[alright2565]

The goal I see here is to get media[1] and regulator[2][3] attention on this issue, and to get Apple to clearly state their (anti-consumer) position. I'm sure Apple employees in every level and department have lost sleep over this.

I don't think their expressed surprise is legitimate, but is instead a rhetorical choice to make Apple seem unreasonable.

[1]: https://www.cnet.com/tech/mobile/beeper-mini-brings-imessage...

[2]: https://www.threads.net/@jolingkent/post/C0-zKSPrizx

[3]: https://www.droid-life.com/2023/12/18/lawmakers-suggest-doj-...

[lhamil64]

I guess I just don't understand why it makes Apple look bad here. My understanding is that Beeper reverse engineered their APIs and people expect Apple to just accept it? How is it much different from blocking a hacker who's poking around to find holes? And to be clear, I use Android and I do think the whole iMessage situation is silly. I just don't get how anyone could see an unofficial iMessage client going any differently.

[s3p]

From the article:

>This might be true if Apple was a small company. But they aren’t. They control more than 50% of the US smartphone market, and lock customers into using Apple’s official app for texting (which, in the US, sadly, is the default way people communicate). Large companies that dominate their industry must follow a different set of rules that govern fair competition, harm to consumers and barriers to innovation. We are not experts in antitrust law, but Apple’s actions have already caught the attention of US Congress and the Department of Justice

[biftek]

How do they lock customers in? There are plenty of messaging apps from other tech conglomerates, that no one chose to use alternatives in the U.S. is not Apple's problem. The market spoke.

[rezonant]

Because the market we're talking about is not the broader messaging ecosphere, it's "texting". To the US consumer, Whatsapp and the like are not texting. Frankly it makes total sense that this is the way it is in the US, because most people do not want to waste their time using a messaging app that can only message a fraction of people. They want an app that can message 100% of people. Apple Messages can do that, as can every other texting app, because the lowest common denominator technology (SMS, soon to be RCS especially once Apple ships it) is supported on every single handset. You never need to guess if a phone number is on Whatsapp or Signal or Telegram. You can just send a text to it.

This is pretty different to the international dynamic, as MMS often comes at a surcharge in many non-US markets, but here unlimited MMS has been included in most plans for a very long time, so there's not even a "hey, you are costing me money" stigma involved like there was in the bad old days decades ago.

[agos]

there is no "guessing", the person giving you their number can also tell you which platform they are on (in my country 99,9% of the time it will be Whatsapp).

making an antitrust case on the basis of "I don't want to guess" seems weak, but law can always turn out counterintuitive

[smoldesu]

> the person giving you their number can also tell you which platform they are on

That... doesn't solve the problem. We don't need fragmented messaging systems, we need the world's largest company to lay down some rules and abide by them. Right now, the existence of iMessage is predicated on the poor performance of traditional SMS messaging. It wouldn't surprise me if the United States (much like Europe's antitrust council) forced Apple to standardize their proprietary alternatives. There's nothing counterintuitive about that to me.

[AnthonyMouse]

Messaging networks have a network effect. You have to use the same one as the people you're communicating with, so if two or more people don't want to use the same one, at least one of them is forced to use the one they don't want to.

It doesn't matter how many other networks there are when you can't get your group to use those instead.

[josephcsible]

By going out of their way to make the experience worse when texting people who don't use iMessage.

[jonhohle]

In what way?

[Exoristos]

They don't give them a blue bubble.

[cwillu]

Last century it was bell whining about customers connecting unauthorized equipment to their network. This century, it's apple whining about customers connecting unauthorized equipment to their apis.

[treyd]

This is really it. It's exactly the same scenario and it would be great if it could be restated for the new networks we use today. History repeats itself.

[jonhohle]

iMessage infrastructure belongs solely to Apple. It’s a value add for people who hit their products. What is owed to people who are not their customers?

If you ran a business and provided a service to your paying customers, should you be forced to offer it gratis to anyone who wants to use it? That’s an absurd position.

[treyd]

You have to be an Apple customer to use Beeper Mini with iMessage. What's your point?

[cwillu]

> If you ran a business and provided a service to your paying customers, should you be forced to offer it gratis to anyone who wants to use it? That’s an absurd position.

Yes, it is absurd. It's a great strawman.

A more realistic option would be to say that Apple has to sell access to its infrastructure via the API its own app uses, at a cost allowing some reasonable profit; this would conveniently align with other court decisions regarding anti-competitive practices by incumbent providers with strong market positions.

[philistine]

Last century, were the customers connecting their equipment without paying money to Bell ?

[striking]

You now need legit Apple hardware tokens to connect to the network. Those of us currently with iMessage on Beeper have paid our dues.

[philistine]

You've paid your dues to Apple, right? You're not just using someone else's service to connect to another service you're not paying for, right?

[striking]

Yes, I own the physical hardware that the tokens are coming from. I own an (out of date, but still legit) iPhone 6, as well as a new Mac. I have paid Apple that which they would demand of any normal customer, and now I want the messages to flow to my Android phone and my Linux/Windows Desktop.

[tenebrisalietum]

Yes. https://historyofcomputercommunications.info/section/3.2/Car...

[philistine]

So it's very different. Beeper connects to Apple's service without an agreement or payment. The issue with Bell was with paying customers. No one was asking Bell to allow people without an account with them to connect.

[theamk]

Pretty sure if an alternate phone networks existed, it was free to switch to them, and they had billions of users already, antitrust case against bell would have no merit.

(disclaimer: Android user, wish users had stopped bothered with iMessage already and switched to something else)

[rakoo]

Beeper Mini bas a net positive impact on society, contrary to hackers finding holes. The only reason it's not possible to use iMessage with Android is that it's not profitable, and it's good to remind Spoke zealots that no, Apple isn't here for you.

[AnthonyMouse]

> My understanding is that Beeper reverse engineered their APIs and people expect Apple to just accept it?

It forces Apple to explicitly do the equivalent of Microsoft making competing word processors malfunction in DOS to pressure people to use Microsoft Word.

> How is it much different from blocking a hacker who's poking around to find holes?

That's the easy one. Interoperability is legitimate, credit card fraud isn't.

[__MatrixMan__]

The point of an API is interoperability. If somebody has to reverse engineer your API, you either suck at documentation, or are up to no good.

[zwily]

You think Apple employees have lost sleep over this? I seriously doubt it…

[Nextgrid]

Employees, no. Executives, absolutely.

Beeper put them between a rock and a hard place, where any action other than accepting Beeper would solicit regulatory action. This in fact ended up happening.

Furthermore, I bet Beeper was outright hoping for a lawsuit from Apple, which would put up a well-publicized fight over adversarial interoperability that could yield to a disastrous legal precedent not just for Apple but other companies.

Apple knows this and that's why they haven't sued them (or DMCA'd any repos).

[turquoisevar]

I hate to be the one to bursts bubbles, but there’s no cause of action here under the current legislation. None.

That is unless we’re talking about Beeper being the defendant.

They have incurred criminal liability by violating the CFAA and committing computer trespass and civil liability by violating the the OS license agreement and ToS that both prohibit reverse engineering (yes that supersedes DMCA exception) not to mention the general copyright violations of reselling Apple’s IP for $2/mo (pypush isn’t without proprietary Apple code).

CCIPS would have a field day with this and if by some weird “blow up in your face fashion” they get their hands on the referral after the antitrust division of the DOJ is done shrugging at it, Beeper might get more than they bargained for.

The only thing that could actually affect Apple in this, is if legislators pass new bills. The problem however is that this would have cascading effects across the industry, if not the economy as a whole, because there’s no way to legislate this in such a way that it would only affect Apple and Apple alone.

Anything short of that makes for a fun fantasy that I’m sure some people will get off on, but a fantasy nonetheless.

[stuartjohnson12]

> unless we’re talking about Beeper being the defendant

Yes that's the point, Beeper are probably hoping Apple sues them for the reasons you describe.

> criminal liability by violating the CFAA and committing computer trespass

This is pretty tenuous. They do have proper authorization because the keys in question are valid iMessage keys and they are being used by the same individuals those iMessage keys are allocated to. They're not trying to commit any further crime post-access.

> violating the the OS license agreement and ToS [...] (yes that supersedes DMCA exception)

Does it? This seems like a pretty textbook case of reverse engineering for interoperability.

> reselling Apple’s IP for $2/mo

Probably the case they're hoping for a lawsuit on - the degree to which Apple has legitimate claim to control use of the iMessage protocol given their market presence. In the process of the lawsuit, if Apple is found to be leveraging this protocol anti-competitively, they're in trouble.

And beyond that, Apple is a highly litigious company with great lawyers and extremely deep pockets and large incentives to defend their ownership of the messaging market.

That they've been this slow to sue Beeper probably signals enough on its own that there's probably no field day to be had.

[nicce]

> Does it? This seems like a pretty textbook case of reverse engineering for interoperability.

The problem is that everything works through Apples private services, even if there is no DMCA things in the app. On top of that they are making business with that. Quite unfair use.

What if I use Amazon’s private APIs for running my cloud. Even share it to others and charge even money from it?

[stuartjohnson12]

Seems legitimate to me.

There's no reasonable case for trespass under the CCFA as proper credentials are being used and there's no intent to use that access to commit further crime.

You can't infringe on intellectual property of a server by making requests to it, that doesn't make sense. Any case there would be access violations under the CCFA which are already covered above.

The only real claim would be the intellectual property of the client app in the way that it forms requests and accepts responses which this system is undoubtedly based on the reverse engineering of. The only problem with that argument is that the DMCA includes a specific exemption for interoperability as fair use.

Note that simply building a new client app doesn't necessarily constitute fair use, but in this case the client app extends to a platform that is otherwise not supported. Seems a pretty obvious case for interoperability in my eyes.

"Fair" or "unfair", what is the crime? Your intuition pump doesn't include enough details to be useful, I don't understand it.

[turquoisevar]

> They do have proper authorization because the keys in question are valid iMessage keys and they are being used by the same individuals those iMessage keys are allocated to. They're not trying to commit any further crime post-access.

Authorization in the legal sense of the CFAA is permission, plain and simple.

The ToS and EULA explicitly only allow using the iMessage service on Apple hardware, so any other form without explicit permission by Apple is unauthorized.

Spoofing device credentials to fool the server and gain an authentication blob definitely doesn’t fall under authorized access.

But even with legitimately attained credentials you can still be in violation. Ex employees of a corporation, finding a device with credentials on it, etc.

Whether they commit any further crime or not is irrelevant for criminal liability.

> Does it? This seems like a pretty textbook case of reverse engineering for interoperability.

The DMCA exception only applies to interoperability for legally acquired (e.g., licensed) software.

But it doesn’t really matter but because ToS and license clauses that explicitly prohibit it overrule it, see Bowers v. Baystate Technologies, 320 F.3d 1317 (Fed. Cir. 2003)[0]

> Probably the case they're hoping for a lawsuit on - the degree to which Apple has legitimate claim to control use of the iMessage protocol given their market presence. In the process of the lawsuit, if Apple is found to be leveraging this protocol anti-competitively, they're in trouble. And beyond that, Apple is a highly litigious company with great lawyers and extremely deep pockets and large incentives to defend their ownership of the messaging market. That they've been this slow to sue Beeper probably signals enough on its own that there's probably no field day to be had.

This reads like a Gish gallop with a bunch of weak arguments that border fantasy.

There is no “Apple in trouble” when it comes to iMessage and there are no signals.

I don’t know where you get this from but I suggest seeking better sources on understanding legal standards and ramifications.

0: https://law.resource.org/pub/us/case/reporter/F3/320/320.F3d...

[singron]

This case is probably relevant: https://en.m.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn

In that case, breaking the ToS superceded the fact they were merely accessing public information.

The other question is whether Beeper is violating terms of service or their users are. I'm guessing Beeper is not and they instead need to be implicated for some kind of tortious interference. I would love if Apple individually started suing their own customers though.

[Frivolous9421]

>CFAA violation for logging into your own iMessage account and using the service

Not fucking likely

[mikeryan]

Your premise seems to be that they want Apple to sue them?

That point is moot now.

[Nextgrid]

Keep in mind that Beeper is a company (backed by some people wealthy enough to open themselves up to litigation against Apple) and most/all of the CFAA horror stories have been against defenseless individuals, so it might play out very differently as corporations are given much more leniency.

Beeper has managed to get enough media coverage on this issue that any litigants will need to consider before bringing any suits, including attention from legislators themselves who are calling for antitrust investigation. That's no small feat and suggests Apple may not be on as solid footing as you think.

[turquoisevar]

Apple would have little to do with it as CFAA violations are a criminal matter.

And I’m not very impressed by US legislators in any context, they’re politicians first and foremost, ones that are always 2-4 years away from elections.

[lxgr]

Even in a criminal matter, wouldn't Apple's description of their systems and services matter quite a lot on how that would go?

[lxgr]

I think you might be right about Beeper not having any legal right to iMessage interoperability.

On the other hand though, if Apple's legal right to continue locking them out was as certain as you make it sound, wouldn't it make sense for them to file a lawsuit and set precedent for anybody walking in Beeper's footsteps?

[turquoisevar]

> On the other hand though, if Apple's legal right to continue locking them out was as certain as you make it sound, wouldn't it make sense for them to file a lawsuit and set precedent for anybody walking in Beeper's footsteps?

Prefacing this by saying that I’m not privy to what, if anything, Apple is cooking up. But such a case isn’t something you cobble together in an afternoon.

In my experience a lead time for something like this is at least about a month, a week if it’s urgent and less if it’s really urgent and you seek an injunction (and then you try to flesh it out afterwards).

But ideally you want to take your time so you can discuss your strategy both internally with higher ups as well as with outside counsel, collect exhibits and draft up a solid initial filing.

Part of these discussions is also what kind of exposure you’ll have during discovery. Apple for example genuinely believes that Masimo used Apple’s internal confidential documents that Masimo received during discovery in the California trial to create the competing W1 smartwatch.

It could be that they’re weary of having to share more internal information, especially since so much has already come out during the last couple of years full of cases. Or wary that Beeper would learn more about the inner workings of iMessage.

I wouldn’t characterize it as a high priority matter with urgency either because they seem able and effective in blocking Beeper, with little loss in device sales as a result.

A lot of effort is going towards the Apple Watch issue with Masimo that prevents them from selling the newest models.

Lastly, while only of minor importance, it’s slightly more beneficial for Apple if Beeper would sue them while they keep successfully blocking Beeper than Apple suing Beeper.

All in all, it’s a lot of weighing pros and cons, even when you’re in the right. That’s one of the reason why there are so many settlements, because it often is cheaper, faster and easier than a whole trial.

[ToucanLoucan]

This has been my gut feeling about the entire thing and I don't understand so much about:

a) How Beeper thought they had a business model here

b) How so many HN readers can justify flagrant misuse of private API's and servers as some sort of liberatory move

Apple's iMessage service is a privately owned, privately hosted, closed source protocol and always has been. You are not allowed to use it without an iPhone, an iPad, or a Mac and you never have been allowed to use it otherwise. That's just... what it is. You can dislike that, you can think it's anti-competitive and you might even have a case for it, I guess we'll see, but insofar as I can see it:

iMessage is a closed source, walled garden, private protocol Apple uses to permit a higher tier of text messaging for owners of iDevices. There is no reason at all to think you're entitled to access that service without using the aforementioned devices, and there's even less reason to be surprised in the slightest that, when a company was offering services to bypass those requirements and use the API without meeting Apple's requirements, that Apple would shut that shit right down.

[Nextgrid]

> You are not allowed to use it without an iPhone, an iPad, or a Mac and you never have been allowed to use it otherwise

What about for those who do own an Apple device and thus paid the "tax" to use iMessage, but want/need to use it on unapproved devices out of convenience? The argument would be very different if Apple merely restricted the service to Apple IDs associated to a valid Apple device purchase, but that's not what they're doing. They're clearly not making the cost/resource usage argument otherwise it would be trivial for them to implement such a restriction.

> There is no reason at all to think you're entitled to access that service without using the aforementioned devices

Would you also apply that argument to Microsoft Office files? Microsoft would sure love it if it would be forbidden to create/edit such files in anything but Microsoft software. Would you also want LibreOffice/OpenOffice/Apple's very own Pages/Numbers/Keynote to not be able to read such files?

[ToucanLoucan]

> What about for those who do own an Apple device and thus paid the "tax" to use iMessage, but want/need to use it on unapproved devices out of convenience?

You'd probably be told no, that you can only access it via Apple's devices. Your options there are to access it via approved devices or use a different service. You cannot arbitrarily bypass requirements to use it how you want to use it and expect Apple to just organizationally shrug their shoulders.

> The argument would be very different if Apple merely restricted the service to Apple IDs associated to a valid Apple device purchase, but that's not what they're doing.

That's correct. They only want their hardware and software on all ends of this traffic. That is not inherently unreasonable or anti-competitive and is likely spelled out in the terms of service.

> Would you also apply that argument to Microsoft Office files? Microsoft would sure love it if it would be forbidden to create/edit such files in anything but Microsoft software. Would you also want LibreOffice/OpenOffice/Apple's very own Pages/Numbers/Keynote to not be able to read such files?

I think it would be a bad decision on the part of Microsoft to attempt that, as the file formats are already supported by other software and artificially restricting them to only Microsoft apps would only serve to drive users to Libre/Open office, but ultimately having proprietary file formats that are crypto-graphically secured is also not without precedence and also not inherently anti-competitive. At my current employer we sell specialized software for maintaining machinery, and our files are locked right down because that's how we make our money: the ability to open, save, and utilize our files is our entire business model so you're damn right it's secured. That's not anti-competitive either: if you don't like how we do our business, you are free to use a competitor's product. What you're not free to do is crack open our software and use it anyway.

Edit: I'm being rate limited:

> This is closer to a Telcom/Basic Utility law issue

No, it isn't, because iMessage is not the only way to text on an iPhone. It degrades gracefully into full compliance with SMS/MMS protocols to allow it to text Androids, Blackberries, or flip phones.

> and is the default way to text message on this "basic utility" platform

No it is not, SMS/MMS is. If your iPhone is in a particularly bad data area, it will also SMS other iPhones absent it's ability to contact the iMessage service.

> Interoperability should be a given

IT IS.

[haswell]

> How so many HN readers can justify flagrant misuse of private API's and servers as some sort of liberatory move

So that I better understand your position, would you feel differently if Beeper Mini was just a GitHub repo hosting the code to an unofficial 3rd party iMessage client? Why or why not?

HN as a community is made up of quite a few people who care about interoperability, the right to use our computers as we see fit, the joy of building solutions to solve problems that other people won’t solve, etc.

What is surprising to me is the growing number of comments that are defending Apple and framing the creation of an unofficial 3rd party client using terms like “flagrant misuse”.

Don’t get me wrong. I didn’t expect Apple not to fight this, but I think we need to walk back the hyperbole a bit and consider how utterly normal it is for developers to try to build their own clients when the official options either suck or are too restrictive.

I do think that trying to charge for the service was a questionable decision.

[ToucanLoucan]

> So that I better understand your position, would you feel differently if Beeper Mini was just a GitHub repo hosting the code to an unofficial 3rd party iMessage client? Why or why not?

I mean, I think using that code would be a risky proposition at best that might earn you as a user the ire of Apple, and I wouldn't personally do it, but ultimately, showing people how to do a thing, or even providing the executable I don't think itself is a crime.

That said, I would also not be remotely surprised if Apple figured out how to block it's access to it's API's too. And, if there is money involved or if the breach is egregious enough in some other way, I don't think it would be altogether unexpected for the authors to find themselves in some legal hot water too, and/or for Github to receive a takedown notice.

> HN as a community is made up of quite a few people who care about interoperability, the right to use our computers as we see fit, the joy of building solutions to solve problems that other people won’t solve, etc.

Which I respect on the whole, but the key difference here is you are not just using your computer/smartphone, you are using Apple's computers too. That's where I find the disconnect. Each time Beeper Mini connects to those servers it is using compute resources, however infinitesimal, to perform it's functionality: functionality that is not supported, that fundamentally, Apple is now paying for. And you can justify that any way you want, but at the end of the day, that's stealing. And Apple is perfectly within their rights, IMO, to block it and if they feel they have a case, to pursue it legally afterwards.

> Don’t get me wrong. I didn’t expect Apple not to fight this, but I think we need to walk back the hyperbole a bit and consider how utterly normal it is for developers to try to build their own clients when the official options either suck or are too restrictive.

And if you're talking about open protocols or API's, you have my support 100%! I've done some of that kind of work. But you can't just use API's that are publicly available but otherwise closed to you just because you want to. That's textbook misuse.

[whynotminot]

> HN as a community is made up of quite a few people who care about interoperability, the right to use our computers as we see fit, the joy of building solutions to solve problems that other people won’t solve, etc.

lol dude this wasn’t reverse engineering your lawn sprinklers to work with a raspberry pi. In effect this was always an abuse of services Apple funds and intends to be a value add for only their customers.

(Coming from someone who wishes Apple would just go ahead and release iMessage for android.)

[rezonant]

Invoking the CFAA for messaging interoperability is a pretty dystopian take. If it were as open and shut as you think it is, then why didn't AOL use the CFAA against Microsoft for doing exactly what Beeper is doing in MSN Messenger?

[sgustard]

Apple is a massive company that swats away pesky threats all the time. It's like Exxon executives losing sleep over a guy with a hose siphoning gas from the corner station. From a PR standpoint they won't dignify it with a response of any kind, other than to quietly crush it to dust.

[amazingman]

>Beeper put them between a rock and a hard place

"Should we allow a third party we have no control over to man-in-the-middle our end-to-end encrypted messaging service or not? This is a tough one!"

[hn_throwaway_99]

> "Should we allow a third party we have no control over to man-in-the-middle our end-to-end encrypted messaging service or not? This is a tough one!"

That's absolutely not what's happening, and I think Beeper's response here was totally correct.

There is no encryption, at all, between iOS and Android clients if the iOS user is using iMessage. And, furthermore, my understanding is that the presence of a single Android user in a group chat means nobody gets an encrypted messaging experience.

In the past, Apple's response to this has literally been "Buy your grandmother an iPhone". How can anyone not call incredible amounts of bullshit when their response to a company that actually let, for the first time, an Android user have an encrypted conversation with an iOS user as "This is unacceptable, we can't allow this" and claim it's because Apple cares about user security???

Not enough BS chutzpah in the universe for that one.

[Nextgrid]

Nobody is MiTM'ing anything. Individuals willingly provide their credentials and only get access to their own messages - the same messages they can voluntarily take screenshots of & publish by logging into a real Apple device. Furthermore, Beeper's app runs entirely on-device with an optional cloud-hosted bridge that may not even have access to the plaintext.

[dylan604]

It is pretty much universally frowned upon to provide your credentials to a 3rd party. Plenty of places will suspend your account if discovered you have done this. Building a product that relies on receiving user's credentials to 3rd parties is just building your company on a foundation of very dry/loose sand

[Nextgrid]

To be fair, Beeper Mini operates entirely on your device, the optional cloud component is there because there's literally no other way. It's like an e-mail client, or an FTP or SSH client, or a browser. Are those considered bad now?

> Plenty of places will suspend your account if discovered you have done this.

Plenty of services base their business on restricted interoperability and suspend your account not because of security but because they'd miss out on all the "engagement" they get from the official client. This has nothing to do with security.

[ClarityJones]

> Plenty of places will suspend your account if discovered you have done this.

And yet that's not the route Apple chose to take.

[heavyset_go]

Wait until you discover how Plaid works.

[amazingman]

Beeper's app is the MiTM. I already have to trust Apple not to abuse their privileged position re: e2e iMessage. Now I have to trust Beeper, Apple, and Apple has to continuously trust/verify Beeper. Privacy and interop are fundamentally in opposition here, and I find Beeper's PR approach regarding this to be misleading at best.

[Nextgrid]

Beeper is as much of an MITM as your e-mail client is one, or your FTP client, or your SSH client, or your browser. Should those also be frowned upon? After all, they both implement a cryptographic protocol and have access to the plaintext.

You also don't have to trust Beeper because you are not obliged to use it. You are welcome to not use it (and buy an Apple device) or even fall back to SMS.

The recipient can themselves decide what level of security they want and whether they trust Beeper (but they don't need Beeper to compromise their security - they can just as well post screenshots of your E2E-encrypted messages with them, make a backup on a compromised computer or leak their Apple/iCloud credentials).

[advael]

This is a great illustration of how you can only take Apple's security claims seriously if you don't understand them.

One of the primary benefits of end to end encryption is that it can protect messages from an untrusted carrier. In other words, a proper encrypted messaging setup is not vulnerable to man-in-the-middle attacks

[amazingman]

>When sending and receiving Signal, iMessage and WhatsApp messages, Beeper Cloud's web service acts as a relay. For example, if you send a message from Beeper to a friend on WhatsApp, the message is encrypted on your Beeper Cloud client, sent to the Beeper Cloud web service, which decrypts and re-encrypts the message with WhatsApp's proprietary encryption protocol.

> Using native chat apps independently may be more secure than connecting to other encrypted chat networks with Beeper Cloud.

https://www.beeper.com/faq#how-does-beeper-connect-to-encryp...

Please tell me more about how Beeper can't be used as a MiTM for E2E encrypted networks like Signal.

[advael]

So is the issue that there's a cloud web service that interacts with some of the proprietary protocols? That definitely is another point of trust and it would seem weird that they do it that way, especially for protocols that aren't proprietary. For proprietary ones, this might be necessary to dodge intellectual property liability claims that could take the whole thing down, which is a great argument for not allowing security-critical proprietary code to be protected by law in this way, but that's just a plausible reason for them to have this problem, not a reason it doesn't matter

I appreciate you pointing out specifically what the problem was rather than just repeating that it was insecure, rather than how, and admit what I said was, as far as I now know, wrong

That said, what are the odds that Apple would accept a solution that was encrypted on-device? If this were feasible, would Apple still block the interoperation with their network, and do we agree on whether they'd be wrong to?

I think the main issue I see with iMessage that this highlights is that it's presented in a way that's deceptive to its users, and thus might give them a false sense of security in their messaging. An interoperating client on android is a band-aid for this problem at best, but it's a weird move to block it. I guess for now there's the plausible deniability of what appears to be a real issue though. The way Apple's messaging has addressed it still leaves a bad taste in my mouth, because they do not make clear that what you point out is the issue

[Nextgrid]

Keep in mind that you are linking to the FAQ for the original Beeper (now renamed Beeper Cloud), this is a Matrix-bridge-based where the bridge and homeserver have access to the plaintext. You could still technically self-host both components if you wanted to.

Beeper Mini was a completely self-contained app that implemented the iMessage protocol on-device and did not use bridges. Its only optional cloud component was a push notification bridge that wasn't actually given the E2E keys (the cloud proxy would receive your messages but not be able to decrypt them, instead it just sends a push to wake up your device which will fetch and decrypt them).

[nwiswell]

> Furthermore, I bet Beeper was outright hoping for a lawsuit from Apple

Doubtful. Beeper has several legitimate causes of action to bring their own suit, if they really expect that outcome (and more importantly, if they have the financial resources to litigate)

[Nextgrid]

Beeper wouldn't have any arguments to stand on had they initiated the lawsuit - after all, Apple is allowed to make changes to their protocol as they see fit.

However, the regular pattern we've seen is that companies use copyright and/or ToS as basis for C&D'ing (with threat of litigation) developers that produce adversarily-interoperable solutions.

If Apple did so (and Apple would've absolutely done it if Beeper wasn't a reasonably well-funded adversary), Beeper would suddenly have an argument, as well as the support of the media ("Apple sues small company for opening up iMessage to Android") and the potential to establish a legal precedent that would threaten not just Apple but the tech industry at large.

[JumpCrisscross]

This isn’t how the law works. If it’s a valid defence, it’s a valid injunction.

[Nextgrid]

I don't think neither Beeper nor Apple is doing anything illegal here. Neither has any legs to stand on for a lawsuit.

However, it's a common pattern that large companies can shut down adversarially-interoperable projects by threatening litigation against the developers. The lawsuit might be baseless but would still require upfront resources to defend; this is what these companies rely on, so they get their way without the argument ever getting into a courtroom.

If Apple brought forward such a lawsuit and Beeper actually litigated it to the end (and actually got it into a courtroom), it would risk creating a legal precedent that would enshrine adversarial interoperability as legal and make such future bullshit legal threats ineffective. That is a major risk not just for Apple but the tech industry at large.

[madeofpalk]

Executives, absolutely not. Apple is so opinionated and principled. Have you seen the emails that came out during recent trials where they state so clearly how much they deserve 30% of all commerce on their devices?

They would have firmly believed that iMessage is their service that no one else has an entitlement to. If they had any involvement, it would be just one email to say to shut it down, and then never thought of it again.

[Nextgrid]

It's not about what they believe, whether legitimately or not. It's about how the regulatory environment will react to their actions and statements.

The outcome of this Beeper saga is a bipartisan call for an antitrust investigation, suggesting even politicians are starting to doubt Apple's narrative and intentions.

This is dangerous ground as it could force them to do things they don't want to regardless of how rightful they believe themselves to be.

[_Microft]

As an iPhone user, I‘m pretty happy how Apple dealt with this so far. I would hate to get spammed on iMessage and knowing that my messages are rendered exactly as intended on the receiver’s side is reassuring.

Calling this anti-consumer is rather subjective.

[luma]

The Apple Stockholm Syndrome is endemic on HN. The lengths people will go to support open source and open access while also vehemently defending the exact opposite behavior from Apple is astounding.

[Grustaf]

It’s not Stockholm syndrome, you incorrectly assume that every iPhone owner is some kind of mini Stallman. Most people really don’t care about all this stuff, they just want a product that works well, with minimum fuss. They don’t care about third party appstores. Sideloading, open sourcing imessage and all this linux hacker stuff.

[treyd]

> Most people really don’t care about all this stuff, they just want a product that works well, with minimum fuss.

And nonetheless there's demonstrable harm to the broader industry being caused despite their lack of care about it. Corporate misbehavior you're not consciously aware of can still cause you harm despite not being consciously aware of it.

[Grustaf]

Sure, when it comes to things like pollution, or for Apple, child labour. But the broader industry is not harmed by Apple not releasing the Messages app for Android, that’s just silly.

[prmoustache]

> they just want a product that works well

It doesn't if it can't reliably do basic things like sending e2ee messages to people using smartphones from other brands with its default messaging app.

[agos]

is there a device that does this, or are we measuring iPhone's performance on some unrealistic standard?

[_Microft]

I do more than enough tinkering but my phone‘s supposed to just work.

[luma]

How is your tinkering enhanced by Apple making it difficult to communicate outside of their kingdom?

[riscy]

I don't see Google making it easier to communicate outside of their kingdom. AFAIK Google's RCS (with their encryption extensions) is not an industry standard or available for 3rd party apps to use. Why is the expectation only on Apple to make such changes?

[luma]

RCS is a spec ratified by the GSMA, the same standards body that specified things like SMS. Google tried to get Apple to do RCS, they refused, then Google tried to get a license to interop with iMessage and Apple refused again. Google has tried literally everything to try and get Apple to play ball here.

[redhale]

You seem to be mistaken: https://9to5mac.com/2023/11/16/apple-rcs-coming-to-iphone/

[tedd4u]

Apple says they will implement RCS in 2024.

https://www.theverge.com/2023/11/16/23964171/apple-iphone-rc...

[nicoburns]

IMO they should also be made to open up. As should whatsapp and facebook messenger.

[rakoo]

Because this story is about Apple ?

What is good about whataboutism again ?

[paulmd]

> How is your tinkering enhanced by Apple making it difficult to communicate outside of their kingdom?

OP didn't say they tinkered on their phone - actually the total opposite. Read it again.

"I do more than enough tinkering but my phone‘s supposed to just work."

Anyway, you've missed the point that at the end of the day there's real-world benefits to many of the things people complain about. The FindMy lockout prevents phone theft (and has strong reductions in theft rates for these users). Serializing parts prevents thieves from stripping stolen phones and selling for parts. Having only one app store prevents large players with high network effect (tencent, facebook, etc) from demanding you install their app store to bypass the Apple's review/permissions process to spy on you (FB already got caught using dev credentials to do it anyway). Etc.

https://arstechnica.com/gadgets/2019/01/facebook-and-google-...

I tend to agree, that a phone is not where I care to tinker in my life. Having it be secure and well-integrated is more important to me, I have a PC if I want to tinker. I can sign and sideload apps already if I want to try something (for 7 days), or getting an official dev credential extends this to 30 days. Android phones have a real problem with OS support lifespan and OEM parts availability, and I have no desire to install third-party ROMs and then spoof safetynet so I can run my bank app. Assuming that's even an option at all - Sony for example will wipe the camera's firmware when you unlock the bootloader, so it degrades a premium cameraphone to flip-phone levels.

"Not everyone wants to be stallman trying to figure out how to root their phone and spoof safetynet" is actually a great way to put it.

[endisneigh]

Those are not contradictory viewpoints anymore being pro housing but not wanting random homeless people in your house while you’re away isn’t contradictory either.

[Larrikin]

Your messages are all screwed up when delivered to anyone not using an iPhone. Pictures and movies are basically destroyed and worthless.

The fake spam complaint is addressed in the article.

[BlackjackCF]

I’m likely wrong here but isn’t that a problem with SMS and not necessarily iMessage?

[daedalus_j]

I can exchange MMS to other Android users (and it's MMS, not RCS) that aren't ridiculously compressed, so I've always assumed it was Apple.

[giantrobot]

MMS limitations stem from the carrier. They have different attachment size limits which affects how Messages will encode the content.

[jmye]

This is absolutely, unconditonally untrue. I can send a message to an Android user just fine. SMS is delivered as it is anywhere else. Pictures go through fine - my partner and I can, and do, regularly share pictures without any issue at all.

Why hyperbolize things and spread outright nonsense? To what possible end?

[sixothree]

I experience the issues described when texting android users.

[Larrikin]

MMS in 2023 is not an acceptable fallback. We all have cameras capable of shooting amazing pictures and 4k movies.

The size limit destroys decent looking pictures and basically prevents movies from even being an option with how grainy they appear stretched out on our 4k screens.

This is ignoring all the other interactive elements that are just table stakes in any kind of messaging application that make SMS absolutely terrible in comparison.

[Grustaf]

If you do don’t like mms, don’t use it, there are tons of alternatives. I have half a dozen chat apps.

[_Microft]

> Your messages are all screwed up when delivered to anyone not using an iPhone. Pictures and movies are basically destroyed and worthless.

Sure and it is absolutely obvious on my side because these contacts don’t show blue messages. Take that away and the situation turns worse because now I‘d have to guess.

Edit: don’t get me wrong - I don‘t send broken messages, I just contact them on other messengers instead.

[sanex]

It's obvious to you but not obvious to your average iPhone user which is why I get videos with 3 pixels sent to me repeatedly. On the flip side I can mms videos with acceptable resolution just fine. It's all just to try and keep people in the system, not because it's a better user experience.

[inferiorhuman]

Bullshit. AT&T limits MMS videos to 1 MB, Verizon to between 1 MB and 3.5 MB depending on the sender, T-Mobile/Sprint 1 MB to 3 MB depending. If you're getting "acceptable resolution" H.264 videos they're being sent over RCS.

[crakhamster01]

This comment makes no sense - I'm an iPhone user and receive spam almost daily. And if it's reassuring to know that your messages are rendered correctly, Beeper Mini would only expand the number of contacts that this applies to.

How exactly is Beeper worsening the iPhone experience?

[dimator]

> Calling this anti-consumer is rather subjective.

This is the entire fiasco distilled down to what is the root of the issue: to apple, non-apple users are not consumers. Substandard. This is the exact sentiment behind "Buy your mom an iPhone"

Messaging is by definition something that needs interop. This is why Apple (begrudgingly) supports at least SMS and MMS, because obviously you need to interop with "the others." It's also why they're being dragged kicking and screaming into RCS, which in all likelihood, they'll make equally shitty.

The fact that one company can dictate the terms of that interoperability, and make it as excruciating and inferior as possible, tells you all you need to know. But if you're the "in group" you can't even see what the issue even is.

[_Microft]

Actually you are correct. I confused consumers and customers.

[Centigonal]

Are you okay with Apple not supporting RCS on their phones? As far as I can tell, that strictly worsens your experience as a user.

[_Microft]

I was not familiar with RCS yet but according to Wikipedia, Apple will begin to support RCS in 2024.

On the other hand, this doesn’t exactly inspire confidence that it is going to be a polished experience: „Not all RCS functions defined in the standard are offered by every network and every client; only the services that are available to two communication partners are also offered in the client.“ (translated from the German Wikipedia article).

[forty]

That's one of the point of the article. It's not known whether the RCS implementation of apple will be interoperable with Android's.

[Grustaf]

I’ve had iPhones for ten years and never once cared about RCS. Never even heard of it until recently, and I don’t think anyone I know has ever heard of it. It’s very very niche to care at all about it.

[Centigonal]

While "RCS" is an obscure standard nobody cares about, "being able to send reactions, high-res photos, videos, and voice memos in text messages" is a pretty universal concern. iPhone support for RCS would let iPhone users have those features in conversations with the green-messages.

[Grustaf]

I never once wished I was able to do that, the only application for that would be to communicate with android users that for some reason refuse to use whatsapp, fb messages, telegram or any of the numerous cross platform that do that. Why would anyone want to do this specifically using the sms protocol?

[Centigonal]

Dating :upside_down_face:

Also, some of my friends and family aren't on those apps and exclusively use SMS/iMessage.

[prmoustache]

Spam is a lame excuse.

From what I have understood in the first beeper mini anonucement, iMessage spam does already exist.

Also I never received spam on any open source messaging app, even when they were interconnected with gmail and facebook (xmpp). I've never received spam from telegram either, despite clients, protocol and API being open source. I have received less than a handful of spam on Whatsapp in more than 10 years. The only platform where I have received spam in their messaging app was instagram (I left in the meantime). It would be the same for iMessage. As long as spam is bound to a phone number, spammers will be banned the minute they start sending messages to people and will never reach you.

Spam however is a big deal on SMS, which if I understand correctly end up on iMessage on Apple devices.

So basically the Apple way is the worse way to deal with spam as all end up on the same app while on most other smartphone OS spam end up in the dedicated SMS messaging app that you can just totally ignore and disable notifications for. Apple does make it worse for its user in that context.

[ricardobayes]

Please drink verification can and continue.

Anyone unsure what this means: it's a popular meme where the future of cloud/online gaming will degrade to cross-sell products maliciously. (Requiring the user to drink a sugary soft drink to continue using the product).