this post was submitted on 12 Jan 2024
1 points (100.0% liked)
random
1 readers
57 users here now
Catch-all for uncategorized or purely random content. Also, "random" items from the Fediverse may appear here.
Rules
Do not post or link to any illegal and/or copyrighted material.
Any sensitive or inappropriate submissions will be removed.
Be respectful of other people's opinions and behave yourselves.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
About 41% of American mobile phone users have an Android phone, which means that any time an Apple customer tries to have a conversation with a colleague, a merchant, a loved one, a friend or a family member, there's a 4 in 10 chance it's going out "in the clear," with zero privacy protections.
30/
This is not good for Apple customers. It exposes them to continuous, serious privacy risks. Our mobile devices are keepers of our most intimate secrets, and when mobile security fails, the consequences are grave, as Apple discovered in the hardest way possible, ten years ago:
https://en.wikipedia.org/wiki/2014_celebrity_nude_photo_leak
Apple's answer to this is grimly hilarious. The company's position is that if you want to have real security in your communications, you should buy your friends iPhones.
31/
Presumably, if those friends - or merchants, or colleagues - don't want to change operating systems and throw away their device and all their apps, you should just stop talking to them:
https://finance.yahoo.com/news/tim-cook-says-buy-mom-210347694.html
One of the clinical signs that someone is in a cult is that they are encouraged to isolate themselves from people who aren't also in that cult:
https://en.wikipedia.org/wiki/Isolation_to_facilitate_abuse#In_cults
32/
But there are billions of Apple customers and only a small (but vocal and obnoxious!) minority of those customers are actual cult members, which means that there are billions of people who'd prefer to have private, secure communications with everyone in their lives, not just their fellow Apple customers.
33/
That's where #BeeperMini comes in: it's a third-party Android version of iMessage that builds on the work of a teenager who reverse-engineered iMessage and found a way to let Android users receive secure messages sent by Apple customers:
https://pluralistic.net/2023/12/07/blue-bubbles-for-all/#never-underestimate-the-determination-of-a-kid-who-is-time-rich-and-cash-poor
34/
This was an immense service to Apple customers, correcting a gaping security vulnerability in Apple's flagship product, that had been deliberately introduced, putting the company's profits ahead of its customers' safety and privacy.
Apple immediately rolled out a series of countermeasures to block Beeper Mini. When The @[email protected]'s @[email protected] asked them why, Apple said they did it to protect their customers' security (!!):
https://www.theverge.com/2023/12/9/23995150/beeper-imessage-android-apple-statement
35/
The company claimed that there was some nonspecific way in which Beeper Mini weakened the security of Apple customers, though they offered no evidence in support of that claim. Remember, the gold standard for security claims is #ProofOfConcept code, not hand-waving:
https://nostarch.com/gtfo
36/
For its part, #Beeper engaged in a brief but intense cat-and-mouse game with Apple, taking countermeasures and countercountermeasures to preserve Apple customers' access to secure communications with Android users:
https://www.eff.org/deeplinks/2023/12/without-interoperability-apple-customers-will-never-be-secure
37/
Apple used its $3 trillion megaphone to condemn Beeper Mini even after Beeper published source code for Beeper Mini so anyone could verify that nothing nefarious was going on:
https://blog.beeper.com/p/beeper-moving-forward
Meanwhile, Apple's cultists rallied behind the company. Not only would No True Apple Customer ever want to have secure communications with an Android user, but it was unfair for Beeper to profit by accessing Apple's messaging infrastructure, which Apple has to pay to maintain.
38/
This is some serious upside-down cult logic. Beeper isn't accessing Apple's infrastructure: Apple's customers are accessing Apple's infrastructure. If there were no Apple customers trying to talk to Android users, there would be no load on Apple's servers.
But those customers don't count. They aren't real Apple customers, because they want to do things that benefit them, not Apple's shareholders. In other words: they're holding it wrong.
39/
I'm Kickstarting the audiobook for The Bezzle, sequel to Red Team Blues, narrated by #WilWheaton! Pre-order the audiobook and ebook, DRM free, as well as the hardcover. There's also bundles with Red Team Blues in ebook, audio or paperback:
http://thebezzle.org
eof/
@[email protected] It is very difficult to make a giant corporation understand something when they make billions of dollars not understanding it.
Apple did fine up to 2007 without setting up an HOA for their platform's software. Actual market forces —consumers voting with their $ and pressuring software makers— did a decent job of keeping software standards high.
There's e-mail conversations between jobs and other senior Apple VPs mentioning how the whole app store setup is the way it is because they didn't know what they were doing so they would just set it up like the iTunes music store and see what happens. The expectation was that the 30% cut would eventually go down, maybe even go away.
The closed app store model also was chosen in part to placate carriers who were worried about rampant network overuse by uncontrolled software.
All the arguments these days for the status quo are basically self serving. They may actually believe them, but see first paragraph of this comment.
@[email protected] I seem to recall one passionate pro-Apple commenter specifically argue that Beeper Mini somehow hacked/trespassed on Apple's infrastructure/IP, thus the weakened security of iMessage.
They're not necessarily wrong in the claim that Beeper Mini is a hack. It is, in the sense it subverts the assumption that only Apple devices can use Apple services. It's also quite ironic:
@[email protected]
Stupid anecdote but...
I'm on a pickup soccer group iMessge. They wouldn't let me join due to the bubble colors going blue/green (I wouldn't know or notice as I never use Apple stuff). I had someone volunteer to be my intermediary and let me know when when who was in for 8 months.
Eventually I found an iPhone someone was willing to give me and I only use it for that group text now.
@[email protected] IIRC, I think that the argument was that Beeper was a literal man-in-the-middle. Ergo, the blue bubble which means it’s encrypted was now silently decrypted by a party (Beeper) that users didn’t choose and couldn’t opt out of. Beeper literally made it work by running iMessage on their own Macs and relaying the messages to the app, right? That architecture undermine iMessage security for anyone unknowingly routing messages through that, no?