US senators have urged the DOJ to probe Apple’s alleged anti-competitive conduct against Beeper.

  • Jessica
    link
    fedilink
    English
    441 year ago

    I don’t get it. iMessage is Apple’s service. Why are they obliged to open it up for everyone to use? Would it be nice? Yes, of course. Should Apple be legally required to open up access to their service?

    • @Zak
      link
      English
      671 year ago

      The US Federal Trade Commission puts it this way:

      a firm with market power cannot act to maintain or acquire a dominant position by excluding competitors or preventing new entry

      It further explains that “market power” means:

      the long term ability to raise price or exclude competitors

      Emphasis added. What the government might argue in this case is that Apple has market power in the online message space because it preloads its own messaging app on its smartphones, which I believe enjoy a majority market share in the USA. One remedy the government could seek is requiring Apple to allow third parties to develop clients for its messaging service.

      • @surewhynotlem
        link
        English
        -301 year ago

        They aren’t excluding competitors. Anyone is free to write a cross platform messaging app that has blue bubbles in it. The preloading thing could be an issue if you can’t uninstall imessage. Otherwise it would follow the IE/edge ruling.

        But we’ll see what the courts say.

        • @Zak
          link
          English
          20
          edit-2
          1 year ago

          We’re far from court cases. What we have right now is politicians asking the Department of Justice to investigate. I suspect that’s more likely to go nowhere than it is to go to court.

          If it did go to court, either side of the smartphone/messenger equation could be argued as anticompetitive use of market power, or both; they could claim that Apple used its market power in smartphones to popularize its messenger service, which it then used to increase its market share in smartphones.

        • @holdthecheese
          link
          English
          3
          edit-2
          1 year ago

          They’d have to allow any app to replace iMessages as their sms client.

          Alternatively, you could argue that their monopoly in messaging is being unfairly applied in hardware. That would have to be brought up by a hardware vendor like One Plus.

    • @NocturnalMorning
      link
      English
      311 year ago

      They didn’t, someone made an App to interface with it. Trying to shut that down is anti-competitive.

      • @btmoo
        link
        English
        81 year ago

        It’s also a huge security hole

        • @[email protected]
          link
          fedilink
          English
          271 year ago

          How? It’s not a MitM or anything like that, it’s connecting exactly how an Apple device would connect. Everything is still E2EE, just one of the ends can now be an Android device.

          • @btmoo
            link
            English
            -61 year ago

            A non-trusted 3rd party that has the capability to decrypt messages? It’s a big problem.

            • @Eldritch
              link
              English
              241 year ago

              That’s not how beeper worked. It actually connected from the device directly to the iMessage network. You’re thinking of all the other services that required a virtualized OSX install somewhere to act as a translation layer.

              • @btmoo
                link
                English
                -221 year ago

                The beeper application is not trusted by anyone except Beeper. As an Apple user, I trust Apple by buying their devices and participating in their services. I have no trust relationship with Beeper whatsoever. They have the the ability to decrypt my messages unbeknownst to me, and do whatever they want with them. Maybe they’ll display them to users nicely in the app. Maybe they’ll do something nefarious with them.

                Having user activity flow into 3rd parties is a major security problem. Maybe you don’t see it, but it’s real and it’s there. We’re still trying to clean up the adtech mess on the web after how many years?

                • @Eldritch
                  link
                  English
                  251 year ago

                  That’s an inane argument. Your message always gets decrypted at its end point. Beeper wasn’t doing MiTM attacks. They weren’t hijacking messages. They functioned and behaved as a legitimate end point. If you don’t want a non Apple pleb getting your messages, you simply don’t send them one. Which is basically what your complaint boils down to.

                  While I agree Apple should have some control over their network. Which they clearly don’t in any way that matters. The controll they’re exerting shouldn’t be allowed. As long as beeper were behaving, which they were. They should be allowed. That you feel security is defined by being handed by a company inept at security in this case, that’s your problem. Secure messages are sent and received from all manner of platforms regularly without issue. No Apple required

                  • @[email protected]
                    link
                    fedilink
                    English
                    01 year ago

                    Ok, I’m sorry but this comment and this thread is just all over the place.

                    Beeper wasn’t doing MiTM attacks. They weren’t hijacking messages.

                    That we know of. Oh, and they’re literally a man in the middle, someone the user shouldn’t expect is in between the data they’re sending. okay, I’ll give you the middle is squishy here because it’s really when it’s decrypted on the client, but still…

                    They functioned and behaved as a legitimate end point.

                    Which, they weren’t. They were spoofing credentials and accessing a system without authorization from the system owner. It doesn’t matter if Apple left a hole in the system. Hell, they could have set the password to be ‘12345’ it’s still probably a crime, at least, based on this list of crimes:

                    having knowingly accessed a computer without authorization or exceeding authorized access

                    The whole thing basically reiterates over and over that just because you technically have access, that doesn’t mean you are permitted.

                    While I agree Apple should have some control over their network.

                    Okay, makes sense.

                    Which they clearly don’t in any way that matters.

                    How many iMessage breaches has Apple had?

                    The controll they’re exerting shouldn’t be allowed.

                    The “control” is discovering that someone else made a copy of the key to their locks. If i told you that I now have a copy of the key to your house (but trust me bro I’m only going to use it like you would which means using your shit and and selling your food to others) oh and that now basically anyone has a copy to the key to your house, would you change the locks?

                    As long as beeper were behaving, which they were.

                    Which they were?! They literally are using fake credentials, accessing a system without authorization, using the infrastructure including the real costs of said infrastructure.

                    Secure messages are sent and received from all manner of platforms regularly without issue. No Apple required

                    Welp, you’ve just provided the closing arguments for Apple’s lawyers and any sort of monopoly concern.

                • @[email protected]
                  link
                  fedilink
                  English
                  16
                  edit-2
                  1 year ago

                  Funny, you trust apple yet iMessage has major flaws that were written about years ago, that Apple has never addressed. https://news.ycombinator.com/item?id=38537444

                  And if you read the Beeper devs blog, you’d understand how much you misunderstand about the security and encryption implications. If anying, it increases message security by moving messaging from SMS to encrypted iMessage. https://jjtech.dev/reverse-engineering/imessage-explained/

                  He invited Apple to have a third party assess his work. So far Apple hasn’t responded.

                  I have no issue with Apple blocking Beeper, it’s their system. It’s interesting to watch, but the DOJ has no reason to get involved here, it hasn’t even been made a legal issue yet.

                  If Apple feels it’s a legal issue, they could start legal proceedings. My question is why they haven’t.

                  • @btmoo
                    link
                    English
                    21 year ago

                    Thanks for the links! I enjoyed reading about how iMessage is built on top of APN. That probably explains why I can reply to messages in arbitrary apps on my Apple Watch. :-)

                    However, that doesn’t change my argument. Beeper is not a trusted party in this exchange. When they show my messages to their users, they are decrypting my messages and user activity in a way that is outside my zone of trust. They can then be nice and show it to their users in their app, or they can be nefarious and send that data to any other 3rd party for whatever purposes they want.

                    This is a major security hole at the application layer, despite the network layer security that you’ve linked to.

                • @Maggoty
                  link
                  English
                  31 year ago

                  Guess what happens when you do anything outside the Apple ecosystem. Guess what’s happening right now on Lemmy.

                  You’re logic would mean never actually using your device.

        • ben
          link
          fedilink
          English
          -91 year ago

          So is having unencrypted messages with all non-iOS devices with no real solution in sight. Security is obviously not their concern here, it’s vendor lock in.

          • Gray
            link
            English
            111 year ago

            SMS doesn’t support encryption, nor is Apple preventing you from downloading any number of encrypted chat apps that work cross platform.

            If google didn’t release a new chat app every 6 months we might have a more widespread standard in the US already - and yes RCS is coming to the iPhone next year.

            • @[email protected]
              link
              fedilink
              English
              31 year ago

              Funny how you twist this from defending Apple to blaming Google, the irony is palpable.

              Make up your mind.

              No one has to use Google’s apps either.

              I despise SMS, have for years, since I could first run a real messenger on my phone. I’ve used XMPP on Android since 2010, and it worked with most every XMPP-based messenger system.

              There’s no reason we’re here except end users can’t be bothered to use something if it takes any effort. I have a friend (a millenial, who grew up with tech) who bitches about SMS failures and shitty attachments constantly, but refuses to use any other messenger, doesn’t want to have to “figure out” how to message someone. 🤦‍♂️ I’m so tired of hearing this excuse. It’s laziness, full stop. Do we struggle to figure out how to phone someone, or send an email (which address?)? Plain old childish laziness. For older folks it’s a different story, but anyone under 40, yea, no, I’m calling bullshit. And I’m in that well-past-40 group.

              I use whatever system I can have in common with people, with some exceptions (no privacy-antagonistic garbage like WhatsApp, FB Messenger, Snapchat, etc, and nothing immature like RCS).

              • @[email protected]
                link
                fedilink
                English
                21 year ago

                Yeah, it’s weird how consumer expectations have shaped up in a way that if there is a solution, it has to come from some gigacorp. Having a third party innovate is so against the reality of US big business that if it isn’t Apple doing it, it must be Google, and interoperability itself does not mean an open standard, just interoperability between Apple and Google.

            • ben
              link
              fedilink
              English
              21 year ago

              Apple isn’t adopting RCS with encryption, and having iMessage as the default messaging app without any way to allow cross platform E2E encryption is a decision they’ve made.

              As far as Google releasing a new chat app is concerned that’s on them. But RCS has existed since 2008 and was included as a feature in Android 5.0 Lollipop all the way back in 2014.

              • Gray
                link
                English
                71 year ago

                Encryption extension on RCS is a non-standard addon to RCS which is not part of the standard. RCS on Android in general is also run through google servers and Jibe, and isn’t exactly an open standard to begin with.

                Apple isn’t preventing cross platform encryption at all, every popular messenger (even Signal) is available in the App Store.

      • squiblet
        link
        fedilink
        41 year ago

        Businesses are naturally anticompetitive. It may or may not violate antitrust law. The two main categories are collusion with competitors to prevent new competition, or if they seek to gain or maintain a monopoly via shady methods (just a monopoly itself isn’t illegal though). I doubt if Apple conspired with Google here and it would be a stretch to say they have a monopoly, so it seems like a pointless case to me.

      • @btmoo
        link
        English
        31 year ago

        It’s not a public API. Hacking someone’s private API is already against law - charging $$ for it moreso.

          • @Evilcoleslaw
            link
            English
            11 year ago

            Reverse engineering it is not, sure. And Beeper could do that and run their own messaging service with their own infrastructure running their reverse engineered version.

              • @btmoo
                link
                English
                131 year ago

                That’s not what they’re doing. They’re using Apple’s version for free. They’re also encouring their users to violate their terms of service agreements with Apple en-masse.

        • @Lutra
          link
          English
          14
          edit-2
          1 year ago

          Ah, common misconception - hacking an API != creating a compatible program. ( reverse engineering)

          Imagine a drill company has a special shape for its bits. Our law allows someone else to either… make bits that can fit in that shape OR make their own drill that can accept those bits.

          “BUT they copied!” - it doesn’t have to be a copy to be compatible, and they don’t even have to use the ‘special shape’ just be able to work with the special shape. The law does not allow for protections around that. Doing so would be by definition anti-competitive. Our anti competition laws or rather our IP protection laws are not intended in any way to ‘ensure a monopoly’. The IP laws give a person a right to either keep something they do secret OR share that knowledge with the world so we all benefit, in exchange for a very limited monopoly.

          Practically speaking, If I got the KFC Colonel to give me the list of 11 herbs and spices in a Poker game, and then started making my own delicious poultry that is totally cool. Likewise, If I figured out that all that was inside a Threadripper was blue smoke and started making my own blue smoke chips, the law is ok with that.

          In this case roughly, Having a public facing endpoint. And then saying that the public can access that endpoint is cool Saying that only the public using the code I alone gave them – well… that’s not been litigated a lot, but all signs point to no.

          It’s like Bing saying its for Safari only, and suing people who accessed it using Chrome. It is a logical claim, but the law does not provide that kind of protection/enforcement.


          tl;dr these concepts are old but being newly applied to fancy technology. The laws in place are clear in most cases. A car maker can not dictate what you put in the tank. FedEX and UPS can’t charge you differently for shipping fiction books or medical journals or self published stories. And they’d probably get anti-trust scrutiny they even told you what brand/style of boxes you had to use.

        • candyman337
          link
          fedilink
          English
          31 year ago

          They didn’t hack it, they spoofed a device, they just tricked the systems around the api

          • @[email protected]
            link
            fedilink
            English
            221 year ago

            That counts as unauthorized access in the eyes of the law. It’s a private system and they did not have any agreements permitting them to use it as they wanted.

            • @[email protected]
              link
              fedilink
              English
              81 year ago

              Quite literally the text of the Computer Fraud and Abuse act. Unauthorized access of computer systems can get you 20-years at club fed. Seems like some of these people need a history lesson.

              • @[email protected]
                link
                fedilink
                English
                3
                edit-2
                1 year ago

                Apple reverse-engineered Office to release iWork. So Apple isn’t new to reverse-engineering others proprietary shit when it benefits them. something, something, history lesson, hmm…

                I don’t know laws in the US but my limited understanding in the case of Beeper is that its users are the ones that grant themselves unauthorized access to the Apple servers. Beeper is a tool that packages pypush to accomplish it. So Apple should sue all the Beeper users?

                As an example, there are tons of tools to exploit vulnerable systems in Linux. Metasploit is a penetration testing software and can execute exploits on old unpatched systems. I don’t think anyone is suing Metasploit developers for Computer Fraud and Abuse aCt. The users who use it are responsible for the access of unauthorized services and broken ToS.

                If Apple thinks Beeper users are exploiting its servers, they should patch them (which they did).

                Beeper did try to monetize it, so i’m not sure how it fairs but Beeper is not forcing anyone to gain unauthorized access. Beeper even welcomed Apple to audit Beeper mini code.

                And I’m sure Beeper has a legal team that analyzed these scenarios better than anyone of us. And Apple has sued companies for less. They’d have done it the moment the app landed on appstore. They could have crushed it before gaining any attention.

                Again, I have no idea how legal it is. I have both Apple and android devices and never use iMessage. But you gotta hand it to Beeper devs. That’s some old school hacker shit and I’m here for it.

                I guess we’ll have to wait and see.

                • @[email protected]
                  link
                  fedilink
                  English
                  11 year ago

                  These are separate issues and it’s a very complex set of issues. Reverse engineering is generally “okay” as long as you aren’t directly copying code, because you’ll run afoul of copyright laws. That doesn’t grant them the rights to access anyone else’s computer systems without authorization.

                  Tools that can be used maliciously are generally allowed because they have legitimate uses, using them to gain access or otherwise harm a computer system or network without authorization is criminal. You keep mentioning “suing” but this is not a civil issue, violating the CFAA is a crime.

                  Aaron Swartz got supremely fucked for writing a script that downloaded files he legally could access but technically was unauthorized because he accessed them in a way the corporation didn’t like.

                  • @[email protected]
                    link
                    fedilink
                    English
                    2
                    edit-2
                    1 year ago

                    I don’t think you see the difference, Aaron was downloading the data off of MIT servers himself, he was not facing charges for writing the scripts.

                    From your link:

                    The Justice Department’s press release announcing Aaron’s indictment suggests the true motivation for pursuing the case was that Aaron downloaded academic literature from JSTOR and planned to make it available to the public for free as a political statement about access to knowledge.

                    .

                    Tools that can be used maliciously are generally allowed because they have legitimate uses, using them to gain access or otherwise harm a computer system or network without authorization is criminal.

                    As I said before, Beeper users are gaining unauthorized access, not Beeper. It is E2EE, they’re not the middleman.

        • ben
          link
          fedilink
          English
          21 year ago

          Genuinely curious, what’s the law against reverse engineering an API? I can maybe see the argument for charging for the service, but beeper mini is planning to integrate other services as well so I don’t know if that’ll really hold water.

          • @Evilcoleslaw
            link
            English
            121 year ago

            They can reverse engineer it and run it as their own service with their own infrastructure. But that doesn’t mean they can then start accessing Apple’s implementation and using Apple’s resources without permission.

            • ben
              link
              fedilink
              English
              41 year ago

              If they function identically to a normal client though what’s the issue? As an example Google indexes pages all over the web without the explicit permission of those websites, that requires them to read the page and make requests to someone else’s infrastructure.

              What part exactly here is illegal?

              • @Evilcoleslaw
                link
                English
                8
                edit-2
                1 year ago

                The websites in question getting crawled and indexed are generally open and available for anyone to browse. There are parts of the web that are gated off and require authentication and authorization to access. Imagine now that Google found a way to authenticate as you with your bank’s website and index your online banking portal. (It’s not a perfect analogy to what’s happening with Beeper, but I’m just using the one you laid out.)

                In a similar way, iMessage as a service requires authentication and authorization to use. It is not open for anyone to use. Beeper is doing something to spoof or otherwise fool Apple into giving the client access. This is the part that’s illegal. And potentially not just “file a lawsuit” illegal but criminally so.

                It doesn’t really matter why Apple doesn’t want Beeper or anyone else to use it. The fact that they simply don’t is all that matters.

            • @[email protected]
              link
              fedilink
              English
              -21 year ago

              What do you think an API is? They have reverse engineered the iMessage API and are using that to connect to the iMessage servers. It is literally impossible to do as you suggest (use entirely their own resources) because iMessage is centralized and cannot federate with any other server, even if one did exist.

              • paraphrand
                link
                English
                8
                edit-2
                1 year ago

                They are saying they could run their own competing iMessage.

                Of course that’s not Beeper’s goal. But in this conversation, that was the point being made.

              • @Evilcoleslaw
                link
                English
                61 year ago

                They have reverse engineered the iMessage API

                Yes, this part is legal and fine.

                and are using that to connect to the iMessage servers.

                This is not allowed because Apple doesn’t want to allow it. They own the infrastructure serving the API, they get to determine who is authorized to use it. They can block whoever they want. And technically speaking, using it in an unauthorized manner could even rise to the level of a criminal violation of the CFAA.

                It is literally impossible to do as you suggest (use entirely their own resources) because iMessage is centralized and cannot federate with any other server, even if one did exist.

                Partially correct. It is not impossible to do as I suggested, because I never suggested that they should have interoperability with iMessage.

    • kpw
      link
      fedilink
      271 year ago

      Yes, they should be legally required to open up access to their service. No more walled gardens that hold a large number of users hostage.

      • @[email protected]
        link
        fedilink
        English
        -51 year ago

        So by this thinking all cars should have compatible parts.

        The world just ain’t that way bruh

        • kpw
          link
          fedilink
          41 year ago

          That would be awesome, wouldn’t it be?

          Do you think we live in the best possible of worlds where nothing can be improved anymore?

        • @Maggoty
          link
          English
          4
          edit-2
          1 year ago

          Fun fact, a lot of parts are compatible between cars. But really this is like if they were able to stop a machine shop from creating a replacement part.

        • @[email protected]
          link
          fedilink
          English
          11 year ago

          Bad analogy. It’s more like, Apple has its own roads that are exclusively for their cars.

          • Eggyhead
            link
            fedilink
            11 year ago

            Like someone’s private property that they can kind of do what they want with? Makes sense.

                  • Eggyhead
                    link
                    fedilink
                    11 year ago

                    I’d be more inclined to believe you if you weren’t throwing ad hominems around in what seems to be an amateurish effort to save face for some reason…

        • @rdri
          link
          English
          1
          edit-2
          1 year ago

          And when some developer comes at you and shows how they did some work to make a part compatible with your cars, you go “fuck it, redo all existing cars to make all 3rd party incompatible!” instead of “ok do that at your own risk”.

    • @holdthecheese
      link
      English
      121 year ago

      You can argue that they’re unfairly using monopoly power. Same reason why MS was forced to allow windows to switch browsers.

    • @[email protected]
      link
      fedilink
      English
      91 year ago

      I think the problem is that it’s unnecessarily hardware locked. They shouldn’t have to “open it up” insofar as anyone can access it from whatever app like beeper is doing. But it’s only fair that they support other operating systems. They can still control it or even charge a fee to access it from other OSes.

      • Uglyhead
        link
        English
        8
        edit-2
        1 year ago

        I wish this kind of thing was more spotlighted when Palm and Windows Phone developers were trying to use Google API’s to make apps for their OS’s and got shut down at every turn, eventually killing off the Palm and WP because of device lock-in on apps.

        I still miss what Palm could have been before Google bent them over a barrel with their massively anti-competitive bs.

        • @[email protected]
          link
          fedilink
          English
          31 year ago

          Palm terrified them.

          Palm apps were tiny, took trivial resources, and could provide a lot of what was done with new apps on Android. Dictionaries, calculators, games (I played monopoly on a Treo, it looked great). I watched Mp4 movies on a Treo.

          Imagine Android with a Palm Subsystem so all those old Palm apps could run. It would’ve majorly slowed Android app adoption, perhaps even giving enough support to allow PalmOS architecture to develop into a competitor to Android.

    • @NOT_RICK
      link
      English
      8
      edit-2
      1 year ago

      When imessage was announced they planned to bring it to other platforms. That died when they realized how much of a lock in it was

    • @Maggoty
      link
      English
      51 year ago

      If they’re going to default message service to it then yes.

    • JoeCoT
      link
      fedilink
      -101 year ago

      Because their practices are anti-competitive. School kids are getting bullied for using Android phones because they’re “green texters” in iMessage. But most importantly iMessage’s connection with SMS causes all interaction to be very low quality images and videos. And when people complain to Tim Apple about the experience, his only response is “Get your grandma an iPhone”. Our only saving grace is that the EU is requiring Apple to support RCS, which should solve these issues, except they’ll probably find some new way to be anti-competitive about it.

      • @Dippy
        link
        English
        161 year ago

        How is creating a proprietary service anti competitive? There are many other methods of messaging and Apple is not stoping anyone from using them.

        Kids being bullied in school has nothing to do with being anti competitive.

        • @[email protected]
          link
          fedilink
          English
          -51 year ago

          Apple is not stoping anyone from using them.

          You can’t change your default messenger on iOS, so they’re not making it easy to stop using iMessage completely.

          • @Dippy
            link
            English
            111 year ago

            You can turn off iMessage in settings and disable the phone number from messages. Then use whatever messaging service you want with the phone number.

            Still not sure how it’s anti competitive to not allow others to use your own proprietary software when there are alternatives available, and they are not being restricted.

              • @[email protected]
                link
                fedilink
                English
                21 year ago

                I don’t think you can use a different app for SMS on iOS. Messages only.

                But u can disable iMessage functionality (iMessage is the network-based instant messenger component).

          • Gray
            link
            English
            71 year ago

            There’s a toggle to turn off iMessage, and the phone asks you when you set it up if you want to use iMessage or not.

            • @[email protected]
              link
              fedilink
              English
              -41 year ago

              But will you still receive SMS messages in the iMessage app? AFAIK, there’s no way to move SMS to another app, like Whatsapp, and delete iMessage from the phone completely.

              • @[email protected]
                link
                fedilink
                English
                5
                edit-2
                1 year ago

                You won’t receive SMS in the “iMessage app”. Messages is the iOS messaging app, it has the ability to send messages via SMS or iMessage.

                If the iMessage service is enabled and the recipient has an iMessage address/account, it’ll send the message via iMessage. Otherwise Messages falls back to sending a message via SMS.

                I know, we don’t usually make a distinction about Messages the app, and iMessage the service, and just say iMessage.

      • @[email protected]
        link
        fedilink
        English
        61 year ago

        School kids are getting bullied for using Android phones

        That’s a people problem, not a market-share problem. From experience, kids will always find something to bully others about — if it’s not the colour of the bubbles, it’s something else: the brand of shoes they wear, the suburb they live in, the sport they play (or don’t play). Bullies will do what they do.

      • @[email protected]
        link
        fedilink
        English
        2
        edit-2
        1 year ago

        Apple should 100 percent support RCS and Tim’s “buy your grandma an iphone” response was stupid and does show that they don’t give a shit. However the Beeper situation is something different entirely, if the reports I’ve read are too be believed it was a security vulnerability or a blatant disregard of apples terms. Also the kids being bullied thing is very overblown, and almost certainly a regional thing. I live in buttfuck no where and I not one kid gives a shit they just want to talk to their friends. My kid has an android and his friend group is like 50/50 on iPhones. Its weird adults and parents who inadvertently say things or give their children the idea that green bubbles are bed. Kids don’t give a fuck unless they’ve learned it somewhere.