this post was submitted on 08 Dec 2023
107 points (95.7% liked)
Technology
59674 readers
4285 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I tried it yesterday, it still has some growing pains (had some trouble getting it to connect).
Going to keep watching though, for a new app it looks pretty good, fluid, well designed from a UI standpoint.
Given the dev was able to reverse-engineer Apple's ANP (equivalent to Google's GCM), build an app, backend, etc, it should be fun to watch.
It's also generating a conversation around the misperception of iMessage being perfectly secure, and how SMS downgrades iMessage to not secure at all.
Hacker News story about the lack of Forward Secrecy and other concerns: https://news.ycombinator.com/item?id=38537444
A summary of what I think is the primary issue with iMessage security that most people can easily understand (I've quoted this from another commenter, this is in the article):
**BearOfATime Comment: **This lack of Forward Secrecy alone is enough to say iMessage is nowhere as secure as we've been lead to believe. The delivery of the AES key with the AES-encrypted message but the package encrypted with RSA that virtually never changes is so blindingly flawed. This setup makes the AES encryption pointless, if you're going to package the key with it. Because once the RSA is broken/acquired, they have the AES key for the message (and ALL messages)!
The concern over the RSA key length is a bit premature, I'd say it's more of a future concern that Apple is probably working on.
The other issues (unchanging identifiers, for example) are a valid concern. Something I've seen other apps take into consideration (Signal, Briar, SimpleX Chat).