Do you really consider Apple's control over a proprietary protocol which they invented and maintain to be comparable to a scenario in which Apple "sends a man" to take "your fire extinguisher […] from your house"?
I've re-written this comment five or six times in an attempt to find the most charitable interpretation, but I just cannot comprehend how it made it through your filter and out onto the internet.
It's not a super serious comment, it's more about how ridiculous the tone of "We are doing this for YOUR protection" would be.
On a more serious note though, in the end Apple absolutely has the power of increasing everyone's capability and security by doing something like setting up a playbook of how iMessage could just use Signal protocol and how other actors could join in, or really anything else but doing this.
> It's not a super serious comment, it's more about how ridiculous the tone of "We are doing this for YOUR protection" would be.
Right now I can presume a basic level of device security across all iMessage threads I have. Beeper deranges that: E2EE is still there, but Beeper exposes my correspondence to device security weaknesses from other OEMs, malware, keyloggers, screen scrapers, etc. as a result of lax app marketplace security & privacy.
It seems to me to be entirely disingenuous to suggest that Beeper increases security: in fact, the opposite is true.
> in the end Apple absolutely has the power of increasing everyone's capability and security by doing something like setting up a playbook of how iMessage could just use Signal protocol and how other actors could join in, or really anything else but doing this.
I don't see why any company should be denigrated for not helping the users of another competing platform, particularly when doing so likely comes at the cost of increasing the risk to its own users.
> a basic level of device security across all iMessage threads I have
Is that really true though? Jailbroken phones, iMessage may still work. Any device security gets thrown out the window.
You also can't expect everyone to have an Apple device for security, which we've seen time and time again SS7 being weak - So is the requirement to remove SS7, for everyone to jump on the Apple train?
I see Beeper as doing Apple a service, not so much a competing platform, but a gateway to the iMessage ecosystem - 'Hey, this would be pretty cool to use without this app and have it native' vs the 'Only Apple devices can use this.'
> Apple closes exploits which allow jailbreaking, precludes it in the EULA. What more would you have them do?
Preventing jailbreaking is not a good thing, in part since that's what allows us to check on what Apple is doing on the device, in regards to privacy, security and e2e encryption. If nobody can check, do you suppose we just accept their statements about the device as fact?
The whole underlying point is that Apple will do anything to virtue signal when in reality they are making a decision on improving their profit regardless if it decreases security of its customers and other people. It is undeniable and silly to argue against.
> they are making a decision on improving their profit
Speculative, and "improving their profit" is clumsy enough vocabulary that it's a red flag on continuing to discuss this with you.
> regardless if it decreases security of its customers and other people
The plurality of countervailing perspectives in this thread – which you have failed to address or refute, as far as I can tell – ought to indicate to you that it is arguable that Apple's decision in this case increases security of its customers.
You know, one doesn't really even need to read the whole of your comment to know your way of "debating" is dead in the water. Take the argument as a whole. "Isolating" parts of it just makes you look like you're debating for flat earth or the like lol. "Red flag" rofl grammar police
My point stays exactly the same. You haven't said anything real against it.
In addition to explicitly prohibiting it as a violation of the iPhone EULA, Apple goes to extraordinary lengths to close the exploits which allow jailbreaking. Apple doesn't just block iMessage on rooted phones, it tries to prevent jailbreaking outright.
If more users are sending encrypted messages over APNS instead of SMS (remember, SMS is effectively unencrypted plaintext), that sounds like the definition of "more security".
Hmmming and hawing over "OEMs... and ...lax app marketplace security" seems like quite a high bar to hold, a bar so high it ceases to be useful. Remember, iPhone users can disable passwords on their iPhone entirely; if that's not something you ever worry about, then worrying about a minority of OEM's seems like mere pretext to keep your comfy walled garden all to yourself.
> comes at the cost of increasing the risk to its own users.
iMessage using SMS to communicate with Android devices increases the risk to iOS users. Apple customers are still Apple customers when they communicate with Android users.
Every risk you describe is still present in the current implementation of iMessage when communicating with Android users, except the risks are much greater because SMS is much easier to exploit and intercept than an E2EE protocol would be.
A message platform that forces Apple users to use an insecure protocol when communicating with Android users decreases the security and privacy of Apple users.
So even an imperfect implementation of real E2EE between Apple and Android users, even with all the risks you describe above, is still an improvement in security over what we have right now: a situation where Apple forces iMessage users to use to what is quite possibly the least secure communication method possible when communicating with their friends and family in different ecosystems.
It's not necessarily about helping the users of another competing platform, Apple users who are using normal iPhones are sending unencrypted and unsecured messages to their friends and family members because Apple is more interested in vendor lock-in than it is interested in making sure that its customers are able to communicate securely with their contacts.
The idea that Apple users would suddenly stop caring about security or that they wouldn't want their conversations encrypted just because they're talking to someone else who's on an Android device is very strange to me -- it suggests that Apple is willing to sacrifice security for paying iOS users just to keep Android users from seeing any of the benefits of those security improvements.
Yes, there may exist reasons to distinguish between locked down vendor-controlled devices where users do not have the autonomy to change device settings that could damage encryption, and devices where users do have that autonomy. I understand that concern, even if I think it's usually disengenous. But there is really no reason and no excuse (especially now that we know how easy it would be for Apple to take its encryption multiple-platform) for going beyond distinguishing between those devices, and going so far as to actively drop all security measures and all encryption from those conversations. It's like saying that because a window can be broken we might as well take the door off of its hinges and put up a "burglars welcome" sign -- and, incredibly, it's claiming that anyone who tries to replace the door without permission is somehow decreasing security. Apple doesn't just distinguish between controlled and uncontrolled environments, it removes the door entirely by dropping its users into a messaging format with no end-to-end encryption at all. It's a bad policy that hurts Apple users and decreases their safety.
Yes, it does. RCS without E2E is following the SMS model and putting your telco in charge. It uses transport encryption but that is basically meaningless when every relay sees the entire contents of the message.
RCS uses transport encryption and I honestly have no idea if it uses cert pinning or server certs or the like. The bigger concern to me is that it puts your telco in charge, just like the old days of SMS. Without E2E they get to see all of the contents of messages and to share it with whoever they deem they want to share it with, which history has shown is too many people. Telcos were very willing partners in the development of RCS for a reason. And there's a reason the base spec doesn't include E2E. Telcos want a return to the good old days.
SMS is insecure and no one should use it. RCS isn't that much better and history is a lesson that it returns to a partner that isn't trustworthy.
Yeah anything that's not E2E encrypted is pretty useless for privacy/security these days. Might as well just use DMs on reddit, twitter, etc if you don't care about E2E
Aren't most protocols proprietary? Every app builds their own on top of standard protocols like HTTP, TLS, and IP. Not all services are hostile to third party clients though
well, there's proprietary in the sense of "not a standard" and proprietary in the sense of "no one else can make software that uses this protocol". the latter is very weird if you think about it.
Eh not really that weird. Consider how Microsoft repeatedly reverse engineered AOL for compatibility reasons and AOL actively blocked their efforts with every update: https://youtu.be/w-7PjunSxLU
Stuff like this happens all the time and the internet has always been like this. I'm sure older users will remember even older examples
I've re-written this comment five or six times in an attempt to find the most charitable interpretation, but I just cannot comprehend how it made it through your filter and out onto the internet.