US senators have urged the DOJ to probe Apple’s alleged anti-competitive conduct against Beeper.
I don’t get it. iMessage is Apple’s service. Why are they obliged to open it up for everyone to use? Would it be nice? Yes, of course. Should Apple be legally required to open up access to their service?
They didn’t, someone made an App to interface with it. Trying to shut that down is anti-competitive.
It’s also a huge security hole
How? It’s not a MitM or anything like that, it’s connecting exactly how an Apple device would connect. Everything is still E2EE, just one of the ends can now be an Android device.
A non-trusted 3rd party that has the capability to decrypt messages? It’s a big problem.
That’s not how beeper worked. It actually connected from the device directly to the iMessage network. You’re thinking of all the other services that required a virtualized OSX install somewhere to act as a translation layer.
The beeper application is not trusted by anyone except Beeper. As an Apple user, I trust Apple by buying their devices and participating in their services. I have no trust relationship with Beeper whatsoever. They have the the ability to decrypt my messages unbeknownst to me, and do whatever they want with them. Maybe they’ll display them to users nicely in the app. Maybe they’ll do something nefarious with them.
Having user activity flow into 3rd parties is a major security problem. Maybe you don’t see it, but it’s real and it’s there. We’re still trying to clean up the adtech mess on the web after how many years?
That’s an inane argument. Your message always gets decrypted at its end point. Beeper wasn’t doing MiTM attacks. They weren’t hijacking messages. They functioned and behaved as a legitimate end point. If you don’t want a non Apple pleb getting your messages, you simply don’t send them one. Which is basically what your complaint boils down to.
While I agree Apple should have some control over their network. Which they clearly don’t in any way that matters. The controll they’re exerting shouldn’t be allowed. As long as beeper were behaving, which they were. They should be allowed. That you feel security is defined by being handed by a company inept at security in this case, that’s your problem. Secure messages are sent and received from all manner of platforms regularly without issue. No Apple required
Funny, you trust apple yet iMessage has major flaws that were written about years ago, that Apple has never addressed. https://news.ycombinator.com/item?id=38537444
And if you read the Beeper devs blog, you’d understand how much you misunderstand about the security and encryption implications. If anying, it increases message security by moving messaging from SMS to encrypted iMessage. https://jjtech.dev/reverse-engineering/imessage-explained/
He invited Apple to have a third party assess his work. So far Apple hasn’t responded.
I have no issue with Apple blocking Beeper, it’s their system. It’s interesting to watch, but the DOJ has no reason to get involved here, it hasn’t even been made a legal issue yet.
If Apple feels it’s a legal issue, they could start legal proceedings. My question is why they haven’t.
Guess what happens when you do anything outside the Apple ecosystem. Guess what’s happening right now on Lemmy.
You’re logic would mean never actually using your device.
So is having unencrypted messages with all non-iOS devices with no real solution in sight. Security is obviously not their concern here, it’s vendor lock in.
Businesses are naturally anticompetitive. It may or may not violate antitrust law. The two main categories are collusion with competitors to prevent new competition, or if they seek to gain or maintain a monopoly via shady methods (just a monopoly itself isn’t illegal though). I doubt if Apple conspired with Google here and it would be a stretch to say they have a monopoly, so it seems like a pointless case to me.
It’s not a public API. Hacking someone’s private API is already against law - charging $$ for it moreso.
Reverse engineering an API is not illegal
Ah, common misconception - hacking an API != creating a compatible program. ( reverse engineering)
Imagine a drill company has a special shape for its bits. Our law allows someone else to either… make bits that can fit in that shape OR make their own drill that can accept those bits.
“BUT they copied!” - it doesn’t have to be a copy to be compatible, and they don’t even have to use the ‘special shape’ just be able to work with the special shape. The law does not allow for protections around that. Doing so would be by definition anti-competitive. Our anti competition laws or rather our IP protection laws are not intended in any way to ‘ensure a monopoly’. The IP laws give a person a right to either keep something they do secret OR share that knowledge with the world so we all benefit, in exchange for a very limited monopoly.
Practically speaking, If I got the KFC Colonel to give me the list of 11 herbs and spices in a Poker game, and then started making my own delicious poultry that is totally cool. Likewise, If I figured out that all that was inside a Threadripper was blue smoke and started making my own blue smoke chips, the law is ok with that.
In this case roughly, Having a public facing endpoint. And then saying that the public can access that endpoint is cool Saying that only the public using the code I alone gave them – well… that’s not been litigated a lot, but all signs point to no.
It’s like Bing saying its for Safari only, and suing people who accessed it using Chrome. It is a logical claim, but the law does not provide that kind of protection/enforcement.
tl;dr these concepts are old but being newly applied to fancy technology. The laws in place are clear in most cases. A car maker can not dictate what you put in the tank. FedEX and UPS can’t charge you differently for shipping fiction books or medical journals or self published stories. And they’d probably get anti-trust scrutiny they even told you what brand/style of boxes you had to use.
They didn’t hack it, they spoofed a device, they just tricked the systems around the api
That counts as unauthorized access in the eyes of the law. It’s a private system and they did not have any agreements permitting them to use it as they wanted.
Quite literally the text of the Computer Fraud and Abuse act. Unauthorized access of computer systems can get you 20-years at club fed. Seems like some of these people need a history lesson.
Apple reverse-engineered Office to release iWork. So Apple isn’t new to reverse-engineering others proprietary shit when it benefits them. something, something, history lesson, hmm…
I don’t know laws in the US but my limited understanding in the case of Beeper is that its users are the ones that grant themselves unauthorized access to the Apple servers. Beeper is a tool that packages pypush to accomplish it. So Apple should sue all the Beeper users?
As an example, there are tons of tools to exploit vulnerable systems in Linux. Metasploit is a penetration testing software and can execute exploits on old unpatched systems. I don’t think anyone is suing Metasploit developers for Computer Fraud and Abuse aCt. The users who use it are responsible for the access of unauthorized services and broken ToS.
If Apple thinks Beeper users are exploiting its servers, they should patch them (which they did).
Beeper did try to monetize it, so i’m not sure how it fairs but Beeper is not forcing anyone to gain unauthorized access. Beeper even welcomed Apple to audit Beeper mini code.
And I’m sure Beeper has a legal team that analyzed these scenarios better than anyone of us. And Apple has sued companies for less. They’d have done it the moment the app landed on appstore. They could have crushed it before gaining any attention.
Again, I have no idea how legal it is. I have both Apple and android devices and never use iMessage. But you gotta hand it to Beeper devs. That’s some old school hacker shit and I’m here for it.
I guess we’ll have to wait and see.
These are separate issues and it’s a very complex set of issues. Reverse engineering is generally “okay” as long as you aren’t directly copying code, because you’ll run afoul of copyright laws. That doesn’t grant them the rights to access anyone else’s computer systems without authorization.
Tools that can be used maliciously are generally allowed because they have legitimate uses, using them to gain access or otherwise harm a computer system or network without authorization is criminal. You keep mentioning “suing” but this is not a civil issue, violating the CFAA is a crime.
Aaron Swartz got supremely fucked for writing a script that downloaded files he legally could access but technically was unauthorized because he accessed them in a way the corporation didn’t like.
What this guy said https://lemmy.world/comment/6119756
Genuinely curious, what’s the law against reverse engineering an API? I can maybe see the argument for charging for the service, but beeper mini is planning to integrate other services as well so I don’t know if that’ll really hold water.
Yes, they should be legally required to open up access to their service. No more walled gardens that hold a large number of users hostage.
So by this thinking all cars should have compatible parts.
The world just ain’t that way bruh
That would be awesome, wouldn’t it be?
Do you think we live in the best possible of worlds where nothing can be improved anymore?
Fun fact, a lot of parts are compatible between cars. But really this is like if they were able to stop a machine shop from creating a replacement part.
Bad analogy. It’s more like, Apple has its own roads that are exclusively for their cars.
Like someone’s private property that they can kind of do what they want with? Makes sense.
Damn, the Apple dick sucker’s are bad at analogies…
Your analogy, not mine.
Sorry it obviously also applies to understanding analogies.
And when some developer comes at you and shows how they did some work to make a part compatible with your cars, you go “fuck it, redo all existing cars to make all 3rd party incompatible!” instead of “ok do that at your own risk”.
You can argue that they’re unfairly using monopoly power. Same reason why MS was forced to allow windows to switch browsers.
Monopoly on what?
How would you argue that? There’s plenty of other options and iMessage falls back to MMS, which all phones are capable of.
When imessage was announced they planned to bring it to other platforms. That died when they realized how much of a lock in it was
I think the problem is that it’s unnecessarily hardware locked. They shouldn’t have to “open it up” insofar as anyone can access it from whatever app like beeper is doing. But it’s only fair that they support other operating systems. They can still control it or even charge a fee to access it from other OSes.
I wish this kind of thing was more spotlighted when Palm and Windows Phone developers were trying to use Google API’s to make apps for their OS’s and got shut down at every turn, eventually killing off the Palm and WP because of device lock-in on apps.
I still miss what Palm could have been before Google bent them over a barrel with their massively anti-competitive bs.
Palm terrified them.
Palm apps were tiny, took trivial resources, and could provide a lot of what was done with new apps on Android. Dictionaries, calculators, games (I played monopoly on a Treo, it looked great). I watched Mp4 movies on a Treo.
Imagine Android with a Palm Subsystem so all those old Palm apps could run. It would’ve majorly slowed Android app adoption, perhaps even giving enough support to allow PalmOS architecture to develop into a competitor to Android.
If they’re going to default message service to it then yes.
Because their practices are anti-competitive. School kids are getting bullied for using Android phones because they’re “green texters” in iMessage. But most importantly iMessage’s connection with SMS causes all interaction to be very low quality images and videos. And when people complain to Tim Apple about the experience, his only response is “Get your grandma an iPhone”. Our only saving grace is that the EU is requiring Apple to support RCS, which should solve these issues, except they’ll probably find some new way to be anti-competitive about it.
School kids are getting bullied for using Android phones
That’s a people problem, not a market-share problem. From experience, kids will always find something to bully others about — if it’s not the colour of the bubbles, it’s something else: the brand of shoes they wear, the suburb they live in, the sport they play (or don’t play). Bullies will do what they do.
Apple should 100 percent support RCS and Tim’s “buy your grandma an iphone” response was stupid and does show that they don’t give a shit. However the Beeper situation is something different entirely, if the reports I’ve read are too be believed it was a security vulnerability or a blatant disregard of apples terms. Also the kids being bullied thing is very overblown, and almost certainly a regional thing. I live in buttfuck no where and I not one kid gives a shit they just want to talk to their friends. My kid has an android and his friend group is like 50/50 on iPhones. Its weird adults and parents who inadvertently say things or give their children the idea that green bubbles are bed. Kids don’t give a fuck unless they’ve learned it somewhere.
Kids don’t use imessage, they’re on fucking discord
At the root of this issue is that Google never built a messaging service that could survive Google’s management shuffle. I understand people want Apple to bend the knee, but this is not their problem. It’s perfectly fine for them to intercede Beeper’s reverse engineering.
If you’re an Android user and you need a messaging app, Signal is 100% open source, secure, and it works on iOS too, so tell your friends!
And you assume your apple-using friends will listen to you? They are really a part of the problem at least. Google would need to create an app they would want to install by themselves, and this is not exactly easy, if possible at all. Google users are mostly fine with having many apps for communication, apple users are mostly not.
I am fully in the Apple ecosystem, including my phone, work laptop, personal laptop, and an Apple watch. I pretty much exclusively use telegram, and sometimes Discord, not iMessage— and that’s not a niche or unpopular opinion in my experience either. This is absolutely because Google can’t stick with one app or product long enough to gain any market share. Each time they have tried, it’s lasted barely a year or so before they killed it.
You being on Lemmy pretty much means you are outside the majority group I’m talking about.
Regardless, my point still stands. The reason folks on Andriod are hopping around between different chat apps every few years is because Google refuses to create a robust chat app, and commit to it. Apple has power in this space because Google has refused to seriously, honestly try. If Google had a GOOD chat app, and a track record to prove it’s going to stick around, Apple would be much more open to integrating with another ecosystem, because it would be beneficial for them to do so.
I disagree. Apple with its iMessage is not a great example of how things should work. If someone thinks Google could theoretically have success in something like that then I say they don’t understand the environment non-apple users are living in. The market is too big and the amount of devs who could provide service with benefits Google would never care about is also big. For example, do you think Google is able to create a great PC application? I think not, and a good PC companion for a chat app is a necessity for many users.
If Google had a GOOD chat app, and a track record to prove it’s going to stick around, Apple would be much more open to integrating with another ecosystem, because it would be beneficial for them to do so.
Not seeing the connection or logic here. Does Apple even have a track record of integrating with other ecosystems?
No chat app needs a desktop App, they need a WEB app. Generally I’m against them, but in this case it makes sense. It makes cross platform trivial, and you would never really need to use a messaging app offline anyway, browser APIs have come a LONG way. It’s also Google’s core competency. So yes, I believe they 100% have the tools if they wanted to try.
As for integration, my point is: why would Apple bother integrating with Google’s suggestions? Google has a track record of abandoning standards and ideas at the drop of a hat. Why on earth would Apple spend time, money, and engineering talent on something that’s likely to become abandonware in 2-4 years time? That’s also assuming it’s a GOOD standard, most of the previous attempts had fatal flaws that made the product dead on arrival. If Google had something compelling, and gave us a reason to believe it would be around for more than a few years, I’m sure adoption would go through the roof, and Apple would want to integrate— Because it would now benefit them, they would be getting something out of the deal; More features, an established user base, etc.
For the web apps, I disagree, as I personally would never consider a desktop electron app a good case. That is one of main reasons I prefer telegram. Good to see Whatsapp also moved this way recently, somewhat. Can’t expect google to do the same.
By questioning why would apple do that you are missing that it never really did anything like that, and therefore it’s unlikely to be the case anyway. This time, apple didn’t really need to spend any resources to allow some integration and it spent them anyway, to try and block so called unauthorized albeit fully capable clients.
It’s foolish to assume apple would adopt anything like that instead of coming up with a product of its own. You ask “why apple would adopt some bad protocol” but not “why would apple not let a good protocol used by others”. “Why would google not create something that others would adopt” but not “why would apple not create something that others would adopt”. This is kind of apple centric, a bias I’d say.
I think this is highly dependent on whether you’re still in high school or not. I recently switched to iPhone within the last couple years and everyone I know has an iPhone but almost none of them use iMessage. Facebook messenger, Telegram, Snapchat, hell even IG DMs. It’s all over the place. This sample of people is like 16-60 year olds too, I can’t even find a pattern.
If there is a pattern, I think it might have something to do with elitism, technology knowledge/ignorance, curiosity etc.
Apples bundling of iMessage is a barrier to entry. See also the findings of fact for Microsoft vs DoJ during the “browser wars”
More like senators are trying to make another show trial of BS they really have no plans to do anything about, and probably shouldn’t be getting in the middle of, to make it seem like they are being productive in some way.
Answer me yes or no, If I stand in this room and use my phone can I send a message to your phone? — some senator to Tim Apple.
Tim: “No,… because I blocked your number.”
Why would they need to look into Apple’s conduct here? Investigate Beeper for CFAA violations since they cracked into Apple’s internal APIs and ignored large chunks of their ToS in the process.
Of course Apple is going to shut down unauthorized access to their messaging system. They’d lose all customer trust instantly if they didn’t.
ToS have almost universally been shown to be unenforceable in court. I’m also not sure what the hell you mean by customers would lose trust. It’s not as if they had access to information they shouldn’t, all they did was reverse engineer the protocol. They still had to have an account and a login and they still only had access to the data that account should have. There’s nothing to lose trust over the only thing beeper was doing was emulating being an iMessage client
Reverse engineering for interoperability is legal, is it not? This is interoperability.
Australian legal case on Reverse engineering.
https://www.dundaslawyers.com.au/reverse-engineering-of-software-what-are-the-legal-boundaries/
Yeah good luck with that. It’s very much a dick move but I don’t think you’ll have success arguing in court that Apple is obligated to open their personal messaging system to competitors.
You’d have much better luck arguing that they need to open up SMS use to other apps, and that that they need to allow sideloading and other app stores. These are the REAL anticompetitive concerns.
Man… Some of the Apple fans in this thread are making me lose faith in humanity. They have no idea how technology works, but they are defending an objectively shitty behavior from the world’s most wealthy corporation based on… I don’t know… their feelings?
I wonder if this case affects the tug of war Apple has with the EU about opening gatekeeping services up. I wonder if it occurs to some power that be that they might use this case (no matter how stupid it is) to argue Apple is a gatekeeper and has to open up iMessage at some point.
Likely won’t happen though since it’s not an EU problem really. The thing that’s more possible is that California or some other progressive-ish US state follows the EU’s lead in busting monopolies as they did with the GDPR, and does something about this in two decades.