[ToucanLoucan]

This has been my gut feeling about the entire thing and I don't understand so much about:

a) How Beeper thought they had a business model here

b) How so many HN readers can justify flagrant misuse of private API's and servers as some sort of liberatory move

Apple's iMessage service is a privately owned, privately hosted, closed source protocol and always has been. You are not allowed to use it without an iPhone, an iPad, or a Mac and you never have been allowed to use it otherwise. That's just... what it is. You can dislike that, you can think it's anti-competitive and you might even have a case for it, I guess we'll see, but insofar as I can see it:

iMessage is a closed source, walled garden, private protocol Apple uses to permit a higher tier of text messaging for owners of iDevices. There is no reason at all to think you're entitled to access that service without using the aforementioned devices, and there's even less reason to be surprised in the slightest that, when a company was offering services to bypass those requirements and use the API without meeting Apple's requirements, that Apple would shut that shit right down.

[Nextgrid]

> You are not allowed to use it without an iPhone, an iPad, or a Mac and you never have been allowed to use it otherwise

What about for those who do own an Apple device and thus paid the "tax" to use iMessage, but want/need to use it on unapproved devices out of convenience? The argument would be very different if Apple merely restricted the service to Apple IDs associated to a valid Apple device purchase, but that's not what they're doing. They're clearly not making the cost/resource usage argument otherwise it would be trivial for them to implement such a restriction.

> There is no reason at all to think you're entitled to access that service without using the aforementioned devices

Would you also apply that argument to Microsoft Office files? Microsoft would sure love it if it would be forbidden to create/edit such files in anything but Microsoft software. Would you also want LibreOffice/OpenOffice/Apple's very own Pages/Numbers/Keynote to not be able to read such files?

[ToucanLoucan]

> What about for those who do own an Apple device and thus paid the "tax" to use iMessage, but want/need to use it on unapproved devices out of convenience?

You'd probably be told no, that you can only access it via Apple's devices. Your options there are to access it via approved devices or use a different service. You cannot arbitrarily bypass requirements to use it how you want to use it and expect Apple to just organizationally shrug their shoulders.

> The argument would be very different if Apple merely restricted the service to Apple IDs associated to a valid Apple device purchase, but that's not what they're doing.

That's correct. They only want their hardware and software on all ends of this traffic. That is not inherently unreasonable or anti-competitive and is likely spelled out in the terms of service.

> Would you also apply that argument to Microsoft Office files? Microsoft would sure love it if it would be forbidden to create/edit such files in anything but Microsoft software. Would you also want LibreOffice/OpenOffice/Apple's very own Pages/Numbers/Keynote to not be able to read such files?

I think it would be a bad decision on the part of Microsoft to attempt that, as the file formats are already supported by other software and artificially restricting them to only Microsoft apps would only serve to drive users to Libre/Open office, but ultimately having proprietary file formats that are crypto-graphically secured is also not without precedence and also not inherently anti-competitive. At my current employer we sell specialized software for maintaining machinery, and our files are locked right down because that's how we make our money: the ability to open, save, and utilize our files is our entire business model so you're damn right it's secured. That's not anti-competitive either: if you don't like how we do our business, you are free to use a competitor's product. What you're not free to do is crack open our software and use it anyway.

Edit: I'm being rate limited:

> This is closer to a Telcom/Basic Utility law issue

No, it isn't, because iMessage is not the only way to text on an iPhone. It degrades gracefully into full compliance with SMS/MMS protocols to allow it to text Androids, Blackberries, or flip phones.

> and is the default way to text message on this "basic utility" platform

No it is not, SMS/MMS is. If your iPhone is in a particularly bad data area, it will also SMS other iPhones absent it's ability to contact the iMessage service.

> Interoperability should be a given

IT IS.

[Nextgrid]

> as the file formats are already supported by other software and artificially restricting them to only Microsoft apps would only serve to drive users to Libre/Open office

Obviously the formats have already been reverse-engineered long ago. But the world you describe and wish for, such reverse-engineering would be illegal, thus those formats would never have been reversed & implemented in third-party software.

> our files are locked right down because that's how we make our money

If your client software is able to open the files then it means the key must be on the user's computer (in your application binary?) or fetched at runtime over the internet and a user can technically make their own software to obtain this key and decrypt the file.

> What you're not free to do is crack open our software and use it anyway.

What if the user pays for your software (and its implicit access to any online key server that serves the cryptographic keys) but instead uses their own replica that mimics this software? That's what's happening when an Apple device owner (having paid for access to iMessage) decides to use Beeper. Both you and Apple still make money in this case. Should this still be illegal?

> you are free to use a competitor's product

I'm not sure what the nature of your product is, but this gets murky if your product relies on proprietary file formats or centralized services like iMessage. In this case, using a competitor would be inconvenient or might be outright impossible if everyone else is using this software and expects you to be able to open their files or interoperate with them.

Why should we allow arbitrary roadblocks to interoperability that don't accomplish anything beyond strengthening monopolies and restricting end-user choice and convenience? It would be fair if Apple argued for a reasonable fee to allow iMessage access to non-Apple-device owners but they've never made such argument.

[ToucanLoucan]

> What if the user pays for your software (and its implicit access to any online key server that serves the cryptographic keys) but instead uses their own replica that mimics this software? That's what's happening when an Apple device owner (having paid for access to iMessage) decides to use Beeper. Both you and Apple still make money in this case. Should this still be illegal?

Again, you and most critics are keeping your examples and your metaphors solely isolated to your phone, your device, your computer and this is not the case. iMessage chats are not peer-to-peer, they reside on a platform which Apple pays to host and operate. You are not just using your device, you are using their devices too via the API.

No examples put forth in your comment or other comments are grappling with this reality. The iMessage API doesn't call other Apple devices, it calls Apple's servers, and Apple owns those servers and is within their rights to dictate how they are used. Every photo sent, every live photo, video, voice message, all are hosted and archived forever until the user deletes them on Apple's servers. That in and of itself is, in my mind, justification to restrict the service's use to their own devices.

[Nextgrid]

Does it matter if an Apple device user (having bought a device and paid Apple for access to iMessage servers) subsequently makes software that mimics this Apple device's interaction with the servers but runs this software on his Android device?

We'll assume it's still a single person using it, thus whether they use it on Apple or Android, the amount of messages sent shouldn't increase (they'd just be spread across the two devices) and server load should thus remain constant.

Would it be a problem? You're coming back to the idea of cost but not only are those costs negligible but Apple has never made any argument about it even though Beeper was open to paying a reasonable fee.

> it calls Apple's servers, and Apple owns those servers and is within their rights to dictate how they are used

Should websites then also be allowed to dictate that your browser should not run an ad-blocker, should accept (and persist!) cookies and not run a VPN? I'm sure websites would indeed love that but I think we'd both agree this would be a very sad day for the internet if this became law?

I think the control stops at the protocol. Apple is welcome to change their proprietary, undocumented protocol as they see fit, but people should also be free to reverse-engineer and implement clients for it. As long as the client perfectly mimics the official one (including proving any eventual purchase, using an Apple ID associated with an Apple purchase or the serial number of an Apple device the user purchased) there should be no legal/moral reason it should be rejected.

[jpc0]

> Does it matter if an Apple device user (having bought a device and paid Apple for access to iMessage servers) subsequently makes software that mimics this Apple device's interaction with the servers but runs this software on his Android device?

From what I got from this news cycle, if this was the case and beeper mini just made you use your apple device's "hardware token" this would never have been an issue and apple would not have locked down their use.

The thing Apple blocked was hundreds to thousands of users using the same "hardware token" which means beeper mini, probably rightfully for UX reasons, didn't want Apple customers doing this but it would also gate a feature to only Apple device owners.

So if beeper mini had actually just used your Apple device's "hardware token" and only offered the feature to Apple device owners then likely all this never happens and Apple devices owners would in fact have the benefit.

[ToucanLoucan]

> Does it matter if an Apple device user (having bought a device and paid Apple for access to iMessage servers) subsequently makes software that mimics this Apple device's interaction with the servers but runs this software on his Android device?

If explicitly forbidden in the terms of service? Yes. The ToS act as your contract with Apple to make use of the service. Violation of the terms of service terminates your access to the service. If you want to stand up your own mimic'd Apple servers then you're free to do that, but you are not free, again, to change the rules set forth by Apple to use Apple's services. I don't understand why you keep returning to this question.

> Should websites then also be allowed to dictate that your browser should not run an ad-blocker, should accept (and persist!) cookies and not run a VPN?

All sorts of websites have all sorts of requirements to use them off certain VPNs, without ad-blockers, and with cookies. Tons of websites simply stop functioning if some or any of those conditions are true for your browser.

> I'm sure websites would indeed love that

They do.

> but I think we'd both agree this would be a very sad day for the internet if this became law?

What do you mean become law? The ability for an online service to not provide functionality if you do not concede to their requirements is so benign as to be barely worthy of note. Apple included! Apple has been "excluding" Android from iMessage since 2011!

> I think the control stops at the protocol. Apple is welcome to change their proprietary, undocumented protocol as they see fit, but people should also be free to reverse-engineer and implement clients for it.

I mean, you are! They did! And then Apple found them, and made changes to their protocol that bricked what they made. That is the most likely outcome for this and any subsequent adventures along the same path.

> As long as the client perfectly mimics the official one (including proving any eventual purchase, using an Apple ID associated with an Apple purchase or the serial number of an Apple device the user purchased) there should be no legal/moral reason it should be rejected.

Because it's their platform and their right to reject it and I'm not going to rehash this point again.

[closewith]

> You cannot arbitrarily bypass requirements to use it how you want to use it and expect Apple to just organizationally shrug their shoulders.

Corporate policies aren't absolute. It doesn't matter if a provider dislikes the manner in which it's services are used if that use is found to be protected by law, which is obviously what Beeper is hoping for.

[topato]

But what about the companies that make the machinery that you produce software for? Shouldn't they have the right to prevent you from accessing their built hardware and force companies to get service from them directly? Obviously I don't know what your company does exactly, but it and Microsoft are both very bad examples. This is closer to a Telcom/Basic Utility law issue, imsg is used by roughly half of Americans, more than half in Europe, and is the default way to text message on this "basic utility" platform. Interoperability should be a given and it's closer to a Ma Bell situation This is starkly similar to the tweaking of antimonopoly practices that needed to be hammered out back in the 80s to break up Bell.

[doix]

> imsg is used by roughly half of Americans, more than half in Europe

Is it really used by more than half in Europe? Obviously anecdotal, but I have never encountered it. Almost everyone is on WhatsApp/Telegram/FB messenger or some other non-SMS based app.

[msteffen]

> No, it isn't, because iMessage is not the only way to text on an iPhone

It’s the only way to get an encrypted message into a user’s iMessage inbox, and iMessage is, unchangeably, the only possible default messaging app on an iPhone—the only one you can use from Contacts and so on.

IMO if you could completely substitute WhatsApp (or whatever) for iMessage on iPhones to the point of being able to delete iMessage completely, I actually bet a lot of the handwringing over iMessage being closed would go away. It also feels to me (IANAL) like that’s part of the anticompetitiveness. Apple uses its dominance in phones to establish dominance in messaging apps. Beeper is trying to force the messaging app (iMessage) itself open, but a world where everyone is just deleting iMessage and replacing it with Beeper, as Apple is required to allow them to do, would probably be fine with them too.

[turquoisevar]

> It’s the only way to get an encrypted message into a user’s iMessage inbox

True.

> and iMessage is, unchangeably, the only possible default messaging app on an iPhone—the only one you can use from Contacts and so on.

You kind of lost me here.

The Messages app is the default app on iPhone that handles both SMS/MMS and the iMessage protocol. So it goes without saying that it’s the only way to get get an encrypted message into a user’s “iMessage” inbox.

But it’s not the only one you can use from the Contacts app, nor is the only one you can use with Siri or the only one that pops up in the share sheet or the only one that you can use with CarPlay or the only one that you can receive notifications from or the only one that can ring your phone (if you want to count FaceTime as part of iMessage), etc, etc.

The Messages app, which supports iMessage, is the only app that can receive SMS/MMS via the cellular network. That’s pretty much the only limitation.

Other than that, there’s pretty much complete feature parity with iMessage in terms of native access, available should the third party messaging service want to implement it (and many do).

Take WhatsApp for example. WhatsApp will show up as an option in under contacts[0], WhatsApp message notifications will be read by Siri if you wear AirPods, use Siri to send messages and even set which default messaging app to use[1], have WhatsApp pop up as a suggestion in share sheets[2], and so on.

0: https://stackoverflow.com/questions/46422640/how-iphone-cont... this was 6 years ago, it’s now much more sleeker and you can set a default messaging service, but I couldn’t be bothered to upload a screenshot

1: https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/202...

2: https://wabetainfo.com/wp-content/uploads/2019/12/WA13_Share...

[msteffen]

Well, in case anyone else reads this: I mean that if you click the huge “message” button at the top of a contact’s page, that opens iMessage, and there’s nothing I can do to change that if I don’t want to be using iMessage.

For contrast, Android lets users use third party texting apps, remove the default messaging app, have all “message”-oriented actions open the app of your choice, etc. Apple, I claim, does not support this because it means that every iPhone user is also an iMessage user. But iMessage is a social network (a la WhatsApp), and a separate product.

[haswell]

> How so many HN readers can justify flagrant misuse of private API's and servers as some sort of liberatory move

So that I better understand your position, would you feel differently if Beeper Mini was just a GitHub repo hosting the code to an unofficial 3rd party iMessage client? Why or why not?

HN as a community is made up of quite a few people who care about interoperability, the right to use our computers as we see fit, the joy of building solutions to solve problems that other people won’t solve, etc.

What is surprising to me is the growing number of comments that are defending Apple and framing the creation of an unofficial 3rd party client using terms like “flagrant misuse”.

Don’t get me wrong. I didn’t expect Apple not to fight this, but I think we need to walk back the hyperbole a bit and consider how utterly normal it is for developers to try to build their own clients when the official options either suck or are too restrictive.

I do think that trying to charge for the service was a questionable decision.

[ToucanLoucan]

> So that I better understand your position, would you feel differently if Beeper Mini was just a GitHub repo hosting the code to an unofficial 3rd party iMessage client? Why or why not?

I mean, I think using that code would be a risky proposition at best that might earn you as a user the ire of Apple, and I wouldn't personally do it, but ultimately, showing people how to do a thing, or even providing the executable I don't think itself is a crime.

That said, I would also not be remotely surprised if Apple figured out how to block it's access to it's API's too. And, if there is money involved or if the breach is egregious enough in some other way, I don't think it would be altogether unexpected for the authors to find themselves in some legal hot water too, and/or for Github to receive a takedown notice.

> HN as a community is made up of quite a few people who care about interoperability, the right to use our computers as we see fit, the joy of building solutions to solve problems that other people won’t solve, etc.

Which I respect on the whole, but the key difference here is you are not just using your computer/smartphone, you are using Apple's computers too. That's where I find the disconnect. Each time Beeper Mini connects to those servers it is using compute resources, however infinitesimal, to perform it's functionality: functionality that is not supported, that fundamentally, Apple is now paying for. And you can justify that any way you want, but at the end of the day, that's stealing. And Apple is perfectly within their rights, IMO, to block it and if they feel they have a case, to pursue it legally afterwards.

> Don’t get me wrong. I didn’t expect Apple not to fight this, but I think we need to walk back the hyperbole a bit and consider how utterly normal it is for developers to try to build their own clients when the official options either suck or are too restrictive.

And if you're talking about open protocols or API's, you have my support 100%! I've done some of that kind of work. But you can't just use API's that are publicly available but otherwise closed to you just because you want to. That's textbook misuse.

[haswell]

> but the key difference here is you are not just using your computer/smartphone, you are using Apple's computers too ... you can justify that any way you want, but at the end of the day, that's stealing.

I think that boiling this down to something like "stealing" oversimplifies something that can't be reduced to a singular notion as such. I think there's a case to be made that it's not approved use of the various API endpoints, but there's more nuance than just theft of CPU cycles or services. For sake of argument, I'm deeply embedded in the Apple ecosystem. I have a half dozen devices that are all capable of communicating via iMessage. If I want to bring an Android device into my personal ecosystem, it doesn't seem clear ethically or morally that there is some theft occurring. I realize there are other scenarios where someone has no Apple devices, never intends to, and would be in a weaker position, having never "bought in".

How do you feel about web scrapers mining the open web and profiting from the results? Or browser automation tech that logs into websites as if there's a user at the keyboard for the purpose of building automated interactions with services that do not provide public APIs, e.g. Quicken banking connections? I'm bringing this up primarily because there is a whole ecosystem of products that exist based on brute force workarounds to a lack of public APIs. The existence of this kind of tech would equate to similar kinds of "misuse" if only judged based on whether or not the service provider intended for this use case and whether or not the client was using some publicly blessed integration channel.

> But you can't just use API's that are publicly available but otherwise closed to you just because you want to. That's textbook misuse.

I think it's reasonable to say that in some scenarios, such use could be classified as misuse. But I don't agree with a blanket statement that "using undocumented APIs is misuse".

When the subject is creating a client for the purpose of interoperability, and when the client implementation is using the underlying APIs/services for their intended use case (i.e. to provide feature parity with the 1st party client e.g. calling the API that sends a message does so for the purpose fulfilling the feature-equivalent send message functionality in the 3rd party client), it seems like this is all a lot greyer than "textbook misuse". Textbook misuse would be building an iMessage spammer bot.

[ToucanLoucan]

> but there's more nuance than just theft of CPU cycles or services.

CPU time, network bandwidth, storage space, the infrastructure to drive the rest, the fat, fat internet pipes to handle half of the United States' text messaging demands...

> For sake of argument, I'm deeply embedded in the Apple ecosystem. I have a half dozen devices that are all capable of communicating via iMessage. If I want to bring an Android device into my personal ecosystem, it doesn't seem clear ethically or morally that there is some theft occurring. I realize there are other scenarios where someone has no Apple devices, never intends to, and would be in a weaker position, having never "bought in".

The ethics aren't the issue. The stealing isn't a problem because it's morally wrong; it's stealing because it's against the terms of use. It doesn't matter if you own 150 iPhones and 1 Android: the iPhones meet the requirements, the Android does not. And Apple has no legal, ethical, or market obligation to allow it in, they just don't. You can text the Android from the iPhone and vice versa and it will function completely correctly in both directions, with full support for the open protocols.

> I'm bringing this up primarily because there is a whole ecosystem of products that exist based on brute force workarounds to a lack of public APIs. The existence of this kind of tech would equate to similar kinds of "misuse" if only judged based on whether or not the service provider intended for this use case and whether or not the client was using some publicly blessed integration channel.

I think you're free to do it and the provider of the service is in turn, free to make your workdays a living hell in a never ending escalating pattern of back-and-forth modifications, or free to ignore you if they don't care. Quicken apparently doesn't care, Apple does. Those are respectively their responses and both are right depending on the organization's priorities.

Most web-scraping I see is pretty gray on ethics too though, things like the stack overflow clones that piss all over the information with ads and try and SEO themselves in front of the posts they're ripping off. Personally I think all those web operators can locate a fire to die in.

> I think it's reasonable to say that in some scenarios, such use could be classified as misuse. But I don't agree with a blanket statement that "using undocumented APIs is misuse".

This is not undocumented, it is documented and said documentation is kept private because it is not meant for anyone's use outside of the organization.

> Textbook misuse would be building an iMessage spammer bot.

And it could be easily made the case that this is exactly the reason why Apple demands you own Apple devices to use the iMessage service: Because it can't be automated on their own hardware, and because it can't be used by other devices/endpoints, it is much, much, much harder to spam via iMessage. In fact I'd say it's bordering on impossible unless you buy an iDevice and do it by hand, at which point, Apple can see your suspicious traffic and disconnect you from the network, possibly without you even knowing you've been.

That's not to say they couldn't secure it in a way to combat abuse, but again, why? What does Apple gain here apart from a happy nod from a userbase that is wanting to use an Android phone and an iPad? iMessage is a free service that Apple fans enjoy using. They gain nothing by making it open to people who don't use Apple devices, and that freedom for you comes at a security cost to the platform as a whole and the users in it. Apple is very clear that their priority (apart from profits) is their users, and this gains their users incredibly little while opening the platform to much wider instances of abuse that are already incredibly common.

And even aside of my views and understanding of systems integrity and API use/misuse, frankly, even just the anti-spam excuse would be enough for me to support them in this unilaterally, because as a service, iMessage is the only platform I make regular use of that I don't end up getting calls about my cars extended warranty, or messages from hot russian women who want to bang me, or people asking to buy my stupid house, or assholes telling me they've hacked my PC and are going to send videos of me jerking off to my family, or whatever the hell. And if the closed ecosystem is the only way to do that, which it kind of seems to be, then close the ecosystems I say.

[lxgr]

> Quicken apparently doesn't care, Apple does.

I think you're missing the point GP is making, and I think it's an interesting one: There's lots of precedent for offering products and services interoperating with an "uncooperative" third party (in this case, Quicken scraping banks' websites to import their customers' transactions).

Sometimes such “forced” interoperability is illegal, sometimes it's the opposite and the a regulator or legislator recognizes it as an important public good, and very often (such as here) there is no precedent and we know absolutely nothing about the legality. We can have our educated guesses, but that's it.

I'd personally be very curious in seeing a lawsuit; it seems like important precedent to have with all the FUD going around, here and elsewhere.

[turquoisevar]

> Sometimes such “forced” interoperability is illegal, sometimes it's the opposite and the a regulator or legislator recognizes it as an important public good, and very often (such as here) there is no precedent and we know absolutely nothing about the legality. We can have our educated guesses, but that's it.

You say this as if all these cases have the same fact pattern and it’s just a roll of the dice. But that’s not true and in fact there is very clear precedent that matches the facts of the case at hand.

Quicken and other scrapers are generally allowed, especially, but exclusively, when it pertains publicly accessible data.

Those kinds of cases have been tried with the main argument being the exceeding of authorization under the CFAA and copyright violations.

Courts have consistently decided that scraping doesn’t rise to the levels of computer trespass in the form of exceeding the authorization given to access the computer system and that it’s not copyright violation primarily because, to put it simply, it doesn’t exceed the authorization enough and because there’s a fair use component to it.

The most recent case law on this, which happens to involve publicly available data so isn’t fully analogue with Quicken, is hiQ Labs v. LinkedIn[0]

However, there’s also case law on clauses in EULAs and ToSs that prohibit reverse engineering (like in the case of Apple’s EULAs and ToS) that says those clauses are not only enforceable but they supersede the DMCA reverse engineering exception.

In fact the case law is even more relevant for this Beeper debacle, because it also happens to pertain to a company that reverse engineered another companies software, repackaged it to then sell it for a price, like Beeper tried to do with Beeper mini for $2/mo. That case law is still good standing case law and is Bowers v. Baystate Technologies, Inc.[1]

0: https://en.wikipedia.org/wiki/HiQ_Labs_v._LinkedIn

1: https://law.resource.org/pub/us/case/reporter/F3/320/320.F3d...

[whynotminot]

> HN as a community is made up of quite a few people who care about interoperability, the right to use our computers as we see fit, the joy of building solutions to solve problems that other people won’t solve, etc.

lol dude this wasn’t reverse engineering your lawn sprinklers to work with a raspberry pi. In effect this was always an abuse of services Apple funds and intends to be a value add for only their customers.

(Coming from someone who wishes Apple would just go ahead and release iMessage for android.)