this post was submitted on 18 Dec 2023
237 points (96.5% liked)

Technology

59458 readers
4268 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

US senators have urged the DOJ to probe Apple's alleged anti-competitive conduct against Beeper.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 11 months ago* (last edited 11 months ago) (1 children)

Funny, you trust apple yet iMessage has major flaws that were written about years ago, that Apple has never addressed. https://news.ycombinator.com/item?id=38537444

And if you read the Beeper devs blog, you'd understand how much you misunderstand about the security and encryption implications. If anying, it increases message security by moving messaging from SMS to encrypted iMessage. https://jjtech.dev/reverse-engineering/imessage-explained/

He invited Apple to have a third party assess his work. So far Apple hasn't responded.

I have no issue with Apple blocking Beeper, it's their system. It's interesting to watch, but the DOJ has no reason to get involved here, it hasn't even been made a legal issue yet.

If Apple feels it's a legal issue, they could start legal proceedings. My question is why they haven't.

[–] btmoo 2 points 11 months ago (1 children)

Thanks for the links! I enjoyed reading about how iMessage is built on top of APN. That probably explains why I can reply to messages in arbitrary apps on my Apple Watch. :-)

However, that doesn't change my argument. Beeper is not a trusted party in this exchange. When they show my messages to their users, they are decrypting my messages and user activity in a way that is outside my zone of trust. They can then be nice and show it to their users in their app, or they can be nefarious and send that data to any other 3rd party for whatever purposes they want.

This is a major security hole at the application layer, despite the network layer security that you've linked to.

[–] [email protected] 3 points 11 months ago

One of the parties has to trust the endpoint. People can screenshot or forward you messages to other people unbeknownst to you, but you have to trust the other person not to do so, how is that any different from trusting another person that they choose a safe app?