Hacker News new | past | comments | ask | show | jobs | submit login
Beeper's esoteric fix for iMessage access suggests why it's pushing politically (arstechnica.com)
51 points by freeqaz on Dec 19, 2023 | hide | past | favorite | 96 comments



Anybody else remembers the epic battle of Microsoft MSN messenger interoping with AOL and Yahoo Messenger circa 1999-2000? The whack-a-mole of "we fixed the client" vs "oh no they borked the protocol to block us". Fun times. Seeing it from inside of Microsoft at a time was something else...



Was there any good or even gray faith there?


AT&T fought tooth and nail to prevent telephones manufactured by third parties from connecting to their network, and eventually lost. Why should the major digital communication platforms fare any differently?


If anyone else is curious about this, it appears there are two relevant cases:

- Hush-a-Phone Corp v., United States[0], in which the DC Circuit Court of Appeals ruled that AT&T could not prohibit the mechanical attachment of a device to its phones as long as the device did not damage AT&T's phone or its network

- The Carterfone decision[1], where the FCC allowed third-party devices to be electrically connected to AT&T's network as long as they did not damage the network

[0]: https://en.wikipedia.org/wiki/Hush-A-Phone_Corp._v._United_S...

[1]: https://en.wikipedia.org/wiki/Carterfone


Because AT&T was a monopoly...

There are a zillion messaging clients... Signal, Slack, Discord (all of them work on iPhone)... Sms is a protocol, iMessage works with that (it is connected to the network)...

As an aside, the old ATT phones were nearly indestructible. Everything that came after was a race to the bottom.


Cell carriers did the same thing up until the iPhone. That wasn't quite a full and free market, but there were at least a competitors and they all did it because they could.


There was only one AT&T, and to connect a third-party phone to their network still required paying AT&T for access. There are dozens of digital messaging alternatives to iMessage, and Beeper doesn't appear to be interested in paying any of them.


That’s one interpretation. The other is that Apple doesn’t offer a way to pay for access. I would love to see legislation forcing the opening of protocols & force allowing compatible clients that aren’t abusive. I miss things like Pidgin/Trillium etc where you could just have the 1 app & not worry about what platform your friends were on. The current state of affairs is a major step back from the 90s/early 00s.


Because Apple literally advertises third-party messaging apps.


To clarify some points, though I'm sure all will become clear when this releases:

+ This is NOT hardware attestation. It's simply using a combination of things such as serial number and other device identifiers to prove to Apple you own the device

+ Because it is not hardware attestation, in the future this process might be improved, if someone reverses/emulates the (purely software) algorithm "proving" you have that device. Then it would only be a matter of asking the user to input a serial number, once.

+ Hardware attestation is implemented in the protocol. However, the 2019 iMac does not have a T2, so this cannot be enforced for a while yet.

+ Beeper Mini still implements the rest of the iMessage stack on-device


I’ve been getting iMessage spam (always copying multiple phone numbers) for the first time in forever.


I gotta wonder what the Venn diagram overlap of Mac users and Android users is. I bet it's pretty small.

But not as vanishingly small as the number of Android users who have a Mac user friend who will send them registration data every week.


I fit here. I just want to be able to install apps and not be locked to only getting software from an app store. That's it. Mac and android both fit the bill. iPhone does not -- they're super nice devices otherwise and if they enabled this ability I would probably switch right away.


I have a Mac, an iPad, Airpods, and a Pixel phone. I tried an iPhone for a few months thinking it would make life easier, but I hated it so much I bought a Pixel at full price just to switch back.

I wish the iPhones weren't so crippled, but I guess that's what most users love about them? Shrug.


Why would it be small? MacOS and Android are both open platforms, iPhone is entirely closed. I've always used Macs and have never considered buying an iPhone.


Because half the population have an iPhone, a tiny fraction have macs, and the overlap between mac and iphone owners is probably very large - if you like the mac you probably like the iphone. And there are benefits to getting both from the same ecosystem of course.


> I gotta wonder what the Venn diagram overlap of Mac users and Android users is. I bet it's pretty small.

raises hand

Four of the six laptops I've carried in my adult life have been Apple products, from my college TiBook through my current work Macbook Air, and haven't carried an iPhone since the 3G.

I haven't felt the need to root my Android phones in a few years but I still sideload a few apps so as long as Apple restricts that iOS is in a disadvantaged position. I also have a lot of Bluetooth devices that use the standard serial port profile, which Apple restricts for some unknown reason, so all of those would have to be replaced by more complicated WiFi-based devices that speak proprietary protocols to their specific apps instead of widely supported standard protocols.

If I were starting fresh right now with no smartphone history I'd probably pick Apple but at this point the inertia is too strong.

Tablets on the other hand, Google half-ass pays attention every few years where Apple actually cares. I just use my tablet as a consumption appliance so the iPad is perfect.


You get a lot of devs who prefer to work on mac, and then use android so they can pimp it out


I think it's not as small as you think. I have a macbook but mostly use Linux and an android phone. I think a lot of people just get what they want to use at the time and that means touching a variety of ecosystems.


Mac + Android here. I imagine there are a few where I work as the company provides Macs. I've always preferred Android to iOS.


Lots of devs use Android, because hackability.


Since the "green-blue bubble war" is almost only an US problem, they already shutdown 2G and 3G networks. What stops them to phrase out SMS and MMS entirely and replace it with RCS?


The article skirts around the edges of this, but it’s pretty clear that all Beeper is doing is defeating a cached hardware check by falsely representing itself as being the Mac device used for “registration data”. I expect that some change is in the works that will break it entirely, and unless regulators are interested in forbidding hardware checks entirely I don’t see what they would do to intervene here.


> unless regulators are interested in forbidding hardware checks entirely I don’t see what they would do to intervene here

Simple, they tell apple: Open up.

They don't have to care about any of the technical details. That's politics for you.


Open up what? If they write a rule that doesn’t specify technical details, it seems like the already existing functionality to send and receive SMS messages from the iMessage app would be sufficient.


> Open up what?

The iMessage service.

> If they write a rule that doesn’t specify technical details, it seems like the already existing functionality to send and receive SMS messages from the iMessage app would be sufficient.

The app is Messages.


That rule would probably then apply to all message apps


Which would be a good thing!


From a philosophical or practical standpoint? For me personally, I don’t care at all, i have no philosophical objections to companies running their own, closed chat apps. There are no hurdles for new entrants.

And practically speaking, it’s a very small inconvenience to have to switch app when chatting to some friends. It even has some benefits, each of the apps will have fewer conversations to keep track of.


> “an easy target for Apple because thousands of Beeper users were using the same registration data,"

This really does make it sound like their initial block was literally hitting an anti-spam filter.

This also makes it sound even more like “we reverse engineered the netflix API, registered one netflix account and are selling access to it, plz help us politicians”


Yes, of course, sending your grandmother a text message is basically identical to you pirating Netflix content.

Right-o.


They're different but that shouldn't mean that Beeper gets to use Apple's API's


As far as I'm aware, no other messaging service offers interop any more. We used to have it with XMPP, which got embraced and extinguished. Back in the day you could use an app like Adium or a library like Pidgin which understood all of the protocols.

It sounds to me like Apple could break out Messages from SMS and then Messages would just be another competitor on the market like FB Messenger, whatever the fuck Google is running now, WhatsApp, Signal, etc.

FWIW Beeper's 'esoteric' fix is a gaping security hole. Their product relies on MITM and they're obviously not going to profit off of a minimal subscription fee if they're buying Apple hardware to make it happen.


Beeper Cloud is a MITM that relays through a Mac. Beeper Mini spoofs a real Mac's identity but connects directly to Apple. At first they were just using their own Macs for this, but then Apple blocked them, so now they're asking individual users to either use their own ID or beg a friend to auth them on theirs. Which is clearly not a reasonable business model, which is why they're now appealing to politicians.


Yeah, there’s no way that you can succeed as a business doing that. The Delta emulator on iOS works in a similar way and it’s such a hassle there’s just no way to make a viable paid product out of the process


> As far as I'm aware, no other messaging service offers interop any more.

XMPP still exists. Matrix exists now and is similarly an open protocol.


But none of the mainstream providers support it anymore. Slack got to where it is through XMPP, for example, but that support was readily dropped.

They've all silo'd up.


Okay, if you're only counting "mainstream" providers then... sure, but that's pretty subjective.

Element has government agencies as customers and lots of open source projects have Matrix rooms. Webex seems to still support XMPP federation. (No, I don't particularly like Webex either.) Are these the market leaders in chat? No, of course not. Do they get some use? They sure do.


Right, but ultimately they don't really matter. What matters is where your friends and family want to chat. Overwhelmingly, that's platforms like iMessage, Whatsapp, Telegram, etc.

Small players use open protocols and even sometimes federate because they're small, and that sort of thing can be seen as a feature that people might care about. Large players don't have to care. They already have enough users that they don't need to play nice with others. And that's where only legislation can change things.


What are webex and element?


Element is the company that mostly drives Matrix development.

Webex is a Cisco chat product that I think is mostly used by bigcorps. (Supposedly they have upwards of 10,000 employees on it, which feels crazy to me.)


> As far as I'm aware, no other messaging service offers interop any more.

https://en.wikipedia.org/wiki/Rich_Communication_Services#St...


Next will be hardware attestation to fully require the messages originate from an apple device. Beeper playing the cat and mouse game is going to ruin this for everyone else.


That would require cutting off a bunch of old devices as well, though.


The ability to grandfather apple id + phone number combinations and a reduction in userbase of old devices over time will make the option more attractive.


They just need to require the device check daily instead of weekly or monthly as the article suggests. Having to do this manually, daily will be too inconvenient and people will abandon Beeper due to this. No need for further complications.


It will be automated, requiring only that the Mac remain powered on.


they're solution is self hosting on a Mac like blue bubbles so it seems to be somewhat resistant. though anything is possible


From the article it sounds like they are periodically fetching a token using a Mac, but they can send messages from a phone by just saving that token.


[flagged]


This comment breaks the site guidelines. Please don't post like this to HN.

https://news.ycombinator.com/newsguidelines.html

(Edit: also, please don't post like https://news.ycombinator.com/item?id=38703791 either. We're trying for something different here.)


Will someone explain why people who don’t pay Apple a dime have some right to use iMessage? That seems to be at the root of all this, and it makes little sense to me.


Why would people who don't pay Apple a dime have some right to get their emails delivered to iCloud accounts?

Why would people who don't pay Apple a dime have some right to look at public pictures hosted on iCloud Photos?

Perhaps Apple will find a way to charge for all three.


Hey, I don’t pay for your computer or electricity but I’d like to run some programs on it to mine for bitcoin that I can sell for a profit.

Please provision access ASAP, thank you.


You can serve my browser some JavaScript and then consume my memory and CPU, right now. This is inherent in communication over the Internet: there are costs borne by both sides.

But mining Bitcoin is quite different from routing messages anyway. That's a strained example. SMTP is a lot closer. And Apple will accept emails from Android, Linux or Windows systems just fine. HTTP is not as close, but still more so than Bitcoin.

I don't know why people try to make an argument that even Apple, as far as I can tell, is not making. They stick to their usual "protecting the user" line.


> And Apple will accept emails from Android, Linux or Windows systems just fine. HTTP is not as close, but still more so than Bitcoin.

No they won’t, not unless the emails are addressed to an active iCloud user. That has paid them.


If you send an iMessage to an iPhone user, that has paid them, is there really much difference? This is more and more of a stretch.


That’s a subset of the behaviour beeper is enabling, so yes it is different.

And you’re not sending it - you’re asking Apple to send it for you, and using their resources in the process. And, as you haven’t paid them a dime, they can rightly say no.

Just as you did when I asked to use your computer for crypto mining.

Feel free to say yes to that, but understand that while you say no you’re also understanding why apple says no.


Apple themselves say no for a totally different reason. I haven't seen anyone making this argument other than random posters on the Internet.


If you understand why it’s not the same as receiving an email, and why an owner of a resource is not obliged to allow people to use that resource for free and for their profit, then why make this thread to begin with?


That’s a separate question. I’m just an Apple customer who doesn’t want to subsidize Android customers. That’s it. Explain to me why I should.


They do charge for iCloud, they charge the person that put the photos there.


iOS ain't done 'till Beeper does not run™


[flagged]


It's not fiefdom, as the market is competitive as hell. One misstep from Apple affecting large enough user base, next minute everyone will be in WhatsApp/Telegram/FB Messenger/whatever.


That’s not how the network effect works.


Depending on where you live, almost nobody is on iMessage to begin with. Almost all of the noise around iMessage and beeper is US-centric yet even in the US most people are using FB Messenger and not iMessage. Yet we don't see Beeper supporting FB messenger. Or Beeper supporting WhatsApp. Because those networks don't allow third party clients either, which makes sense since the owners of those networks get to dictate their own usage rules.


> Yet we don't see Beeper supporting FB messenger. Or Beeper supporting WhatsApp.

Beeper does in fact support those (and more), also through reverse engineering efforts.

See: https://help.beeper.com/en_US/chat-networks

They're trying to innovate in the space by building a single interface to multiple services, but anticompetitive action from Apple (and others, I assume) is preventing that from happening. It seems to me like an obvious thing to regulate. The benefit to consumers is obvious too.


Except that those networks are listed to pad the functionality of the app, not because they actually work the way they should. FB for example:

  Stories/Reels/Posts Sharing: Not supported.
  End-to-end encrypted chats: Not supported

WhatsApp:

Will view only once messages feature work the same way like it does on WhatsApp?

  No. Currently we don’t track when users open media and hence cannot support it in a similar fashion. Such messages will remain on Beeper as any other encrypted message.


In theory this could all be added later on, reverse-engineered later on etc. but in reality this is much more likely to become a niche or fail outright. Threema and the likes have survived for so long because they don't try to break into third party systems. It's not a new concept, and cat-and-mouse with third party servers has always been an unsuccessful avenue.


> cat-and-mouse with third party servers has always been an unsuccessful avenue.

Hence the political efforts. If Apple can be forced to enable interop, everyone else can be too.


But why? Why should anyone providing a service be forced to also allow others to represent that service? Shouldn't it be up to the service owner to figure out what they want to do with it?

The only reasoning behind the whole iMessage thing seems to stem from a specific age band of Americans that value others based on the background color of their messages. This is a human problem, not a technology problem.


> But why? Why should anyone providing a service be forced to also allow others to represent that service? Shouldn't it be up to the service owner to figure out what they want to do with it?

Why should service providers be forced to police CSAM and hate speech? Because it makes sense to weigh individual freedoms against the cost to society. (and keep in mind that Apple is a publicly traded company)

The cost of walled gardens are that they harm consumers. Consumers need to spend more money to overcome artificial barriers designed only to increase the amount of money they spend without offering any value. Interoperability for commodity tech like this is an obvious win for the economy.

> The only reasoning behind the whole iMessage thing seems to stem from a specific age band of Americans that value others based on the background color of their messages. This is a human problem, not a technology problem.

If that's really what you think this is about, then you haven't been paying attention to any of the discussions on the topic. Or you're doing the thing internet people do where you're being disingenuous just to win an argument.


Didn't we already go through this whole era with Trillian?


>>> ...a bi-partisan foursome of US lawmakers ... sending a letter to the Department of Justice regarding "Apple's potential anti-competitive treatment of the Beeper Mini messaging application.

I'm sorry, but why did any one waste any effort on this. If you know the tech, or the law, or a bit of both you would understand why this "letter" is a waste. SMS works, you have choice (Signal, not happy with them for cutting off sms). Apple seems to be locking beeper out of its servers, and that is their right.


If I had a product I sold that involved cloud resources I certainly wouldn’t like the idea that anybody who can reverse engineer my protocol should be able to build and sell a product built on that infrastructure without permission or payment. I’m on Apple’s side on this one.


I believe that people have the right to reverse engineer things. On the other hand, I also think Apple has the right to lock anyone out of their servers.


Apple using iMessage as a moat, and locking it to their platform, and including it as a built in, is pissing off a lot of other competitors. Microsoft got smacked for this kind of behavior in the 90s (albeit, they acted a lot more egregiously).

Apple purposefully degrades major features of their chat app when SMS users are onboard. They will be adopting RCS, which will address a lot of this and probably take a lot of pressure off them.

When you have that much of a market, it becomes way more complicated than "their servers, their devices, their rules"


>> Microsoft got smacked for this kind of behavior in the 90s (albeit, they acted a lot more egregiously).

If apple were blocking Signal, or if apple screwed up SMS this might be a comparison.

> Apple purposefully degrades major features of their chat app when SMS users are onboard.

Does sms work? The iMessage features, and more so the ones that use their infra are their walled garden.... just because they are in the same app as SMS doesn't grant some magical right for any one to use them...

>>> When you have that much of a market, it becomes way more complicated than "their servers, their devices, their rules"

57 percent US 30 globally is not a moat, its first mover advantage, and its on a premium product. And if apple had 90%, and still allowed for Signal, and complied with SMS you would be hard pressed to get iMessage access to raise to the levels of the DOJ and anti trust measures.


Features like group chats and image sharing are barely useful on SMS. There is no encryption either.

> 57 percent US 30 globally is not a moat, its first mover advantage, and its on a premium product. And if apple had 90%, and still allowed for Signal, and complied with SMS you would be hard pressed to get iMessage access to raise to the levels of the DOJ and anti trust measures.

Those are still huge numbers and way more people using their product than microsoft had in the 90s.

I don't even think Apple needs to open iMessage, they just need to support RCS (which the EU is forcing them to do), and most complaints will go away.


There’s no encryption in rcs (in practice) and it doesn’t support many of the things iMessage does.

Google and the carriers could have worked together to produce a non-terrible iMessage-style protocol, and could have released an iOS app that supported it. They chose not to do either of those things, and now they’re whining about the outcome.


> Apple purposefully degrades major

You realize that limits on MMS attachments are handed down and enforced by the carriers and not Apple, right?

https://www.verizon.com/support/knowledge-base-14641/

https://support.twilio.com/hc/en-us/articles/360018832773-Tw...


Where did I say MMS?


You realize that the carriers are all pushing for RCS now, and Apple has been intentionally dragging its feet on that front, right?


So what? Reasonable file size limits and codec support in MMS predate the push for Google RCS. Besides, Universal RCS is still a broken mess.

At any time in the past decade carriers could've solved pretty much everything RCS claims (and fails) to address with mature, standards based technology. But somehow this is an Apple problem? Give me a break.


You seem to be talking only about MMS attachments, when GP just said "major features". Please understand that you come across as a fanboy defending Apple by finding a singular aspect in which something was not Apple's fault, and then saying the universally agreed upon improvement is a "broken mess", with no further contribution to the conversation.


And you come across as a Google fanboy by jumping up and down about RCS despite interoperability being a mess for carriers that haven't bought Google's RCS stack.

I'm not talking about a "singular aspect". MMS supports read receipts, modern video codecs, proper group messaging, and reasonably sized attachments. These are all features that carriers decided not to implement. Your interoperability problems are an MMS implementation issue, nothing more.

Meanwhile RCS, which exists solely to monetize users, largely suffers the same fate as MMS even with the so-called Universal Profile. The solution for carriers in North America at least has been to buy into the Google stack.

Ergo your complaints can be summed up as: Apple sucks because telcos did a shit job with MMS because they haven't implemented Google's RCS.


Google had the chance to solve this problem a long time ago. How many different chat protocols have they killed off? It’s not Apple’s fault that Google can’t sustain a product past one promotion cycle of the lead.


Help, help, Google! Save us from Apple!

It's neither up to Google, nor should be left to them, to 'solve' this. We the people should be perfectly capable of telling Apple to do better without needing Google in our corner.


What's in it for Apple? Why should Apple subsidize Android users?


Well, right now, there's nothing, but there's also nothing stopping us as a society from imposing costs on Apple that are far higher than the cost to 'subsidize android users'.


Why would I, as a member of society, want to impose costs on one company in an industry and not on their competitors? That’s picking favourites!

Either force all the companies to work together on a standard or stay hands off!


> Why would I, as a member of society, want to impose costs on one company in an industry and not on their competitors?

...Because I like their competitors, and not them? I don't really have any obligation to be even-handed.


I think you do if you're talking about changing public policy (law-making). Or maybe you're not doing that and just trying to create pressure from the buying public. Fair enough.

In that case, why should Apple listen to you? You're not their customer. You've admitted that you don't like them as a company, so you'd never buy their products. They have no reason to listen to anything you say. Likewise for anyone who agrees with you (other people who don't like Apple or their products).

If you're hoping to get people who do like Apple products on your side, well, good luck with that. These people tend to be quite happy with their purchases, and happy with iMessage in general. I have no problems messaging Android users on my phone. It makes no difference whatsoever to me whether Apple releases iMessage for Android or not, so why should I put pressure on Apple to do that? I'd rather they put the effort into improving the products I use.


I think you're spinning this into a bigger topic than I was. I was (with a not insignificant amount of snark) pointing out that we shouldn't be relying on Google to save us -- we the people as a society have the power to ultimately dictate terms. And that ultimately, the rules are made up and the points don't matter.


At the time, Microsoft had something like 94% market share for personal computer operating systems.


Personally, I wish Beeper would focus on everything other than iMessage. Apple is more curmudgeon about these kinds of things than most companies and what I really need is a way to get out of the half-dozen other apps everyone wants to chat on: WhatsApp, Facebook Messenger, Instagram Messenger, Discord, Slack, Telegram, etc. If Apple stands alone, I can handle 2 things. I have trouble handling 7+ things.

From my perspective, Beeper's iMessage efforts feel wasted. It looks like Apple will roll out RCS next year. Yes, it won't be E2E encrypted initially, but if I'm trusting a third party app I'm kinda loosing that E2E anyway. I trust Beeper, but their app (or an update to it) could start reading the messages on my device and transmit them back to Beeper (or transmit back some profile built from the messages). It also seems likely that the GSM Association will work with Apple on encryption that isn't Google-based for RCS. It might take a couple years, but it seems likely that will happen.

I wish Beeper would focus its efforts where it feels like the big payoff would be. Instead, everyone is obsessed with blue bubbles like they're some sort of status symbol. Beeper has been wonderful for other services and it would be great to see them improve those capabilities even further. Instead, they seem to have pivoted to "omg, blue bubbles!" It's always possible that other services could similarly try and ban them, but Beeper hasn't seemed to have much trouble with the other services.


I’ll just say that personally the iMessage portion of Beeper is the only compelling offering for me personally. I do not care about centralizing my chats. I do care about being able to access my iMessage conversations on devices other than my iPhone- my only Apple device. iMessage is the only application I ever use, messaging or otherwise, that I cannot access from my computer.

I don’t entirely disagree with your perspective, just want to point out that it’s not just about blue bubbles as a status symbol.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: