Lots of sarcastic comments in here, but Beeper’s method was to literally spoof the serial numbers and whatnot of real machines. Do people really not see how that would be a problem?
You can use any apple device to use iMessage, your account isn’t only usable on your device. They were effectively stealing people’s machine IDs to provide this service. That’s fucked up.
Former Apple engineer here. This architecture isn’t ideal if you intend the service to be portable - but we didn’t! Knowing the messages can only originate from a sealed application on a first party device eliminates a whole class of spam and security problems.
Beeper’s implementation spoofs Mac keys and requires you trust them with your Apple ID credentials if you want to be able to take full advantage of iMessage.
It’s just pointless. A huge security risk for Apple users and to zero benefit for Android users. Let Apple implement RCS as they promised and move on. Isn’t everyone on Telegram or WhatsApp anyway…?
Knowing the messages can only originate from a sealed application on a first party device eliminates a whole class of spam and security problems.
It conveniently appears to also eliminate some amount of responsibility. Seriously? Was it not known that it’s possible to debug even 1st party apps? Was it not already obvious that walled gardens are only good before they got cracked?
A huge security risk for Apple users
I wish engineers would stop using the word security just because they like it. Apple should try to prevent threats like pegasus instead of telling everyone that blue bubbles are a security risk.
and to zero benefit for Android users
Yeah, it’s more useful for apple users so they wouldn’t need to resort to unencrypted messages when talking to Android users.
Let Apple implement RCS as they promised and move on. Isn’t everyone on Telegram or WhatsApp anyway…?
Heh. I wish to see apple say the same in their statement of decision to shut down iMessage.
It’s just pointless.
Yeah. Apple doesn’t understand the community concerns, it only understands court decisions. Though sometimes these two have some connection.
Lots of sarcastic comments in here, but Beeper’s method was to literally spoof the serial numbers and whatnot of real machines. Do people really not see how that would be a problem?
Do people like relying on service that requires their real device’s serial number to function?
You can use any apple device to use iMessage, your account isn’t only usable on your device. They were effectively stealing people’s machine IDs to provide this service. That’s fucked up.
“Effectively stealing” means the original machine ID can’t be used by the original machine after it’s stolen, right?
Former Apple engineer here. This architecture isn’t ideal if you intend the service to be portable - but we didn’t! Knowing the messages can only originate from a sealed application on a first party device eliminates a whole class of spam and security problems.
Beeper’s implementation spoofs Mac keys and requires you trust them with your Apple ID credentials if you want to be able to take full advantage of iMessage.
It’s just pointless. A huge security risk for Apple users and to zero benefit for Android users. Let Apple implement RCS as they promised and move on. Isn’t everyone on Telegram or WhatsApp anyway…?
Well maybe that was a mistake.
It conveniently appears to also eliminate some amount of responsibility. Seriously? Was it not known that it’s possible to debug even 1st party apps? Was it not already obvious that walled gardens are only good before they got cracked?
I wish engineers would stop using the word security just because they like it. Apple should try to prevent threats like pegasus instead of telling everyone that blue bubbles are a security risk.
Yeah, it’s more useful for apple users so they wouldn’t need to resort to unencrypted messages when talking to Android users.
Heh. I wish to see apple say the same in their statement of decision to shut down iMessage.
Yeah. Apple doesn’t understand the community concerns, it only understands court decisions. Though sometimes these two have some connection.