How? It’s not a MitM or anything like that, it’s connecting exactly how an Apple device would connect. Everything is still E2EE, just one of the ends can now be an Android device.
So is having unencrypted messages with all non-iOS devices with no real solution in sight. Security is obviously not their concern here, it’s vendor lock in.
SMS doesn’t support encryption, nor is Apple preventing you from downloading any number of encrypted chat apps that work cross platform.
If google didn’t release a new chat app every 6 months we might have a more widespread standard in the US already - and yes RCS is coming to the iPhone next year.
Funny how you twist this from defending Apple to blaming Google, the irony is palpable.
Make up your mind.
No one has to use Google’s apps either.
I despise SMS, have for years, since I could first run a real messenger on my phone. I’ve used XMPP on Android since 2010, and it worked with most every XMPP-based messenger system.
There’s no reason we’re here except end users can’t be bothered to use something if it takes any effort. I have a friend (a millenial, who grew up with tech) who bitches about SMS failures and shitty attachments constantly, but refuses to use any other messenger, doesn’t want to have to “figure out” how to message someone. 🤦♂️ I’m so tired of hearing this excuse. It’s laziness, full stop. Do we struggle to figure out how to phone someone, or send an email (which address?)? Plain old childish laziness. For older folks it’s a different story, but anyone under 40, yea, no, I’m calling bullshit. And I’m in that well-past-40 group.
I use whatever system I can have in common with people, with some exceptions (no privacy-antagonistic garbage like WhatsApp, FB Messenger, Snapchat, etc, and nothing immature like RCS).
Yeah, it’s weird how consumer expectations have shaped up in a way that if there is a solution, it has to come from some gigacorp. Having a third party innovate is so against the reality of US big business that if it isn’t Apple doing it, it must be Google, and interoperability itself does not mean an open standard, just interoperability between Apple and Google.
Apple isn’t adopting RCS with encryption, and having iMessage as the default messaging app without any way to allow cross platform E2E encryption is a decision they’ve made.
As far as Google releasing a new chat app is concerned that’s on them. But RCS has existed since 2008 and was included as a feature in Android 5.0 Lollipop all the way back in 2014.
Encryption extension on RCS is a non-standard addon to RCS which is not part of the standard. RCS on Android in general is also run through google servers and Jibe, and isn’t exactly an open standard to begin with.
Apple isn’t preventing cross platform encryption at all, every popular messenger (even Signal) is available in the App Store.
Businesses are naturally anticompetitive. It may or may not violate antitrust law. The two main categories are collusion with competitors to prevent new competition, or if they seek to gain or maintain a monopoly via shady methods (just a monopoly itself isn’t illegal though). I doubt if Apple conspired with Google here and it would be a stretch to say they have a monopoly, so it seems like a pointless case to me.
Reverse engineering it is not, sure. And Beeper could do that and run their own messaging service with their own infrastructure running their reverse engineered version.
Ah, common misconception - hacking an API != creating a compatible program. ( reverse engineering)
Imagine a drill company has a special shape for its bits.
Our law allows someone else to either… make bits that can fit in that shape
OR make their own drill that can accept those bits.
“BUT they copied!” - it doesn’t have to be a copy to be compatible, and they don’t even have to use the ‘special shape’ just be able to work with the special shape. The law does not allow for protections around that. Doing so would be by definition anti-competitive. Our anti competition laws or rather our IP protection laws are not intended in any way to ‘ensure a monopoly’. The IP laws give a person a right to either keep something they do secret OR share that knowledge with the world so we all benefit, in exchange for a very limited monopoly.
Practically speaking, If I got the KFC Colonel to give me the list of 11 herbs and spices in a Poker game, and then started making my own delicious poultry that is totally cool. Likewise, If I figured out that all that was inside a Threadripper was blue smoke and started making my own blue smoke chips, the law is ok with that.
In this case roughly, Having a public facing endpoint. And then saying that the public can access that endpoint is cool
Saying that only the public using the code I alone gave them – well… that’s not been litigated a lot, but all signs point to no.
It’s like Bing saying its for Safari only, and suing people who accessed it using Chrome. It is a logical claim, but the law does not provide that kind of protection/enforcement.
tl;dr these concepts are old but being newly applied to fancy technology. The laws in place are clear in most cases. A car maker can not dictate what you put in the tank. FedEX and UPS can’t charge you differently for shipping fiction books or medical journals or self published stories. And they’d probably get anti-trust scrutiny they even told you what brand/style of boxes you had to use.
That counts as unauthorized access in the eyes of the law. It’s a private system and they did not have any agreements permitting them to use it as they wanted.
Quite literally the text of the Computer Fraud and Abuse act. Unauthorized access of computer systems can get you 20-years at club fed. Seems like some of these people need a history lesson.
I don’t know laws in the US but my limited understanding in the case of Beeper is that its users are the ones that grant themselves unauthorized access to the Apple servers. Beeper is a tool that packages pypush to accomplish it. So Apple should sue all the Beeper users?
As an example, there are tons of tools to exploit vulnerable systems in Linux. Metasploit is a penetration testing software and can execute exploits on old unpatched systems. I don’t think anyone is suing Metasploit developers for Computer Fraud and Abuse aCt. The users who use it are responsible for the access of unauthorized services and broken ToS.
If Apple thinks Beeper users are exploiting its servers, they should patch them (which they did).
Beeper did try to monetize it, so i’m not sure how it fairs but Beeper is not forcing anyone to gain unauthorized access. Beeper even welcomed Apple to audit Beeper mini code.
And I’m sure Beeper has a legal team that analyzed these scenarios better than anyone of us. And Apple has sued companies for less. They’d have done it the moment the app landed on appstore. They could have crushed it before gaining any attention.
Again, I have no idea how legal it is. I have both Apple and android devices and never use iMessage. But you gotta hand it to Beeper devs. That’s some old school hacker shit and I’m here for it.
These are separate issues and it’s a very complex set of issues. Reverse engineering is generally “okay” as long as you aren’t directly copying code, because you’ll run afoul of copyright laws. That doesn’t grant them the rights to access anyone else’s computer systems without authorization.
Tools that can be used maliciously are generally allowed because they have legitimate uses, using them to gain access or otherwise harm a computer system or network without authorization is criminal. You keep mentioning “suing” but this is not a civil issue, violating the CFAA is a crime.
Aaron Swartz got supremely fucked for writing a script that downloaded files he legally could access but technically was unauthorized because he accessed them in a way the corporation didn’t like.
I don’t think you see the difference, Aaron was downloading the data off of MIT servers himself, he was not facing charges for writing the scripts.
From your link:
The Justice Department’s press release announcing Aaron’s indictment suggests the true motivation for pursuing the case was that Aaron downloaded academic literature from JSTOR and planned to make it available to the public for free as a political statement about access to knowledge.
.
Tools that can be used maliciously are generally allowed because they have legitimate uses, using them to gain access or otherwise harm a computer system or network without authorization is criminal.
As I said before, Beeper users are gaining unauthorized access, not Beeper. It is E2EE, they’re not the middleman.
Genuinely curious, what’s the law against reverse engineering an API? I can maybe see the argument for charging for the service, but beeper mini is planning to integrate other services as well so I don’t know if that’ll really hold water.
They can reverse engineer it and run it as their own service with their own infrastructure. But that doesn’t mean they can then start accessing Apple’s implementation and using Apple’s resources without permission.
If they function identically to a normal client though what’s the issue? As an example Google indexes pages all over the web without the explicit permission of those websites, that requires them to read the page and make requests to someone else’s infrastructure.
The websites in question getting crawled and indexed are generally open and available for anyone to browse. There are parts of the web that are gated off and require authentication and authorization to access. Imagine now that Google found a way to authenticate as you with your bank’s website and index your online banking portal. (It’s not a perfect analogy to what’s happening with Beeper, but I’m just using the one you laid out.)
In a similar way, iMessage as a service requires authentication and authorization to use. It is not open for anyone to use. Beeper is doing something to spoof or otherwise fool Apple into giving the client access. This is the part that’s illegal. And potentially not just “file a lawsuit” illegal but criminally so.
It doesn’t really matter why Apple doesn’t want Beeper or anyone else to use it. The fact that they simply don’t is all that matters.
What do you think an API is? They have reverse engineered the iMessage API and are using that to connect to the iMessage servers. It is literally impossible to do as you suggest (use entirely their own resources) because iMessage is centralized and cannot federate with any other server, even if one did exist.
and are using that to connect to the iMessage servers.
This is not allowed because Apple doesn’t want to allow it. They own the infrastructure serving the API, they get to determine who is authorized to use it. They can block whoever they want. And technically speaking, using it in an unauthorized manner could even rise to the level of a criminal violation of the CFAA.
It is literally impossible to do as you suggest (use entirely their own resources) because iMessage is centralized and cannot federate with any other server, even if one did exist.
Partially correct. It is not impossible to do as I suggested, because I never suggested that they should have interoperability with iMessage.
They didn’t, someone made an App to interface with it. Trying to shut that down is anti-competitive.
It’s also a huge security hole
How? It’s not a MitM or anything like that, it’s connecting exactly how an Apple device would connect. Everything is still E2EE, just one of the ends can now be an Android device.
So is having unencrypted messages with all non-iOS devices with no real solution in sight. Security is obviously not their concern here, it’s vendor lock in.
SMS doesn’t support encryption, nor is Apple preventing you from downloading any number of encrypted chat apps that work cross platform.
If google didn’t release a new chat app every 6 months we might have a more widespread standard in the US already - and yes RCS is coming to the iPhone next year.
Funny how you twist this from defending Apple to blaming Google, the irony is palpable.
Make up your mind.
No one has to use Google’s apps either.
I despise SMS, have for years, since I could first run a real messenger on my phone. I’ve used XMPP on Android since 2010, and it worked with most every XMPP-based messenger system.
There’s no reason we’re here except end users can’t be bothered to use something if it takes any effort. I have a friend (a millenial, who grew up with tech) who bitches about SMS failures and shitty attachments constantly, but refuses to use any other messenger, doesn’t want to have to “figure out” how to message someone. 🤦♂️ I’m so tired of hearing this excuse. It’s laziness, full stop. Do we struggle to figure out how to phone someone, or send an email (which address?)? Plain old childish laziness. For older folks it’s a different story, but anyone under 40, yea, no, I’m calling bullshit. And I’m in that well-past-40 group.
I use whatever system I can have in common with people, with some exceptions (no privacy-antagonistic garbage like WhatsApp, FB Messenger, Snapchat, etc, and nothing immature like RCS).
Yeah, it’s weird how consumer expectations have shaped up in a way that if there is a solution, it has to come from some gigacorp. Having a third party innovate is so against the reality of US big business that if it isn’t Apple doing it, it must be Google, and interoperability itself does not mean an open standard, just interoperability between Apple and Google.
Apple isn’t adopting RCS with encryption, and having iMessage as the default messaging app without any way to allow cross platform E2E encryption is a decision they’ve made.
As far as Google releasing a new chat app is concerned that’s on them. But RCS has existed since 2008 and was included as a feature in Android 5.0 Lollipop all the way back in 2014.
Encryption extension on RCS is a non-standard addon to RCS which is not part of the standard. RCS on Android in general is also run through google servers and Jibe, and isn’t exactly an open standard to begin with.
Apple isn’t preventing cross platform encryption at all, every popular messenger (even Signal) is available in the App Store.
Businesses are naturally anticompetitive. It may or may not violate antitrust law. The two main categories are collusion with competitors to prevent new competition, or if they seek to gain or maintain a monopoly via shady methods (just a monopoly itself isn’t illegal though). I doubt if Apple conspired with Google here and it would be a stretch to say they have a monopoly, so it seems like a pointless case to me.
It’s not a public API. Hacking someone’s private API is already against law - charging $$ for it moreso.
Reverse engineering an API is not illegal
Reverse engineering it is not, sure. And Beeper could do that and run their own messaging service with their own infrastructure running their reverse engineered version.
And that’s what they’re doing.
Ah, common misconception - hacking an API != creating a compatible program. ( reverse engineering)
Imagine a drill company has a special shape for its bits. Our law allows someone else to either… make bits that can fit in that shape OR make their own drill that can accept those bits.
“BUT they copied!” - it doesn’t have to be a copy to be compatible, and they don’t even have to use the ‘special shape’ just be able to work with the special shape. The law does not allow for protections around that. Doing so would be by definition anti-competitive. Our anti competition laws or rather our IP protection laws are not intended in any way to ‘ensure a monopoly’. The IP laws give a person a right to either keep something they do secret OR share that knowledge with the world so we all benefit, in exchange for a very limited monopoly.
Practically speaking, If I got the KFC Colonel to give me the list of 11 herbs and spices in a Poker game, and then started making my own delicious poultry that is totally cool. Likewise, If I figured out that all that was inside a Threadripper was blue smoke and started making my own blue smoke chips, the law is ok with that.
In this case roughly, Having a public facing endpoint. And then saying that the public can access that endpoint is cool Saying that only the public using the code I alone gave them – well… that’s not been litigated a lot, but all signs point to no.
It’s like Bing saying its for Safari only, and suing people who accessed it using Chrome. It is a logical claim, but the law does not provide that kind of protection/enforcement.
tl;dr these concepts are old but being newly applied to fancy technology. The laws in place are clear in most cases. A car maker can not dictate what you put in the tank. FedEX and UPS can’t charge you differently for shipping fiction books or medical journals or self published stories. And they’d probably get anti-trust scrutiny they even told you what brand/style of boxes you had to use.
They didn’t hack it, they spoofed a device, they just tricked the systems around the api
That counts as unauthorized access in the eyes of the law. It’s a private system and they did not have any agreements permitting them to use it as they wanted.
Quite literally the text of the Computer Fraud and Abuse act. Unauthorized access of computer systems can get you 20-years at club fed. Seems like some of these people need a history lesson.
Apple reverse-engineered Office to release iWork. So Apple isn’t new to reverse-engineering others proprietary shit when it benefits them. something, something, history lesson, hmm…
I don’t know laws in the US but my limited understanding in the case of Beeper is that its users are the ones that grant themselves unauthorized access to the Apple servers. Beeper is a tool that packages pypush to accomplish it. So Apple should sue all the Beeper users?
As an example, there are tons of tools to exploit vulnerable systems in Linux. Metasploit is a penetration testing software and can execute exploits on old unpatched systems. I don’t think anyone is suing Metasploit developers for Computer Fraud and Abuse aCt. The users who use it are responsible for the access of unauthorized services and broken ToS.
If Apple thinks Beeper users are exploiting its servers, they should patch them (which they did).
Beeper did try to monetize it, so i’m not sure how it fairs but Beeper is not forcing anyone to gain unauthorized access. Beeper even welcomed Apple to audit Beeper mini code.
And I’m sure Beeper has a legal team that analyzed these scenarios better than anyone of us. And Apple has sued companies for less. They’d have done it the moment the app landed on appstore. They could have crushed it before gaining any attention.
Again, I have no idea how legal it is. I have both Apple and android devices and never use iMessage. But you gotta hand it to Beeper devs. That’s some old school hacker shit and I’m here for it.
I guess we’ll have to wait and see.
These are separate issues and it’s a very complex set of issues. Reverse engineering is generally “okay” as long as you aren’t directly copying code, because you’ll run afoul of copyright laws. That doesn’t grant them the rights to access anyone else’s computer systems without authorization.
Tools that can be used maliciously are generally allowed because they have legitimate uses, using them to gain access or otherwise harm a computer system or network without authorization is criminal. You keep mentioning “suing” but this is not a civil issue, violating the CFAA is a crime.
Aaron Swartz got supremely fucked for writing a script that downloaded files he legally could access but technically was unauthorized because he accessed them in a way the corporation didn’t like.
I don’t think you see the difference, Aaron was downloading the data off of MIT servers himself, he was not facing charges for writing the scripts.
From your link:
.
As I said before, Beeper users are gaining unauthorized access, not Beeper. It is E2EE, they’re not the middleman.
What this guy said https://lemmy.world/comment/6119756
Genuinely curious, what’s the law against reverse engineering an API? I can maybe see the argument for charging for the service, but beeper mini is planning to integrate other services as well so I don’t know if that’ll really hold water.
They can reverse engineer it and run it as their own service with their own infrastructure. But that doesn’t mean they can then start accessing Apple’s implementation and using Apple’s resources without permission.
If they function identically to a normal client though what’s the issue? As an example Google indexes pages all over the web without the explicit permission of those websites, that requires them to read the page and make requests to someone else’s infrastructure.
What part exactly here is illegal?
The websites in question getting crawled and indexed are generally open and available for anyone to browse. There are parts of the web that are gated off and require authentication and authorization to access. Imagine now that Google found a way to authenticate as you with your bank’s website and index your online banking portal. (It’s not a perfect analogy to what’s happening with Beeper, but I’m just using the one you laid out.)
In a similar way, iMessage as a service requires authentication and authorization to use. It is not open for anyone to use. Beeper is doing something to spoof or otherwise fool Apple into giving the client access. This is the part that’s illegal. And potentially not just “file a lawsuit” illegal but criminally so.
It doesn’t really matter why Apple doesn’t want Beeper or anyone else to use it. The fact that they simply don’t is all that matters.
What do you think an API is? They have reverse engineered the iMessage API and are using that to connect to the iMessage servers. It is literally impossible to do as you suggest (use entirely their own resources) because iMessage is centralized and cannot federate with any other server, even if one did exist.
They are saying they could run their own competing iMessage.
Of course that’s not Beeper’s goal. But in this conversation, that was the point being made.
Yes, this part is legal and fine.
This is not allowed because Apple doesn’t want to allow it. They own the infrastructure serving the API, they get to determine who is authorized to use it. They can block whoever they want. And technically speaking, using it in an unauthorized manner could even rise to the level of a criminal violation of the CFAA.
Partially correct. It is not impossible to do as I suggested, because I never suggested that they should have interoperability with iMessage.
deleted by creator