this post was submitted on 10 Oct 2023
1125 points (97.0% liked)
Technology
59708 readers
1864 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
AFAIK there is no open source messaging app that support RCS yet. It's not even included in android AOSP (or is it? I can't find any reference). It would help with adoption if google actually open-sourced the RCS client app.
They won't let any third party apps use it so they are basically as bad as imessage.
The simple fact that iMessage has 0 interoperability makes it much worse than everything else.
So I doubt RCS could be as bad except if they remove the ability to operate with other RCS clients. And even for Google and Samsung that would be extremely stupid.
At least it sends standard SMS to everyone without an iPhone. Wouldn't call that 0 interoperability
I've just been googling a bit because I haven't read about RCS in a while, but I remember thinking then that the show stopping thing is that it's not E2E, and Apple would be dumb to move to since iMessage is. It seems now that E2E is supported but requires clients to support it, which tbh seems the worst of all worlds. At least today I know blue = encrypted, green = not encrypted. If it's optional and we end up in a "is this encrypted? we'll see ¯\(ツ)/¯" type of world that is honestly terrible. I also don't know how great it would be if you have to rely on the client vendor to accurately report encryption status because there are some I trust, and especially when it comes to "just download whatever RCS client you want" I absolutely would not trust that.
iMessage is only E2E encrypted if both users have iCloud disabled or have gone into their iCloud settings and enabled “Advanced Data Protection”
Wow, thanks. Always assumed E2E was enabled by default. That sucks.
The message transit encryption is on but backups are unencrypted by default, which makes it quite pointless
Fair point. It looks more specifically they're not if you enable "messages in iCloud" or iCloud backup with messages.
“Enable” is incorrect, and why I was warning you about it. It’s on by default, so you need to “disable” it if you want E2E encryption
A blue bubble is unlikely to mean a message is E2E encrypted. That may not matter for your threat model, but Apple almost certainly has the decryption keys for your messages
Also very good point. My threat model is I don't want script kiddies with shit that they can get (optionally) off of eBay to be able to read my messages because too many places still default 2fa and other identifiers to SMS. Until RCS defaults to E2E at least in transit, that's tough. From there it's still going to be the mercy of what the OS vendor decides, like Apple in this case. That said, if I were worried about government actors or a targeted attack, I would 1000% used advanced data protection.
Anyway, upvoting your comments as much as I can (+1) because you're totally right and it's a consideration you should have.
So essentially they're just as bad as RCS. Both hamstrung by the limitations of their encryptions interoperability
Hamstrung in different ways?
RCS predates iMessage, but it was never widely adopted. Google has been running with it, but it’s been with Google-specific changes to the protocol
If they can get others to adopt their extensions as a standard and offer an open source example implementation, it could probably be better than iMessage
Google has a problem getting other people to use standards they work on because they drop support for them all the time, though
The RCS e2e extension is client controlled, the client app knows if it's active
RCS is only interoperable with apps and carriers that adopt the Jibe protocol, so not much has changed.
Forgive me if I'm mistaken but did Signal adopt RCS? I they abandoned SMS for RC- if I recall - couldn't SMS my friends on it anymore and abandoned ship lol
Edit: wait, I don't think signal is open source
I don't know what you're talking about. Signal does not use RCS and it is open source.
ASFAIK Signal doesn't support RCS, only Signal protocol, after they dropped SMS.
This seems to be the mistake I made - thank you for clarifying :)
Fundamentally the problem is that SMS is rather dated and doesn't support a lot of features expected of a modern messaging app. Apple decided to do what Apple does and made their own proprietary protocol that runs parallel to SMS. When you send a "text message" on iMessage it checks if the person you're talking to is also using iMessage and if so sends the message via Apples private service. If they aren't using iMessage it dumbs things down and send it via SMS as a fallback.
Google came along and more or less did the same thing but made their protocol (RCS) licensable which makes them slighty better than Apple, but it's still not as good as an actual open standard.
Signal is yet another solution, but they were primarily focused on security and encryption rather than new features, but fundamentally they did the same thing as iMessage initially. About a year or two ago Signal dropped the option to fallback to SMS so now you can only send Signal messages between Signal users. Unlike Apple or Google, signals protocol is open, but Signal itself is closed source and I don't believe they allow interop with their service so I'm not sure their protocol being open actually does much good.
Basically everyone sucks in their own way, but if you want SMS interop then the least bad option is RCS currently.
Signal is almost entirely open source but not interoperable
Well that's interesting. I didn't think they had made their server source available, but I just checked their github and it does actually have a repo for their server.
Signal is open source. The only part that isn't is the server side spam filtering.