader developer base to | integrate with much less improve, and so on. | | Well Apple is implementing RCS, so that's good. But look, | I don't really think the blue bubble stuff stems from not | being able to put stickers on the conversation. It | definitely doesn't come from not being able to emoji- | react ("tapback" as Apple calls it) because that still | works on SMS, but the SMS participant receives a text | message describing the tapback. In Google Messages and | other modern clients, that gets interpreted by the phone | and turned back into an emoji reaction [1]. | | I don't think the blue bubble hate comes from people not | being able to do inline replies. I don't think it comes | from the inability to edit your messages when in an SMS | conversation. | | The source of the blue bubble hate comes from group chat | splitting. When you have an iMessage group chat and you | hit Add to add a new user, but that user is not an | iMessage user, you are shown a prompt that says "Create a | New Group? Contacts not using iMesage can only be added | to a new MMS group with the same members. Contacts using | email address handles will use a phone number instead." | | You are given two options: "Cancel" and "New Group". | | If you choose New Group, you'll now have two groups. If | you do nothing else, no one knows a new group was | created, since no messages were received. If you send a | message, its still entirely possible for the other group | members to message either or both group chats. Chaos | ensues. | | It's not clear that Apple is actually going to fix this | with RCS. Seems most likely they will not, that group | chat splitting will still occur, just replacing SMS with | RCS. | | > i'm pointing to where i understand the landscape to be | headed. for channel-based chat systems like Discord, irc, | Matrix, XMPP/jabber, Slack, it's common enough to find | channels which are bridged across 2 or more of those | protocols. | | Bridging is hacky, and involves not showing contact | information for each user. You (of course), can't start a | DM with such a user, and I'd assume things like @ | mentions are ambiguous or nonfunctional. | | Sure it _can_ be done, but it is kind of a terrible | experience. Even Matrix and IRC have the same problem, | and that's one I've actively experienced from both sides | (IRC and Matrix). | | > my experience with ephemeral group chats is that if i | want to plan a large enough event i just end up starting | multiple group chats, and the unimportant details are | chaotic but the important ones like where/when we're | meeting i make sure find their way into both chats. | | I commend you, because you take a lot more effort than | most humans to make sure things end up on both ends. In | my experience, with the humans I have to deal with, its | about a 5-10% of the time this happens, and usually its | by sending a screenshot of the other group chat with half | of the first line of the next message showing more | important details that they decided "weren't relevant" or | just didnt fit on the phone screen. | | Also it should be obvious but some kinds of planning are | simply not possible or require people to perform special | courier roles to complete. Things like planning for what | weekend everyone's free or what elements of a potluck | everyone's going to bring are pretty tedious to manage | between 2 group chats. | | Furthermore, in my experience events that need planning | aren't given dedicated ephemeral group chats, instead | they are simply planned on whatever group chats they | already have. People don't tend to put a lot of thought | into making sure people are included, especially if the | group chat is large. Some of the family group chats I'm | in are 12-14 people. Not all of those people are coming | to the potluck. They still use it, and honestly I think | that's better than having to juggle every combination of | every participant and keep track of whos in each one. | | [1] Side note here, after Google started interpreting the | (fairly annoying) iPhone tapback SMS messages as | tapbacks, Apple introduced a similar feature to interpret | tapback SMS messages --- but only for iPhone sent | tapbacks. So the scenario is a group chat with 2 iPhone | users in it-- the tapbacks show as SMS to the receiving | iPhone, but it gets turned back into a tapback emoji | reaction. This only works for iPhone style tapback SMS | messages. The slightly different format that Google | Messages sends is... ignored... | | Pretty much the most smug Apple way they could possibly | implement that feature... but now the Pixel in the chat | works in all cases and the iPhone only works in half the | cases, so it actually only hurts Apple users' experiences | corobo wrote: | Depends who you ask. Me personally? The hacker spirit is | coming across an impossible task and doing it anyway. | | Figuring it out is much more fun than just using | something else! | | Make money, don't make money, cash is unrelated to the | definition. | ed_elliott_asc wrote: | This is a bit strong, "disgusting" conjures up other things | for me. | onethought wrote: | What is the meaningful innovation in messaging that | happened elsewhere? | dzikimarian wrote: | It didn't happen anywhere. Yet IM vendors (not only | Apple) still pretend we need propertiary protocol to | transport a few bytes of unicode. It should be | standardized long time ago. | flkenosad wrote: | Is there an existing open standard that works just like | iMessage? | tristan957 wrote: | You mean E2EE chat? Yes. There are even federated | protocols. | nurettin wrote: | > Hacker spirit is owning your machine to its full extent. | | I thought it was about owning anyone's machine to the full | extent. Did this change during the past 30 years? | bongobingo1 wrote: | hacking vs cracking | segfaultbuserr wrote: | Hacking vs. cracking is a useful system of | classification, but the distinction is not absolute, | there is a gray area between these two. Many well- | respected hackers started their careers by compromising | systems of other organizations, cracking copy-protection | in commercial systems, or obtaining privileged | information about proprietary systems (famously AT&T's | telephone system), but these acts were committed mostly | out of curiosity, as technical challenges, or as a | protest of the perceived power imbalance that violates | the spirit of hacking - rather than motivated by monetary | gains or a desire to bring mayhem and destruction. | Whether or not these activities are acceptable depends on | someone's own personal interpretation in a case-by-case | basis. | mediumsmart wrote: | you be the judge - https://www.catb.org/~esr/faqs/hacker- | howto.html | nurettin wrote: | I probably contributed to the how to ask section at some | point. | dzikimarian wrote: | Well 30 years ago owning your machine could be taken for | granted. Today - not necessarily. | fauigerzigerk wrote: | _> Of course you can. It 's sitting there on your Mac where | you can use it as much as you like._ | | For what? | | I own a Mac an iPhone and an iPad but iMessage and FaceTime | are entirely useless to me because no one I communicate with | on a regular basis uses Apple devices. Same thing with | various iCloud sharing features. Not using the family sharing | offers is entirely uneconomical as well. | | So what happens is that I gravitate to other ecosystems. I | use WhatsApp. I upload all my photos to Google Photos. I | mirror my iCloud Drive to Google Drive to share and | collaborate with people on various things. | | I have enabled Apple's advanced data protection for end to | end encryption but it's entirely farcical as my stuff is all | over the place anyway. | | Almost everything Apple does in terms of software and | services is useless to me. They are not locking me in. They | are locking me out. | | I'm paying for their excellent hardware, the m-series CPUs in | particular, but I'm using my "spare" Pixel phone more often | because the software suits me better. | | I appreciate a lot of things that Apple does but it's only a | question of time until some other ARM based hardware catches | up enough for me to stop overpaying Apple for software I | can't use anyway. | gms wrote: | What's the problem here? Seems like you found fine | alternatives. | fauigerzigerk wrote: | My problem is that I'm paying for something that could be | far more useful than it is, and I haven't actually found | satisfactory alternatives. For instance, I haven't found | an end-to-end encrypted and still user friendly cloud | option for my photos. | | Apple's problem is that they are selling less to me than | they could and risk losing me as a hardware customer as | well. | | Now, I totally get their strategy. It's a bet that net | net they are locking more people in than they are locking | out. It's hard to tell whether or not this is paying off | for them. Not even Apple can know the counterfactuals. | xattt wrote: | I'm trying to figure out why it's a crappy experience | elsewhere, but not on Apple devices. I don't think Apple | deliberately contributes to Android hardware development | to just make it less usable. | | The ball is in the court of Google et al. to make | messaging and video chats less frustrating. | Melatonic wrote: | That's the thing - android to android with RCS and e2e | enabled is pretty comparable to iMessage now. And apple | could have just opted into adopting the open standard | years ago | avianlyric wrote: | > For instance, I haven't found an end-to-end encrypted | and still user friendly cloud option for my photos. | | iCloud Photos is E2EE if you turn on iCloud's "Advanced | Data Protection". That migrates the vast majority of your | iCloud data into E2EE storage. | fauigerzigerk wrote: | I know. That's my whole point. Apple has it but it's of | little use to me because of their limited cross-platform | sharing. | Grustaf wrote: | If you don't want to communicate with other Apple owners | over iMessage, then there is no issue. | | What Beeper set out to do was to solve the opposite | problem, people who don't have Apple devices, but want to | use iMessage. | | And the poster above did have an Apple device, and wanted | to use iMessage, but didn't seem to realise that iMessage | works on Macs too. | rezonant wrote: | Only via email address. You need an iPhone to receive | iMessage via phone number, and in a country where texting | is dominant, you're going to be texted via that phone | number, even by your iPhone friends. | OJFord wrote: | If you set it up on an iPhone once, is the number then | linked somehow? Since fully Apple users do get phone | number iMessages pop up on macOS too right? Or is that | only locally synchronised by Bluetooth or something? | rezonant wrote: | Yes, you can receive iMessages to the phone number on | linked devices when the phone is off. You cannot receive | SMS when the phone is off. | fauigerzigerk wrote: | _> If you don't want to communicate with other Apple | owners over iMessage, then there is no issue._ | | The issue is that I as an Apple user want to be able to | use iMessage to communicate with Android users. | photonerd wrote: | Given Android users don't have iMessage that's kind of | not an issue then. | fauigerzigerk wrote: | This _is_ the issue and it's what this whole debate is | about. | ToucanLoucan wrote: | It isn't a debate. You're demanding access to a walled | garden on the grounds that you don't think the wall | should be there. | | You're entitled to use or not use iMessage per your | preference. You are not entitled to use of iMessage on a | platform of your choosing. Where do we stop this? Is | Apple then required to create iMessage clients for | Windows Phone as well? Perhaps a Blackberry client too? | Maybe a website? | | If you want to share an iMessage account and all the rest | of the ecosystem benefits Apple provides, then get an | iPhone. That's how you do that. And you can still | absolutely talk to Android users once you have an iPhone, | because the iPhone provides the essential middle-agent | between iMessage and SMS that enables you to do that. | Apple has done this forever and has designed Messages to | degrade gracefully: you are not barred from texting | anyone who doesn't have an iPhone, instead your message | is converted to SMS completely seamlessly and sent from | your phone even if you actually sent it from a Mac or | iPad. | | The endless moaning and whining from people not in their | ecosystem about iMessage is so, so fucking tired at this | point: from the accusations of platform lockout to the | bitching about the fact that SMS messages are green | instead of blue, on and on. If you guys are SO HARD UP | for that iMessage goodness then just pony up for an | iPhone, holy shit. Or at the very least, go bitch up | Google's tree so they'll develop a decent messaging | client that won't be abandonware within 6 months. | fauigerzigerk wrote: | Quoting myself from this very thread: | | _" I own a Mac an iPhone and an iPad but iMessage and | FaceTime are entirely useless to me because no one I | communicate with on a regular basis uses Apple devices"_ | | and | | _" The issue is that I as an Apple user want to be able | to use iMessage to communicate with Android users."_ | | To sum it up for you as succinctly as I can: I am an | Apple customer expressing unhappiness about some aspects | of the product and the product strategy. | stanleydrew wrote: | But that's not within your control. To use iMessage with | Android users you'd need to convince them to use an | iMessage client. Usually that means buying an Apple | device, but with Beeper Mini the burden was reduced to an | app install. But you still need Android users to take | affirmative action for you to use iMessage with them. | Melatonic wrote: | The poster does - he was claiming that since he bought | one Mac device capable of iMessage that he should then he | allowed to use it also in his android device (where it | would be far more useful) since he already paid the apple | "tax" or what have you for iMessage access. | rezonant wrote: | > but I'm using my "spare" Pixel phone more often because | the software suits me better. | | Welcome! Pixel is all you need. | grishka wrote: | > So what happens is that I gravitate to other ecosystems. | | I use a Mac but an Android phone. Android because I require | the ability to install apps from arbitrary sources, | including piracy. Mac because modern Windows is so | contemptuous towards its users, and desktop Linux falls | apart unless you know the intricacies of its internals. | | Anyway, transferring files between the two was a pain in | the butt that eventually grew so immense I reverse | engineered Google's Nearby Share and made this: | https://github.com/grishka/NearDrop | | Though yes, I'm not North American so iMessage is just a | non-issue to me. I don't know anyone who uses it. No one | uses SMS for actual messaging between people, everyone's | SMS inbox is 99% OTP codes and various other automatic | notifications. Literally everyone who I communicate with is | reachable through Telegram. | pjmlp wrote: | Actually it is more like knowing the intricacies of its | distribution specific internals. | bonney_io wrote: | > I require the ability to install apps from arbitrary | sources, including piracy. | | No one "requires" access to theft. | 4ndrewl wrote: | If you want to play semantics, you can't "buy" a digital | service | grishka wrote: | Piracy isn't theft because it doesn't deprive anyone of | anything, and English isn't my native language. | pbhjpbhj wrote: | Can you do what people did with Windows in the noughties, | install a different OS and get a refund for the OS portion | of your purchase (or for the apps portion??), it sounds | like you're not using it? | norman784 wrote: | AFAIK macOS is free for people with an Apple device, so | this won't work. | danaris wrote: | ...Where did you get that from their post? | | Unless my eyes are just completely missing it, I didn't | see anywhere that they said or implied that they weren't | using macOS or iOS on their Apple devices. | tibbydudeza wrote: | Use WhatsApp - it works on both platforms. | krrrh wrote: | The hacker spirit uses Signal. Promoting WhatsApp over the | more open community-supported alternative is worse than | gloating over Beeper. | fauigerzigerk wrote: | I would very much prefer to use something other than | WhatsApp (especially as Facebook has banned me for life | from all their other apps), but my attempts keep failing. | | My wife won't use Signal because it includes a crypto | wallet and crypto transactions are taxable. | | Matrix/Element would be my preferred option, but it | causes so many security or encryption related issues that | it has scared off everyone I tried using it with. Nobody | knows what to do with the incessant popups demanding to | "verify" something or other. Nobody (including myself) | knows why older messages often can't be decrypted. | | Telegram is less secure than WhatsApp. | | Threema is not free, which makes it difficult for me to | ask people to install it. It's not open source either. | | iMessage is Apple only. | | So what's left besides WhatsApp? | kelnos wrote: | > _My wife won 't use Signal because it includes a crypto | wallet and crypto transactions are taxable._ | | I think the crypto wallet is lame, and am disappointed | the Signal folks decided to integrate something like | that, but it's entirely opt-in. If she doesn't want to | worry about being taxed on crypto transactions, she can | simply not use that part of the app. I actually forgot | for a second it was there until you brought it up, and | I'm a daily Signal user. | fauigerzigerk wrote: | I told her it's not activated by default but she doesn't | want to touch crypto with a 10 ft pole. She says if it's | in there then tax authorities might eventually come | asking if the feature becomes popular. And then she would | have to keep evidence of not actually using it. | | I think her concerns are overblown, but it shows how | incompatible taxable transactions are with a privacy | focused app. The two things should be kept well apart. | | [Edit] Politically, it kind of defeats the purpose as | well. You want to be able to argue that you have a right | to privacy when it comes to personal communication. You | don't want to be in a position of having to defend the | privacy of trading securities. | DANmode wrote: | It does not show this. | | Separately, you've either misunderstood her position, or | it's poorly thought out, and/or ideologically based. | | What path would tax authorities use to ask Signal users | (and only Signal users) if they've used cryptocurrency? | fauigerzigerk wrote: | _> What path would tax authorities use to ask Signal | users (and only Signal users) if they've used | cryptocurrency?_ | | Tax law. In the UK, every single payment in | cryptocurrencies, however small, is a taxable disposal | that you have to include in your tax return if your total | proceeds or gains from all investments are above a | certain threshold. | | I'm not ideologically opposed to cryptocurrencies and | neither is my wife. She's just allergic to anything that | could potentially raise tax questions. | Maken wrote: | Now I'm seriously wondering how hard is to fill taxes in | the UK. I think I have done worse mistakes than a few | cents in crypto and all I got was having to resubmit the | forms. | | Edit: On second thought, I don't own a business, so I | guess nobody is going to look into my tax fillings with | the same suspicion since they do not expect me to be | doing anything funny with my accounting. | fauigerzigerk wrote: | _> Now I'm seriously wondering how hard is to fill taxes | in the UK_ | | Doing it correctly is non-trivial. You have to submit a | so called computation for each individual disposal, which | can easily run into several pages. | | The algorithm for working out the cost of a disposal is | actually a pretty interesting test case for learning a | new programming language or paradigm. Try implementing UK | share identification rules in SQL for instance :) | Podgajski wrote: | This is why I also have my signal set for automatically | disappearing messages. I want you all to try to delete | your messages if you have iCloud turned on. It's | impossible and if you managed to do it they're stuck on | the server for 30 days. Apple is a spy service. | baq wrote: | I wish watching ads on Facebook was treated as personal | income that you have report to IRS. Social graph would | fix itself in a nanosecond. | dimask wrote: | You do not have to activate the "crypto wallet", even | less use it. | worthless-trash wrote: | TIL it even has one. | fauigerzigerk wrote: | I responded to this in the other thread: | https://news.ycombinator.com/item?id=38580504 | viktorcode wrote: | I use many messengers, Signal too. It lacks in polish and | features compared to all the others. Its security premise | is undermined by insistence of using a phone number - | which can be spoofed or taken over - to sign up. | | I see it as the result of hacking spirit running the | development, not the product team. Currently it can't | compete. | Podgajski wrote: | not only does the hacker spirit use Signal, but they tell | people that's the only way they want to communicate. At | least that's what I do. It forced my friends to install | Signal because of it six more people are using Signal. | | People who contact me over SMS get an immediate phone | call from me in response. | op00to wrote: | What strange woman lying in a pond gave you a sword to | make you Decider Of The Hacker Spirit? | the_gipsy wrote: | WhatsApp (meta / facebook) acts exactly like apple here: | they're sending cease and desist letters to OSS projects. | | Better use matrix which is an open protocol. | tibbydudeza wrote: | Like ActivityPub ???. Problem is public mindshare and | adoption. | nicce wrote: | > It's not expecting to be able to turn it into a business, | or a popular app, that wouldn't quickly be shut down. That's | just common sense. | | When I noticed that there is 2 dollar subscription required | to use this app, then all my blame from Apple went to these | developers. | | You can't really expect to do business with other company's | service's without asking permission or cooperating. | Especially, if the required interfaces are not exactly | public. | | Maybe this App had hope as free version, but not as business. | What they were thinking. | unyttigfjelltol wrote: | It's called a "phone". It works with the "phone network", | AT&T communicates with Verizon. They each fund themselves | and are interoperable. | nicce wrote: | For "phone" features, there are own standards and all the | "phones" support them. They are public and everyone | cooperates. | | iMessage is like Discord. It is messaging service tied to | specific backend, and also devices in this case. | | What if I reverse-engineer Discord, make a commercial | application which uses their non-public backend (not with | webview) and never tell anything for Discord? Should the | "phone" argument hold in this case? | | Discord is not the best example, because it 'allows' | third-party level clients on some level, but above should | not be the case. | rezonant wrote: | > iMessage is like Discord. It is messaging service tied | to specific backend, and also devices in this case. | | It's different, because the only texting app on the | iPhone automatically prefers iMessage. Did you make a | group with 2 iPhone friends and now you're adding a non- | iPhone? Congratulations you now have two group chats. No | way to merge it, and you have to manually tell everyone | not to use the first one. But they will anyway, and the | conversation splits. | nicce wrote: | The problem you are describing is more like a social | problem, and applies to many other aspects as well. | | Usually people know the consequences of their actions. If | they don't use Facebook, Instagram, WhatsApp or any other | "currently" popular social platform, there is always risk | that you isolate yourself from the part of group which | prefers the former. | | Is that one person important enough that other group | members ditch the other groups? | | Here comes the reason why Meta, Discord or any other | social platform with enough user base is highly valuable. | Social pressure keeps users on their platforms. | | Apple is doing the same with iMessage in hopes of pushing | device sales. But it is still messaging service. It does | not forbid you using regular cellural standards. | | The question is that are the set defaults same as known | decision? Not for everyone, but I don't think that | conversation splitting is good enough argument here to | reason why making business in this case would be good | decision. | rezonant wrote: | > The problem you are describing is more like a social | problem, and applies to many other aspects as well. | | Yes! But it's a social problem created by an intentional | product choice that makes their own users have a worse | experience in service of retaining their walled garden | _at the expense of your customers relationships_ on a | service that they are embracing and extending for their | own ends... | | And they could fix it too. There is zero reason to leave | that original iMessage chat around from a technical | perspective. They can even put a big scary banner at the | end of the iMessage history saying Hey this is not | encrypted anymore! watch out! | | > Usually people know the consequences of their actions. | If they don't use Facebook, Instagram, WhatsApp or any | other "currently" popular social platform, there is | always risk that you isolate yourself from the part of | group which prefers the former. | | Yes, choosing not to use the three Meta apps you listed | is your own damn fault. You're isolated because of your | own poor choices. Just give up and feed the beast instead | of, you know, trusting the phone/OS manufacturer you | purchased your premium phone from and the carrier that | you pay for your phone service. | | > But it is still messaging service. It does not forbid | you using regular cellural standards. | | This is the part that's not actually true, because you | cannot make an MMS group with only iMessage participants. | You cannot opt out of iMessage on 1x1 conversations | either. | | Using or not using iMessage isn't actually a choice, it's | an automatic "upgrade" | | I'm not even sure it's possible to disable iMessage | entirely. EDIT: This exists actually | | EDIT 2: "Messages app automatically chooses the type of | group message to send based on settings, network | connection, and carrier plan." | https://support.apple.com/en-us/HT202724 | cowsandmilk wrote: | In the scenario you describe, you can't add a third | iPhone user either. You can only add people when there | are already at least 3 participants. | unyttigfjelltol wrote: | The phone network in the US was basically the same 50 | years ago.[1] It took a major antitrust fight to bring | about "cooperation". So strange, folk strenuously | defending obviously anticompetitive conduct. | | [1] https://en.m.wikipedia.org/wiki/Breakup_of_the_Bell_S | ystem | nicce wrote: | I would say that this is not proper comparison. | | It would be proper if iMessage would be the only | messaging service phone users can use and installation | and usage of the others are restricted. | | But anyway, my whole comment is about making commercial | messenger with the expense of other product (aka. backend | services of Apple) without permission, cooperation or | anything else. There aren't official public APIs for | iMessage other than for Business use. | truegoric wrote: | > The hacker spirit is the fun of reverse engineering. The | hacker spirit is about personal use. | | ,,We make use of a service already existing without paying | for what could be dirt-cheap if it wasn't run by profiteering | gluttons, and you call us criminals." | | I believe that if you want to see hackers as only kids doing | ,,fun stuff" at their desk at night making their | (metaphorical and not) parents angry then either you are | missing the bigger picture, or capitalism has gotten their | ideological claws on the hacker culture and turned it into an | obedient bunch of techbros that wouldn't even dream of making | the information free, as it wants to be. | GeekyBear wrote: | > It's not expecting to be able to turn it into a business, | or a popular app, that wouldn't quickly be shut down. That's | just common sense. | | Can you even imagine the reaction if the uBlock Origin folks | attempted to make the case that Youtube updating their site | to prevent ad blockers from working was some sort of | nefarious violation of "the hacker spirit"? | rvz wrote: | > Where is the hacker spirit here? The number of Apple | apologists that have crawled out to say "see? I told you so!!" | is saddening. | | You should not be surprised around the risk of depending on | reverse engineered third party integrations which the provider | can seek to cut you off of unauthorized interactions. | | > It is a bit dicey when you're charging for it, but since Mini | was entirely client-side it would be feasible for a free | version to exist. | | That makes no sense for Beeper. | SaberTail wrote: | Apple wouldn't even exist if not for this type of hacking. One | of Steve Jobs and Steve Wozniak's first projects was selling | blue boxes[1] to play around on AT&T's telephone system. | | [1] https://en.wikipedia.org/wiki/Blue_box | JumpCrisscross wrote: | > _One of Steve Jobs and Steve Wozniak 's first projects was | selling blue boxes_ | | Which didn't scale because it doesn't scale because the blue | box stopped working. Sort of like Beeper. | lofaszvanitt wrote: | Beeper's true purpose was to show people that it's possible | without an iPhone. What you don't know how many other | clients like this worked and for how long... | latexr wrote: | > Beeper's true purpose was to show people that it's | possible without an iPhone. | | What's your basis for saying that? Honestly asking. Seems | like Beeper's true purpose could just as well have been | to make money. | | _Of course_ this is possible without an iPhone. Apple | could build it anytime they want, they just don't. Which | I disagree with, but that's a different argument. | epistasis wrote: | And the penalty for getting caught wasn't merely having your | connection turned off, it was a trial. | | Selling a device that transgressed the boundaries doesn't | mean they thought that no boundaries should exist, it just | means they knew it was possible to do something technically | interesting and would allow them to make money. | | If Jobs and Woz thought there should be now penalties for | using blue boxes, my guess is that they thought the telco | should merely implement a better system, not that everybody | should get free access to it. | zer0zzz wrote: | This should be the top comment | Klonoar wrote: | _> Where is the hacker spirit here?_ | | The site is called "Hacker News" but it's predominantly existed | over the years as a funnel for the business-centric Valley | industry. | | Which is to say that I think you're trying to apply _one | specific_ definition of "hacker" when it doesn't really work | that way. | lolinder wrote: | There's that, but I'm not an SV person and my reaction was | still "well, duh!". | | An app like Beeper Mini _wants_ to be something like NewPipe | for YouTube: installable only if you know how to download | F-Droid, maintained by a community of fans, used only by | people who understand that Google can break it at any time | and it might take days to weeks for it to recover. | | What Beeper did instead was build a startup and sell | subscriptions to mainstream users, and now that it inevitably | broke they come off as very whiny about it. It's not just | Silicon Valley business types who see that and wince: it's | offensive to old-school hackers too. | smeej wrote: | Know how to download F-droid? As in, "Google F-droid, click | link to f-droid.org, click 'Download F-droid'"? | | I guess I can only speak for myself, but I'm pretty alright | with people building apps with the expectation that would- | be users will need to know how to install apps. | lolinder wrote: | I didn't say it was a high bar, but it's enough of a | barrier to drive off most of the entitled complaints when | Google periodically breaks the app. | Nullabillity wrote: | Everyone deserves a path around vendor bullshit, not just | "true hackers". | op00to wrote: | Please, no. I do not want to have to clean malware off my | inlaws phones in addition to their fucked up computers. | anticensor wrote: | This site was originally called "Startup News" then renamed | to "Hacker News". | oneplane wrote: | iMessage is Apple's service, and they can do with it whatever | they want. No other arguments are really relevant. | | As for whatever reasons Apple comes up with: that is probably | also not going to be relevant as a multinational that is | beholden to money is going to have the legal department and PR | do that sort of messaging and not anyone on the technical side | of things. | | Speculating as to why things are the way they are: Apple knows | that people in some socioeconomic ecosystems value iMessage as- | is, so we can expect their intent to be aligned with keeping | that value. Reusing all in-house crypto and account management | certainly makes it easier on the engineering side as well. | tcfhgj wrote: | They can't, if they have extreme market power, mich like | Microsoft can't do anything they want with Windows | oneplane wrote: | And that's where that 'if' is important: iMessage isn't | very relevant outside of the US. Worldwide it doesn't even | reach the top 5. Inside the US, even Facebook Messenger is | apparently used more than iMessage. | charles_f wrote: | I wouldn't take that as a lack of hacker spirit ; and honestly | saying this was to be anticipated is not being an applogist. | You could tell this would happen, notably because they were | selling a product on top of a retro-engineered API, and it made | quite the noise. Even if they hadn't closed it at a technical | level, they'd probably have done it at a legal level. | | And to point out the obvious, Beeper was _also_ closed source. | I don 't trust apple much, but I trust a random startup much | less to believe that they're not either doing something dicey, | or screwing up the encryption protocol and creating tons of | security holes (esp. if it was retro engineered). | | Honestly, as you're pointing out the closed source character of | all of that, I'd much rather use something like Signal. | lxgr wrote: | > since Mini was entirely client-side it would be feasible for | a free version to exist. | | It uses a server for bridging APNs to GCM. Sure, that could be | maintained on a donation basis, but it's not completely | infrastructure-free in any case. | rezonant wrote: | If you think about it, it's actually not even a technological | requirement. It's plenty possible to use an Android system | service which maintains a connection for Beeper Mini | persistently from the phone. After all that's what GCM does | too. Yes, it would require backgrounding permissions, but | that is something pretty justifiable for a messaging app, and | when using the right UI practices, you can explain this to | the user before they grant it. | | So yes, it's absolutely possible for this app to be 100% | client side and I wish Beeper would've done that to start, if | for no other reason than to dispel the misinformation around | that BPNs is somehow required for the core operation of the | app. | | To be fair, they probably thought making this explicit in | their How It Works article would be sufficient. | lxgr wrote: | Is this actually still possible without (or even with) a | foreground notification? I thought Google clamped down on | that practice a while ago, since it increases power, data, | and memory usage. | thaumasiotes wrote: | > I thought Google clamped down on that practice a while | ago, since it increases power, data, and memory usage. | | I don't really follow the reasoning. If saving on power, | data, and memory usage were more important than the | ability to receive messages, it would follow that you | were better off carrying around a cinder block than a | phone. | charcircuit wrote: | Having n apps all actively querying various servers all | the time will waste resources. The solution Google | provides is Firebase Cloud Messaging which is the blessed | notification service on the system which handles | querrying notifications for all apps. FCM even avoids | waking up the system from idle if the notification | received is not high priority and can wait until sometime | in the future when the device momentarily stops idling to | processing everything at once before idling again. | rezonant wrote: | Well except that maintaining a connection to APNs is | cheaper than spinning up periodic tasks to connect to | APNs to check for new messages, and is exactly the same | process that GCM itself uses (persistent connection), | _and_ you probably only have one such messaging app, so | unless GCM is considered a major battery drain (hint, it | 's not) I think it would be fine. | | And in this case, GCM actually creates potential | vulnerability. This should be allowed, and if Google sees | it as a problem, they should implement a system service | to retrieve from APNs. I believe the API is public. | | Backgrounding is problematic when devs do it wrong or | disrespect the user, but this isn't one of those cases. | | Android preventing background processes in this case is | worse for the user. | lxgr wrote: | > and you probably only have one such messaging app | | That sounds extremely unrealistic. If nothing else, you | already have GCM - I don't think it deactivates the | persistent connection even if you don't have any | notification registrations. | | > Backgrounding is problematic when devs do it wrong or | disrespect the user, but this isn't one of those cases. | | But how would Google distinguish "disrespecting" from | intentional use cases? | | I've used Android for years, and uncontrollable | background services were a big problem. | | > unless GCM is considered a major battery drain (hint, | it's not) | | It's as much a battery drain as APNs. The point is that I | want as few of these persistent connections and | background services as possible, and the ideal number is | one. | rezonant wrote: | > That sounds extremely unrealistic. If nothing else, you | already have GCM - | | I'm confused. GCM is Google Cloud Messaging. It's also | known as FCM or Firebase Cloud Messaging. It is the | Google Play equivalent of Apple Push Notification Service | (APNs). It's job is just to provide a persistent | connection for delivering push notifications. | | > I don't think it deactivates the persistent connection | even if you don't have any notification registrations. | | It seems almost impossible to be running an Android phone | that has zero push notification subscriptions registered. | | > But how would Google distinguish "disrespecting" from | intentional use cases? | | Via app review and banning apps that abuse those use | cases. It turns out you can also decimate the user's | battery using the stuff Google still lets you do (like | periodic background tasks), but we don't ban those things | because otherwise your phone would be useless at that | point. Of course both the periodic task system and the | persistent background service both would show up in your | battery usage statistics, so the user and the system | would be _plenty_ aware that the app is misbehaving. And | of course Google Play Protect can send along that | feedback back to the Play Store in both cases. | | > I've used Android for years, and uncontrollable | background services were a big problem. | | Cool, I also have used Android for a long time! Started | on the Nexus 5 back in 2013 and have used Android devices | ever since. | | > and uncontrollable background services were a big | problem. | | Hm, I wouldn't say they were a big problem but I guess I | just used well behaved apps. Certainly restricting | background behavior helped battery life, but at what | cost? | | What you might not realize is that there are a number of | permissions that you can declare in the Android manifest | that trigger the Play Store review to be... just a little | more thorough about your apps behavior. This should be | one of those permissions. Using it for a persistent | connection to a messaging service is absolutely a valid | use case for this sort of thing. That's not the kind of | thing that caused battery problems on your older Android | phones though. | | This is also very analogous in App Store. You declare | certain plist declarations that need to be justified, and | cause your app to be more carefully reviewed. | lxgr wrote: | Well, Google just wants you to use GCM since it solves | the same problem without reverting to a cinder block. | oynqr wrote: | Very possible on Android versions that are closer to | AOSP. Shitty vendor forks, probably not. | charcircuit wrote: | Not really, unless the user goes to the settings and | disables battery optimization for the app. If the device | is idling the app will only be able to wake up | periodically. Starting at 15 minutes and exponentially | grows to up to 6 hours [0]. Element works around this by | abusing exact alarms, which require the user to grant a | permission, together with a wakelock, but this approach | will probably not last forever. | | [0] https://cs.android.com/android/platform/superproject/ | +/maste... | kelnos wrote: | > _Not really, unless the user goes to the settings and | disables battery optimization for the app_ | | That sounds "very possible" to me. Apps can even pop up a | dialog on first run instructing the user to disable | battery optimization, and then load up that settings page | when the user taps a button in the dialog. Certainly some | people will be confused by it, still not know what to do, | or not want to do it, but it's still quite possible. | | And if the user won't do it, the app can still spin up a | service with a foreground notification if they really | want to keep things working decently well, and use | Android's scheduled jobs mechanism to restart the service | every 10 minutes (or however often) to catch cases where | the service still ends up getting killed. | Kab1r wrote: | I wanted to implement my own notification bridge and patch | the app to use my self hosted instance. Now of course there | may not be much point | Brian_K_White wrote: | There is a value to the iphone users, not just the android | users, but neither Apple nor most iphone users will ever | acknowledge that. | midtake wrote: | Their house, their rules. | brookst wrote: | Not much point in engaging with someone who sees all opposing | views as "apologists" "crawling out" | tinus_hn wrote: | You need a device key to use an iCloud account, and all Beeper | clients were using the same device key. So unsurprisingly, it's | not hard for Apple to block. And this doesn't mean they peep | into the messages. | perryizgr8 wrote: | > Where is the hacker spirit here? | | Kind of silly to buy apple devices (especially iphone) and | expect to be able to hack their services. Apple is the last | place to look for hacker friendly products. Ffs you can't even | run your own software on an iPhone. Spend your hacker energy | somewhere worthwhile, on devices and platforms that welcome | that kind of tinkering (or at least tolerate it). | | There are so many relatively open messaging services. Telegram | has a rich API and bots framework. Much more hacker like to | build something interesting on that. People trying to force | imessage are just fighting a battle that is already lost. Why | spend time and energy on something that will perpetuate closed | ecosystems even if they succeed? | geodel wrote: | Go support the hackers then. Here you seem to be heckling | people who don't share your viewpoint. | tlrobinson wrote: | > Obviously Mini was using the encryption properly else it | wouldn't have worked to begin with. | | Just want to point out this isn't inherently true. For example | an insecurely generated session key would work fine but not be | secure. | | > Of course, it's very unlikely Apple is doing that. Just | putting the thought out there. | | Apple is doing what? Not using encryption properly? What reason | do you have to believe that? | silasdavis wrote: | > Not using encryption properly? | | They didn't mean that, they meant siphoning off data client | side, for reasons, like CSAM. | | The point, which I agree with, is having to trust a single | closed source implementation of a client is not so different | to trusting the servers of a non E2E service. | simbolit wrote: | The BIG difference is that you have to trust the hardware | and the operating system already, and as these are made by | apple, you already have to trust them. | | "Trusting the servers of a non E2E service" is adding | another trusted party. | | If you don't trust apple, you don't have an iPhone. | code_duck wrote: | You can use iMessage on your MacBook, right? | modeless wrote: | > Apple claims iMessage is E2EE, do we have proof they aren't | siphoning the messages from the client once it's been | decrypted? | | Actually it is documented by Apple themselves that they receive | the encrypted messages _and the key to decrypt them_ when | iCloud backup is used (unless you _and the person you are | messaging_ have specifically enabled their "advanced data | protection" feature). They have decrypted messages in response | to law enforcement requests. | mlindner wrote: | You left off the point that that only true if you had iCloud | backup of iMessages enabled. If you didn't have iCloud backup | enabled then they've always been E2EE. | modeless wrote: | No, I mentioned that. | | > If you didn't have iCloud backup enabled then they've | always been E2EE. | | Correction: if you _and the person you 're messaging_ both | didn't have iCloud backup enabled. And also it's worth | noting that Apple forbids you from using any cloud backup | system other than theirs. | vezycash wrote: | >Apple forbids you from using any cloud backup solution | other than theirs | | If this is true, how is that legal? | modeless wrote: | What would make it illegal, short of antitrust law? | flkenosad wrote: | I the the argument is that it should be in the law. | aryaneja wrote: | You seem to have written a very misleading comment. Apple | is offering privacy minded folks two options: | | 1. Don't turn on iCloud Backups and receive E2EE on your | messages 2. Turn on iCloud Backups AND advanced data | protection and recieve E2EE on your messages | | This is not some kind of nefarious plan on their end. Any | user service will have a vulnerability on the user end of | back-ups. For instance, Whatsapp backups will also have | their keys available to Apple/Google. They need to offer | this as for most users, the risk of losing their whole | digital lives because they forgot their passwords | outweights E2EE. For users who find that important, they | have the two options listed above. Sounds like an | appropriate trade-off to me. | modeless wrote: | iPhones with iCloud backup enabled without ADP are almost | certainly the majority. I believe this is essentially the | default configuration. Even if you disable backups or | enable ADP Apple almost certainly still has most of your | messages from the other end of the conversation. It is | false advertising to claim your service is E2EE without | any disclaimer when in reality you collect the keys to | the majority of messages and decrypt them at the request | of law enforcement. | aryaneja wrote: | I have addressed your concern in my comment | | > They need to offer this as for most users, the risk of | losing their whole digital lives because they forgot | their passwords outweights E2EE. | | There is no clear trade-off that is an option. | modeless wrote: | "I can't imagine a way for this feature we advertised to | not suck" is not an excuse for false advertising! But | there is a way to do better. Google's Android backup is | E2EE by default. It does not require remembering a long | password. All it requires is your phone unlock code, | which you normally enter at least once per day and are | extremely unlikely to forget. This is actually how | Apple's works too, when ADP is enabled. Either it should | be enabled by default or Apple should stop claiming | iMessage is E2EE. | tick_tock_tick wrote: | Sounds like you're just confirming Apple tries very hard | to make sure it's not E2EE. | katbyte wrote: | Turning on advanced data protection is not hard. | the_gipsy wrote: | Just because WhatsApp does it too, doesn't make it right. | | These apps are not e2ee if almost every user has in | effect encryption disabled. | aryaneja wrote: | Which app would qualify in your case? Signal suffers from | the same client-side problem. | ycombinatrix wrote: | not by default, which is a massive difference. | aryaneja wrote: | I am not sure what the answer is here. What you are | arguing for will hurt regular users who will lose their | digital lives if they lose their passwords. | | Signal will be backed-up on iCloud _by default_ and | client side will be an issue. | lupusreal wrote: | _" lose their digital lives"_ is hyperbolic emotive | language. We're talking about a loss of chat history, not | the death of people. Lots of people lose their chat | histories all the time, it hurts but people get over it. | modeless wrote: | > Signal will be backed-up on iCloud _by default_ | | No, it absolutely is not. It seems like you don't have a | good understanding of how actual E2EE systems work. | _flux wrote: | Matrix also provides the ability to back up keys in the | server, but you select a separate passphrase for | encrypting them before they're uploaded. | | (Yes, it would be nice if the user didn't need two | passphrases for this use, but Matrix cannot safely revert | to key derivation because client could accidentally leak | the master password to the server due to existing | implementations.) | the_gipsy wrote: | Don't know why you got downvoted, it's a very good | question. | | I've been using matrix. It's e2ee and multiple client | sessions seem to be working just fine, they all sync | without problems. | fsflover wrote: | > Apple is offering privacy minded folks two options | | Here is the explanation why it's completely impractical | and therefore doesn't provide actual privacy, along with | other anti-privacy configurations: | https://news.ycombinator.com/item?id=37875370 | clnq wrote: | I was not mislead by that comment. It was clear that most | people have their messages accessible to Apple, which is | what the article also talks about - how privacy of "blue | bubble" messages is at the center of this. | | There are ways to opt out. But that's for the margin of | people who worry about these things. So what that comment | said is very relevant and accurate. | madeofpalk wrote: | Not even that - Because Apple controls the key exchange, | Apple could also just silenty register another recipient | (their own mitm) and siphon off all your messages if they | wanted to. You must trust that Apple (or Whatsapp or | whatever) does not do that. | nojito wrote: | This isn't true because you will get notified that another | device was added to your account. | sbarre wrote: | Who do you think sends that notification? | kaibee wrote: | And who delivers that notification? | madeofpalk wrote: | Do you think the Apple that would surreptitiously add | another 'device' into your iMessage recipients would not | be able to suppress that notification? | | Or, how could you verify that you've been notified about | every device added? | HenryBemis wrote: | > siphoning the messages from the client once it's been | decrypted? | | If you got iCloud backup enabled then they absolutely siphone | everything that happens on your phone. And the disgusting part | is that when enabling a new iphone it automatically has it | switched on. I remember the case with some terrorists that | Apple have to the US authorities everything on the dude's | iCloud backups, but the authorities weren't content with only | the backups and wanted to crack the phone - so backups have | their keys managed by Apple. | Terretta wrote: | You mean the San Bernardino terrorist where Apple refused to | break open the phone for the US government? | | And recently, they've released an updated version of cloud | sync that doesn't even let Apple have your keys. | keepamovin wrote: | I like/love Apple, but it's not really about hacker spirit. I | think Steve and Steve were at the start, for sure. But then, | it's like Steve figured out how to "evolve" hacker spirit into | a business model. And not just any business model: but a | totalitarian vertically integrated model. I mean, fabulously | successful and don't let the negative political connotations of | totalitarian offend you here, it's but a minor jab, because | there are downsides to this model in the Apple-verse, for sure: | the lack of "hackability" of their devices. | | But it's perhaps a momentary cultural variation in a sea of | changing priorities for Apple. They have embraced right to | repair: perhaps in future, "hacker spirit" evolves further to | become, a "right" for all citizenry of the Apple-verse, backed | by their tremendous business model. In the same way that you | can conceptualize (again, without judgement or making regard as | to truth or not), that "human rights" emerge not out of a | vacuum, but out of what the infrastructure of state can | conceive and provide. | | In other words, today's action may be but the anachronistic | kneejerk of some poobah in the Apple bureaucracy. A vestige of | the old guard, perhaps soon dying out. | | If that makes sense? :) | __loam wrote: | I love my iPhone but apple is a publicly traded corp lol. The | only reason they're embracing right to repair is because of | huge efforts of people outside the company to get bills | passed that make them embrace it. | pjmlp wrote: | To be fair, all computing business from the 1980's was | vertical integration, the exception being CP/M, the | university folks porting the UNIX tapes into their vertical | integrated mainframes, and Compaq getting lucky on how they | reverse engineered IBM PC's. | | CP/M systems eventually died, UNIX startups created by some | of those university folks were just as vertically integrated | as the mainframes they replaced, leaving only the PC clones. | | Had Compaq not gotten lucky, and today's computing landscape | would look much different, probably like the laptops and all- | in-one PCs that are being pushed nowadays as the OEM margins | cannot get any thinner. | mlrtime wrote: | Not just that but it is no longer Steve's company (If he were | alive). It is now a multinational public company with | shareholders, employees and 1000's of vendors (and their | employees, etc...) | | It is all but required for a company of this size to take | action in this way. | pjmlp wrote: | The hacker spirit in relation to Apple was long gone when the | Mac Classic was released. | | People that imagine otherwise haven't lived through those days. | wraptile wrote: | HN's obsession with Apple feels like some twisted mix of | Stockholm syndrome, american nationalism and sunk cost falacy. | Truly bizare to the point I wouldn't be surprised if we find | out Apple is actively astroturfing this and many other topics. | No other tech focused forum does this. | nerdix wrote: | No astroturfing needed. It's called the Apple Cult for a | reason. | Garvi wrote: | Apple customers are the fur wearers of the tech world. | kelnos wrote: | > _Where is the hacker spirit here?_ | | I'm torn on this. Is it following the hacker spirit to get more | people plugged into Apple's closed ecosystem? Maybe? Maybe not? | Reverse engineering a proprietary protocol is certainly | hacker-y. But building a business around that -- essentially | charging people to put more load onto someone else's | infrastructure, who have to bear the costs (even a rich | behemoth like Apple) -- I'm not sure that qualifies. If we were | talking about some open source project that was releasing this | app to F-Droid, maybe it'd be more clear? | | > _The number of Apple apologists that have crawled out to say | "see? I told you so!!"_ | | I don't think that's Apple apologism, that's just "duh, | obviously Apple is going to try to shut them down, and probably | succeed". It's lame. It's just as lame as when AOL kept | breaking Gaim/Pidgin's ability to talk AIM's OSCAR protocol. | But acknowledging that Apple is going to pull something like | that isn't apologism, it's just stating reality. | | (As for the AOL/AIM example, I think reverse-engineering OSCAR | _was_ actually hacker-spirit-y, as AIM was a free service open | to anyone, just they didn 't feel like supporting Linux users, | as was the SOP of many companies at the time. Linux users were | a fairly small percentage of users, so it wasn't a big thing. | But there are tons of Android users; more than iOS users, | globally, even. That's not really the same, to me.) | | In the context of the overwhelmingly saturated messaging space, | I think it'd be a lot more hacker-y to bring something like | Signal up to the usability standards of iMessage, Whatsapp, | Telegram, etc., and evangelize the hell out of it to get people | out of closed platforms. Even Signal isn't perfect there, since | they refuse to enable federation in the protocol, and only | release updates to their server-side software a long time after | it's been running in production. But it's certainly better than | getting more people hooked in Apple's walled garden. | methuselah_in wrote: | You need android an flash linageOs. Welcome to the club. | rezonant wrote: | > I'm torn on this. Is it following the hacker spirit to get | more people plugged into Apple's closed ecosystem? Maybe? | Maybe not? | | Agreed here. But I understand deeply why it's appealing for | my fellow android users who are tired of being bullied into | buying phones they just don't want by their friends who | overwhelmingly drink the Kool aid. it's not great, and in the | US the effect is very real. | | > I think it'd be a lot more hacker-y to bring something like | Signal up to the usability standards of iMessage, Whatsapp, | Telegram, etc., | | Good idea... what about an existing open standard that is | already adopted by a billion devices and can be implemented | by any mobile phone manufacturer and carrier network. | | Something that takes what's good about SMS and adds all those | nice features. I bet we'd have to work together to make end | to end encryption interoperable, and some of the fancier | stuff is too new to be in the spec yet, but that's not too | hard in the grand scheme of things. | | Oh, RCS exists. | grishka wrote: | > Is it following the hacker spirit to get more people | plugged into Apple's closed ecosystem? | | Yes -- it's adversarial interoperability, and _that_ is | always a good thing because it breaks lock-ins. Though mostly | irrelevant to this particular case, adversarial | interoperability also forces the service owner to compete | with third-party clients which always put the user first; it | removes the service owner 's of control over the UX and | presentation. | | I don't know about AIM, but ICQ also used OSCAR protocol. The | official ICQ clients were bloated, shitty and full of ads. | Not many people used them. Most people used QIP, Miranda, | Pidgin, Adium, Jimm, or even NatICQ. No one cared about how | ICQ's owner would make money -- and, really, no one _should_ | care about that, it 's their own problem. Maybe if they made | a client that's better than third-party offerings, then | people would switch to it. But they never did. | llm_nerd wrote: | >I don't think that's Apple apologism, that's just "duh, | obviously Apple is going to try to shut them down, and | probably succeed" | | As one of the top posts that presumably the GP post is | talking about, _precisely_. Nowhere was I apologizing for | Apple, nor did I "crawl out". | | When this product was first announced I observed that Apple | was going to shut it down, and that they had obvious avenues | (both technically given the way messages are attested to, and | legally -- this product is the textbook definition of | computer misuse! And they're charging for it making it a slam | dunk). Loads of people "crawled out" to gloat that this is | it, Apple has no avenue to do anything about it. And then | Apple did something. Apple did the easiest, lightest option, | but they could go full scorched Earth if they wanted to. I | don't want them to, and am not celebrating that, but these | are basic obvious facts. | | To your other point, exactly. The hacker spirit is getting | your friends and family on Signal. It isn't cementing | iMessages as the foundation. | amelius wrote: | > how iMessage costs Apple money to run | | This assumes that Apple can periodically extract money from | users after they bought the product. | dijit wrote: | > Obviously Mini was using the encryption properly else it | wouldn't have worked to begin with. | | I tried beeper before (not Mini though, so could be wrong about | Mini) but it seemed to be running a VM somewhere and passing | messages to the MacOS Messages.app via some kind of scripting | interface. | | So beeper itself (the full version) was not "speaking" iMessage | protocol at all. | djxfade wrote: | The old version indeed worked that way. Mini was implementing | a fully reverse engineered protocol. | viktorcode wrote: | > Where is the hacker spirit here? | | There was none to begin with. It was an attempt to build a | business on top of a virtual macOS. | | Edit: sorry, confused them with a different service. This one | used previously published research on reverse engineering | iMessage to build the business. | bluedays wrote: | I'm probably leaping to conclusions here but I think this is | going to end up in court, and that was beeper's intention to | begin with. It just seems way too easy to block so they had to | know this was going to happen. | mattbee wrote: | Apple could have been a lot meaner about this. | | If they really wanted to discourage 3rd-party clients they could | just _subtly_ break them for users of Beeper Mini: Late messages. | Truncated messages. A blue bubble that slowly turns brown. The | wrong font. Zalgo text. | sgjohnson wrote: | That's something that Microsoft would do in the 90s. | | Apple's MO clearly is breaking something and refusing to | elaborate further. | leshokunin wrote: | Reminder that BlueBubbles and AirMessage both are working and | fairly robust. I've used them daily over a year. The downside | being that they need a Mac and iPhone to run. But in the spirit | of self hosting, you do run the server yourself and don't share | your credentials. I don't see a more viable path in the near | future. | meepmorp wrote: | > The downside being that they need a Mac and iPhone to run. | | Then why would anyone use BlueBubbles? If you already need the | hardware, and presumably an Apple account, what advage would | there be? Legitimately curious. | leshokunin wrote: | Well I use a Samsung Fold 4 as my daily phone. I want | imessage too. I use a cheap iPhone 8 and Mac Mini to get the | feature. | FridgeSeal wrote: | Is anyone genuinely surprised by this? | | My mate and I had a bet on how long this would take (since the | thread the other day), my guess of "3 weeks tops" was far too | generous. | lxe wrote: | Hope they don't go after Beeper "cloud" version. | m3kw9 wrote: | Just look one step ahead, they got the attention on their names | and company, it was all expected. The play was to be first to | donut and get lots of new. Apple allowing it to work means pigs | fly | mjg59 wrote: | For those arguing that this is a privacy or security response: | the first pypush commit was in April, with the first working demo | commit at the beginning of May. If it's a security or privacy | issue, that means it's been exploited for over 6 months without | Apple taking action. How many other iMessage conversations have | already ended up in non-Apple clients? Why didn't Apple notice | until there was a big public splash about it? | | (edit: typo) | AndrewKemendo wrote: | Say it with your chest: | | Building an application on someone else's platform means they | control your product | | Doesn't matter that "we all know that" this will continue to | happen as long as closed platforms are the only thing people are | incentivized to build/use. | INGSOCIALITE wrote: | i will never understand the absolute hatred people have toward | imessage. it's an app that runs on apples platform, for apple | users. people can still communicate or text between android and | apple. if you want inter-OS encryption then use whatsapp or | signal or whatever the hip new thing is today. | | apple owes nothing to anyone. they have created an ecosystem for | their walled / gated devices that works extremely well. they | don't have to let anyone else play in their pool. | | this is really about blue bubbles vs green bubbles, it's the most | asinine thing to waste thought on. | angry_octet wrote: | Inevitable, and correct of Apple to do so. | ipcress_file wrote: | I remember the webOS iTunes fiasco. This kind of thing isn't | worth the waste of your time. | sotix wrote: | I would love to see hackers continue making it viable to use | iMessage on Android until Apple concedes and launches their own | client. Sometimes you have to ruffle some feathers to enact | change. | resters wrote: | My iPhone receives dozens of robocalls per week yet Apple blocks | Beeper Mini in a few days! Each of those calls use my minutes, | battery life, voicemail, time, etc. | diebeforei485 wrote: | Of all the text message spam I receive, 100% of them has been | green bubbles. | | I don't want spam in my blue bubbles. | chatmasta wrote: | I get a fair amount of iMessage spam, which always disturbs me | because does the sender get a confirmation it was delivered to | an iMessage account such that I'm tagged as an Apple user? | mgh2 wrote: | Beeper video reference: | https://www.youtube.com/watch?v=S24TDRxEna4 | jamesdepp wrote: | I feel like this could be a part of a weird plan to trap Apple | into an antitrust lawsuit about iMessage. Beeper's CEO has been | claiming that the existence of Beeper Mini actually improves | iPhone users' experiences. He could argue that Apple shutting off | access is not meant to improve Apple users' experiences, but | rather, to keep people off of Android. | | Honestly, I have mixed feelings. I REALLY think that iMessage | needs to be opened up, but this was not the way to do it. Really | hoping the EU swoops in and saves the day here. | aslilac wrote: | it's absolutely the right way to do it. third party clients are | a dying breed, because people have forgotten why they're | necessary. | hu3 wrote: | iMessage is mostly a US problem. | | EU usage of iMessage is minimal compared to WhatsApp, Telegram, | Signal and Facebook Messenger. | | So there's little incentive for EU to get involved. | badrabbit wrote: | Personally I don't want anything to do with a google device, so | on the other end as a recipient I am glad apple did this swiftly. | But I applaud and encourage people to try and get around it, | perhaps they might even help find vulns in imessage. | chatmasta wrote: | I'm pretty sure this quote from the founder is wrong on multiple | levels: | | > "That means that anytime you text your Android friends, anyone | can read the message. Apple can read the message. Your phone | carrier can read the message. Google... literally, it's just like | a postcard. Anyone can read it. So Beeper Mini actually increases | the security of iPhones," he [the founder of Beeper] had told | TechCrunch. | | The phone carrier can read the contents of the unencrypted SMS. | But the contents of the message never traverse Apple or Google | networks. | | If an iPhone user's device attempts to send an iMessage, and it | fails to send, then the device falls back to sending an SMS via | the cellular network (actually, it's not even a fallback - the | user needs to long-press the message and resend it as an SMS). | | The content of the message never reaches Apple because the device | never sends it to them. It doesn't even send the encrypted | content because it wasn't able to exchange keys. I'm not even | sure it sends the unencrypted _phone number_ of the recipient to | Apple... | | And certainly, no part of the message is ever sent to Google's | network... that doesn't even make sense. | | Now, maybe he's arguing "Apple can see it because they control | the operating system," but that's a ridiculous argument because | you may as well say they can access every iMessage too... | wkipling wrote: | Push notifications | chatmasta wrote: | Are you sure? So if I disable cellular data, I won't receive | a notification for an incoming SMS? | | I would assume that text message notifications are generated | locally on the device when it receives an SMS message. | yellow_lead wrote: | SMS doesn't go through APNS, that's not how cellphones work. | voongoto wrote: | Stopped using beeper when random bearded dude appeared randomly | in my private facebook group chat. And he's not even in that | group. Then, checkedy fb logins and saw some weird google pixel 4 | logged in somewhere in the states. Deleted beeper and not using | again ever | npalenchar wrote: | No one is surprised at all by this, right? | smeej wrote: | Sometimes I think this whole "blue bubble" thing is a gigantic | opt-in psych experiment about how biases like racism can start | absolutely anywhere. | azubinski wrote: | First you need to infantilize them to the level of "I'm ready | to do anything to be in their gang." | | But at the same time, you need to feed snobbery so that you get | a safe mixture of 80% immaturity and 20% snobbery. | | Let's add two drops of self-deprecation, that boring feeling of | "I don't have blue bubbles, I'm worthless and a loser." | | And now you can take a large bag for money and leave it open - | they will fill it themselves, tie it and send it to the address | :) | garysahota93 wrote: | What if they create a version of Beeper Mini that spoofs an apple | device you own? For example: I don't want to own an iPhone, but I | do have a MacBook. So rather than use a randomly generated device | that tricks Apple's servers to allow me to connect, I can just | use a device a legitimately own (and just trick apple to think my | phone is my laptop). | | I know this won't work for everyone (especially folks that don't | have an Apple device). But this might be better than losing the | app all together -\\_(tsu)_/- | | (PS - I don't know much about how Beeper Mini's reverse | engineering worked. Just going off what I believe I understood) | eiiot wrote: | This already exists! | | https://airmessage.org | jaktet wrote: | I was using this before beeper and switched to beeper since I | could also use WhatsApp on my iPad. Worked just fine on an | old otherwise unused MacBook Air I keep in my garage. I only | used airmessage for iMessage on windows | _fzslm wrote: | not quite what the parent comment was referring to - | AirMessage is cool but needs a server Mac to run 24/7. | | parent is asking if it's possible to spoof the secure | identifiers from the Mac in Beeper - extracting the secure | IDs, inputting them into Beeper - at which point Beeper can | communicate directly with Apple as if it is that Mac. | | a clever workaround! | benkarst wrote: | So they built an entire company betting that little old Apple | wouldn't mind hacking a proprietary protocol? Hmm. | satchlj wrote: | Beeper Cloud has also been cut off, even though they are running | virtual MacOS machines for every Beeper Cloud user... not sure | how they managed that | lxe wrote: | That's a shame :/ | apfsx wrote: | I think I saw somewhere (somewhere in the Beeper updates | channel) that Beeper Cloud switched to using their new method a | little while back before releasing Beeper Mini, which would | explain the cut off. | poundtown wrote: | shocker.. be serious youre never going to out wit apple. esp if u | have the nerve to charge for it. | pradn wrote: | What's between the lines is that iMessage is critical as a way to | lock in users to iOS. People care about security somewhat but | they care way more about being ostracized for having green | bubbles. I bet few common users could tell you the security | properties of major messaging apps. This app, if allowed, would | have shaved off a parentage points off iPhone market share. | Aeolun wrote: | To the surprise of absolutely no-one. Seriously, what did they | think was going to happen? | quickthrower2 wrote: | Maybe this. 2 HN blow ups in a week. Any publicity as they | say... | mlindner wrote: | How did these guys raise $16M? Do the VCs have no understanding | of things? The round was apparently led by the CEO of Y | Combinator. Makes no sense. | howenterprisey wrote: | Seems to be back now for original beeper, although not yet for | beeper mini, the app in question (beeper ceo just sent out a | global message). Your move, Apple... | lstamour wrote: | Latest updates from Beeper as of two hours ago: | | ### Beeper Mini - fix coming soon | | Our fix for Beeper Mini is still in the works. It's very close, | and just a matter of a bit more time and effort. | | In the meantime, we have deregistered your phone numbers from | iMessage so your friends can still text you. Sorry, you're | temporarily a green bubble again. Annoyingly, the iPhone | Messages app 'remembers' that you were a blue bubble for 6-24 | hours before falling back to SMS, so it's possible that some | messages will not be delivered during this period. | | Also, we are extending your 7 day trial by one additional week. | | I just want to say thank you for bearing with us through this | wild day (week!). I feel awful about important messages you may | have missed today because our iMessage connection stopped | working. My sincere apologies for this. | | Tomorrow is a new day. Onwards! | | ### Beeper Cloud - iMessage works again! | | I am very proud to say that iMessage is now working again on | Beeper Cloud. After a Herculean effort from my amazing | colleagues, our iMessage bridge is back in action. | Unfortunately, messages received during the outage are not | recoverable. | | If you have a Mac or iPhone, you may see an alert that a new | device has been added to your account. This due to the bridge | update. The update is rolling out over the next hour. | | And...it's not working for everyone yet. We're going to call it | a night and get back to it tomorrow. | raverbashing wrote: | This green bubble/blue bubble crap is too much ado about nothing | | Just use literally _any other messaging app_ | KingOfCoders wrote: | Predictable comments. | | If Facebook does it, uhhh evil. | | If Apple does it, right so! | realusername wrote: | A bit sad but that's Apple we're talking here, we all know how | despicable they are. | tibbydudeza wrote: | Using the same device serial number and not having Apple onboard | was bound to end up like this. | | Epic Games tried the same thing with Fortnite to force Apple's | hand, it worked in the court but Apple only bends to laws of the | land. | | I don't see the big deal over iMessage - we use WhatsApp for | chats in our family and it is cross platform. | aizyuval wrote: | Good advertisement for beeper. Now we'll see if they're true. | kbenson wrote: | The way Beeper-mini addressed the "criticism" that Apple would | shut them down in their show HN post to me seemed like their were | either completely naive, or far more likely that they understood | that it would only last a short time and that it was all a PR | stunt to get you to notice their product and become a user to try | it out, and maybe switch to it. | | It's not bad marketing strategy at all, I'm sure they gained a | huge number of new users, and some percentage of them will stick | around even without iMessage support (because there's not really | someone else to switch to), but it seemed a bit too manipulative | for my personal taste. They could have just said "try us out and | see if you like us, we'll keep iMessage support going as long as | we can" but instead they dodged the question entirely. | pat64 wrote: | This immediately reminded me of the Palm Pre iTunes/iPod protocol | reverse engineering debacle from the oughts. | | It became a game of whackamole where by Palm would update their | OS (RIP WebOS) to reintroduce support for iTunes to their devices | and Apple would bend over backwards to break it again. | | Did Beeper not anticipate that this was inevitably coming and put | fallbacks and rotational serial numbers in place if Apple start | getting blocky? | methuselah_in wrote: | How can someone has thought, they will create a app that can work | with apple messages and they can make it able to work with | android? Now they disconnected the access.You will never be | allowed to have money over apple or google. Choose XMPP, it will | reach there. who needs blue green bubbles lol. | maxdo wrote: | RCS will be on iPhone next year . Problem solved | irdc wrote: | This is likely going to be buried, but: now Bleeper has standing | to argue that Apple, as owner of the largest mobile messaging | platform in the US, is a monopolist. | jonplackett wrote: | Most predictable headline award goes to... | faverin wrote: | Jesus i'm old. This happened twenty years ago with the | ICQ/Yahoo/MSN messenger wars. Everything old does become new | again. I wish Congress and the EU figured this out with crypto | expert advice - surely we can have apps that only show you the | recent messages or something. All on phone so secure but | convenient. | | A/S/L anyone? +5 Insightful | | Some links for the befuddled | | An overview: This made the front page | https://www.nytimes.com/1999/07/24/business/in-cyberspace-ri... | https://www.theguardian.com/media/2005/oct/13/yahoo.digitalm... A | delightful internal MS assembly hacking rivals message apps | interview. https://www.nplusonemag.com/issue-19/essays/chat-wars/ | jFriedensreich wrote: | We finally need a giant lawsuit and final verdict to end | messenger lock ins. This has been going on for nearly a decade | now and all started with facebebook and google closing their xmpp | apis. I just hope that the EU Digital Market Act interoperability | requirements have teeth and we can finally get some freedom. | ben_w wrote: | This may explain why I got my first ever "who dis?" iMessage | yesterday, from an unknown number, on a device with cellular | switched off. | TheMagicHorsey wrote: | What if people ran their own local gateway that forwarded | messages to a third party message broker? | Melatonic wrote: | It was a great party trick while it lasted ! | nickez wrote: | The reason gsm, 3g, 4g, sms and so on succeeded was because | everyone could implement them. I guess you had to pay license or | patent fees, but they are not walled gardens. Phones from | different manufacturers and/or different operators can | communicate. I'm surprised that "chat"-protocols are allowed to | be monopolies by the regulators. The regulators probably don't | understand tech. | trinsic2 wrote: | Didn't see that coming (Sarcasm) | dkga wrote: | Seriously what I don't get is the number of people complaining | about iMessage for Android vs Apple when free, encrypted and | widely used system-agnostic alternatives like WhatsApp exist. | 4oo4 wrote: | Network effects. In the US at least WhatsApp and Signal are | barely used in comparison to iMessage, despite them being solid | cross platform alternatives. | nilespotter wrote: | Beeper would have interested me, maybe in 6 months if it had | seemed like Apple was willing to live with it. I don't want to | use iMessage though, I just want to use it more than SMS or RCS. | I have gotten a few of my close contacts on Signal. The whole | landscape is completely chaotic. All I really want is to be able | to send and receive e2ee messages with everyone else who has an | extremely capable computer in their pocket. | thatkid234 wrote: | To my understanding, Beeper uses some random Mac's serial number | to complete device attestation. Would this be salvageable if I | could provide my own legitimately purchased iPhone or Mac serial | number? | ghqst wrote: | Beeper fixed their other iMessage bridge service last night by | rotating device serial numbers on their server farm, so I would | guess this would work? To my knowledge the pypush library | itself isn't broken. | system2 wrote: | Huh, I was expecting 1 month after launch but it took 1 week. | Silly PR stunt by Beeper. | LanzVonL wrote: | I've always had trouble meeting women because of my text bubble | color. This was perhaps my only chance to find love. Now I'm | never getting a girlfriend. | konaraddi wrote: | Genuine question, what's Beeper's angle? They knew they could be | cut off. I'm guessing they envisioned being the mouse in a cat | and mouse game, or they're laying some tracks for future | lawsuit(s) to open up iMessage. | wackget wrote: | Techcrunch is an absolute abomination of a website. For those | using uBlock and/or uMatrix, have a look at the list of third- | party domains the site uses. | | No less than 18(!) of them: | | * ads-twitter.com | | * bizzabo.com | | * dscg1.akamai.net | | * facebook.net | | * google-analytics.com | | * googlesyndication.com | | * googletagmanager.com | | * mrf.io | | * oath.com | | * sail-horizon.com | | * twitter.com | | * twitter.map.fastly.net | | * typekit.net | | * vidible.tv | | * wp.com | | * yahoo.com | | * yahoodns.net | | * yimg.com | | There's also two (!) layers of cookie consent redirects and the | page simply will not load without JavaScript. | | Even with first-party scripts enabled the main article doesn't | load and at this point I don't give enough of a shit to work out | why. | | @dang should consider banning Techcrunch URLs from Hacker News | IMHO. ___________________________________________________________________ (page generated 2023-12-09 23:01 UTC)