Apple saw that the current SMS implementation was flawed in many ways and sought out to improve/replace it. For example, all of the carriers (at least in the US, with the exception of the underdog Sprint) charge an exorbitant amount of money just to send/receive text messages. I pay $20 per month for that ability. SMS also has a limit of 160 characters. It also only works via cellular, whereas iMessage works via data connection. This is awesome for me, as I live in the boonies where I don't always have a cell connection (but do have excellent wifi). Being able to reply from multiple devices is also nice. Let's not forget all of the little 'nice-to-haves' like knowing when a message has been delivered and/or read, knowing when the other party is replying, etc...
Alas, they did this because the carriers wouldn't. Prior to Apple releasing the iPhone, you couldn't buy a phone that didn't have some one-off UI, preloaded with garbage apps, etc... Apple forced the hand of the mobile industry with their iPhone (this is obvious to many, but concrete evidence exists inside of the Samsung vs. Apple court documents recently released)
Apple is now doing this again with iMessage. They took something that really needed revolutionizing, and did it. It began as something great for members of the Apple ecosystem. They used their users and platform to prove it, and it's been successful. I can communicate via my Mac, iPhone, and iPad in a (mostly) unified experience. So, I do agree and hope that this expands to a wider audience. That being said, it will be tough. An open consortium leads to all sorts of issues (ahem, Android) and sometimes having one chef in the kitchen yields the best overall experience for everyone (Apple).
AFAICT Apple did not revolutionize Instant Messaging with iMessage.
I type a phone number in, begin sending a message, and that seamless/transparent handshake occurs in the background where the device I am about to message tells me it's an iOS device supporting iMessage. I don't need to change the way I use my device.
I don't think that I need handholding from a protocol to the extent that it saves me from putting their chat address in my address book. If I don't know it, I can text them and ask:)
I don't ask their home number to automatically give me their work number.
With BBM, you get end-to-end messaging between BlackBerry phones, with no limitations on the lengths of messages. You get a typing notice, delivery notice, as well as a read notice. You can transfer files, pictures, and video between devices.
BBM is also very tightly integrated into the OS, more so than any other platform. It requires no set up on the part of the user, all they need to do is exchange PIN numbers with their friends. No signup, nothing, it just works. Moreover, it allows developers to incorporate into their own apps, so they can provide in-app chat capability, as well as app-to-app communication ability (e.g. a multiplayer game initiated with you and a BBM friend). What's even better is that if that friend doesn't have the particular app/game installed, you can invite them to download it. When you go to invite a friend to use the app with you, it will only show you BBM contacts with that app installed (i.e. BBM knows what apps your contacts have). It's a pretty powerful setup, especially when combined with push notifications. It is leagues ahead of what XMPP can provide. Just ask WhatsApp or Kik.
RIM misstep (amongst MANY) is that they didn't translate this to other devices. They have delayed BBM on the PlayBook while they updated their infrastructure to allow 1 user to use BBM on multiple devices with multiple PINs. They're fixed this a while ago, and will release it for BlackBerry 10. They also don't have a desktop client available for public use.
So while iMessage is definitely an improvement over SMS (pretty much anything is), it still has a lot of catching up to do to BBM. Old school BlackBerry OS is a pretty shitty system, but they did get BBM right. Apparently, it's going to be very improved for BlackBerry 10. Here's hoping it is.
Edit: Reading some other comments here, I realize that iMessage's "innovation" is that when you send a text message to a phone number, it checks to see if they use iMessage too, and sends it that way instead. While that's cool, it's by no means revolutionary. Furthermore, you're still shackled by the limitations of SMS messages. That can be good, can be bad. Finally, I'm unclear of what happens when you're on your Mac or iPad: do you iMessage someone using their phone number still? Is that the unique ID?
iMessage supports all of the end-to-end messaging features above, but doesn't support letting devs use the messaging function other than being able to send one-off messages with attached photos / movies in iOS. Apple has something more like Xbox Live for doing in-app voice chat / messages (GameKit).
Having multiple platforms for messaging is silly. Absolutely silly. If I have an iPhone and so does my sister/mom/random-stranger what am I guaranteed that we both have in common? One single messaging app. I don't want to ask a random stranger if they've used X Y Z free messaging app, that doesn't fly.
With iMessage, I can talk to maybe one or two people that I know. With gTalk, I can and talk to them all, even those on iPhones.
iMessage is not revolutionary. If anything, it's a step backwards. We've had BBM as a vendor locked message system for many years already.
so what if shes on windows or android or blackberry or not using a smartphone. It works seamlessly as well if you both are using the same app to text. Theres nothing revolutionary about it.
Then she, transparently, gets an SMS instead, and I don't have to give a shit whether or not she has whateverthefuck app
Security is great, and everyone wants to know that their text messages are as secure as possible. When it comes to iMessage, however, I've yet to meet a single regular user who counts improved security as a reason to use iMessage. Heck, none of them even think iMessage is more secure than a regular text message.
What do they use iMessage for? It tells you when someone read your text. It tells you when someone is responding. It sends faster than regular text messages and confirms that it's actually been sent. Even more importantly, it allows us to send international text messages for free. As a Canadian being charged $.35 per text to the US (even though US and Canadian numbers formats are identical), this means I don't need to reroute a Google Voice number through 3 numbers just to keep in touch with my US friends.
The selling point of iMessage has never been technical; it's been functional.
Among those who do know the difference, my experience is that by far the most common reason to use it is to avoid paying for text messages. (I'm in the US here, so it's common.) A secondary reason, but really secondary compared to that, is the fact that it works on other iDevices, not just iPhones.
Until I read these comments, it didn't even occur to me that security might be an advantage of iMessage. I think the number of people who use iMessage because of that is roughly zero.
FaceTime doesn't fail merely because it's a closed protocol. It fails because it's a closed protocol and the application has no way to fallback to other networks in order to communicate with non-Apple people.
You don't think providing good features to users or creating a competitive advantage has anything to do with it at all? I agree lock-in is part of the equation in large part because Apple doesn't care about other platforms but there are definitely many other reasons these things exist. When/If it's in their best interest to support other platforms they will. (iTunes for Windows, for example)
However, FaceTime was supposed to be submitted to be made into a standard, but I haven't heard much about that, and with the percentage of time that FaceTime breaks for me, I'm guessing that it's a pretty nasty protocol and they're too embarrassed to follow through. Hopefully iMessage is better.
I can't help but get the feeling they deliberately make these false announcements to generate goodwill. The gatekeeper misinformation in particular seems to be extremely pervasive and it causes users to believe Apple is acting in everyone's interest: it improves security and is free for developers, right?
Of course, it could just be accidental. Which would strike me as odd for a company that so closely guards what it communicates.
The Ars Technica article also is pretty clear:
If there is confusion it may have been from reading more into what Gruber wrote than was actually there.
The Gatekeeper certificates are free to registered developers, but I don't Apple ever suggested that you didn't have to be part of the Apple Developer Program.
Security against evesdropping comes down to one and only one factor: The evesdropper cannot distinguish the bytes transmitted by iMessage from a stream of random bytes.
This is a solved problem, and getting it right in practice comes down to the simple rule, "Don't try to implement a crypto scheme. Use an existing library."
That's so easy to do nowadays that Apple would have to be breathtakingly incompetent to get that aspect of the security equation wrong.
I'm worried I did damage by posting that. I'm mortified to be an instance of an incorrect loudmouth spreading misinformation, especially in security.
I should've known better than to speak about stuff I haven't experienced firsthand (other people's competency levels).
To build something like iMessage, there's basically three discrete levels (this is a little "handwave-y", but I think conceptually accurate):
You have the underlying cryptographic primitives. This is what people spend hours arguing about on the internet, but is actually probably the least of what you should be worried about when designing a system that uses cryptography.
Any good system should be using sound primitives, but the primitives don't by themselves really do very much, so you need to combine them into something useable (and by you, I mean whoever wrote the library you're using, which hopefully is one that's been through a lot of analysis).
So now you've got a cryptographic system (which is composed of usually several primitives, hopefully all of which are sound); but even this system doesn't actually do what you need it to do, it's usually just a function you call to perform some operation as part of the larger thing you're building.
So for something like iMessage to be sound, Apple had to do the following (either explicitly, or implicitly based on what libraries they chose):
1.) Pick a bunch of primitives (which isn't hard, and if there turn out to be problems, a lot more things are screwed than just your application)
2.) Pick a library (which is a little more difficult, and security problems with libraries still get discovered all the time, but let's also assume that they did their homework and both chose and implemented sound ones)
3.) Write the actual application to be secure (which is surprisingly difficult to do right, even when you work for a company with a mountain of cash)
They most likely actually started with number 2 (which would have dictated number 1).
I would argue that the likelihood of vulnerabilities in number 3 is astronomically high (but again, hopefully not ones so severe as to render the system pointless), moderately high in number 2 (just look at how many vulnerabilities are still discovered in OpenSSL for example), and probably low in number 1 (which is the part they probably didn't even pick, as it's generally determined by the library).
iMessage isn't the most complicated piece of software ever written, but there's still a decent amount of functionality it provides, and you'd be surprised how easy it is to screw up systems that use certificates (again, not because of problems with the primitives).
If you have a problem with a closed service working only within a walled garden, maybe you should look at an actual open standard instead, like XMPP.
It may not have "end to end" encryption, but at least you get to know how it works and how secure it really is.
Nobody is forcing you to use Imessage. Apple may encourage you, by permissive defaults, yes. But nobody is forcing you to use it. It can be disabled. You can even buy a phone not made by Apple and avoid the problem all together.
If Apple can read these things, then so can divorce attorneys and criminal lawyers via subpoena. There would be records of that.
Anyone have knowledge of iMessage subpoena results?
We know of at least two: one reaches public court records. The other level we know about, for sure, is NSA level stuff, which remains secret forever as a matter of national security. Do others exist? For example it's possible an agency could use the information to gather internal investigation evidence, and keep that evidence dark only using it for further gathering of more traditional evidence. That way their techniques would remain secret.
Anyway, the technique of discovering government agency abilities through court records seems to be a vital part of our civilian rights that I don't see enough information about. If anyone knows anything about it and reads this, please share some info!
2. XMPP is not true peer-to-peer. If you are a fan of XMPP as a p2p "solution", and you're not the XMPP provider trying to make a buck offering this "service", then I would say you don't know enough about p2p.
3. If you really care about end-to-end cryptography the solutions exist. Working with the nacl library is not rocket science. It's a lot simpler than SSL/TLS. And I don't see any cryptographers cracking nacl anytime soon.
4. Decentralised and open platforms are not really tough if you keep things simple. But for most (but not all) designers of these systems that seems just about impossible. If it's not complex it's not worth their time.
The biggest challenge I see with good, easy cryptography and a decent, simple peer-to-peer platform for the general public is that you will have a huge PR problem from day 1. Because the only folks who will want to use the system will be troublemakers who attract the wrong kind of attention, and a handful of smart people, like cryptographers, who no one pays attention to.
This doesn't really preclude things like federation, but it's a fundamentally different approach from XMPP (though bridges are possible -- see, for example, Verbs app, also see how buggy it is, and What's App, which apparently is pulling it off quite well). But bare XMPP doesn't really work that well.
A cell phone is always on, so depending on the solution, I'm either always "online," or always "away" with some single blips of "online". Me being "online" doesn't mean I'm really paying any attention, I just took out the phone for a second while my friend was in the toilet, or anything, and now I'm gone, but will still appear as green for some time.
What's App and iMessage solves this by replacing online with read receipts, and in case of WA, "last seen online" data. Much less pretense makes it way more informative.
It's built into the normal iPhone texting application and turned on by default. When my Mom texts another Apple user, iMessage will automatically route her message over the Internet. She doesn't have to approve this, and honestly, probably won't even know the difference.
Do you know if messages are encrypted from device-to-device on BBM or if they are just encrypted to the hub like I message seems to be
The same is not true for BBM messages sent via the BlackBerry Enterprise Server (BES). Those are also encrypted, but using a key possessed only by your company's IT department. That means that if someone wants to read you messages, they have to subpoena your company. RIM can't help them, at all.
I'm not sure what happens when a BlackBerry connected via BES sends a BBM to a person using BIS, or even another BES network. Either decryption and re-encryption occur, or it reverts back to using RIM's private key. But it would be safe to assume that BBM messages sent within your own company's BES network are safe and secure.
I do not think you can claim it fails because it still works after removing the SIM card. You cannot claim that SMS fails on the security front because you can receive SMSes without logging in to iCloud, either.