They've stated that they are using Mac minis as relays. They claim that they do not store messages or credentials, but I don't see how that's possible if it relies on a Mac or iOS relay server that they control.
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
deleted
They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.
That would likely still give them a capability to MitM but it's plausible that they couldn't passively intercept the messages.
They use a Mac mini somewhere to route these messages. So you're logging into that Mac mini with your iCloud credentials. Sounds like a privacy/security nightmare and creepy as fuck.
It seems like all efforts to "bridge" imessage to anything outside apple software work this way - there's a Matrix bridge and a dedicated open source app and they both rely on the imessage client on a mac. Is there a legitimate reason for it not being reverse-engineered yet?
Is there a legitimate reason for it not being reverse-engineered yet?
The actual protocol isn't a secret. It's that the authentication of the device relies on a hardware key, and that key is fully locked down by Apple (as it also secures the user's biometric logins, keyring, financial information in Apple Wallet, etc.).
I predict one of two outcomes once Apple becomes aware of this. Either they'll modify the iMessage protocol to break Nothing Phones compatibility, or they'll sue Nothing Phone for violating some kind of IP law. Apple absolutely wants to maintain their walled garden and letting a non-Apple product transparently interact on equal footing with Apple products runs counter to that.
Solving the "blue bubble" problem is easy. Stop giving a fuck about what iPhone users care about.
Or Apple can stop being a bitch and just change the hex code.
The stupidest thing about this is cultural identification with the message apps "bubble" color.
Isn’t it the fact that there will be features missing if someone doesn’t have iMessage? I genuinely don’t think anybody would care if it were just the color of the bubble that was different and nothing else.
I think green bubbles (non iPhone) means it's using SMS so it can cost people money to send messages, especially images which would be sent as MMS I guess.
I'm an Android user though so I don't really know. Also I'm in Europe where nobody cares and just uses Signal, WhatsApp or Telegram.
This is dumb. For two reasons:
- the fact that a messenging service locks users into an ecosystem.
- the fact that to use this an apple device is still used in the background. This means you log in with your apple id on a device that does not belong to you and that can possibly read all of your messages.
RCS sucks ass. I have had more missed messages and fucked up communications due to it NOT USING SMS FALLBACK. other person isn't available via IP? Then FUCK YOUR MESSAGE.
Want a different app? FUCK YOU
Wanna sort your messages, or filter them, or run an automation? FUCK. YOU.
I don't blame apple for not implementing this shit.
Also, fuck bubble shaming
I haven't used SMS for anything besides receiving auth codes and maybe sending some short info to a stranger (for example a contractor). But then again, I live in Europe.
Teenagers today suffer unique threats to their health and wellbeing from technology. It may be super easy for you to say "who the fuck cares about the color" but that is far from the case for US teenagers. Willingly setting yourself apart from the group in high school is a precarious move in the best of circumstances.
And for the rest of us, this goes way beyond the color being used. The SMS/MMS fallback in iMessage offers a terrible experience for non-Apple users. Low quality media, inability to manage one's own memeberships in groups, and no encryption. For those worried about the lack of e2ee: Android users participating in an iMessage conversation don't have that today. You're not losing anything from this solution.
Legal disclosures prove that Apple knowingly uses iMessage in an anticompetitive fashion. It's a moat to keep people from switching away from iPhone. They are leveraging their position in the messaging market to shore up their restrictive phone products. I wish US antitrust enforcement was stronger in this area but until then, I hope Nothing has great success in breaking down this illegal barrier.
Really interesting how different the US is. Here in central europe it's pretty much whatsapp, telegram, signal. Most people use 2 or 3 of those. Doesn't matter what device they are using
iPhones are really popular over there. Most people have one. For teenagers it's something ridiculous like 85% of them using an iPhone. In Europe we have a more balanced split, so only using iMessage wouldn't fly here.
Personally, I miss out on a lot of group chats because all of my friends have iPhones.
They'll create a group chat, I won't get any messages, then suddenly I'm getting a call on Saturday saying "hey are you coming to the party?" or more often than not I don't get notified at all and end up hearing about all of the things I miss at a later time. It's annoying, but I really hate iOS so I deal with it.
I've got an iMessage server running on my NAS but it's not perfect, it requires that the iPhone user send the message to my iMessage account associated with my email, not with my phone number.
Honestly I'm typing this on a Nothing phone and if this appears on my phone instead of them actually fixing the many bugs I'll be quite pissed.
Every update this phone gets worse both in bugs and battery life and the company seems more obsessed with things like beer, clothing lines and now imessage than actually trying to fix anything that's actually important.
Nothing often gives me the impression that they sit around and get high off the smell of their own farts. Glad to hear there is some truth to this speculation.
This really demonstrates how apple has its customers and competitors by the balls when it comes to messaging. This OEM is putting time and resources into developing an unauthorized iMessage app using banks of mac minis as servers and requiring users to grant them access to their iCloud account, a system that apple could "break" or sue out of existence on a whim. RCS isn't the perfect solution, but it's better than this.
Google wants everyone's message data, that's why their pushing it so aggressively.
RCS is technically an open standard. But in reality it completely depends on Google's Jibe system to make it work for many carriers.
The recent anti competitive trials has shown Google is willing to pay apple billions for people's internet activity to go through them. With Google currently pushing anti iMessage ads to shame apple into supports RCS, Google has most likely offered Apple a lot of money to use RCS. Apple has decided it's not worth it.
Why apple isn't supporting RCS is unknown. But it either user privacy or user retention to their ecosystem. Either way they don't think more exposure to Google is good for their users. This 'open' standard is a joke. If it doesn't make Google money soon, they kill it like all their previous messenger projects.
When I watched MKBHDs video on this, my first thought was whether or not we could selfhost a service like this. If I could run this through my own Mac mini server to my own / family’s phones, that would be great. I don’t think I’d ever feel comfortable logging into my iCloud account on some company’s server with just their pinky promise as a guarantee.
You can self host this already, most likely what nothing is doing https://github.com/mautrix/imessage
Sunbird is closed source so you just have to take their word for it when they say they don't store messages or credentials. How the fuck could you know if they're lying or not? You can't because it's closed source.
As much as I have issues with the similar Beeper, at least Beeper is open sourcing their bridges.
Just read through their faq
Some of the messaging community believes that software that is open source is more secure. It is our view that it is not.
That's a nope from me.
They host their iMessage related shit the exact same way, so the amount of trust in the service is basically identical, at 0
Apple will just block it once they catch on
In a video from MKBHD they mentioned this problem and they said that the idea is basically that Apple will not block it because it will bring them bad PR and attention from regulators who are concerned with anti trust issues. Hard to predict what will actually happen but Apple just blocking 3rd party access and citing (legitimate) privacy and security concerns seems to be a likely outcome.
It's also noteworthy that the RCS platform adopted by companies worldwide is run by Jibe, a company owned by Google. Doubtless, Apple doesn't want to use Google's servers any more than it needs to.
"open protocol" my ass. Google just wants control over everything.
Except companies can run their own. In Google messages it tells you who runs your server. Most carriers ran their own, but when they realised there was no benefit (e2ee) and having to maintain it, they started shifting to Google ran servers.
The blue vs green bubble thing never really bothered me. As long as I can communicate with the person I'm talking to, I don't care how the messages are sent, unless maybe if I don't want a message to be sent over plain sms. It's ridiculous how it has become a status thing.