• Jeena
    link
    fedilink
    English
    1311 year ago

    I don’t understand why the article writes that iMessage is the only way for encrypted messaging between Android and iOS. I can thing of several off the top of my head:

    • Matrix
    • Signal
    • WhatsApp
    • Facebook Messanger (very soon)
    • Threema
    • Telegram
    • Viber
    • Line
    • Skype

    And there are surly more …

    • Eager Eagle
      link
      English
      61
      edit-2
      1 year ago

      cause of lazy iOS users that can’t be bothered to use anything else

      • Jeena
        link
        fedilink
        English
        -141 year ago

        Then why are we shaming Apple and not the iOS users? I think Apple is totally reasonable here.

          • HeartyBeast
            link
            fedilink
            91 year ago

            The default messaging protocol is SMS. Unless you are talking with another Apple user

            • @Eldritch
              link
              English
              41 year ago

              I can send pictures and video over SMS that are viewable anywhere. An iMessage user can only send a patch of 64 color changing macro blocks with some audio. While it’s technically true it’s the default. it’s purposefully degraded to the point of unusability.

              • HeartyBeast
                link
                fedilink
                21 year ago

                Really? That seems odd. I’ve never had a problem sending reasonable quality photos to Android users and I can’t see a business reason why Apple would degrade image sending purposefully- it would drive its own users to get third party apps.

                • @Eldritch
                  link
                  English
                  11 year ago

                  The photos are less the issue than videos. But they definitely reduce the size of them far more than other clients do. At least for non iPhone/ iMessage users. It gets so bad that family doesn’t share videos with many of us anymore because of how difficult it is to use something other than iMessage. Or Facebook. But that’s a whole other problem.

                • @paintbucketholder
                  link
                  English
                  11 year ago

                  I can’t see a business reason why Apple would degrade image sending purposefully- it would drive its own users to get third party apps.

                  Depends on what the majority of people are using.

                  In markets where iPhone users are not in the majority, that’s exactly what’s happening: iPhone users are switching to third party apps.

                  If iPhones users are in the majority, though, then people will just default to iMessage, and non-Apple phones get associated with poor messaging quality. Which creates social pressure for non-iPhone users to buy an iPhone.

                  So it makes perfect business sense for Apple to degrade the messaging quality when a non-Apple phone joins the conversation.

          • @[email protected]
            link
            fedilink
            English
            61 year ago

            I am not an Apple fanboy at all, I have used iPhones for work previously.

            RCS debuted three years before iMessage, Apple developed iMessage because no one could get RCS standards together. We still don’t have this, Google has theirs, Samsung has another. Not all manufacturers support it and neither do all carriers. In my country it does not exist.

            I use SimpleX, but when I used a company iPhone, iMessage worked very well, and it worked everywhere regardless of carrier. RCS does not 15 years after its introduction.

            None of this is to say there should not be interoperability, clearly there should be. Historically at least, the blame lies with Google and mobile carriers.

            • @[email protected]
              link
              fedilink
              English
              51 year ago

              I’m not letting Google off the hook, but Apple could also open the standard for iMessage and bypassed the whole problem. But they’d rather lock in customers than allow everyone to communicate securely and effectively.

          • Otter
            link
            fedilink
            English
            21 year ago

            More marketing would be nice

            As for features, an easy remote backup solution (similar to be bettet than WhatsApp) is the big one for me. Especially on iOS

          • Jeena
            link
            fedilink
            English
            -11 year ago

            I’m not sure about Signal being the one, then we just give the power from one company (Apple) to another (Signal). If we want to improve then we should push open protocols where people can host their own infrastructure.

            • Eager Eagle
              link
              English
              1
              edit-2
              1 year ago

              Ideally, I agree. In practice, until federation / decentralization is completely transparent to the end user (unless they choose otherwise), it’ll never be adopted at a large scale. IMO that’s one of the main obstacles of Lemmy, Mastodon, and others.

              Signal is only relatively popular among the privacy-respecting options because setting it up is as easy as setting up WhatsApp. Just by adding a “choose your instance” step, you can cut your user base by an order of magnitude. And that’s not mentioning the quality of service, which is much more achievable on a centralized platform, whether that’s in terms of feature parity, uptime, bug fixes, or cross-platform support.

        • HeartyBeast
          link
          fedilink
          71 year ago

          Message works, it’s seamless and does a good job. Sure I’ll change to something else if I need to send images or group chat with Android uses, but in the UK that generally means WhatsApp, which I am definitely not keen on.

        • Alto
          link
          fedilink
          -31 year ago

          There is absolutely nothing reasonable with using an inferior and outdated standard compared to what literally everybody else uses.

    • Possibly linux
      link
      fedilink
      English
      30
      edit-2
      1 year ago

      Most of those are proprietary. My list:

      • Matrix
      • Session
      • Signal and signal clients
      • Simplex Chat
      • Jami
      • Briar (android only)
      • Nextcloud talk (needs nextcloud)
      • probably a lot more
    • @[email protected]
      link
      fedilink
      English
      91 year ago

      telegram is not encrypted by default, and does its best to make you forget to enable it for each individual contact. if you want to do a group chat, you’re out of luck.

      Telegram is only (partially) secure for pedantic power users, which most people aren’t.

        • @[email protected]
          link
          fedilink
          English
          8
          edit-2
          1 year ago

          so, relative to pretty much all other messaging services, it might as well not be.

          You’re saying “by default not everyone can read your messages, only you, the recipient, telegram themselves and anyone who they might decide to share them with, with neither your consent, nor knowledge”

          When compared to “nobody except you and the recipient” that becomes effectively equivalent to “nothing”.

          also, not end-to-end ever when it comes to group chats

          • @Liquid_Fire
            link
            English
            11 year ago

            Almost all services in that list are closed source, so even if they use end-to-end encryption nothing stops the client from sending all your messages to anyone they like after decrypting (in fact some of them already have it as a built-in feature in the form of backups).

            • @[email protected]
              link
              fedilink
              English
              31 year ago

              that would be very quickly caught by a network sniffer, because it would have to be sent from your own device. Otherwise they’d just be sharing the undecryptable ciphertext you sent to their servers

              • @Liquid_Fire
                link
                English
                11 year ago

                Just encrypt it before sending it to their servers. How would you tell that apart from any other traffic it sends? (E.g. to check for new messages, to update who of your contacts is online, etc)

                • @[email protected]
                  link
                  fedilink
                  English
                  2
                  edit-2
                  1 year ago

                  what does that have to do with anything? if you have to encrypt your messages manually yourself, that kind of proves the point that the service itself is not secure. And it’ll still show up on a network sniffer that they’re sending it to two places

    • @[email protected]
      link
      fedilink
      English
      41 year ago

      Technically, yes, this is a solution.

      Socially, no. This is not a solution. People are just too lazy.

      • Jeena
        link
        fedilink
        English
        41 year ago

        I assume that if people are too lazy to switch to a solution which works for every one then they are not very interested in talking to you anyway.

        • @[email protected]
          link
          fedilink
          English
          2
          edit-2
          1 year ago

          Except it’s not a solution that works for everyone. It’s 9 solutions. If it were one it would be a lot easier.

          7 once you take out the ones owned by Facebook.

    • Dog
      link
      English
      11 year ago

      Here’s your answer: America.

  • @the_q
    link
    English
    54
    edit-2
    11 months ago

    deleted by creator

    • HeartyBeast
      link
      fedilink
      231 year ago

      If you are talking about RCS - the encryption aspect is a google proprietary extension

      • @woelkchen
        link
        English
        151 year ago

        Probably meant Matrix.

            • @woelkchen
              link
              English
              21 year ago

              God, no. The corporate chat that my employer uses is based on Jabber (if anybody cares: it’s Estos ProCall) and on mobile it’s just hell where the connection gets lost all the time and messages arrive late.

              • @Chobbes
                link
                English
                31 year ago

                To be fair that might just be a poor implementation? XMPP can support push notifications just fine now:

                https://xmpp.org/extensions/xep-0357.html https://modules.prosody.im/mod_cloud_notify

                There are some remaining issues with push (mostly on iOS as far as I know), but it’s all to do with OMEMO. OMEMO is kind of like the signal protocol but in XMPP. This is kind of moot for corporate XMPP, though, as you probably aren’t using OMEMO.

                The OMEMO issue is that the contents of the message are end-to-end encrypted so you can’t simply send the notification to devices. I believe conversations on Android may just keep a socket open (or maybe that’s just the fdroid version?) so it just manages it with background tasks. And on iOS monal does what signal does and will use push notifications as a trigger to pull messages from the server. Siskin on iOS just sends you a “you have a new message!” notification instead because they don’t want to spin up the radio to fetch messages in order to preserve battery life. So basically push works fine on monal, and Siskin also has working push but you don’t get message contents.

                • @woelkchen
                  link
                  English
                  31 year ago

                  To be fair that might just be a poor implementation?

                  Maybe. Given that ProCall is a commercial product, it surely just reuses whatever MIT/BSD/Apache-licensed code exists instead of developing their own because that costs money.

      • @pastabatman
        link
        English
        51 year ago

        True, but the Apple RCS announcement said that they were going to work with the GSM association and google to build it into the base spec

        • 𝒍𝒆𝒎𝒂𝒏𝒏
          link
          fedilink
          English
          11 year ago

          It’s not natively supported by the base RCS standard, in the section at the end of the paper in the section titled “Third Party RCS Clients” Google explains that they’ve built the e2ee their Messages app themselves, (on top of standard RCS).

          A developer has to use Google’s implementation specifically in order to send and recieve e2ee messages to Google’s Messages app (and Samsung Messages who also implemented this recently)

          Although the e2ee implementation is using the Signal protocol under the hood, it’s for message content only - this is what is transmitted in cleartext (taken from the paper)

          • Phone numbers of senders and recipients
          • Timestamps of the messages
          • IP addresses or other connection information
          • Sender and recipient’s mobile carriers
          • SIP, MSRP, or CPIM headers, such as User-Agent strings which may contain device manufacturers and models
          • Whether the message has an attachment
          • The URL on content server where the attachment is stored
          • Approximated size of messages, or exact size of attachments

          Without using this implementation of the Signal protocol on top of RCS, the message will deliver to the contact’s phone, but shows up as unencrypted garbled text

          That is a very useful resource though, never knew there was a paper available on the implementation. Saving 😁

    • @[email protected]
      link
      fedilink
      English
      51 year ago

      The problem is actually getting people to use it since they’re all too busy arguing over the color of a message

  • Tiger Jerusalem
    link
    English
    451 year ago

    We took steps to protect or users by forcing them to communicate to Android phones using unencrypted channels. After all, those peasants are not iPhone users, they deserve to be spied.

    • @[email protected]
      link
      fedilink
      English
      311 year ago

      Aside from the obvious reasons of competition, Beeper also used Apples infrastructure, that Beeper was then going to monetize. Not too surprising they shut it down.

      • @[email protected]
        link
        fedilink
        English
        -11 year ago

        No, they were charging money as they had their own APN to BPN bridge. Plus the usual cost of development and more.

        • Chozo
          link
          fedilink
          91 year ago

          Apple already knows that iMessage, alone, is a huge selling point for their iPhones. They held out for a few years keeping iTunes away from the rest of us before finally giving in, but I very much doubt that they’re going to open up iMessage any time soon. It’s pretty much the only thing that keeps iPhone users in their ecosystem anymore.

          • @[email protected]
            link
            fedilink
            English
            11 year ago

            iMessage keeps in ecosystem? I’m using iPhones for 10 years. Sent my first iMessage 2 years ago. Definitely not a main ecosystem feature for me

        • @[email protected]
          link
          fedilink
          English
          31 year ago

          That’s true, but it would be more Applelike to develop their own app. They obviously know how to do it, then they could have 100% of the profits and not have to deal with a partner. But Tim Cook said they re not interested in doing anything like that.

  • Eager Eagle
    link
    English
    36
    edit-2
    1 year ago

    At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe.

    At Apple, we build our products and services with industry-leading vendor locking tactics to distance our brand from other lesser ones.

    We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage.

    We’re not letting anyone breach this walled garden, but nice try.

    These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.

    By using these tactics we can keep our users away from solutions that have any interoperability whatsoever and keep promoting decade-old features as new, as our sheep ahem user base don’t know any better.

    • Keith
      link
      fedilink
      English
      121 year ago

      Text messaging market in EU is totally different from in the United States. This is because US texting was cheap always— not so with the EU.

    • @[email protected]
      link
      fedilink
      English
      21 year ago

      They’re not gatekeepers in Europe because nobody uses iMessage over there. Their predominance in the US market is outside of the new EU laws.

  • @[email protected]
    link
    fedilink
    English
    28
    edit-2
    1 year ago

    So many of these comments are pulling up the other encrypted alternatives that you can use between iPhone and other platforms. But few seem to actually be addressing the problem of actually getting other non-tech savvy people to use this stuff because they don’t actually see a problem with what they have.

    You may not realize it, but not everyone is thinking about whether or not their messages are encrypted. My own family looks at me like “🤨” when I try to convince them to use something encrypted, like I’m trying to hide a crime or something. And I’ve only gotten my parents to use other services (WhatsApp and Facebook Messenger with end to encryption turned on) by digging my heels to get them to stop using SMS. I still haven’t convinced my almost 16-year-old sister (she doesn’t really message me that much anyway. But she’s in that phase where she thinks she’s all independent, and her first places are the simple stuff she knows).

    Might I add that digging your heels at every attempt for someone to use SMS isn’t socially acceptable. I’ve only done it because they’re family and I love them

  • @Fridgeratr
    link
    English
    26
    edit-2
    1 year ago

    Gotta protect your users from fake blue bubbles, I get it I get it

  • @[email protected]
    link
    fedilink
    English
    171 year ago

    Serious question since I don’t use iMessage whatsoever, what’s going on with the iMessage stuff? Seems like multiple companies recently have tried to make apps that connect to iMessage, but there’s nothing I’ve heard about Apple opening that up. Did something happen for this to suddenly pop up more frequently?

    • @hakobo
      link
      English
      131 year ago

      Someone (possibly recently?) figured out the protocol and how to register a phone number without needing an apple device. Older versions of stuff like this required having a Mac virtual machine and routing messages through it using a user’s AppleID, so this was much easier. I saw a video that was bragging about how this new method would be very difficult to block because doing so could affect regular users, and I just kinda laughed at the naivety.

    • @woelkchen
      link
      English
      131 year ago

      In the US it’s the messaging standard because they are too lazy to install a cross platform messenger like everybody else in the world. So Android has a 40% market share there, which is the minority but not a crushing minority like Windows–Linux but for whatever reason American society rather focuses on iMessage than just to install Signal or whatever.

    • @[email protected]
      link
      fedilink
      English
      51 year ago

      Pretty much it’s the Beeper devs and one other. But the initial setups were really nothing more than using a Mac on the backend with a an adapter to Android.

      Beeper and one (maybe two) other were pretty effective at it.

      Beeper Mini is a different thing altogether. It uses a service to translate ANP (Apple Notification Protocol?) to GCM (Google Cloud Messaging), which are the respective notification handlers.

      The Android client is able to comm directly with iMessage servers, unlike the original Beeper and the other ones.

  • @[email protected]
    link
    fedilink
    English
    15
    edit-2
    1 year ago

    Lots of sarcastic comments in here, but Beeper’s method was to literally spoof the serial numbers and whatnot of real machines. Do people really not see how that would be a problem?

    • @rdri
      link
      English
      81 year ago

      Do people like relying on service that requires their real device’s serial number to function?

      • @[email protected]
        link
        fedilink
        English
        5
        edit-2
        1 year ago

        You can use any apple device to use iMessage, your account isn’t only usable on your device. They were effectively stealing people’s machine IDs to provide this service. That’s fucked up.

        • @rdri
          link
          English
          11 year ago

          “Effectively stealing” means the original machine ID can’t be used by the original machine after it’s stolen, right?

      • [email protected]
        link
        fedilink
        English
        21 year ago

        Former Apple engineer here. This architecture isn’t ideal if you intend the service to be portable - but we didn’t! Knowing the messages can only originate from a sealed application on a first party device eliminates a whole class of spam and security problems.

        Beeper’s implementation spoofs Mac keys and requires you trust them with your Apple ID credentials if you want to be able to take full advantage of iMessage.

        It’s just pointless. A huge security risk for Apple users and to zero benefit for Android users. Let Apple implement RCS as they promised and move on. Isn’t everyone on Telegram or WhatsApp anyway…?

        • @rdri
          link
          English
          01 year ago

          but we didn’t!

          Well maybe that was a mistake.

          Knowing the messages can only originate from a sealed application on a first party device eliminates a whole class of spam and security problems.

          It conveniently appears to also eliminate some amount of responsibility. Seriously? Was it not known that it’s possible to debug even 1st party apps? Was it not already obvious that walled gardens are only good before they got cracked?

          A huge security risk for Apple users

          I wish engineers would stop using the word security just because they like it. Apple should try to prevent threats like pegasus instead of telling everyone that blue bubbles are a security risk.

          and to zero benefit for Android users

          Yeah, it’s more useful for apple users so they wouldn’t need to resort to unencrypted messages when talking to Android users.

          Let Apple implement RCS as they promised and move on. Isn’t everyone on Telegram or WhatsApp anyway…?

          Heh. I wish to see apple say the same in their statement of decision to shut down iMessage.

          It’s just pointless.

          Yeah. Apple doesn’t understand the community concerns, it only understands court decisions. Though sometimes these two have some connection.

    • @FutileRecipe
      link
      English
      101 year ago

      You need to dream bigger. That should be the companies (Google, Apple, carriers, etc) working together and using a non-proprietary standard (an open RCS). Mini Beeper, to me, was just a proof of concept to show something akin to what Apple could do.

      • @[email protected]
        link
        fedilink
        English
        31 year ago

        Obviously I want RCS. But I’m realistic in what I have right now. And right now what I got was working group chats

    • Possibly linux
      link
      fedilink
      English
      31 year ago

      For those not in the loop, why? It seems like people who want to use Apple products would just buy a iPhone.

      • @prayer
        link
        English
        51 year ago

        Those of use who have friends or groups of friends that use iPhones but us ourselves do not. In the US, iMessage is the #1 way to create a group chat, and if you don’t have an iPhone you’re often just excluded and rely on someone else to update you about plans, etc.

        • @[email protected]
          link
          fedilink
          English
          13
          edit-2
          1 year ago

          Apple is dumb but if iMessage is the reason somebody cant be fucked to message you id personally rethink those friends.

        • @the_q
          link
          English
          4
          edit-2
          11 months ago

          deleted by creator

            • @[email protected]
              link
              fedilink
              English
              11 year ago

              You would be right if SMS was still relevant in Europe (and asia and africa, I think). That would be kind of like saying a phone isn’t very good because it doesn’t support usenet.

              • Possibly linux
                link
                fedilink
                English
                11 year ago

                Well nothing else is standardized in the same way SMS is. I don’t want to be forced into one application. SMS and MMS are older but they work across all devices.

                • @[email protected]
                  link
                  fedilink
                  English
                  11 year ago

                  There are plenty of standardized communication protocols. There are far less in the smartphone world, which is why we have this problem. Imagine if you couldn’t do voice calls between AT&T and Comcast, North America and Europe, or Apple and Android. Now why on earth would anyone think that text messaging should be that way, or shouldn’t have been standardized decades ago?

        • Possibly linux
          link
          fedilink
          English
          11 year ago

          You can create a group chat using standard MMS. I have never heard of this being a problem.

          Like I said, maybe I’m out of the loop or just lucky.

  • @[email protected]
    link
    fedilink
    English
    12
    edit-2
    1 year ago

    Beeper already fixed iMessage on Beeper Cloud and is working on restoring Beeper Mini. Might take some back and forth but it still wouldn’t be surprise if it makes their reimplementation more resilient to Apple tampering.

    • @[email protected]
      link
      fedilink
      English
      91 year ago

      Until Apple will inevitably litigate them to death when they figure out they can’t out engineer them

    • @woelkchen
      link
      English
      61 year ago

      Isn’t Beeper Cloud the one that uses Mac Minis? Obviously a solution that uses Apple hardware works.

      • @[email protected]
        link
        fedilink
        English
        1
        edit-2
        1 year ago

        Apple broke Beeper Cloud too. If I had to guess, if Apple changed something that broke two different methods at the same time then it might be easier to fix by deducing from what they have in common.

        • @woelkchen
          link
          English
          11 year ago

          If I’m not confusing Beeper Cloud with something else and it’s indeed routed through real Mac, it block Apple uses may just be blocking the IP range.