
Opinion: FaceTime for Android and Windows could make it the new default - clairity
https://9to5mac.com/2020/04/01/facetime-for-android/
======
floatingatoll
FaceTime and iMessage are resilient against spam because Apple requires them
to authenticate using a hardware-specific token that can be banned independent
of which iCloud account is being used. It is extremely expensive to try and
spam on Apple’s services as a result, which is a competitive feature in
today‘s free-for-all marketplace.

Opening them up for non-Apple devices would introduce the same problems with
spam and malicious attackers that we see with telephone calls and public Zoom
meetings today. Without the hardware-locked identity enforcement, FaceTime
would be a garbage bin of endless spam calls to everyone everyday.

It seems unlikely that Apple will take any such step, as no one has yet
offered a solution that provides for defense against spam that functions
without hardware identity verification.

~~~
clairity
interesting point! i seem to dimly remember reading in the past that both
android and windows hardware does have some provisions for hardware
signing/identification that might be used in this regard?

~~~
floatingatoll
Android and Windows allows users to root the device, which means that you
can’t trust any output generated by the device and sent over the network to
have truly originated from the device. You’d have to process the FaceTime
network traffic using a trusted enclave on the device that _can’t_ be
intercepted or altered by the user, even if they have root/kernel access,
which would imply a TPM that can intercept network traffic at the hardware
layer and runs third-party code.

There are hackintosh instructions for doing this, to address the obvious
weakness in the point; and those instructions simply require access to a Mac
that hasn’t been banned for being misused to generate authorizations for use
on other hardware. Apple seems to detect them and ban them occasionally, so it
clearly isn’t foolproof.

The trick here is to find a way to build a secure authentication method that
cannot be altered by someone who physically possesses the device, which goes
against the grain of the “my hardware, my right to modify” crowd quite
strongly. It’s a hard problem to solve.

~~~
clairity
that makes sense, thanks. not to belabor the point, but what about
segmenting/tagging network traffic through a TPM or a user-controlled pathway?
then you could route facetime through the TPM-mediated pathway and the rest
through the user-controlled one (assuming cost isn't prohibitive).

~~~
floatingatoll
And then you’d just need PC and Android hardware to incorporate a pathway for
that purpose, running an Apple-provided binary that they have no authority
over, because no way would Apple concede that to e.g. Google.

You’re not belaboring the point at all. Nearly no one knows about that little
corner aspect, and then goes through this full line of reasoning. I’m just
glad for one more considering it.

