this post was submitted on 18 Dec 2023
237 points (96.5% liked)

Technology

59366 readers
4151 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

US senators have urged the DOJ to probe Apple's alleged anti-competitive conduct against Beeper.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 25 points 11 months ago (1 children)

That's an inane argument. Your message always gets decrypted at its end point. Beeper wasn't doing MiTM attacks. They weren't hijacking messages. They functioned and behaved as a legitimate end point. If you don't want a non Apple pleb getting your messages, you simply don't send them one. Which is basically what your complaint boils down to.

While I agree Apple should have some control over their network. Which they clearly don't in any way that matters. The controll they're exerting shouldn't be allowed. As long as beeper were behaving, which they were. They should be allowed. That you feel security is defined by being handed by a company inept at security in this case, that's your problem. Secure messages are sent and received from all manner of platforms regularly without issue. No Apple required

[–] [email protected] 0 points 11 months ago (1 children)

Ok, I'm sorry but this comment and this thread is just all over the place.

Beeper wasn’t doing MiTM attacks. They weren’t hijacking messages.

That we know of. Oh, and they're literally a man in the middle, someone the user shouldn't expect is in between the data they're sending. okay, I'll give you the middle is squishy here because it's really when it's decrypted on the client, but still...

They functioned and behaved as a legitimate end point.

Which, they weren't. They were spoofing credentials and accessing a system without authorization from the system owner. It doesn't matter if Apple left a hole in the system. Hell, they could have set the password to be '12345' it's still probably a crime, at least, based on this list of crimes:

having knowingly accessed a computer without authorization or exceeding authorized access

The whole thing basically reiterates over and over that just because you technically have access, that doesn't mean you are permitted.

While I agree Apple should have some control over their network.

Okay, makes sense.

Which they clearly don’t in any way that matters.

How many iMessage breaches has Apple had?

The controll they’re exerting shouldn’t be allowed.

The "control" is discovering that someone else made a copy of the key to their locks. If i told you that I now have a copy of the key to your house (but trust me bro I'm only going to use it like you would which means using your shit and and selling your food to others) oh and that now basically anyone has a copy to the key to your house, would you change the locks?

As long as beeper were behaving, which they were.

Which they were?! They literally are using fake credentials, accessing a system without authorization, using the infrastructure including the real costs of said infrastructure.

Secure messages are sent and received from all manner of platforms regularly without issue. No Apple required

Welp, you've just provided the closing arguments for Apple's lawyers and any sort of monopoly concern.

[–] [email protected] 0 points 11 months ago* (last edited 11 months ago)

The argument of security is bunk, Apple are integrating the more widely used RCS protocol into iMessage. It'll mean they won't need their own bespoke protocol either. Besides Apple is known for calling stuff security changes when really they rely on obscurity to not notice how insecure components are such as the method iMessage uses to authenticate now.

When done other apps for messaging will explode in commonality and blow the case open. They just need to finish implementing it.

https://www.engadget.com/what-is-rcs-and-how-is-it-different-from-sms-and-imessage-202334057.html