[chamanbuga]

This is cap. I worked on heads up glasses, and one of our issues was the lack of integration with Apple's iMessage ecosystem. Device makers are willing to go through several security measures, like deploying the MFi chips and certification. However, at best this gives you access to the notification system, not iMessage itself. You are able to respond to messages via the notification framework, but not integrate directly with iMessage even after taking all security and certification efforts. This isn't a security play. This is a walled garden play.

[lynx97]

As a user, I am totally fine with Apple restricting access to iMessage. In fact, now that I read this, I want them to do this, thanks Apple.

[smaudet]

As a user, I'm not certain I completely agree.

Yes, I don't want apps accessing my messages surreptitiously. Points there.

However, what's wrong with allowing another app to post messages to my messages?

If I don't want it, let me turn them off. Maybe, as a UI expert company, it's easy "block app from sending me messages" when I get a message. Seems like something that should be fairly transparent to the (potentially misbehaving) app.

I use a Garmin, and Android, and I use it for messages all the time, it's great. I can't imagine not taking them. It's easy for me to block stuff I don't want, could it be easier, maybe...

But my point is this isn't something unreasonable for a user to want.

As a general aside, it seems when I hear about Apple products anymore, they are locked down, unintuitive, and generally just unpleasant. I even tried an Apple device again recently...eugh.

Apple is only "nice" for a certain, narrow segment of the population.

[FabHK]

> what's wrong with allowing another app to post messages to my messages?

That's exactly what spammers would use to send spam.

[pyrale]

Spammers sending spam through ble ?!

They might just as well beat you up and take your wallet.

[msh]

No, they would on their own phones automate sending spam to the iMessage network using ble at the interface.

[cmiles74]

Or just send spam through their iPhone.

I don't get this argument that Apple making it difficult for their paying customers to send and receive messages is somehow a good thing. It's also not like Apple is helpless, they managed to shut down Beeper.

[Wowfunhappy]

You can already use a Mac to automate iMessage. It supports Applescript.

[wizzwizz4]

They can already use USB rubber ducks to automate the iMessage user interface, even if they don't have a Mac.

[pyrale]

Regardless, they would need to be a few meters from you (spec says <100m, but that’s very generous).

If they are right next to you, there are many criminal activities more lucrative than sending an imessage...

...Which wouldn’t be possible anyway, because devices using ble to communicate typically require to be paired together by their owner.

[rowanG077]

Why did you choose to ignore the very next statement in their post, that ensures it cannot be spammed? Doesn't seem like you are arguing in good faith here.

[noodletheworld]

I don't think this is a reasonable take (and also doesn't make sense). If you read the other comments here its extremely clear to everyone that no one here is seriously concerned about your watch sending spam.

If you 'opt-out' then it does not fix the problem of spammers having easier access to imessage.

I'll say that again: If you personally, either a) opt out, or b) dont have a watch at all, it makes no difference to spammers. They are not sending spam using your watch.

People are concerned about the result of allowing anyone to send messages in general.

...

The real argument to be made here is, as other people have pointed out, this isn't technically impossible; I mean, apple watch can do it right?

So there is a solution; but Apple isn't allowing other people to use it.

THAT is the issue here.

Pretending there is 'no issue' is flat out wrong. If that what you think, you're wrong and you haven't understood the problem.

The issue is why only Apple is, according to Apple, technically capable of implementing the controls required to do it in a secure manner.

That's a fair question to ask, and there really isn't a strong answer for it.

Certainly, making it easy for anyone to send messages would not be a solution. That would be stupid. That's why they haven't done that.

...but, you have to ask, is there really no certification process that would do the job? Really? None? Only Apple engineers are smart enough and diligent enough to do it without screwing it up? Hmmmmmmmmmm...

[shoo_pl]

Have you considered the fact it could be because Apple Watch itself is closed, walled garden and Apple has full control over its security (and therefore trust in it)?

Imagine a world where they allow Pebble to go through certification process for it to get jailbroken half a year down the road opening the gateway to iMessage for all the spammers in the world. What then? Should Apple now play whac-a-moll with the spammers forever, or block the access to all Pebble watches creating another scandal? And what if this happens to next 10 different watch makers down the road?

They own Apple Watch and if it gets jailbroken its their mess to deal with, but if they open it to the world then they have zero control over it.

[rowanG077]

I don't see this at all. No one is talking about anyone being able to access to iMessage. No one has a problem for example if you simply require an apple account. No one expect to just be able to do post(number, message).

[wokwokwok]

> However, what's wrong with allowing another app to post messages to my messages?

> If I don't want it, let me turn them off.

Can you it off for anyone sending you messages too?

That's the issue; you not wanting to use it does not mean that spammers won't use it.

That's the problem. You can't have nice things if some people can use it to abuse the system; and there are a lot of people who will.

> But my point is this isn't something unreasonable for a user to want.

This ignores the reality which is that doing it in a way that gives a nice user experience without an enormously painful security issue is really non trivial.

Maybe it's OK to have the choice?

...

If you love your android phone, don't care about iOS, don't like iphones.... why do you care? I mean, why does it upset android users when they see this sort of thing for people using iphones?

It mystifies me. If you love you phone, and you think it's better, then use it.

Nothing lost right?

[freehorse]

Automating imessages has been an official thing in macos since ages that i know of, but it is done on a computer rather than a phone. The argument that opening up automation for imessage will increase spam does not hold, just because automation is already opened up, thus whatever spam this allows or not is already here.

EDIT: example script to run from a mac terminal:

    osascript -e 'tell application "Messages" to send "$message" to buddy "+12345678" of (1st service whose service type = iMessage)'

[theragra]

So similar to democracy vs authoritarianism argument. If I live in Europe, why should I care that Russia is a dictatorship?

Because it affects my life, and can be fatal even, thats why.

[worthless-trash]

Except if you want pebble an iphone, thats the loss.

[bigyabai]

You can thank Apple for the Lightning connector and App Store too, for all the good it does everyone in the EU. If a company uses their power to prevent competition with their own products or services, the market's jurisdiction reserves the right to restore competition to their market and prevent the harms inherent to monopoly abuse.

[lynx97]

I probably dont get your sarcasm. But I never had a problem with Lightning. In the long run, I like the switch to USB-C... But when I got my first iPhone, USB-C wasn't invented yet, so... Also, I like the AppStore for its reviews, and would actually NEVER activate an alternative appstore. No need to weaken my security on purpose. I know, its apparently an unpopular opinion here, but that is mostly because many people only comment with their dev hats on and are apparently unable to see things from user perspectives...

[rahkiin]

To add: when apple switched to lightning they made a deal with hardware makers that they would support this for 10 years in order not to make all their hardware obsolete again. They did eventually change it after exactly 10 years.

[bigyabai]

Not because their software would inherently break by switching to a different USB connector, or even by using a converter dongle. Apple signed this agreement because Lightning had a hardcoded DRM protocol baked into it to force third-parties to pay licensing fees. Of course they demanded a 10 year support window, it was a licensing ruse to make manufacturers pay a price premium to use the USB featureset.

https://en.wikipedia.org/wiki/MFi_Program

[rahkiin]

Not everything has to be a ‘i win, you lose’. It can be a strategy and architecture where multiple parties get something out of it. In different ways.

[bboygravity]

You can't run an ad-blocker and you browse the web with JS turned on in Safari, but your Iphone is secure?

yeah ok

[biot]

You can run ad blockers in mobile Safari. This one works great: https://apps.apple.com/us/app/firefox-focus-privacy-browser/... -- it's both a browser itself as well as acting as a content blocker for Safari and does a fantastic job at blocking ads.

[bboygravity]

I'm talking system-wide add blocker which also blocks in-app ads.

[girvo]

You absolutely can run an ad-blocker.

[bboygravity]

You can block ads in iPhone apps?

[lynx97]

I don't need an ad-blocker. I have YouTube Premium. And I really don't need Safari that often, actually. Besides, if we're really talking JS==insecure, 99% of users on desktop and mobile are insecure. I am sort of on your side, because I spend most of my web-time in Lynx in a tmux. But if I were to argue against JS, people would call me a weirdo. That war is over. I fought it until 2010.

[Brian_K_White]

I have youtube premium and still need an ad blocker. What a stupid remark.

[maest]

> I don't need an ad-blocker. I have YouTube Premium.

This cannot be your actual stance.

You know there is a lot more to the Internet than that one website, right?

[hu3]

> And I really don't need Safari that often, actually.

Yeah you're an exception.

Thankfully people like you don't get to decide what EU rules as best for people.

[seanp2k2]

Yup, Apple made Lightning because USB-C wasn't a thing yet and MicroUSB is awful. Lightning is a whole lot better than MicroUSB, and they've been using it since 2012. MiniUSB B was pretty OK, Micro was just way too thin to be stable and would snap off frequently, in addition to being not very secure and hard to orient. Mini was thicker though, so while it worked fine for the HTC Apache and other Windows Mobile phones of the era, it wasn't going to be small enough to work on an iPhone.

So many people complaining about a really robust connector that solved real problems and has proven to be pretty reliable for 13 years. I'm no huge Apple fanboi, and I'm happy to have all their stuff use USB-C now, but the hate for Lightning is way inflated IMO.

[hayleox]

I have no issue with Apple inventing a new, superior connector; I applaud them for it. My issue is with them making it a closed proprietary standard with authentication chips to lock out unapproved third-party vendors. They could have just invented Lightning and made it an open standard. We might not have even needed USB-C then; the industry could have just iterated upon Lightning.

[musicale]

As I understand it, the USB standard is licensed, and you have to pay for it to use the USB logo and to get a vendor ID if you are not already a paying member of the USB Association. Licensing requires passing a compliance test, which is a very good idea.

Apple was also part of the working group that developed USB-C.

[bigstrat2003]

MicroUSB is fine, and Apple should've just used that (like every other phone manufacturer did, with great success). But Apple also has the world's biggest NIH complex, so they decided to invent a proprietary standard rather than go with something interoperable.

[TylerE]

MicroUSB was absolutely not fine. The connectors were difficult to insert and very vulnerable to damage.

[mkehrt]

MicroUSB is a terrible connector. Every time I have to use one, it's impossible to get into the slot; it's finicky, breakable and has a one way orientation. Lightning is delightful to use.

[inkyoto]

Micro-USB connector has been consistently rated as one of the worst connectors ever invented[0], [2]. You can find more on the search engine of your choice.

Also relevant: 19 engineers from Apple worked on the USB-C connector and cable specification[1].

«None of the chargers fit snuggly into socket. The connectors are flimsy and get damaged easily. Just rolling up the charger and putting it in my pocket can cause the tip to break off»[0]

«While on the whole, I am satisfied with the switch to USB Micro, my only major gripe is the less obvious keying. Inserting the plug with good lighting is no problem (if you can see), but trying to plug in your cell phone after you've crawled into bed with the lights off can be a trial. As somebody who works with people with disabilities and medical conditions, I have heard from clients with compromised motor control, those with low vision, and those with distal neuropathies that they do experience a harder time plugging in their devices nowadays»[0]

[0] https://electronics.stackexchange.com/questions/18552/why-wa...

[1] https://www.docdroid.net/uf3z/typec-pdf

[2] https://news.ycombinator.com/item?id=7649405

[The_Blade]

don't let facts and data get in the way of rabble rabble rabble rabble

if the worst thing is someone else's code then someone else's hardware

[Jensson]

Why didn't they they work with the other actors to create a common standard 13 years ago? You know why, because they don't care about their users! And they even tried to stop the move to a standard many years later when the lightning connectors were outdated, making it even more clear.

[rblatz]

Like being a member of the USB committee and help make USB-C a good standard with a reversible connector like they did with lightning?

Because they did that.

[footlose_3815]

Proprietary, and for the first half of its run, they were insanely expensive. Thin flimsy, always breaking. Short by default. They got nasty and stained quickly.

Over the years, third party cheap ones were risky. May damage port or device.

Has a stupid chip in the connector so people can't easily replicate it like a USB cable.

It was the purest example of proprietary capture in an age where the "The correct universal port" has been around for decades. The massive irony is not missed on me as they used USB mouses and keyboards to engineer a step backwards.

There's things I like about Apple, but I could never bring myself to defend the lightning cable.

[mistercheph]

You never needed speeds in excess of usb 2.0? LOL, this is such old hat, guys in IBM t-shirts telling me how nobody ever needed more than 64K, and why go third party with your treasured computation when you can get the best, the infallible, the International Business Machine?

[lynx97]

In the 15 years that I use iPhones now, I never needed the USB port for any data transfer except for one time when I used an external sound card to record things. Maybe I am a simpleton when it comes to mobile. I guess I deserve being LOLed at.

[tpholland]

Don't worry, that one has the energy of <i>the guy that was fired for buying IBM</i>

[stouset]

Apple didn't continue to iterate on Lightning because of the obvious future migration to USB-C connectors.

I will die on the hill that the Lightning plug is superior to the USB-C plug. Lightning could some day have supported USB-3.2+ speeds, if they'd chosen to work further on it.

Still, I have never once transferred data to my iPhone over a USB cable. I have used an iPhone since the first generation. For me, it has only ever been a means to charge the phone and to connect it to CarPlay. With wireless CarPlay and MagSafe charging, they could remove the port and I wouldn't miss it all that much (except for fast charging).

[fingerlocks]

Agreed. I really miss lightning after getting a usb-c iPhone. The best part of lightning port was how easy it is to clean. You can get lint and sawdust out of the clogged port with a toothpick. With usb-c, I can’t find a rigid non-metallic pick small enough to clean dust out of a usb-c port.

[cmiles74]

I'm pretty sure Apple switched to USB-C to comply with EU requirements. I don't think the success of USB-C has much to do with it.

https://www.theguardian.com/technology/2022/oct/26/iphone-us...

[cozzyd]

Does the iPhone show up as a USB media device nowadays or do they still force you to jump through hoops?

[seam_carver]

Some iPad Pros used USB3 lightning that used pins on both side of the lightning cable.

[ImJamal]

Apple is choosing to limit USB C to USB 2 speeds to encourage people pay for a more expensive model. The iPhone 16 pro max has USB 3 speeds after all...

[fingerlocks]

No, it just shipped with a slower cable. You get high speed transfer with a thunderbolt cable

[duped]

> You can thank Apple for the Lightning connector

Thanks Apple, for switching connectors on your mobile devices once in 25 years and enforcing standards on 3p peripheral and cable manufacturers, until a government forced you to change making me throw all my cables away.

[op00to]

I specifically liked the lightning cable and the App Store. I had no problem getting lightning cables for a fair price, and I have no problem finding all the applications I need on my iOS devices. Compared with the sewer that is the Play Store, the App Store is a breath of fresh air.

[kulahan]

Walled gardens are not inherently bad. I DO thank Apple for the App Store. It’s half the reason I have an iPhone. I WANT to be able to download any stupid thing in there without a care in the world re: viruses or other damaging experiences.

This is not to say every aspect of their walled garden is good, but I’m more than happy to accept those problems in light of the benefits I personally value.

This is all to say: it’s not much of an argument to point out that one of their selling points is an aspect of their ecosystem! I don’t think you’ll get through to anyone who doesn’t already agree with you.

[socksy]

I never understand this viewpoint — I understand what you're saying but there's no advantage to this over the Play Store model on Android.

You can have the walled garden, and also not restrict people's freedom — on Android I'm sure the number of people that use any other store than the play store or even side load apps are vanishingly small.

To even be able to do it you have to enable it deep in the settings. And even then, if a new app tries to install an apk you have to manually approve that app's ability to do that before reinitiating the entire process.

That's to say, the default experience is very wall gardened, and I do feel somewhat more protected when downloading something from the play store than not, and the vast majority of people will never leave the Google walled garden. But there exists a way to go around that walled garden when you need to, and that doesn't subtract from that walled garden mode in any way IMO.

[baseballdork]

For myself, the point is that I don't have to download another app store ever. If fortnite wants to get me (and roughly 50% of US mobile users) to play their game, they _have_ to follow the rules of the app store we have decided suits us best. If, however, other app stores are allowed, then there are no rules. No gatekeeper.

I prefer the gatekeeper, in this case.

[sneak]

> I WANT to be able to download any stupid thing in there without a care in the world re: viruses or other damaging experiences.

The Apple ios app store is positively chock full of spyware. You can’t download apps without a care in the world. This is why Apple put a privacy label on the apps (which is still woefully inadequate; it is self-reported).

[crummy]

surely any "spyware" on the app store is going to include a ton of permissions alerts when it does anything? do you have any egregious examples?

[klabb3]

The permissions alerts don’t come from the App Store, they come from sandboxing and the permission model. This is a property of the OS, and everyone agrees that this is better than the anarchy of desktop OSs. But they were created decades earlier, sandboxing was obvious in hindsight only.

> surely any "spyware" on the app store is going to include a ton of permissions alerts when it does anything?

Not really. Push notifications is enough. I can send you a push notification and get loads of details from your phone, including cross-app fingerprinting. Iirc Apple allows ~3 silent push notifications per hour so they can be completely hidden.

https://gizmodo.com/iphone-apps-can-harvest-data-from-notifi...

But really, your search is as good as mine. The entire digital economy is based on personal data collected from your devices, and yes, that includes the iPhone. How is this news? What’s your definition of spyware?

[realusername]

> I WANT to be able to download any stupid thing in there without a care in the world re: viruses or other damaging experiences

That's rich knowing that most of the money Apple gets from the Appstore is made from predatory casino-like games

[Aaargh20318]

> You can thank Apple for the Lightning connector and App Store too

The App Store was an absolute revolution for mobile app developers. It is hard to overstate how much of an improvement it was over the status quo. People are complaining about Apple taking a 30% cut; it used to be that the operators took a 70% cut. Not for hosting an app store, no, just for sending the reverse-billing SMS message with the install link. You had to host it yourself, there was no store so you had to advertise your app to make it discoverable. You had to arrange (and pay for) a shortcode and SMS provider for every single country you wanted to sell in. You had to write and host code to handle the incoming message on the shortcode and respond with a RB-SMS.

Next to that, the SDK’s were absolute dogshit, phone manufacturers didn’t give a shit about apps and the phones themselves were riddled with bugs (with the notable exception of SonyEricsson, their J2ME environment was excellent). Symbian was a PITA to develop for, BlackBerry was actively developer-hostile (unless you happened to be a Fortune-500 company). Samsung phones were an absolute disaster, every single phone model had a unique set of bugs you had to find workarounds for.

So in comes Apple, they charge only 30% and for that you get a nice SDK, an App Store that distributes your app, makes it discoverable and handles payments worldwide with zero extra effort. We were thrilled when they announced it, and rightfully so.

Google then followed suit with the Play Store, effectively matching what Apple was doing.

So yeah, Apple deserves some thanks for what they did with the App Store.

[tonyedgecombe]

>People are complaining about Apple taking a 30% cut; it used to be that the operators took a 70% cut.

Not in the PC world, back when the App Store was released I was paying 4% to my e-commerce provider.

[Aaargh20318]

You’re not required to sell software through the App Store on macOS either. The App Store complaints are only relevant on mobile, which has always been a completely different market.

[ericmay]

> You can thank Apple for the Lightning connector

They did move to USB-C, but the lightning connector was actually a great product, far superior in usability to the Micro-USB, Mini-USB, and whatever other nonsense standards that existed. When Apple wanted to move to USB-C people complained about them "changing standards all the time". There really isn't a move that pleases everyone and even when they do the "right" thing people still complain lol.

> App Store too, for all the good it does everyone in the EU

The Apple App Store is pretty great. There's a large, vocal minority of folks that want changes there, but they also aren't the ones that have to deal with grandma and grandpa doing crazy stuff. If you want another App Store just by an Android phone since that's a feature they offer. Kind of like if I wanted a phone with a larger megapixel camera or something I'd buy something else.

[hnburnsy]

>lightning connector was actually a great product

Almost every Apple lighting cable in my household frayed...

https://www.ifixit.com/Guide/How+to+Repair+a+Frayed+Apple+Li...

>Apple charging cables, such as the Lightning to USB Cable, are easily prone to fraying. Most commonly, this fraying occurs from device usage while charging.

[thebigman433]

This has nothing to do with the plug though, its just the material they make their cables out of. Nothing is inherently different about USB-C that will stop this

[TheBicPen]

But the licensing fees effectively introduced a price floor onto lightning cables. Apple's implementation having issues is a problem because other manufacturers could produce a very cheap alternative, but they would be unable to sell it a low cost due to having to pay the licensing fees.

[saagarjha]

I have a grandma and grandpa and I deal with their devices directly. I’m want an iPhone that lets me do more and I can set up (with their consent, of course) a more limited experience for them. Their phones currently have purchases turned off, for example, because they have a set of apps they need and there’s no reason for new apps, because even with the App Store not all of them are actually good enough to have on their phones.

[bigyabai]

I've heard it all before, both of these are simple to refute. Apple designed the USB-C connector, they knew it was an option. But as is Apple tradition, they created a new licensed serial and power connector specifically for their phones to promote MFi, their arbitrary USB DRM. Apple could have switched to USB-C at any time; they had no issue shipping millions of peripherals and Macs with them onboard. But they didn't, because then they couldn't foist a proprietary standard onto their most lucrative submarket.

> If you want another App Store just by an Android phone since that's a feature they offer.

Sorry, this is bullshit. Alternative sources for installing software will always exist, even current iPhone users have to accept Cydia as an option. You don't ever have to leave the Apple App Store, but your preference has no right to enforce an artificial limitation onto other users. The Mac as a product would not exist without third-party software distribution, the iPhone is undeniably stifled by Apple's stance on the matter.

[mrlambchop]

Lightning development started in 2008 as I was there!

USB-C development started in 2012 (I was not there!), but from wiki, the ever helpful source of truth: "The design for the USB-C connector was initially developed in 2012 by Intel, HP Inc., Microsoft, and the USB Implementers Forum. The Type-C Specification 1.0 was published by the USB Implementers Forum (USB-IF) on August 11, 2014.[1] In July 2016, it was adopted by the IEC as "IEC 62680-1-3".[3]"

I not sure of the logic here, but Lightning solved a problem way before USB-C existed and I'm sure, led to support of USB-C standards such as reversible connectors etc...

[riatin]

> You don't ever have to leave the Apple App Store, but your preference has no right to enforce an artificial limitation onto other users.

So... just buy an Android? This is not an artificial limitation, it's an express preference that the vast majority of iOS users have voted for.

> The Mac as a product would not exist without third-party software distribution

The Mac is a completely different product servicing a completely different set of needs. Nobody is asking for the iPhone to be able to run Node or Vim so they can do their work, they want to scroll Instagram and reply to their iMessage

[arvinsim]

Both your statements are just arbitrary You are not representative of all iPhone users.

[saagarjha]

Plenty of people are asking for that, actually. I suggest you look through the App Store for developer tools and report back what you find.

[jahewson]

Apple did not design the USB-C connector, Intel did.

[atmosx]

The EU was created to integrate and unify social security, pension systems, welfare states, and, ultimately, politics and policy—both foreign and domestic.

I couldn’t care less about Apple’s case, but the fact that this is being touted as the EU’s biggest achievement in decades says a lot about why Europeans don’t like the EU.

[windexh8er]

As a user you should be fine with the ability to restrict access to iMessage. Not locked out of it with hardware you own and interoperability dictated by the vendor who also wants you to buy their watch.

[ethbr1]

Exactly. It's amazing how often the nuance between may and must is missed by Apple fans.

Apple should be able to lock down their ecosystem as a default -- plenty of people will be happy to use that default experience.

But Apple should absolutely be prohibited from not allowing users the choice of unlocking their own device, for additional functionality, if they choose.

It's also glaringly obvious that many of the "freedoms" Apple affords its users (freedom from iMessage spam!) help drive its revenue...

[thebigman433]

> It's also glaringly obvious that many of the "freedoms" Apple affords its users (freedom from iMessage spam!) help drive its revenue...

Yea I mean this isnt really hard to understand. 99.9% of users would rather have no iMessage spam and also not be able to publish messages from their 3rd party watch. This works in Apple's favor revenue wise because people value having clean and familiar experiences, and dont feel like they are leaving anything behind

[fastball]

Not sure you understand the argument. If you allow people the ability to access iMessage however they want, how do you prevent iMessage spam? You may not care about this, but a lot of people do.

[TheBicPen]

How does connecting to a smartwatch enable spam? None of the comments here explain in detail how that would happen. The messages still get sent through an iPhone and through Apple servers. It's not like Apple is giving up any control over those.

[moron4hire]

How do you prevent iMessage spam, indeed? Because it's not being prevented right now.

[protimewaster]

Can't you already send iMessage spam using Apple Script on Mac? Would it be that much worse if it was also possible from iPhone?

Also, I'm pretty sure you can just set up a click farm to spam from iPhone right now, so there's also that.

[VogonPoetry]

It isn't easy to do with just AppleScript on a Mac. I run a sports team and I wanted to send out a message to people for special situations. Some of the challenges are that you cannot script sending a new message if there isn't already a thread -and- it seems like you must use the same contact info (email or phone number). There isn't much feedback when it goes wrong. Some of these do make sense for preventing spam. I suspect I could have used the accessibility APIs to drive the UI. I eventually gave up.

[CivBase]

It's absolutely wild seeing comments like this on a supposed hacker community.

[surajrmal]

I don't self identify as a hacker despite being an active member of this community. Im not sure it's a fair assumption to make that everyone here identifies as a so called hacker despite the name. I don't generally like the apple ecosystem but I think the choice to lock things down isn't always problematic. users that care for other choices can choose android.

[ianseyer]

It’s important to remember this community is under the umbrella of a massive venture capital firm.

[cameldrv]

It's tricky. As a long time Apple user, I appreciate that they are privacy focused, but I also get a lot of spam text messages, calls, and notifications. It's become more and more annoying to deal with these on my Garmin watch and on my phone. I wish I had some sort of AI filter. For example, I want to get a notification if my Uber is running late, but I don't want one if Uber is offering me 20% off if I subscribe to whatever their monthly service is.

[footlose_3815]

"Apple knows best for us" is something I've gotten very tired of over the years.

This example might be apples-and-oranges when it comes to the protecting Apple protecting iMessage, but they often rob the user of the choice that other manufacturers offer.

For example: Hotspot. Android hotspot can be perma-on. iPhone hotspot cannot. It will always switch itself off after some time of non-use. When I asked an Apple employee about this (This was not his dept), his understanding was that it was for not-clogging up Wifi at-scale, and for users who forget to turn it off. But what about the users who want it on always, who pay their cell provider for the biggest pacakge? My computer goes to sleep, and the hotspot turns off and I have to go manually switching it back on because "Apple knows better". I want those choices.

[atmosx]

But the Apple Watch has access to iMessage right? :-)

[mwinatschek]

I’m with you on this one. I’d be fine with Apple opening up their ecosystem in a safe and careful way to other companies but only if the security stays, at least, at the same level - and if I’m able to turn off these options in the settings.

[Ajedi32]

This perspective is infuriating. It's literally Stockholm syndrome. Your device is being held prisoner in a cell that they refuse to give you the key to unlock no matter how much you beg, and you are actually thanking them for it.

How can you not realize that you're being abused?

[1propionyl]

Different people evaluate cost/benefit trade offs differently than you do, and don't speak of the matter with metaphorically charged terminology like "abuse", "prison", "Stockholm syndrome", etc.

[Ajedi32]

Normally I'd agree; people overuse the term "Stockholm syndrome", but in this case it's a perfect analogy. Apple has you trapped. You can't use a competing smart watch even if you wanted to, because Apple is blocking critical functionality and there's nothing you can do about it short of ending the abusive relationship entirely and completely leaving the Apple ecosystem. But you don't want to do that, you love Apple too much, so instead you choose to thank your captor for holding you captive. It's your fault they have to do this after all; you can't be trusted to make a decision about which smartwatch you want to use. After all, if you chose a competitor that might be a bad decision that would hurt your security. So Apple is totally justified in preventing you from leaving. Thank you Apple for saving us from ourselves!

It would be one thing to acknowledge Apple's doing something bad here but still decide to use their products because you like their hardware. That would be a cost/benefit trade-off. But actually thanking them for the abuse itself? There's really, legitimately no better way that I can think of to characterize the situation than as Stockholm syndrome.

[zamalek]

Other users might not want to, such are the reasons for toggles.

[Elidrake24]

Other users want a secure design without the ability to shoot oneself in the foot, such is the reason for a market where you have the alternative choice in Android.

[burnte]

As another user, I don't want you making that decision for me.

[sirdvd]

As a user, I'd be totally fine with Apple letting me choose who can access to my iMessages.

[FirmwareBurner]

Just like totalitarian regimes, Apple considers its users too stupid to be allowed to make choices for themselves. They must be herded like sheep towards the right path.

[Der_Einzige]

People like you are why technology sucks. Please stop having this opinion or similar ones.

[bigiain]

Yep. Same.

I do not want 3rd party hardware/software vendors to have unrestricted access to the messaging app on my phone that is the only option my bank and PayPal and a bunch of other critical services use for 2FA.

Especially not when the software they want to run is JavaScript, with all it's well known npm dependancy nightmares, _and_ from a founder and team that openly admit iPhones are a second class citizen in their development planning and resources.

And especially especially not when the founders have previously shown their colors when they rugpulled all their customers and effectively bricked all the devices they'd sold.

Even with the limited iMessage/SMS access they have now, I wonder how long it'll be before we see a supply chain attack against Pebble exploiting some 11th level deep npm dependancy on something dumb like leftpad.js, that exfiltrates SMS 2FA codes and first anybody knows about it will be when a bunch of CryptoBros start complaining about their exchange accounts being emptied...

[fooqux]

> And especially especially not when the founders have previously shown their colors when they rugpulled all their customers and effectively bricked all the devices they'd sold.

As a Pebble user for a long time, I'm not exactly sure what you're talking about here. If you're talking about Fitbit halting services, I can't exactly blame the founder of Pebble for that. Can I blame him for the poor business decisions that led to needing to sell to Fitbit? I guess, but I'm not a business person nor a CEO and have no idea what transpired to lead up to that. But I'm reasonably sure it wasn't malice as you seem to imply.

[saagarjha]

Psst…there’s JavaScript running on your phone right now.

[bigiain]

Sure, but so far as I know none of it has access to the contents of SMS or iMessages.

[skeaker]

Then don't grant them the access! This isn't all or nothing! It's a matter of being given a choice (to which you can say "no!") or being given no choice at all.

[ajolly]

I'm still using my pebble today, and never stopped. What bricking?

[alex1115alex]

Preach. My team's building an OS for smart glasses and some of our most common feature requests are iOS notifications & being able to reply to them.

We're going to have to do insane things to get them working. Due to how ANCS works, we're considering developing an ANCS "doohicky" (either a BLE pop-socket, smart-ring, or mag-safe wallet) which gets notifications via BLE & relays them back to the iPhone, to then send to the glasses. That would just get us the raw notifications, though, and wouldn't solve the issue of replying. The other option is a Beeper-like system in the cloud to bypass iOS entirely, but that also has downsides.

It's a total mess, especially compared to Android where you can just easily listen for notifications & send them to the glasses without much pushback from the system.

[Retric]

Every device you let in is another attack surface, and no certification process can eliminate it.

Allowing devices to view and respond to messages is inherently lower risk than allowing them to freely communicate with anyone.

[AndrewHart]

You could say the same about software and app stores. If safety were the top priority, then the safest option is to say no apps, but that isn't competitive or lucrative. Apple's approach is to create safe frameworks and a review process that allows the App Store to exist.

[godelski]

I just want to add that over the last few years Apple has also been teaching its users to ignore security warnings as they make it difficult to verify software and thus lots of stuff never does. Its why there's few free things in the App Store because Apple charges. You install things from GitHub and well you're gonna get that security warning.

[musicale]

I assume you're talking about the Mac App Store since one can't easily install iOS software via github.

It's a tricky situation. Windows Vista tried to improve security and then was criticized for having too many UAC pop-ups, and for breaking legacy drivers.

I don't like Apple's syspolicyd, but it is also an attempt at improving security.

[godelski]

I'm talking about MacBooks. Sure, this is about iPhones but it's also about a closed garden and other devices in that closed garden which are very likely to also be owned are teaching people a very specific lesson

[saagarjha]

Poor security implementations harm security, because they train users to click through them. It’s certainly an “attempt” but I wouldn’t say it improves security.

[robertlagrant]

They're likely to be regulated into allowing third party app stores with review processes that they don't control.

[gnopgnip]

What third party apps can see notifications and send via iMessage?

[tapland]

You could argue for only allowing communication through selected carriers, or connections to selected brand computers, and connecting to selected manufacturer Wi-Fi hotspots too

[presentation]

Yeah, but while Apple might consider the hardware to be "untrusted", at some point I trust the hardware I bought. Apple telling me I cannot decide what devices are trusted or not is annoying.

[tremon]

You do realize this is a very infantilizing attitude? Why can't the end user choose its own level of security vs usability? Letting a corporation decide this for all users is just creating a nanny state in different clothing.

[sbarre]

I tend to agree with this, but if you look at the PC ecosystem, you'll see that 'leave users to figure out their own security' is a shit show.

Phones, for better or worse, contain much more private and personal information about users than their computer I would bet on average.

So I understand the urge to make phones more secure by default and to help users avoid foot guns, even if it means restricting their choices.

You are likely not the average user, and I think it's a bit selfish to demand total freedom, that you can manage safely, when for most users they would be worse off.

In a perfect world we wouldn't need this but we certainly don't have one of those.

[Zak]

> I understand the urge to make phones more secure by default and to help users avoid foot guns

There's secure by default, and then there's stuff users can't override even with great effort. Android restricts some dangerous operations by default and makes users jump through a couple hoops to acknowledge the risk. iOS usually forbids them entirely.

[sbarre]

Yep agreed that this would be a better approach. I think this is where iOS uses security as an excuse to maintain their walled garden.

[bigstrat2003]

> I tend to agree with this, but if you look at the PC ecosystem, you'll see that 'leave users to figure out their own security' is a shit show.

I do not in fact see that. PCs work pretty damn well, security-wise, even with clueless users. I'll grant you it isn't as secure as phones, but it's by no means horrible.

[sbarre]

Were you around for the first 10-15 years of the widespread consumer Internet?

I actually disagree with you that things are good, security-wise, today.. They are still pretty bad.

Back then was extremely bad.. Back then, Windows was never designed to be a networked operating system and was just full of security problems like you wouldn't believe.

[mattmaroon]

The problem is that we're in a duopoly on the most important metaphorical ecosystem on the planet. If the market were competitive and efficient, I'd agree, but it isn't.

The upshot of this is that Apple can unfairly compete in all sorts of verticals just by owning that platform. A lot of companies could make a good Airpod competitor, but without access to the same functions as Apple's they're hamstrung. Watches have this problem even worse.

Say what you want about Microsoft at their zenith, you COULD compete with their browser, in fact, people did. You just can't with iOS. That's more important than some users having poor security. (And really, how are we going to worry about phone security when there's a system as stupid as passwordless social security numbers being the key to your financial life?)

The natural duopoly needs to be regulated such that it doesn't spill over into every tangential market.

[izacus]

Without that "shit show" you would never end up with devices like iPhones and useful software that drove last decades of innovation and progress.

The ability to build better things is the reason why you can now sit here, using technologies built on that "shit show" machine, and bloviate how new generations aren't allowed to build new things anymore because a megacorp needs to feed its greed.

[2muchcoffeeman]

It doesn’t follow that the past had to be a shit show for the future to not be a shit show.

In any case we are largely still learning when it comes to security and I don’t really want to make things less secure for the many just to satisfy the few.

[saagarjha]

I believe the point being made was that “the few” are the people making what’s next.

[Zak]

While I agree with you (I daily a rooted Android phone), anyone who cleaned up a few Windows machines for non-technical people 20 years ago probably at least understands where Apple is coming from. The average person is really bad at system administration, and it doesn't take many bad actors creating malware and scams to have a big impact.

[seec]

It's not really about system administration. The average person is a low effort moron who will do whatever he pleases without thinking about the consequences.

The difference with computing is that since it's "new" and sometimes it has bugs, they will blame the hardware/OS any chance they get.

[saagarjha]

Just like your comment was not really about providing anything new, but insulting people who use technology?

[seec]

Have you done a lot of tech support for people? If not, you really don't know the extent of it. It's not insulting, it's just how people are. You should meet the guy who had a lot of issues on his MacBook Pro, related to low storage left (barely a few gigs) that was entirely due to his extremely large porn collection.

When asked about it, he doesn't have too many files. What do you do in that case? Isn't he a moron both for storing so much porn and at the same time (somehow) believing a tech support person wouldn't find the root of the problem. It was in a "hidden" folder, so not only he is a moron for the first offense, but doubly so for thinking a competent person wouldn't find something so obvious.

So, I reiterate, most people are morons, and technology just reveals their ineptitude in plain sight, it's simple as that.

You are free to believe in your idealized version of the world, but it doesn't match my experience at all.

[Zak]

That's unfair. Modern computers are extremely complicated to the point that even the most knowledgeable person has only a partial understanding, and nearly everyone is required to use them to function in western societies.

There's probably something important and complicated in the world you have to interact with regularly that you don't understand very well. Based on this comment, I think it might be people.

[seec]

Modern computers are complicated to build and to use for complicated stuff but they have been extremely easy to use for regular stuff since the late 90s.

Pretending otherwise is nonsensical, since the richest economies in the world depend on it and surely not everyone is at a genius level.

There are some things important and complicated that I don't understand very well but they are not about basic operation of relatively simple things. It's like saying operating a washing machine or using a knife is something special.

And I do understand people very well; in fact, much more than I wish, by necessity. Your average person is frustratingly basic to the point of being extremely annoying on top of boring. I just choose to not pretend and "be nice" anymore, because it just hides reality and doesn't help anyone. The fact that we have some people designing complex computers or sending people to the moon while others are barely able to cook a meal is largely a testament to that.

You might want to get rid of your ideologies if you believe what I said is controversial or wrong. Most people, by statistical definition, are idiots. Technology just reveals that fact very clearly, it's as simple as that.

[dickersnoodle]

Word. When my kids were pre-teens and teens I moved their computers onto Red Hat because I was tired of cleaning spyware off of it when it was a Wintel box. I moved my wife onto a Macbook Pro for the same reason, and she used to do user support for a community college back in the day.

[The_Blade]

> The average person is really bad at system administration

the average person doesn't even understand the basic concept of what the average HN reader considers system administration, and we're wrong anyway eh

[miki123211]

Because with iMessage, it's not about your own security, it's about the security of everybody that you're allowed to message from a given device.

I suspect Apple can significantly cut down on abuse prevention measures just by making it harder to automatically send iMessage spam.

If any random Bluetooth smartwatch was allowed to send those, there's no telling how that capability could be abused, we all know how IoT vendors are with device security.

[cyberax]

> Because with iMessage, it's not about your own security, it's about the security of everybody that you're allowed to message from a given device.

You do realize that you're implying that Apple is insecure by design? Because I can easily (locally) root my iPhone and get raw access to iMessage.

[mistercheph]

> we all know how IoT vendors are with device security.

Couldn't agree more: https://www.cve.org/CVERecord/SearchResults?query=apple+watc...

[inopinatus]

The adverse consequences are not limited to the end user that made that choice, and few people will subsequently admit culpability for the external consequences of poor choices. Which is to say, people are hypocrites. How surprising. Thus is the boundary of rational individualism identified.

Not all corporations make better choices, however, which motivates a regulatory role. Thus is civilisation identified.

[vFunct]

Because the end user aren't computer scientists. End users should have NO capability in determining their own security, since they could LITERALLY BE infants playing with the iPad.

It is the responsibility of the systems designer to make sure the system is secure, not the end user.

And if you require instructions on how to secure your system, then you have already failed. A properly designed system is secure with zero knowledge.

Remember, it takes work to learn anything, and the goal of a tool is to reduce work, not to increase it.

Throw away customization. Throw away configuration. Both of those are bad design principles.

Make it work by default.

[TheBicPen]

At some point you need to accept that there are sufficient hoops necessary to jump through to disable security that no one would accidentally do it. If you really think that security is so paramount that no level of compromise is acceptable, then you should be outraged that devs can test their apps on their iPhones. You should be up in arms at the existence of the App Store that lets you install software written by third parties. You should be petitioning Apple to remove safari as what could be more insecure that downloading and running arbitrary code from a completely unknown website? And you should be happy paying $1500 for a function-less, featureless, slab of Titanium with an Apple logo etched on the back, secure in the knowledge that it has no security vulnerabilities whatsoever.

[saagarjha]

You do understand that “make it work by default” and “customization” are not exclusive, right? you can definitively pick defaults and allow customization for those who want it.

[pb7]

Why can't people choose which prescription drugs they want to use?

[idiotsecant]

They should be able to.

[int_19h]

That would be a good way to reduce the efficiency of the remaining antibiotics very quickly.

(But also, this kind of thing is exactly why the analogy doesn't even make sense.)

[idiotsecant]

You're right. This is a good reason to restrict this class of drugs. There is a finite usefulness, oh which each person who uses them consumes a tiny little bit.

[inopinatus]

They should not, because the adverse consequences are not limited to the individual.

[lynx97]

You can't be serious, right? I don't even want to imagine how many people would accidentally kill themselves or at least seriously damage their health if that was the status quo.

[idiotsecant]

Is that my job to prevent? If someone wants to do the most damaging things possible, to intentionally kill themselves, should I feel entitled to stop it?

People should be free to do stupid things, so long as they don't hurt others (the antibiotics example that another poster gave us a much stronger argument)

[dickersnoodle]

This sounds like a libertarian take, in the sense of "libertarians are like housecats - convinced of their own fierce independence but totally dependent on systems they neither control nor understand".

[idiotsecant]

I'd be interested to hear your original thoughts on why my position is incorrect.

[theoreticalmal]

The teeming masses of iOS users are, in general, morons, and should absolutely be infantalized when it comes to their device security

[cortesoft]

> Why can't the end user choose its own level of security vs usability?

Isn't the choice to use an android, then?

[madeofpalk]

What are the limitations of integrating via notifications? That seems like the user-respecting method. For example, I don't use iMessage or SMS, but WhatsApp.

[criddell]

I'm just guessing, but notification suggests you could respond to an incoming message but maybe you can't initiate an outgoing message?

[djfdat]

Haven't looked into this, but along with that:

- Multiple replies

- Edits

- Scheduled send

- Voice message

- Tapbacks

- Message history

- Message order is reliant on notification order

- Delays in the notification system could be different than the messaging system

- Opaque nature of message going from notification system -> messaging system, difficult if message is lost/not sent with no indication of why

[8ytecoder]

The attack vector is a 3pt app being compromised - maliciously or otherwise - that logs/collects the messages - i.e, the apps themselves can be a threat vector. To be blunt and honest, I’m not sure I disagree. The notification framework seems like an okay compromise to me. I have used it with my Garmin bike computer and I’m more than happy with the level of integration.

[saagarjha]

The framework that lets you collect messages and ship them god-knows-where but not send them?

[DrBenCarson]

Might be a little bit of both but nothing you said there contradicts the original point--opening up iMessage integration to arbitrary bluetooth connections is a bad idea. It blows open access to all your messages...who knows, maybe even the e2ee keys. Law enforcement would have a brand new frictionless way into all your messages

[saagarjha]

I don’t think Apple would ever expose the encryption keys to your messages. Nobody would want it anyway: why reimplement the protocol when you actually just want to send and receive messages? And I fail to see why it would be frictionless for law enforcement, as they’d need to have access to your device.

[shuckles]

And what happens when the MFi chip is cracked, as it has been before, and Apple has to choose between permanently compromising their ecosystem or disabling support for a bunch of 3rd party peripherals?

[xnx]

Does iOS have third-party accessibility software that would have full display and interaction privileges?

[mceachen]

s/cap/crap/?

[eddythompson80]

Or they mean cap as 'lie' in genz speak. 'No cap' = 'No lie'. in a sentence "I saw an alligator today. No cap"

[mceachen]

Thanks for translating. I’ve never heard cap used in the affirmative.

[daedrdev]

It’s often used to call people out. That’s cap = that’s bullshit

[rambambram]

Gen Z speak? I thought it was 'hood speak' or something. Like: I'm going to cap your sorry ass. I'm not a native English speaker, so what do I know.

[frankvdwaal]

A lot of slang comes from street language, so that thought may still be right. :)

It's a decades old word that used to mean trying to one up someone with tough talk, exaggerating, topping someone. That talk would be so high above the others, it would be the cap on top.

Now to have a good story, to have that cap, people could be... flexible with the truth, so eventually, over the years, to cap started to mean that you were telling a tall tale, a lie.

[rambambram]

Thanks, now I also know where the word comes from.

[IshKebab]

That's a different old meaning of cap. Modern meaning is "lie".

[rambambram]

Thanks!

[jelling]

Etymology: like others said, the old version of cap was short for a bullet. And that term most likely comes from “cap guns” which are/were you guys for kids that had a tiny tiny amount of gunpowder/similar so they made a small noise when fired.

So a bit of speculation, but it’s possible that the word cap has inverted twice over the years, from a toy/fake bullet, to a real bullet, and now back to being a synonym for fake, which it originally was.

[red-iron-pine]

both have roots in urban culture. but busting a cap in someone means cap like cap-gun, aka gun, aka shooting someone.

cap in the true/lie sense also has roots there, but more in a superlative sense and not guns

[rapind]

No cap, I did see an alligator two days ago on the golf course. There were a lot of abandoned balls around her (water trap).

[internetter]

cap (noun, verb, slang)

(n.) A falsehood, exaggeration, or lie. "Saying you climbed a V10 after a month? That’s cap."

(v.) To lie, exaggerate, or be deceitful. "He said he coded the whole app in a day, but we know he capping."

[whyenot]

> This is crap

I appreciate you sharing your experience, I just wish you could have done it without this bit.

[pertymcpert]

*This is false.

[bloodyplonker22]

May I suggest using proper English? I believe part of the reason you are getting downvoted is due to the hat language you are using. Several people, understandably, will not comprehend.

[saagarjha]

Nothing makes their English any less proper than yours.

[boringg]

It might be a walled garden (which is a form of security) but thats also why a lot of people buy their products. Know your demographic.

[Aachen]

I don't think anybody buys their product for the specific reason that they can not do certain things. Nobody likes the restrictions. People buy a product because there are features (things they can do) that they want, including intangible features like usability (it's easier to make a full system backup on iOS than on Android, for example)

Edit: or maybe I'm wrong. I do know one person who bought a phone because it sucked, because they didn't want to spend as much time glued to the device. It was an Android with a tiny tiny screen, though, because iOS would not be allowed to run on hardware of your choosing due to Apple's restrictions... Either way, I guess there is a market of people who do want to inflict pain upon themselves, but this really does seem like exceedingly niche argument to me. Saying that the restrictions are the reason why their demographic buys their device is just buying into Apple's lies that fund their bottom line

[ryandrake]

I have recommended devices in the past to family specifically because of the bad/annoying things those devices don't do, so I, as family IT support, don't have to clean up the fallout.

[apimade]

As someone who has found a lot of holes both in design and implementation, which have been reviewed and vetted by excellent people and companies, which have all the appropriate certifications - no thank you.

I understand the benefit of an open ecosystem. Use your web browser, or a third-party app. The tech adopted by the masses needs guard rails and secure defaults.

I hated Apple’s ecosystem growing up, now I think it’s necessary. We can’t trust developers, or companies, that have competing interests to do the right thing.

[theelous3]

> I hated Apple’s ecosystem growing up, now I think it’s necessary.

Funny, because the overwhelming majority of people and systems exist outside of it and are doing just fine. This sounds like the sentiment of a crab in a bucket who's feeling quite safe from the sides since it was caught.

[saagarjha]

> Use your web browser, or a third-party app. The tech adopted by the masses needs guard rails and secure defaults.

Do you think “the masses” should not use web browsers or third party apps?