They’ve stated that they are using Mac minis as relays. They claim that they do not store messages or credentials, but I don’t see how that’s possible if it relies on a Mac or iOS relay server that they control.
deleted by creator
They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.
That would likely still give them a capability to MitM but it’s plausible that they couldn’t passively intercept the messages.
deleted by creator
Absolutely. The iMessage network isn’t some unknowable beast, it “just” requires an Apple device be involved and activated to work. In order to spoof that far, you’d essentially need to emulate quite a bit on device.
deleted by creator
You give them the credentials for your Apple account. The security concept is “trust me bro” and that’s really the best they can do unless Apple helps them (which they have no reason to)
“Trust me bro” is always the security concept of any service where you don’t control the client - that includes regular iMessage (you have to trust Apple) and Google’s RCS (you have to trust Google). They can always instruct or update the client apps on people’s phones to start doing something they weren’t previously doing.
That being said, I would not trust some random sketchy company with something so important. Even if you trust their intentions, you cannot trust their competence in preventing breaches. Stuff gets hacked and leaked all the time.
They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.
They’d need to control the app on both phones in order to control what it’s encrypting/decrypting. Their system only works because they’ve got a device in the middle separately decrypting/re-encrypting each message. Google’s Messages app can’t read iMessages; Apple’s Messages app can’t read Google’s proprietary encrypted RCS messages.
Of course if you want universally cross-platform messaging, complete with full-resolution photos and available with end-to-end encryption, there’s this crazy new technology called “email.” I feel like there’s a missed opportunity for making setting up S/MIME easier.
deleted
If it’s anything like Beeper 's Matrix bridge then it’s E2EE Matrix encrypted between your device and the bridge server and then using Apple’s iMessage encryption between the bridge server and Apple/the other user.
The weak point is always going to be the bridge software as by necessity the message must be decrypted there to re-encrypt for iMessage.
At least in Beeper/Matrix the bridge software is open source and one can host their own bridge while continuing to use the existing Beeper/Matrix main server.
Doing so gives you no-trust security since the Beeper/Matrix host cannot decrypt the messages between you and the bridge you control and rubbing your own bridge eliminates that weak point.
They use a Mac mini somewhere to route these messages. So you’re logging into that Mac mini with your iCloud credentials. Sounds like a privacy/security nightmare and creepy as fuck.
It seems like all efforts to “bridge” imessage to anything outside apple software work this way - there’s a Matrix bridge and a dedicated open source app and they both rely on the imessage client on a mac. Is there a legitimate reason for it not being reverse-engineered yet?
Is there a legitimate reason for it not being reverse-engineered yet?
The actual protocol isn’t a secret. It’s that the authentication of the device relies on a hardware key, and that key is fully locked down by Apple (as it also secures the user’s biometric logins, keyring, financial information in Apple Wallet, etc.).
If it relies on a hardware key then why is it that I can get the same setup working with a macos virtual machine?
Using [BlueBubbles] (https://bluebubbles.app/) for anyone wondering.
More likely just a Linux VM
iMessage only runs on Apple products
…or a virtualized Apple product on a Linux machine. iMessage doesn’t know the difference.
Solving the “blue bubble” problem is easy. Stop giving a fuck about what iPhone users care about.
Or Apple can stop being a bitch and just change the hex code.
They want iPhone users to have want they want and need when switching to Android. I think it’s not a bad idea. Personally, I find MMS to be horrible. Not because of lack of features but because it is different for everybody in one group chat. The messages become out of order, things don’t send but say they do, etc. iMessage isn’t the best solution, but if I’m being kicked out of group chats because I’m that one person making it MMS, then I’m all for iMessage on Android.
I am wondering if there is any other alternative to SMS and MMS that works on all mobile & desktop platforms. Hmmm, let me think… Hmm… Probably not. 🙆
No. Just no. Apple does not get to unilaterally make new protocols for the world.
I’m an iPhone user and I don’t care about this. Not everyone who has an iPhone gives a shit about what phones other people use. Use whatever phone you want and whatever computer you want and whatever OS you want and stop giving a fuck about what other people use like it’s some sort of crime.
My problem with that is that a lot of them then insist on using an outdated standard that lacks encryption and high resolution media instead of just downloading something like WhatsApp, Signal, or Matrix.
The stupidest thing about this is cultural identification with the message apps “bubble” color.
Isn’t it the fact that there will be features missing if someone doesn’t have iMessage? I genuinely don’t think anybody would care if it were just the color of the bubble that was different and nothing else.
I think green bubbles (non iPhone) means it’s using SMS so it can cost people money to send messages, especially images which would be sent as MMS I guess.
I’m an Android user though so I don’t really know. Also I’m in Europe where nobody cares and just uses Signal, WhatsApp or Telegram.
it’s using SMS so it can cost people money to send messages
This is basically the historical and cultural reason why the US uses SMS and MMS: basically every phone plan has unlimited SMS before smartphones became popular, so any smartphone OS needed to seamlessly support it for adoption. Apple successfully bridged that SMS interface into a proprietary messaging protocol and app even while maintaining backwards compatibility with SMS and MMS, but not the new standard that came out after the iPhone.
The kids care. Even in Europe. My nephew and niece had to get iPhones, and soon my son will have to get one or be socially left out. It’s a serious crisis made by greedy corporations is what it really is.
Sounds like an opportunity to educate your kids, and by proxy, others.
Kid’s bubble-shaming is no different than any other stupid shit kids have always done.
Don’t feed into it.
And if you really want to have some fun, host something like the iMessage-Matrix bridge mentioned above, or other messaging apps. When your kid shows up as a blue bubble, but friends notice he’s on Android, they’ll be confused…another learning opportunity.
Kid’s bubble-shaming is no different than any other stupid shit kids have always done.
It’s called harassment.
Not one single person on this planet ever had to get an iPhone
Don’t do it man. Don’t let them get your son.
Yes. The iPhone to MMS connection has filesize limits that basically make sending video horribly compressed, and even still images are visibly limited in quality.
And then message reactions aren’t directly supported in MMS, so it becomes a clunky communications experience between iPhone and Android texting.
There’s also delivery confirmation, read receipts, and other indicators in an iMessage chat that aren’t supported in MMS.
The color of the bubble is a subtle UI indicator of what features are supported in the chat.
*exceptional 'murican identification with the blue bubble.
And the same enlightened kids who are so aware about discrimination and gender fluidity (which is good) are the ones discriminating against others because they don’t have an iPhone.
It’s a status symbol, sure… it may be stupid and primitive as a trophy around a caveman’s neck… but we are just wired like that.
Nothing special here.
deleted by creator
How is it not natural to want a status symbol? However I agree that companies abuse that to gain power and profit, I’m not questioning that.
It may be natural to want a status symbol (although that drive probably varies wildly between individuals), but I find it sad that having an iPhone is equated to status.
“Look at me in my expensive walled garden!”
Disclaimer: I also dislike Google’s business practices in different ways
I feel you. I dream of the day Linux phones become a thing, but they are not ready yet, although great progress is being made.
Only poor people think a smartphone is a sign of wealth
Only spoiled children would say something like that
Yet no single wealthy person would dare whip out an Android.
This is a figment of someones imagination and demonstrates the entire trope is backed by people with no intelligence, but lots of competitiveness.
Your statement is not correct. Bill Gates uses Android phones:
There are Android phones that are more expensive than the most expensive Apple phone you can get.
Samsung Fold is 2150€ for example.
Only the wealthy people who gained none of that wealth themselves.
It’s not at all, and only the most purile idiots would ever think that, and completely proves my point
RCS sucks ass. I have had more missed messages and fucked up communications due to it NOT USING SMS FALLBACK. other person isn’t available via IP? Then FUCK YOUR MESSAGE.
Want a different app? FUCK YOU
Wanna sort your messages, or filter them, or run an automation? FUCK. YOU.
I don’t blame apple for not implementing this shit.
Also, fuck bubble shaming
I haven’t used SMS for anything besides receiving auth codes and maybe sending some short info to a stranger (for example a contractor). But then again, I live in Europe.
SMS Is way more common I guess in the US because you can text anyone across the US, whereas before EU carriers may have charged more for intra-EU texts?
There are always four decisions at play - country of origin of sender and receiver, current location of sender and receiver.
Whenever you enter a different country, you gen an automated SMS informing you of the prices of SMS, MMS, outgoing and incoming price calls per minute.
Rule of thumb used to be - SMS receiving is always free, accepting a call with local SIM card is also free. All the other combinations are usually extra if you are currently in a different country than the SIM origin.
But, now that most of EU is either in Shengen or is a partial member with contracts (like Croatia with mobile internet), you either don’t pay as much or pay no extra at all.
But, yeah, that’s probably the reason SMS never really got off.
WhatsApp became popular (in the UK) around the time when SMS was free for most. It was a huge jump over SMS because:
- group chats
- read receipts
- worked on WiFi without a phone signal
- picture / video messages
- it was fast (or it certainly felt faster anyway)
From what I recall at the time, BBM was quite popular but WhatsApp won over in the end as it was cross platform. There was a big appetite to move away from SMS. WhatsApp wasn’t even free at the time, it had a small annual fee on Android or a one off installation fee on iOS and still gained popularity. It’s kind of surprising that the rest of the world seemed to make this jump at the same time but the US seems to be stuck on SMS.
Asia represent!
This is dumb. For two reasons:
- the fact that a messenging service locks users into an ecosystem.
- the fact that to use this an apple device is still used in the background. This means you log in with your apple id on a device that does not belong to you and that can possibly read all of your messages.
I think issue two is a great way to address issue one.
They have made a closed ecosystem to support their lack of innovation and address their declining sales.
But now people could be able to get into this system that otherwise wouldn’t and use it without giving apple any information, other than potentially putting actual customers messages and AppleIDs at risk.
Because the android forever people who this is for will not have anything important linked to their AppleID but the people they message likely will or at the very least now their communications are at risk given they go through a third party machine.
RCS is practically limited to android ecosystem. Many of the carriers are dependent on Google Jibe to support it.
No one except Google and approved manufacturers can make a RCS app.
It’s limited to Android because this is the only alternative to iPhone and iPhone doesn’t support it.
Many carriers rely on Google Jibe but not all of them, and they don’t have to.
That’s true and I agree that this also stupid. We should all go back to emails with pgp encryption. These are both open standards.
Honestly I’m typing this on a Nothing phone and if this appears on my phone instead of them actually fixing the many bugs I’ll be quite pissed.
Every update this phone gets worse both in bugs and battery life and the company seems more obsessed with things like beer, clothing lines and now imessage than actually trying to fix anything that’s actually important.
Wife’s Nothing(1) seems just fine. My only issue with the design is how it acts like an echo chamber for the haptic motor. It actually is quite noisy at the higher settings.
This really demonstrates how apple has its customers and competitors by the balls when it comes to messaging. This OEM is putting time and resources into developing an unauthorized iMessage app using banks of mac minis as servers and requiring users to grant them access to their iCloud account, a system that apple could “break” or sue out of existence on a whim. RCS isn’t the perfect solution, but it’s better than this.
Google wants everyone’s message data, that’s why their pushing it so aggressively.
RCS is technically an open standard. But in reality it completely depends on Google’s Jibe system to make it work for many carriers.
The recent anti competitive trials has shown Google is willing to pay apple billions for people’s internet activity to go through them. With Google currently pushing anti iMessage ads to shame apple into supports RCS, Google has most likely offered Apple a lot of money to use RCS. Apple has decided it’s not worth it.
Why apple isn’t supporting RCS is unknown. But it either user privacy or user retention to their ecosystem. Either way they don’t think more exposure to Google is good for their users. This ‘open’ standard is a joke. If it doesn’t make Google money soon, they kill it like all their previous messenger projects.
It’s not unknown, it’s clearly user retention. And it works in the US where they turned their users into salesmen pushing everyone to buy iPhones so they can use advanced features without having to install a free app.
RCS is e2ee…
User retention and RCS sucks. It has serious reliability issues.
RCS is far worse than this. It’s garbage, doesn’t work.
When I watched MKBHDs video on this, my first thought was whether or not we could selfhost a service like this. If I could run this through my own Mac mini server to my own / family’s phones, that would be great. I don’t think I’d ever feel comfortable logging into my iCloud account on some company’s server with just their pinky promise as a guarantee.
You can self host this already, most likely what nothing is doing https://github.com/mautrix/imessage
That is fascinating. Thanks for the link.
Well yeah it’s not. But it’s the first time something like this has been integrated onto an personal consumer device.
Teenagers today suffer unique threats to their health and wellbeing from technology. It may be super easy for you to say “who the fuck cares about the color” but that is far from the case for US teenagers. Willingly setting yourself apart from the group in high school is a precarious move in the best of circumstances.
And for the rest of us, this goes way beyond the color being used. The SMS/MMS fallback in iMessage offers a terrible experience for non-Apple users. Low quality media, inability to manage one’s own memeberships in groups, and no encryption. For those worried about the lack of e2ee: Android users participating in an iMessage conversation don’t have that today. You’re not losing anything from this solution.
Legal disclosures prove that Apple knowingly uses iMessage in an anticompetitive fashion. It’s a moat to keep people from switching away from iPhone. They are leveraging their position in the messaging market to shore up their restrictive phone products. I wish US antitrust enforcement was stronger in this area but until then, I hope Nothing has great success in breaking down this illegal barrier.
Really interesting how different the US is. Here in central europe it’s pretty much whatsapp, telegram, signal. Most people use 2 or 3 of those. Doesn’t matter what device they are using
iPhones are really popular over there. Most people have one. For teenagers it’s something ridiculous like 85% of them using an iPhone. In Europe we have a more balanced split, so only using iMessage wouldn’t fly here.
I’ve seen a bit of an uptick in the use of Signal in the US, like it’s worth having it installed…sorta.
Personally, I miss out on a lot of group chats because all of my friends have iPhones.
They’ll create a group chat, I won’t get any messages, then suddenly I’m getting a call on Saturday saying “hey are you coming to the party?” or more often than not I don’t get notified at all and end up hearing about all of the things I miss at a later time. It’s annoying, but I really hate iOS so I deal with it.
I’ve got an iMessage server running on my NAS but it’s not perfect, it requires that the iPhone user send the message to my iMessage account associated with my email, not with my phone number.
PyPush lets you link your number to your Apple Account using demo.py if you need that. It needs a cron job to sit on it for the first few weeks but after that its fine.
Hmm good to know, but if my server goes down (power outage, hardware failure, etc.) I’m not sure how I’d receive messages lol.
How the hell do so many teens afford these??
It’s far cheaper than your first car and arguably more important. You find a way when you have to.
Sunbird is closed source so you just have to take their word for it when they say they don’t store messages or credentials. How the fuck could you know if they’re lying or not? You can’t because it’s closed source.
As much as I have issues with the similar Beeper, at least Beeper is open sourcing their bridges.
Just read through their faq
Some of the messaging community believes that software that is open source is more secure. It is our view that it is not.
That’s a nope from me.
Yeah okay at first I thought “closed source isn’t necessarily a problem as long as there’s a good reason”.
But nope. That’s the worst reason.
That statement is pretty stupid in general. But for server side software, open source doesn’t help much. Even if you can look at the source, you still need to trust them that that’s what they are running on their servers.
I think there is levels of trust.
I am often able to reach of level of trust to believe a company is not straight up lying about the code they are running on their servers.
I am not often able to reach a level of trust to believe a “trust me bro” from a company (especially if that statement is not qualified in a meaningful way).
Doesn’t help much in terms of privacy. But still is very important. https://www.gnu.org/philosophy/who-does-that-server-really-serve.html
For a bank or any system you would not have control over anyway, it does not have to be open, only the client software you run on your computer should be. But messaging, document editing (like Google Docs), etc. are personal tasks that could be done via a local program, so a remote program should be give you freedom from it’s provider.
Open source is important for services with end-to-end encryption, because you can make sure the client actually encrypts the outgoing data, is not sending your private key somewhere, and won’t break that security at some point in the future.
Of course this particular service cannot even have end to end encryption in the first place.
In other words: “Some of the messaging community believes that software that can be controled by the user and is clear how it works is doing what the user wants it to. It is our view that it is not.”
They are just like the rest of big companies. Remember when Facebook was a privacy respecting and friendly alternative for MySpace? Or Apple for IBM? Or Google for other search engines?
They host their iMessage related shit the exact same way, so the amount of trust in the service is basically identical, at 0
Apple will just block it once they catch on
In a video from MKBHD they mentioned this problem and they said that the idea is basically that Apple will not block it because it will bring them bad PR and attention from regulators who are concerned with anti trust issues. Hard to predict what will actually happen but Apple just blocking 3rd party access and citing (legitimate) privacy and security concerns seems to be a likely outcome.
Apple should block it. It requires people to hand off their apple accounts to an organisation. Someone using an account like this should be blocked by apple’s servers. As they clearly aren’t the account owner.
Many online accounts will return a password incorrect message, even when the password is correct, if they believe your aren’t the account holder (bots, scammers etc). To allow this puts users accounts at risks.
Some bad actors are likely to mimic this setup. Advertise access to iMessage for Android users, then use the apple account to defraud or blackmail them. It will be very attractive to previous iPhone users that will have payment details, addresses and media stored with their apple account.
Dont see how they could. The servers are real apple devices. Apple has no way to know if this is a mac from a real user or somebody proposing a message bridging service to non apple users. Dont see why they’d care either as they make money from the purchased server infrastructure.
This has been around for a few years now as Blhebubble, and they haven’t blocked it.
There’s a couple other bridge services out there too, and those haven’t been blocked… Yet.
The blue vs green bubble thing never really bothered me. As long as I can communicate with the person I’m talking to, I don’t care how the messages are sent, unless maybe if I don’t want a message to be sent over plain sms. It’s ridiculous how it has become a status thing.
It is though. I’m the only developer in an agency of designers. Yes, they all have iphones and I’m the only Android lol
It’s absurd, but i get the blue bubble looks of superiority all the time.
I’m the only developer in an agency of designers
In the US. Outside of the US no one uses iMessage, not even iPhone users.
I’m in Germany, at least my designer colleagues love iMessage, but not for work. Since we know each other for a long time, there’s lots of semi private messaging going around.
Not only someone using iMessage but at the same time not using Signal or Whatsapp? Thats the first time I’ve heard of either of these two.
Why’s that, because they use Whatsapp?
WhatsApp for the older generation, Signal for the younger (Germany).
Yes. And the younger generation uses Telegram, at least here.
So they use iPhones, but you’re the only one who Thinks different ™ 😎
I knew it lol
It’s not just about the color of the bubble. If you go on an outing with a group of iPhone users, there’s a high chance they’ll create a group chat with and without you, because the group chat with you won’t let them send HQ photos. Even if they aren’t trying to be exclusionary, someone will inevitably forget to send messages to both group chats. iMessage incentivizes situations like this which socially punishes Android users.
I hear this a lot, I’ve not known a single person who has considered it a status thing. There are people who have cheap phones from both apple and android and they were made fun of for the price of the phone, not the bubble color. iMessage just made it much nicer to talk to people. “I can send messages over wifi!” made it so you could send messages in school or anywhere with a big metal roof. “The images are better!” These were limitations of the SMS standard that Apple designed around. Now? Yeah, there’s other options, but back then iMessage made its hold by being able to be used by people who couldn’t use SMS or didn’t want to for whatever reason
“The images are better!” These were limitations of the SMS standard that Apple designed around.
Apple intentionally sets the MMS size limit extremely low, much lower than any other manufacturers or carriers.
This is done intentionally to make communications with non-apple devices a worse experience.
They weren’t just “making the best of what they had”
They were/are actively making the non-proprietary experience worse.
On purpose
It’s also noteworthy that the RCS platform adopted by companies worldwide is run by Jibe, a company owned by Google. Doubtless, Apple doesn’t want to use Google’s servers any more than it needs to.
“open protocol” my ass. Google just wants control over everything.
Except companies can run their own. In Google messages it tells you who runs your server. Most carriers ran their own, but when they realised there was no benefit (e2ee) and having to maintain it, they started shifting to Google ran servers.
But can’t run my own server.
I don’t know, but that’s not what was said. The comment I replied to said Google controlled everything, and that’s false.
Just here to correct false claims.
Internet has standardized instant messaging 34 years ago.
Every platform used it Google talk and Facebook messenger both ran on xmpp
But kept everyone else out. It was one way only. Even rcs is Google only
Why is this being downvoted? Isn’t that what Google did? Started using XMPP openly, then locked it down over time and made it harder for people outside their ecosystem?
Yeah. Google was using XMPP but development focus was for Google Chat only. The rest of the community played catch up while Google chat got new features quickly. If you were using some other software, chat would simply break and crash.
The good old Google way. I’ve no idea why so many people are so willing to hand over everything to them. Say what you like about Apple, but at least they’re not selling your personal info.
XMPP was never Google only, it always had free implementations of both client and server while having community using it outside of Google. While RCS is really not possible to use now without Google.