9 points

This sounds like The Onion, ridiculous.

permalink
report
reply
179 points

They’ve stated that they are using Mac minis as relays. They claim that they do not store messages or credentials, but I don’t see how that’s possible if it relies on a Mac or iOS relay server that they control.

permalink
report
reply
112 points
*

deleted

permalink
report
parent
reply
19 points

They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.

That would likely still give them a capability to MitM but it’s plausible that they couldn’t passively intercept the messages.

permalink
report
parent
reply
1 point
*

deleted

permalink
report
parent
reply
6 points

They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.

They’d need to control the app on both phones in order to control what it’s encrypting/decrypting. Their system only works because they’ve got a device in the middle separately decrypting/re-encrypting each message. Google’s Messages app can’t read iMessages; Apple’s Messages app can’t read Google’s proprietary encrypted RCS messages.

Of course if you want universally cross-platform messaging, complete with full-resolution photos and available with end-to-end encryption, there’s this crazy new technology called “email.” I feel like there’s a missed opportunity for making setting up S/MIME easier.

permalink
report
parent
reply
12 points
*

deleted

permalink
report
parent
reply
10 points

You give them the credentials for your Apple account. The security concept is “trust me bro” and that’s really the best they can do unless Apple helps them (which they have no reason to)

permalink
report
parent
reply

If it’s anything like Beeper 's Matrix bridge then it’s E2EE Matrix encrypted between your device and the bridge server and then using Apple’s iMessage encryption between the bridge server and Apple/the other user.

The weak point is always going to be the bridge software as by necessity the message must be decrypted there to re-encrypt for iMessage.

At least in Beeper/Matrix the bridge software is open source and one can host their own bridge while continuing to use the existing Beeper/Matrix main server.

Doing so gives you no-trust security since the Beeper/Matrix host cannot decrypt the messages between you and the bridge you control and rubbing your own bridge eliminates that weak point.

permalink
report
parent
reply
76 points

I predict one of two outcomes once Apple becomes aware of this. Either they’ll modify the iMessage protocol to break Nothing Phones compatibility, or they’ll sue Nothing Phone for violating some kind of IP law. Apple absolutely wants to maintain their walled garden and letting a non-Apple product transparently interact on equal footing with Apple products runs counter to that.

permalink
report
reply
1 point
*

The messaging is provided by a third party who is dedicated to working on their iMessage compatibility. Apple has no reason to stop this because this is a good move for them in the larger battle between mobile messaging standards.

Google owns Jibe, the company behind RCS messaging found on all Android phones and an emerging, competent product from the only game in town that can compete with Apple. Google has decided to take this to the government level and push for a unified phone messaging standard, normally a good thing, but proposed their own RCS solution. The one they own and whose servers Google scrapes for user info.

Apple is pushing iMessage as a protest against Google and their inevitable lawsuit to conform with RCS adoption. Android may win unless Apple shows it has parity and provides a non-legislative option: if enough people use iMessage then governments don’t have to make any laws or enforce changes. The company Nothing is using iMessage, which helps Apple prove there is both a significant user base, which would cause a burden on Apple and it’s customers to change, and there is no monopoly on iMessage or messaging in general. So if enough people use iMessage, Apple sees it as a good thing.

permalink
report
parent
reply
27 points

RCS is not a Google product, see https://en.m.wikipedia.org/wiki/GSMA

Apple has been pushing iMessage for quite some time, but they want to keep it just to their platform and have made no attempt to make it open to other users. That’s Apples way and it’s not as a “protest” to Google lol

That’s like saying they made the lightning port as a protest to USB standards, nah they just want their proprietary shit.

permalink
report
parent
reply
5 points
*

Apple’s ideology behind not expanding iMessage to other platforms has been - at least in part - due to the security of the iMessage platform and how it authorizes senders and recipients (like many encrypted services on Apple devices, tokens are encrypted/decrypted in the Secure Enclave on the SoC). Apparently, Apple has low confidence in the diaspora of Android devices and just decided to forget even trying to create a client for Android it could tie down to hardware authentication due to not having a reliable hardware base. This was many years ago.

I don’t know if this is still true or even necessary today, or if they’ve even bothered to explore it recently, but that’s Apple’s main issue. Sure, it also benefits them in other ways such as driving users to their platforms, but this is their main issue.

permalink
report
parent
reply
1 point

That’s like saying they made the lightning port as a protest to USB standards, nah they just want their proprietary shit.

They wanted a new, compact, durable, reversible plug for their mobile devices. There was no industry-standard option that met their requirements, so they made their own. If USB-C had existed at the time, they would have used it (though as a physical connector, Lightning is still just plain better).

permalink
report
parent
reply
10 points

Google’s RCS service is unique in that it is not telecom based. I would advise looking at the RCS Wikipedia article here.

permalink
report
parent
reply
0 points
*
Deleted by creator
permalink
report
parent
reply
27 points
*

Outcome 3: they buy whatever company is responsible for creating this compatibility layer, slowly integrate it so they can skate past several international regulations/lawsuits trying to open iMessage, and declare victory.

permalink
report
parent
reply
13 points

Why would they buy a company that is using a workaround when they could just make an iMessage app for android

permalink
report
parent
reply
22 points

Because that’s not their goal, they absolutely don’t want iMessage to work on Android, at least not without severe limitations. They want Android to look like a second class citizen. If they bought the intermediary company it would be with the intent of strangling it not expanding it. They’ll just slow walk the murder so that regulators don’t take too much notice.

permalink
report
parent
reply
3 points

For one: it helps them avoid any adjudication that would force them to do just that while avoiding admitting they have the ability to.

permalink
report
parent
reply

Nah, Apple doesn’t care.

These bridges like the ones found in Beeper/Matrix require a Mac server to perform the handshake with Apple’s.

As long as these servers require Apple hardware to function Apple is making money.

It’s roughly equivalent to running iMessage on your Mac at home and making an Android/PC app that remotely sends/receives messages to/from that iMessage app on your Mac.

permalink
report
parent
reply
4 points

Nah, if it gets big enough, Apple will care. They literally said (based on court document) that iMessage on Android is a horrible idea because it’ll make it easier for people to switch platform.

permalink
report
parent
reply
4 points

Nice one, not sure why it’s geo restricted to the US, Canada, and Europe though, unless that’s a limitation of the bridge software they’re using. Could be a pretty neat selling point for a small subset of users, but I don’t think it’ll make people reconsider which Android they choose to upgrade to.

Also nice to see e2ee RCS implemented outside of Samsung and Google’s apps.

For anyone looking at alternatives, there’s AirMessage (if you have a mac, real or virtualized), and Beeper (not free, in any sense of the word, but supports even more messengers)

permalink
report
reply
4 points

Its not really a problem being restricted to the US and Canada since they are the only countries having that ‘problem’. No one uses iMessage outside of the US.

permalink
report
parent
reply
28 points
*

Sunbird is closed source so you just have to take their word for it when they say they don’t store messages or credentials. How the fuck could you know if they’re lying or not? You can’t because it’s closed source.

As much as I have issues with the similar Beeper, at least Beeper is open sourcing their bridges.

permalink
report
reply
13 points

They host their iMessage related shit the exact same way, so the amount of trust in the service is basically identical, at 0

permalink
report
parent
reply
20 points

Just read through their faq

Some of the messaging community believes that software that is open source is more secure. It is our view that it is not.

That’s a nope from me.

permalink
report
parent
reply
7 points

Yeah okay at first I thought “closed source isn’t necessarily a problem as long as there’s a good reason”.

But nope. That’s the worst reason.

permalink
report
parent
reply
5 points

That statement is pretty stupid in general. But for server side software, open source doesn’t help much. Even if you can look at the source, you still need to trust them that that’s what they are running on their servers.

permalink
report
parent
reply
6 points

I think there is levels of trust.

I am often able to reach of level of trust to believe a company is not straight up lying about the code they are running on their servers.

I am not often able to reach a level of trust to believe a “trust me bro” from a company (especially if that statement is not qualified in a meaningful way).

permalink
report
parent
reply
1 point

Open source is important for services with end-to-end encryption, because you can make sure the client actually encrypts the outgoing data, is not sending your private key somewhere, and won’t break that security at some point in the future.

Of course this particular service cannot even have end to end encryption in the first place.

permalink
report
parent
reply
1 point

Doesn’t help much in terms of privacy. But still is very important. https://www.gnu.org/philosophy/who-does-that-server-really-serve.html

For a bank or any system you would not have control over anyway, it does not have to be open, only the client software you run on your computer should be. But messaging, document editing (like Google Docs), etc. are personal tasks that could be done via a local program, so a remote program should be give you freedom from it’s provider.

permalink
report
parent
reply
1 point

In other words: “Some of the messaging community believes that software that can be controled by the user and is clear how it works is doing what the user wants it to. It is our view that it is not.”

They are just like the rest of big companies. Remember when Facebook was a privacy respecting and friendly alternative for MySpace? Or Apple for IBM? Or Google for other search engines?

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 16K

    Monthly active users

  • 12K

    Posts

  • 557K

    Comments