• Mongostein@lemmy.ca
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    11 months ago

    Lots of sarcastic comments in here, but Beeper’s method was to literally spoof the serial numbers and whatnot of real machines. Do people really not see how that would be a problem?

    • rdri@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      11 months ago

      Do people like relying on service that requires their real device’s serial number to function?

      • Mongostein@lemmy.ca
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        11 months ago

        You can use any apple device to use iMessage, your account isn’t only usable on your device. They were effectively stealing people’s machine IDs to provide this service. That’s fucked up.

        • rdri@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          “Effectively stealing” means the original machine ID can’t be used by the original machine after it’s stolen, right?

      • sparky@lemmy.federate.cc@lemmy.federate.cc
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        11 months ago

        Former Apple engineer here. This architecture isn’t ideal if you intend the service to be portable - but we didn’t! Knowing the messages can only originate from a sealed application on a first party device eliminates a whole class of spam and security problems.

        Beeper’s implementation spoofs Mac keys and requires you trust them with your Apple ID credentials if you want to be able to take full advantage of iMessage.

        It’s just pointless. A huge security risk for Apple users and to zero benefit for Android users. Let Apple implement RCS as they promised and move on. Isn’t everyone on Telegram or WhatsApp anyway…?

        • rdri@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          11 months ago

          but we didn’t!

          Well maybe that was a mistake.

          Knowing the messages can only originate from a sealed application on a first party device eliminates a whole class of spam and security problems.

          It conveniently appears to also eliminate some amount of responsibility. Seriously? Was it not known that it’s possible to debug even 1st party apps? Was it not already obvious that walled gardens are only good before they got cracked?

          A huge security risk for Apple users

          I wish engineers would stop using the word security just because they like it. Apple should try to prevent threats like pegasus instead of telling everyone that blue bubbles are a security risk.

          and to zero benefit for Android users

          Yeah, it’s more useful for apple users so they wouldn’t need to resort to unencrypted messages when talking to Android users.

          Let Apple implement RCS as they promised and move on. Isn’t everyone on Telegram or WhatsApp anyway…?

          Heh. I wish to see apple say the same in their statement of decision to shut down iMessage.

          It’s just pointless.

          Yeah. Apple doesn’t understand the community concerns, it only understands court decisions. Though sometimes these two have some connection.