
BlackBerry to turn BBM secure-messaging system into subscription service - noarchy
http://www.theglobeandmail.com/technology/blackberry-to-turn-bbm-system-into-subscription-service/article33945300/
======
fnbr
This would have been brilliant 10 years ago. If BBM was open to non-
blackberries, it could have killed WhatsApp before it began. It's weird to
think of how popular Blackberries & BBM was back in the day. I was in high
school in 2007, and it was cool to have a Blackberry. BBM was how people
communicated with their crushes. If Blackberry had the vision, they could have
preempted much of the current craze for social messaging.

Of course, hindsight is 20/20, and it's entirely possible that opening BBM up
would have radically cannibalized Blackberry sales.

The article's comparison to Twilio is interesting. Twilio's market cap is
2.64B [1], while Blackberry's is 3.84B [2]. I'd bet heavily that Twilio
overtakes Blackberry soon.

[1]:
[https://ycharts.com/companies/TWLO/market_cap](https://ycharts.com/companies/TWLO/market_cap)

[2]:
[https://ycharts.com/companies/BBRY/market_cap](https://ycharts.com/companies/BBRY/market_cap)

~~~
Analemma_
So many established players blew it on messaging. Microsoft could've had
WhatsApp if they used their decade head-start to make Skype not suck so much.
Google could've had it if they stopped rebooting their messaging strategy
completely once a year and just stuck with something for a change (my vote
would've been for Wave, but just pick _some_ thing). Apple could've had it
with iMessage if they didn't stick to the iPhone strategy tax. None of them
saw how important it would be and are now scrambling to catch up.

~~~
fnbr
Also, Slack- if Lync wasn't as brutal to use, Microsoft would have stopped
Slack dead.

~~~
godzillabrennus
That's like comparing manure to apples.

Lynch was an abomination to support, it was billed as a kind of a sip client
and messenger combo but of course they Microsofted it. They didn't want an
extension or phone number tied to it so people could only call you if you were
in the same network and had the software installed.

------
MikeKusold
Highlights from the article:

> BlackBerry Ltd. is preparing to turn its once-proprietary BBM secure-
> messaging system into a subscription service that app developers can build
> into their software to allow for seamless, encrypted communications.

> Developers who deploy the BBM SDK will be asked to generate their own
> encryption keys, meaning BlackBerry will not have the ability to turn over
> to law enforcement any messages sent through this system, even if compelled
> by a court order.

Essentially it appears that they are turning it into a Secure Messaging As A
Service so that people can quickly add messaging into their apps without
requiring the infrastructure.

~~~
problems
> Developers who deploy the BBM SDK will be asked to generate their own
> encryption keys, meaning BlackBerry will not have the ability to turn over
> to law enforcement any messages sent through this system, even if compelled
> by a court order.

Doesn't the entire security of BBM rely only on a very short code, one which
Blackberry can easily swap with a different key which they posses in practice?
Very similar to Apple iMessage.

Also last time I checked their enterprise offering was essentially static
Triple DES key only - is their public offering any better?

EDIT:
[https://www.schneier.com/blog/archives/2016/04/blackberrys_g...](https://www.schneier.com/blog/archives/2016/04/blackberrys_glo.html)

Looks like as of last year they used a single static key for all the BBM
encryption. And it's in the hands of Canadian authorities already.

Do we have any reason to believe they have or will change this? Seems
completely silly to me to use something this broken.

~~~
seibelj
Even a company with as many blunders as BlackBerry must know that publicly
saying it can't be decrypted, when in fact it could easily be decrypted, would
be a terrible blow to the product.

~~~
problems
Yeah, seems fairly ridiculous given how much they push being a security
company. Apparently hard-coded 3DES key that anyone can reverse engineer =
security.

I'm tempted to pop their Android app up in IDA and see if it's really as bad
as it sounds.

------
jlgaddis
> _At its peak ... encrypted e-mail and messaging system was the gold standard
> for security for enterprise and government customers, providing secure
> access for as many as 90 million users._

Until they gave in to some government's demands and showed that they could not
trusted.

This seems, to me, to be one last "hail Mary" attempt to save the company.
Blackberry (RIM) was at the top of the "smartphone" industry 10-15 years ago.
It's too bad they couldn't adapt and stay relevant. I'd still happily be using
my 8830 if I could.

------
rchaud
For everyone on this thread saying "They should have done this years ago",
they tried to. As early as 2010 some in the company knew that BBM could be
huge as an independent. Then CEO Jim Balsilie spent 2011 trying to bring Mike
Lazaridis (co-CEO; good decision!) and his team around the to idea of a cross-
platform BBM, but they were dealing with the fallout from the BB Playbook
failure around that time as well as significant PR issues due to BES server
outages and public disclosure about providing the Indian and UAE governments
access to BBM logs (or something like that).

Lazaridis primarily didn't want to separate hardware and software, so he
focused on building BB10 to compete with iOS/Android. Ballsilie resigned from
the company in 2012 after the new CEO Thorsten Heins dumped the x-platform BBM
and put all their energies into the launch of the already-doomed BB10 phones
in 2013.

More here: [http://www.theglobeandmail.com/report-on-business/the-
inside...](http://www.theglobeandmail.com/report-on-business/the-inside-story-
of-why-blackberry-is-failing/article14563602/?page=all)

A good book about the history of BB is "Losing the Signal". Covers the company
up to around 2013.

------
mtgx
BaaS - backdoor as a service:

[http://www.bbc.com/news/technology-23265091](http://www.bbc.com/news/technology-23265091)

[https://motherboard.vice.com/en_us/article/rcmp-
blackberry-p...](https://motherboard.vice.com/en_us/article/rcmp-blackberry-
project-clemenza-global-encryption-key-canada)

------
SpikeDad
Hmm. Are they going to roll over and provide decryption keys for their secure
service as they did previously?

------
djyaz1200
This is a big deal! ...although yes very late in the game. Like it or not
corporate buyers like brand names. Back in the day the saying was "no gets
fired for buying IBM." Blackberry has a brand in secure enterprise
communication and this will sell.

------
problems
Headline is a bit misleading - it's subscription for developers using their
API only, not for users.

------
tn13
It is hard to trust Blackberry anymore. I had their phone and loved it until
they started selling crappy phones for iphone's cost.

No matter how awesome this service might be I am worried if BB would actually
last long enough to provide it.

------
SEJeff
aka Signal, but more meh?

~~~
trome
Pretty much, might as well use the Signal Server API or OMEMO depending on
what your trying to do.

~~~
Zhenya
Except since it's paid, you'd get an SLA.

~~~
feld
I paid for WhatsApp and didn't get an SLA

------
jayess
BBM is not secure. Why would anyone use it?

~~~
kadaj
BBM enterprise is different.

