Updates (from Beeper Update channel on Beeper Cloud): I'll reply to this if they post more updates.
Exemplary
Updates (from Beeper Update channel on Beeper Cloud):
2:15AM
Beeper Cloud - iMessage works again!
I am very proud to say that iMessage is now working again on Beeper Cloud. After a Herculean effort from my amazing colleagues, our iMessage bridge is back in action. Unfortunately, messages received during the outage are not recoverable.
If you have a Mac or iPhone, you may see an alert that a new device has been added to your account. This due to the bridge update. The update is rolling out over the next hour.
2:16AM
Beeper Mini - fix coming soon
Our fix for Beeper Mini is still in the works. It’s very close, and just a matter of a bit more time and effort.
In the meantime, we have deregistered your phone numbers from iMessage so your friends can still text you. Sorry, you’re temporarily a green bubble again. Annoyingly, the iPhone Messages app ‘remembers’ that you were a blue bubble for 6-24 hours before falling back to SMS, so it’s possible that some messages will not be delivered during this period.
Also, we are extending your 7 day trial by one additional week.
I just want to say thank you for bearing with us through this wild day (week!). I feel awful about important messages you may have missed today because our iMessage connection stopped working. My sincere apologies for this.
Tomorrow is a new day. Onwards!
2:31AM
Eric Migicovsky
Re: Beeper Cloud - iMessage works again!
And...it's not working for everyone yet. We're going to call it a night and get back to it tomorrow.
Apple's Official Statement Read the Verge Report here
Apple's Official Statement
At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.
Founder Eric Migicovsky said on Friday that he simply didn’t understand why Apple would block his app: “if Apple truly cares about the privacy and security of their own iPhone users, why would they stop a service that enables their own users to now send encrypted messages to Android users, rather than using unsecure SMS?”
Migicovsky says now that his stance hasn’t changed, even after hearing Apple’s statement. He says he’d be happy to share Beeper’s code with Apple for a security review, so that it could be sure of Beeper’s security practices. Then he stops himself. “But I reject that entire premise! Because the position we’re starting from is that iPhone users can’t talk to Android users except through unencrypted messages.”
Beeper’s argument is that SMS is so fundamentally insecure that practically anything else would be an improvement. When I say that maybe Apple’s concern is that iPhone users are suddenly sending their supposedly Apple-only blue-bubble messages via a company — Beeper — they don’t know about, Migicovsky thinks about it for a second. “That’s fair,” he says, and offers a solution: maybe every message sent through Beeper should be prefaced with a pager emoji, so people know what’s what. If that’ll fix the problem, he says, it could be done in a few hours.
When I ask Migicovsky if he’s prepared to do battle with Apple’s security team for the foreseeable future, he says that the fact that Beeper Cloud is still working is a signal that Apple can’t or won’t keep it out forever. (He also says Beeper’s team has some ideas left for Beeper Mini.) Beyond that, he hopes the court of public opinion will eventually convince Apple to play nice anyway. “What we’ve built is good for the world,” he says. “It’s something we can almost all agree should exist.”
For real this time. We fixed the problem and you should be able to send and receive iMessages. If you have a Mac or iPhone, you may see a warning that a new device has been added to your account. It says 'Mac' because Apple doesn't know how to display that Beeper has been added to your account 😉. Work continues on Beeper Mini
I enjoyed my brief time with it earlier this week but me essentially losing text communication without realizing it all day on Friday has me a little nervous about returning. And I do appreciate...
I enjoyed my brief time with it earlier this week but me essentially losing text communication without realizing it all day on Friday has me a little nervous about returning.
And I do appreciate the transparency from them so far. But I think I may hold off on reinstalling it until we see a long stretch of stability from it.
I first saw this company during my last job search and was intrigued, but they were too early stage for me to be comfortable applying. I feel like I made a good decision. They sound like they're...
I first saw this company during my last job search and was intrigued, but they were too early stage for me to be comfortable applying.
2:31AM
I feel like I made a good decision. They sound like they're having an extremely unfun time.
To be clear, that was 2:31AM my time (EST). The company is in Palo Alto, so it was 11:30pm there. And I would say that it's pretty understandable to expect to have a late-night, weekend, emergency...
To be clear, that was 2:31AM my time (EST). The company is in Palo Alto, so it was 11:30pm there. And I would say that it's pretty understandable to expect to have a late-night, weekend, emergency coding session when your startup's entire service suddenly gets nuked by Apple. But yeah, depending on the pay, and the type of person you are, that could either be seen as a really exciting, interesting, worthwhile challenge, or an extremely unfun time. :P
I mean like the rest of the planet Americans could just start using platform agnostic messaging services like WhatsApp, Line, Signal, Telegram but I'll just file this iMessage/SMS obsession under...
I mean like the rest of the planet Americans could just start using platform agnostic messaging services like WhatsApp, Line, Signal, Telegram but I'll just file this iMessage/SMS obsession under American Exceptionalism.
I'm surprised Meta doesn't try to push WhatsApp harder to their American users tbh.
As an American, there's a few hurdles to get through before I start using a different messaging service: Give yet another company my information. Sign up info, plus my contact list, plus whatever...
As an American, there's a few hurdles to get through before I start using a different messaging service:
Give yet another company my information. Sign up info, plus my contact list, plus whatever messages I send through the service. How much do I trust any given company?
I have to trust that whatever service is going to continue working in the future, which basically means it must be very clear how they are monetized. SMS is paid by my phone bill; even if the company I get it through goes under or sells out, I'll still have SMS service. In fact, this recently happened, and my phone service was never interrupted.
A chunk of my regular communication partners must all decide to move to a new service. I know of three people in real life who use Whatsapp, and two of them I don't communicate with regularly (spouse's friends).
If my spouse asked me to start using it, I probably would, but he hasn't.
I mean, on one hand, we are the only country that doesn't vastly prefer the platform agonistic messaging services. On the other, unless you are in certain cities, we never get sms/messaging...
I mean, on one hand, we are the only country that doesn't vastly prefer the platform agonistic messaging services.
On the other, unless you are in certain cities, we never get sms/messaging blackouts or other reasons to join said agnostic services.
Like I'm thinking about it, but haven't hit a hard reason to do so. Is that American Exceptionalism? Maybe. But it's hard to say when there is a clear difference in the messaging between us(Americans) and my family overseas.
This is my primary reason. I don't trust Meta's ethics, and I haven't much enjoyed their products since the very early days of Facebook. WhatsApp is a non-starter for me. I'd consider Signal or...
This is my primary reason. I don't trust Meta's ethics, and I haven't much enjoyed their products since the very early days of Facebook. WhatsApp is a non-starter for me.
I'd consider Signal or something, but I'd have to do some research on the services on offer and the various companies providing them, and there just isn't much incentive to do so.
I get that you don't trust Meta and that's fine. But you trust either Apple or your phone carrier? In the latter case you trust them with cleartext messages being sent over a service which...
I get that you don't trust Meta and that's fine. But you trust either Apple or your phone carrier? In the latter case you trust them with cleartext messages being sent over a service which literally has surveillance backdoors built into the hardware? That's a surprising choice to me.
Whatsapp is Signal for the purposes of encryption. Technically Whatsapp is slightly more secure as it handles key management a little better. It was never a Zuck project (nothing about WA is creepy enough to be the product of that guy) and had tens of millions of users long before Meta bought the company.
I would consider having rich media messaging and group chats fairly strong reasons to move away from SMS, not to mention E2E crypto. I know RCS is supposed to add those things but I don't think I've ever sent an RCS message. Mind you, I haven't sent an SMS to a human (or got one) in probably ten years so maybe that's all sorted. I would also consider getting away from Apple to be a pretty good incentive but what's an incentive for me might not be for you.
Ultimately with instant messaging the thing you use is the thing your friends and family use. I use Whatsapp because that's how I can keep in touch with the people I want be in touch with. The people are far more important to me than technical or (at least some amount of) ethical concerns.
iMessage has all these things, though, as it's not SMS. So it's not exactly easy to argue them away from the status quo for something that's, at best, equivalent.
I would consider having rich media messaging and group chats fairly strong reasons to move away from SMS, not to mention E2E crypto.
iMessage has all these things, though, as it's not SMS. So it's not exactly easy to argue them away from the status quo for something that's, at best, equivalent.
It's not really equivalent because iMessage is for Apple users only. I was a bit surprised to discover that Apple only has a few % more market share in the US (~57%) than the UK (~53%), I thought...
It's not really equivalent because iMessage is for Apple users only. I was a bit surprised to discover that Apple only has a few % more market share in the US (~57%) than the UK (~53%), I thought the US was much higher and the UK rather lower. But that's still a lot people who can't be on your group chat. That's the main reason to get off iMessage. That and Apple's shitty business practices, but I appreciate it's something of a frying pan/fire choice between Apple and Meta.
For comparison, Whatsapp has around 87% of the messaging market in the UK.
Whatsapp has an extraordinarily low market share in the US, though, so if your choices are switching between a system where more than half of the country is able to join your group chats to a...
Whatsapp has an extraordinarily low market share in the US, though, so if your choices are switching between a system where more than half of the country is able to join your group chats to a syatem where far fewer people can.
But my point was more that security and feature advantages between Whatsapp and iMessage are not really good arguments to switch from one to the other. It's entirely network-effect stuff.
I'm not American was just excited for this development. I considered it a positive development toward open tech. I agree, I too don't understand why American are obsessed with SMS/MMS and improved...
I'm not American was just excited for this development. I considered it a positive development toward open tech. I agree, I too don't understand why American are obsessed with SMS/MMS and improved technology based on it. maybe they don't want to have multiple app just for text. With RCS and iMessage compatibility, I don't think people will move toward other solution, maybe they won't need to.
There is the multiple app thing, but it's very simple. Unlimited texting became common in the US before smartphones and significant data usage, whereas, to my knowledge, it's often still not a...
There is the multiple app thing, but it's very simple. Unlimited texting became common in the US before smartphones and significant data usage, whereas, to my knowledge, it's often still not a thing in other countries. So Americans have never had a compelling reason to drop texting.
It's a thing in Europe. Usually it's limitless calls and texts and the data is limited. People really don't use texts whatsoever around the world so giving it away for free is not a big deal.
It's a thing in Europe. Usually it's limitless calls and texts and the data is limited.
People really don't use texts whatsoever around the world so giving it away for free is not a big deal.
Can't say I'm surprised. It defeats the point of E2E encryption because its not e2e encrypted if one (or more) user is using this service. Services like this cost money to run and apple won't be...
Can't say I'm surprised.
It defeats the point of E2E encryption because its not e2e encrypted if one (or more) user is using this service.
Services like this cost money to run and apple won't be bringing those users/revenue to their platform. Services like Signal make money by getting donations and doing contract work to other services (I think they make money off of that??). In this scheme Beeper Mini makes money while piggybacking off of Apple's services.
Apple is Apple and will be a pain in the ass trying to protect their closed ecosystem rather than contributing to more open solutions.
I would have something cross platform like Signal plugged into iMessage and Texting apps in Android and figure out some sort of monetary deal to do that.
I haven't looked into this claim in any depth, but several news reports I saw on it mentioned that it used Apple's official certificates, requesting them in the same way that an Apple device does,...
I haven't looked into this claim in any depth, but several news reports I saw on it mentioned that it used Apple's official certificates, requesting them in the same way that an Apple device does, so the communication would still be E2E encrypted. Your other points are still legit, but it would be a pretty crap E2E protocol if someone could just reverse engineer their way into breaking the encryption scheme in a third party client.
Yeah this is false. Now one can assume Beeper was lying about how it implemented things or how the app worked (since the Beeper mini app wasn't open source), but I don't think Beeper has given...
Yeah this is false. Now one can assume Beeper was lying about how it implemented things or how the app worked (since the Beeper mini app wasn't open source), but I don't think Beeper has given anyone a reason to assume this type of maliciousness. Also with some network and other analysis of the app it's possible people could prove it was actually handling the encrypted communication locally. There was also open sourced Python code that served as proof it was possible so people could have examined that to prove the technical claims behind the app were actually possible.
So once you get that out of the way, the basis of it was that it was iMessage in basically every way, including end to end encryption. The main thing it lacked natively within the app was the ability to receive push notifications from Apple's Push Notification service.
This was a reverse engineered iMessage, so the comments about cross platform Signal plugged into iMessage would get shut down in the same way this did. It doesn't matter what app is using the reverse-engineered iMessage method that bypasses owning an Apple device, Apple is not going to allow it if it has the ability to block it in any way.
The security implications are similar to any open protocol, though, and this is orthogonal to whether or not end-to-end encryption is used. The threat model is friends who install beeper mini, or...
The security implications are similar to any open protocol, though, and this is orthogonal to whether or not end-to-end encryption is used.
The threat model is friends who install beeper mini, or think they do, but no, actually it’s a hacked version that sends all their messages somewhere else.
Compare with email: your friends could be using gmail or hotmail or something else and that means the privacy of your correspondence is only as good as security and privacy policies of whatever software providers your friends trust. Adding end-to-end encryption to email wouldn’t change this. You still trust your friends’ software when it runs on their own devices.
In this sense, knowing that all your friends run Apple-developed software on Apple-developed hardware provides some assurances you can’t get from running Signal or WhatsApp on random Android devices they bought somewhere.
I’m not saying this is necessarily an important consideration for most people. Some vulnerabilities are okay to accept. But some organizations do have reasons to want to control the software and hardware their employees use for business communications, and this may also be true of more informal groups.
At this point I'd say it's an Apple induced security risk with a pretty easy method of patching the security flaw (making iMessage/Apple Messages available on Android), if they were actually being...
At this point I'd say it's an Apple induced security risk with a pretty easy method of patching the security flaw (making iMessage/Apple Messages available on Android), if they were actually being security-minded about it. But to Apple it's not a security issue, it's a money issue.
Like @BHSPitMonkey mentioned, I confused it with the earlier versions of this. I feel that my other points stand though; it piggybacks off of Apple's services costing then money and Apple will...
Like @BHSPitMonkey mentioned, I confused it with the earlier versions of this. I feel that my other points stand though; it piggybacks off of Apple's services costing then money and Apple will also be a bunch of jerks that enforce their walled garden.
Now one can assume Beeper was lying about how it implemented things or how the app worked (since the Beeper mini app wasn't open source), but I don't think Beeper has given anyone a reason to assume this type of maliciousness.
They also haven't done anything to earn my trust either.
I trust Signal in part due to it being FOSS. I sort of trust Apple and Google or at least I know exactly what to expect. Trust can be earned; I don't give it away for free.
Despite beeper being E2E, IMO allowing random 3rd party apps (that may or may not be legit) to have access to iMessage will be framed as a security risk by Apple. That will be their PR message and they'll believe it too.
This was a reverse engineered iMessage, so the comments about cross platform Signal plugged into iMessage would get shut down in the same way this did.
What I meant is that this is what I'd like to see. I want Apple and Google to get their collective shit together and make E2E encryption standard... and for it to be an OPEN standard. i proposed tying into Signal because they're FOSS and because they do work with others to make their messaging secure.
You might be confusing their first offering (Beeper, which uses a bunch of hosted Mac devices and acts as a proxy) with this newer one (Beeper Mini, which is a reverse engineered client you run...
You might be confusing their first offering (Beeper, which uses a bunch of hosted Mac devices and acts as a proxy) with this newer one (Beeper Mini, which is a reverse engineered client you run fully on your device).
The former was indeed more problematic on the E2EE front (after all, you have what is effectively a MITM between you and everyone you talk to—placing all your trust in their employees and their security to keep out hackers). The latter, potentially less so—though the way it dealt with faking the device attestation seems like it might have been less than ideal.
Ummm...No, It followed the E2EE. In this case apple user are more vulnerable by using general SMS/MMS protocol with android user. It was better for iPhone user this way. edit: it looks like my...
It defeats the point of E2E encryption because its not e2e encrypted if one (or more) user is using this service.
Ummm...No, It followed the E2EE. In this case apple user are more vulnerable by using general SMS/MMS protocol with android user. It was better for iPhone user this way.
edit: it looks like my concerns were already mentioned by other user. Your other points are valid though.
Presumably Beeper Cloud will continue to work because it works by using an actual Apple device. Beeper Mini does not. I was suspecting that it wouldn't be too hard for Apple to identify this...
Presumably Beeper Cloud will continue to work because it works by using an actual Apple device. Beeper Mini does not. I was suspecting that it wouldn't be too hard for Apple to identify this because you're talking about non-iOS devices that likely will have a different signature of activity through this reverse engineered method.
I'm pretty bummed out about this. I went ahead and deleted the app since this much disruption to communication is a deal breaker. I don't care about the blue bubbles as much as I care about...
I'm pretty bummed out about this. I went ahead and deleted the app since this much disruption to communication is a deal breaker. I don't care about the blue bubbles as much as I care about encryption and functional modern chat features. So for now I'm sticking to Facebook Messenger (Ugh, but at least E2E encryption is coming soon), Signal, RCS and Discord (Not E2E encrypted, but at least it's sent over https unlike SMS).
Honestly, Signal as been great. Even my wife, who has been an iPhone user for 10 plus years, loves it. I think backups could be done ever so slightly more seamless for the average user, but that's a pretty small nitpick.
FB Messenger does have an option for that. It's called secret chats I think? However, they are rolling out E2EE by default over the next few months, which is exciting. As much shit that gets...
FB Messenger does have an option for that. It's called secret chats I think? However, they are rolling out E2EE by default over the next few months, which is exciting. As much shit that gets talked about FB, and deservedly so, their messaging platform is pretty good.
This reminds me a little bit of Aereo thinking they could end-run around copyright infringement by having separate antennas and devices per user. I meet engineers (and other people, but mostly...
This reminds me a little bit of Aereo thinking they could end-run around copyright infringement by having separate antennas and devices per user. I meet engineers (and other people, but mostly engineers) who think that these subtle differences in technology, when the reality is it's not going to keep you from being sued out of existence by the big guys.
(Aside, I don't like the current state of things and wish they were different, but that is a different discussion).
This isn't copyright infringement and no one's getting sued, though. Reverse engineering something the way Beeper did is perfectly legal (this has been decided by courts in the past with cases...
This isn't copyright infringement and no one's getting sued, though. Reverse engineering something the way Beeper did is perfectly legal (this has been decided by courts in the past with cases about emulators -- and unlike emulators, there's not even a strong association with another crime here). Doing so does not infringe on Apple's copyright. What Apple did was find some technological way to discriminate between users of Apple iMessage and Beeper Mini, causing the latter to fail. But this is very different from them asserting any copyright infringement claim over the reverse engineered app.
I agree it's not copyright infringement. My point is that a "technical" workaround doesn't exempt you from getting squished like a bug by the big corporations. It's not a very happy state of...
I agree it's not copyright infringement. My point is that a "technical" workaround doesn't exempt you from getting squished like a bug by the big corporations. It's not a very happy state of affairs for innovation.
And if you look at the arguments made by Aereo, they were the same ones made by the fledgling CATV industry. If you can record broadcast transmission in your home, and in the case of Aereo you are...
And if you look at the arguments made by Aereo, they were the same ones made by the fledgling CATV industry. If you can record broadcast transmission in your home, and in the case of Aereo you are effectively leasing an antenna in your broadcast region, it should have been a legitimate use case. For the same reason you can record something at your home and then stream it to yourself on the other side of the planet, you should be able to record something you are selecting to time shift and record, and then play back to your own authorized devices. The only real distinction was the length of wire to the antenna, but then you're going right back to the core of what Community Antenna Television was about in the first place.
I'm not saying Aereo was wrong, I'm saying that being "technically right" didn't matter when it came to pushing against the incumbent corporate structures. At some point, we have to be aware of...
I'm not saying Aereo was wrong, I'm saying that being "technically right" didn't matter when it came to pushing against the incumbent corporate structures. At some point, we have to be aware of the power dynamics at play, and recognize that not everyone plays by the same rules.
The only thing shocking about this news is how long it took to happen.
Updates (from Beeper Update channel on Beeper Cloud):
I'll reply to this if they post more updates.
Apple's Official Statement
Read the Verge Report here
I enjoyed my brief time with it earlier this week but me essentially losing text communication without realizing it all day on Friday has me a little nervous about returning.
And I do appreciate the transparency from them so far. But I think I may hold off on reinstalling it until we see a long stretch of stability from it.
I first saw this company during my last job search and was intrigued, but they were too early stage for me to be comfortable applying.
I feel like I made a good decision. They sound like they're having an extremely unfun time.
To be clear, that was 2:31AM my time (EST). The company is in Palo Alto, so it was 11:30pm there. And I would say that it's pretty understandable to expect to have a late-night, weekend, emergency coding session when your startup's entire service suddenly gets nuked by Apple. But yeah, depending on the pay, and the type of person you are, that could either be seen as a really exciting, interesting, worthwhile challenge, or an extremely unfun time. :P
I am also in EST, and they hire remotely. :)
we can't have good things.
I mean like the rest of the planet Americans could just start using platform agnostic messaging services like WhatsApp, Line, Signal, Telegram but I'll just file this iMessage/SMS obsession under American Exceptionalism.
I'm surprised Meta doesn't try to push WhatsApp harder to their American users tbh.
As an American, there's a few hurdles to get through before I start using a different messaging service:
Give yet another company my information. Sign up info, plus my contact list, plus whatever messages I send through the service. How much do I trust any given company?
I have to trust that whatever service is going to continue working in the future, which basically means it must be very clear how they are monetized. SMS is paid by my phone bill; even if the company I get it through goes under or sells out, I'll still have SMS service. In fact, this recently happened, and my phone service was never interrupted.
A chunk of my regular communication partners must all decide to move to a new service. I know of three people in real life who use Whatsapp, and two of them I don't communicate with regularly (spouse's friends).
If my spouse asked me to start using it, I probably would, but he hasn't.
Agreed. Kind of a bizarre thing to chalk up to "American Exceptionalism"...
I mean, on one hand, we are the only country that doesn't vastly prefer the platform agonistic messaging services.
On the other, unless you are in certain cities, we never get sms/messaging blackouts or other reasons to join said agnostic services.
Like I'm thinking about it, but haven't hit a hard reason to do so. Is that American Exceptionalism? Maybe. But it's hard to say when there is a clear difference in the messaging between us(Americans) and my family overseas.
Any time someone mentions Whatsapp in person I'm kind of surprised to even hear it mentioned.
This is my primary reason. I don't trust Meta's ethics, and I haven't much enjoyed their products since the very early days of Facebook. WhatsApp is a non-starter for me.
I'd consider Signal or something, but I'd have to do some research on the services on offer and the various companies providing them, and there just isn't much incentive to do so.
I get that you don't trust Meta and that's fine. But you trust either Apple or your phone carrier? In the latter case you trust them with cleartext messages being sent over a service which literally has surveillance backdoors built into the hardware? That's a surprising choice to me.
Whatsapp is Signal for the purposes of encryption. Technically Whatsapp is slightly more secure as it handles key management a little better. It was never a Zuck project (nothing about WA is creepy enough to be the product of that guy) and had tens of millions of users long before Meta bought the company.
I would consider having rich media messaging and group chats fairly strong reasons to move away from SMS, not to mention E2E crypto. I know RCS is supposed to add those things but I don't think I've ever sent an RCS message. Mind you, I haven't sent an SMS to a human (or got one) in probably ten years so maybe that's all sorted. I would also consider getting away from Apple to be a pretty good incentive but what's an incentive for me might not be for you.
Ultimately with instant messaging the thing you use is the thing your friends and family use. I use Whatsapp because that's how I can keep in touch with the people I want be in touch with. The people are far more important to me than technical or (at least some amount of) ethical concerns.
iMessage has all these things, though, as it's not SMS. So it's not exactly easy to argue them away from the status quo for something that's, at best, equivalent.
It's not really equivalent because iMessage is for Apple users only. I was a bit surprised to discover that Apple only has a few % more market share in the US (~57%) than the UK (~53%), I thought the US was much higher and the UK rather lower. But that's still a lot people who can't be on your group chat. That's the main reason to get off iMessage. That and Apple's shitty business practices, but I appreciate it's something of a frying pan/fire choice between Apple and Meta.
For comparison, Whatsapp has around 87% of the messaging market in the UK.
Whatsapp has an extraordinarily low market share in the US, though, so if your choices are switching between a system where more than half of the country is able to join your group chats to a syatem where far fewer people can.
But my point was more that security and feature advantages between Whatsapp and iMessage are not really good arguments to switch from one to the other. It's entirely network-effect stuff.
I'm not American was just excited for this development. I considered it a positive development toward open tech. I agree, I too don't understand why American are obsessed with SMS/MMS and improved technology based on it. maybe they don't want to have multiple app just for text. With RCS and iMessage compatibility, I don't think people will move toward other solution, maybe they won't need to.
There is the multiple app thing, but it's very simple. Unlimited texting became common in the US before smartphones and significant data usage, whereas, to my knowledge, it's often still not a thing in other countries. So Americans have never had a compelling reason to drop texting.
It's a thing in Europe. Usually it's limitless calls and texts and the data is limited.
People really don't use texts whatsoever around the world so giving it away for free is not a big deal.
Can't say I'm surprised.
It defeats the point of E2E encryption because its not e2e encrypted if one (or more) user is using this service.
Services like this cost money to run and apple won't be bringing those users/revenue to their platform. Services like Signal make money by getting donations and doing contract work to other services (I think they make money off of that??). In this scheme Beeper Mini makes money while piggybacking off of Apple's services.
Apple is Apple and will be a pain in the ass trying to protect their closed ecosystem rather than contributing to more open solutions.
I would have something cross platform like Signal plugged into iMessage and Texting apps in Android and figure out some sort of monetary deal to do that.
I haven't looked into this claim in any depth, but several news reports I saw on it mentioned that it used Apple's official certificates, requesting them in the same way that an Apple device does, so the communication would still be E2E encrypted. Your other points are still legit, but it would be a pretty crap E2E protocol if someone could just reverse engineer their way into breaking the encryption scheme in a third party client.
Yeah this is false. Now one can assume Beeper was lying about how it implemented things or how the app worked (since the Beeper mini app wasn't open source), but I don't think Beeper has given anyone a reason to assume this type of maliciousness. Also with some network and other analysis of the app it's possible people could prove it was actually handling the encrypted communication locally. There was also open sourced Python code that served as proof it was possible so people could have examined that to prove the technical claims behind the app were actually possible.
So once you get that out of the way, the basis of it was that it was iMessage in basically every way, including end to end encryption. The main thing it lacked natively within the app was the ability to receive push notifications from Apple's Push Notification service.
This was a reverse engineered iMessage, so the comments about cross platform Signal plugged into iMessage would get shut down in the same way this did. It doesn't matter what app is using the reverse-engineered iMessage method that bypasses owning an Apple device, Apple is not going to allow it if it has the ability to block it in any way.
The security implications are similar to any open protocol, though, and this is orthogonal to whether or not end-to-end encryption is used.
The threat model is friends who install beeper mini, or think they do, but no, actually it’s a hacked version that sends all their messages somewhere else.
Compare with email: your friends could be using gmail or hotmail or something else and that means the privacy of your correspondence is only as good as security and privacy policies of whatever software providers your friends trust. Adding end-to-end encryption to email wouldn’t change this. You still trust your friends’ software when it runs on their own devices.
In this sense, knowing that all your friends run Apple-developed software on Apple-developed hardware provides some assurances you can’t get from running Signal or WhatsApp on random Android devices they bought somewhere.
I’m not saying this is necessarily an important consideration for most people. Some vulnerabilities are okay to accept. But some organizations do have reasons to want to control the software and hardware their employees use for business communications, and this may also be true of more informal groups.
At this point I'd say it's an Apple induced security risk with a pretty easy method of patching the security flaw (making iMessage/Apple Messages available on Android), if they were actually being security-minded about it. But to Apple it's not a security issue, it's a money issue.
The exclusivity's end goal is .. profit, thus yes .. it's a money issue.
Like @BHSPitMonkey mentioned, I confused it with the earlier versions of this. I feel that my other points stand though; it piggybacks off of Apple's services costing then money and Apple will also be a bunch of jerks that enforce their walled garden.
They also haven't done anything to earn my trust either.
I trust Signal in part due to it being FOSS. I sort of trust Apple and Google or at least I know exactly what to expect. Trust can be earned; I don't give it away for free.
Despite beeper being E2E, IMO allowing random 3rd party apps (that may or may not be legit) to have access to iMessage will be framed as a security risk by Apple. That will be their PR message and they'll believe it too.
What I meant is that this is what I'd like to see. I want Apple and Google to get their collective shit together and make E2E encryption standard... and for it to be an OPEN standard. i proposed tying into Signal because they're FOSS and because they do work with others to make their messaging secure.
You might be confusing their first offering (Beeper, which uses a bunch of hosted Mac devices and acts as a proxy) with this newer one (Beeper Mini, which is a reverse engineered client you run fully on your device).
The former was indeed more problematic on the E2EE front (after all, you have what is effectively a MITM between you and everyone you talk to—placing all your trust in their employees and their security to keep out hackers). The latter, potentially less so—though the way it dealt with faking the device attestation seems like it might have been less than ideal.
Ummm...No, It followed the E2EE. In this case apple user are more vulnerable by using general SMS/MMS protocol with android user. It was better for iPhone user this way.
edit: it looks like my concerns were already mentioned by other user. Your other points are valid though.
Dang, it's actually official? I saw the update, just assumed it was a bug or something. My beeper cloud still works at the moment at least
Presumably Beeper Cloud will continue to work because it works by using an actual Apple device. Beeper Mini does not. I was suspecting that it wouldn't be too hard for Apple to identify this because you're talking about non-iOS devices that likely will have a different signature of activity through this reverse engineered method.
yeah that's what I'm gathering from looking through everything. I guess that's still fine for my purposes lol but definitely very annoying.
I'm pretty bummed out about this. I went ahead and deleted the app since this much disruption to communication is a deal breaker. I don't care about the blue bubbles as much as I care about encryption and functional modern chat features. So for now I'm sticking to Facebook Messenger (Ugh, but at least E2E encryption is coming soon), Signal, RCS and Discord (Not E2E encrypted, but at least it's sent over https unlike SMS).
Honestly, Signal as been great. Even my wife, who has been an iPhone user for 10 plus years, loves it. I think backups could be done ever so slightly more seamless for the average user, but that's a pretty small nitpick.
Im pretty sure Facebook messenger supports E2EE,you just have to enable it; its never on by default.
FB Messenger does have an option for that. It's called secret chats I think? However, they are rolling out E2EE by default over the next few months, which is exciting. As much shit that gets talked about FB, and deservedly so, their messaging platform is pretty good.
This reminds me a little bit of Aereo thinking they could end-run around copyright infringement by having separate antennas and devices per user. I meet engineers (and other people, but mostly engineers) who think that these subtle differences in technology, when the reality is it's not going to keep you from being sued out of existence by the big guys.
(Aside, I don't like the current state of things and wish they were different, but that is a different discussion).
This isn't copyright infringement and no one's getting sued, though. Reverse engineering something the way Beeper did is perfectly legal (this has been decided by courts in the past with cases about emulators -- and unlike emulators, there's not even a strong association with another crime here). Doing so does not infringe on Apple's copyright. What Apple did was find some technological way to discriminate between users of Apple iMessage and Beeper Mini, causing the latter to fail. But this is very different from them asserting any copyright infringement claim over the reverse engineered app.
I agree it's not copyright infringement. My point is that a "technical" workaround doesn't exempt you from getting squished like a bug by the big corporations. It's not a very happy state of affairs for innovation.
And if you look at the arguments made by Aereo, they were the same ones made by the fledgling CATV industry. If you can record broadcast transmission in your home, and in the case of Aereo you are effectively leasing an antenna in your broadcast region, it should have been a legitimate use case. For the same reason you can record something at your home and then stream it to yourself on the other side of the planet, you should be able to record something you are selecting to time shift and record, and then play back to your own authorized devices. The only real distinction was the length of wire to the antenna, but then you're going right back to the core of what Community Antenna Television was about in the first place.
I'm not saying Aereo was wrong, I'm saying that being "technically right" didn't matter when it came to pushing against the incumbent corporate structures. At some point, we have to be aware of the power dynamics at play, and recognize that not everyone plays by the same rules.
So, why couldn't I just run this locally, or do the communication with Apple's service directly from my device?
What do you mean?
Beeper bought the integration from this project, I would assume Apple patched it
License restrictions probably
Perhaps they could've just blocked their servers. That was my initial assumption.