return to table of content

Show HN: Beeper Mini – iMessage client for Android

bogwog
149 replies
22h2m

This seems like it won't last, but it's AWESOME and I really hope you survive Apple's inevitable attempts to kill this. A universal chat application would be amazing, and will maybe help bring attention to the value of standards and interoperability (hopefully by governments/regulators).

chipgap98
74 replies
21h45m

I saw an article on the topic where the reporter spoke with Beeper's CEO, Eric Migicovsky. He seems to believe that blocking Beeper might cause problems for legitimate Apple user's.

Obviously that outcome is something he wants, but I still think its interesting.

[0]: https://www.theverge.com/2023/12/5/23987817/beeper-mini-imes...

hedgehog
36 replies
21h17m

Apple maintains iMessage compatibility with devices that are long out of support, if Beeper Mini is sufficiently similar to the client in for example iOS 12 then it makes an Apple decision to break Beeper fairly expensive. Even if they do the work to publish iMessage updates for the old iOS versions it just buys a little time before the new version gets reverse engineered, and that at the cost of poor user experience for the people with those devices in a form they will directly blame on Apple. Given all that I suspect he's right.

lxgr
35 replies
21h6m

Even if they do the work to publish iMessage updates for the old iOS versions it just buys a little time before the new version gets reverse engineered

There's probably a cliff in complexity. Once Apple starts requesting signed attestations from the secure enclave on the devices that have one, it's game over.

They probably don't just yet, since still too many people use iMessage on first-party clients that don't have one, e.g. Intel laptops without a T1 or T2.

ttul
22 replies
20h31m

If Apple does start enforcing signed attestations, they will say that it's to reduce abuse. I have no doubt (being in the anti-abuse world) that spammers and phishing gangs will immediately begin using Beeper to spam iMessage users because this allows them to avoid buying an iOS device. With end-to-end encryption, Apple may also decide to roll out privacy-protecting client-side spam and phishing detection, which would IMHO be a really great thing.

JoshTriplett
9 replies
18h27m

With end-to-end encryption, Apple may also decide to roll out privacy-protecting client-side spam and phishing detection, which would IMHO be a really great thing.

Spam protection should be on the recipient, rather than the sender.

c0pium
4 replies
18h19m

As we’ve learned very clearly over the last 20 years of commercialization of spam, that never works. The only tractable way to fight fraud and abuse is to impose cost.

justinjlynn
3 replies
14h40m

The massive prevalence of physical junk mail would refute your argument that even a significant per message cost would dissuade abuse.

devman0
1 replies
14h5m

Scope and scale is important here, the amount of junk mail from business interests outside of my immediate region is not very high. If physical mail were free and you could send it from anywhere in the world, junk mail would be so much worse than it is. You couldn't run a lot of internet scams at the costs of physical mail and be profitable.

SoftTalker
0 replies
12h9m

Probably not because even if the postage is free the paper, printing, envelopes, etc. are not.

ryukafalz
0 replies
1h58m

How many pieces of physical junk mail do you get per day? Now how many spam emails do you get per day? Include the stuff that lands in your spam folder, because we're talking about cost to send junk mail here.

I'm willing to bet the latter is much, much higher. It certainly is for me.

mkingston
2 replies
18h19m

That's a brief statement which makes me think I'm missing something obvious, but it doesn't seem obvious to me. Would you please expand on that?

JoshTriplett
1 replies
18h15m

I think it's a bad idea to lock out unattested clients, and as long as third-party clients are accepted, spam will always be sendable. If you're not doing end-to-end encryption, you can catch it at send time by having the server reject the client for sending spam. If you're doing end-to-end encryption, the only options are the sender or the recipient, and attempting to block it at the sender would require prohibiting interoperability.

nl
0 replies
15h51m

While I love the principle of accepting third-party clients, Apple clearly doesn't which make this argument fairly non-compelling for them.

jeroenhd
0 replies
3h33m

I disagree. Email has SPF and DKIM an what have you exactly because client side filtering doesn't work right. Mail gets dropped beforr the clients even get a chance to run filters.

That's not to say that requiring remote attestation or blocking third party clients entirely is proportional, but Apple should (and does) play a role in spam prevention.

sounds
5 replies
18h49m

The phone number registration https://blog.beeper.com/i/139416474/sending-and-receiving-me... will make it possible to enforce legal action against malicious and spammy messages.

Note that iPhones already receive SMS spam and fraud just like every other phone.

However, you are correct that the blue bubble is no longer a guarantee that the bad actor is using an iPhone.

azinman2
3 replies
14h45m

They do receive spam and fraud, but the numbers are orders of magnitude less than every one’s else BECAUSE it’s tied to hardware. I don’t know the details of how’s these guys got around it, but this is bad for the rest of us when phishing skyrockets.

smt88
2 replies
11h26m

I don't understand what you're talking about. I get far more SMS spam on iOS than I did on Android.

Whether the number uses iMessage or not is totally irrelevant.

hbn
1 replies
2h56m

How can you get more SMS spam on one platform than another? With SMS they're just blindly sending to your phone number, your SIM could be in any device. They don't know what platform you're receiving it on.

smt88
0 replies
45m

Android is much better at blocking it.

There were also differences in the platforms with how/when your phone number can leak to spammers and data aggregators, although I'm no longer deep enough into mobile OS or related CVEs to know current details.

lxgr
0 replies
15h29m

The phone number registration https://blog.beeper.com/i/139416474/sending-and-receiving-me... will make it possible to enforce legal action against malicious and spammy messages

Like the legal action that is currently protecting us from robocalls?

I don’t know if iMessage registration requires bidirectional SMS verification, though. If it does, that would be significantly harder to spoof than just caller IDs.

solardev
5 replies
20h8m

Maybe Apple needs an even blue-r bubble to set apart the super attested users from the mere blue bubble peasants

andygeorge
3 replies
19h53m

they could call it "apple blue" and charge a few bucks a month for it. People love that stuff

cozzyd
1 replies
17h57m

They can desaturate the iPhone / MacBook Air users to disambiguate from the MacBook pro / iPhone pro / max users. Also device age in years will add hints of green hue. That way people know they're talking to someone who can afford to spend thousands of dollars on hardware every year.

andygeorge
0 replies
3h50m

wait is this where "green with envy" will come from?????

reiichiroh
0 replies
12h20m

I’d pay for a blue Apple checkmark!

dylan604
0 replies
19h16m

I imagine the next color being purple since that's a sign of royalty. Hail to the king baby!

nroets
10 replies
20h4m

Apple can break Beeper without relying on the secure enclave: If Apple devices just send their serial number (IMEI for their GSM products), their servers can refuse to talk to hardware they didn't manufacture.

WheatMillington
5 replies
19h45m

How does this address iMessages sent from non-iPhone devices?

HenryBemis
4 replies
18h42m

If in the data sent across (via Apple servers) the IMEI and serial no of the device are also transmitted, then Apple can in that millisecond query on their various lists/inventories that this device is legit (activated device + IMEI + serial) and if all lights are green, proceed to deliver, otherwise drop it.

(perhaps different sets of data can be used, but it must be something that Apple already has, and the user has already provided (i.e. the iMessage email or the iMessage phone number, from the iPhone's enabled Settings)

rfoo
1 replies
7h58m

Do you mean that I now have a nice party trick - DoSing friends iPhone from sending iMessage? :)

fragmede
0 replies
7h44m

If you have a FlipperZero, DoSing iPhone users with Bluetooth is a bit of fun!

nl
0 replies
15h53m

As someone who once bought fake airpods on ebay, I can tell you that Apple can't do this.

I spent a number of days with them where they were trying to work out if they were fake. The serial number was real but they were fairly sure the number had been taken from a real product and reused, but were unable to say for sure.

I ended up just returning them (because of the ebay return window) but found it interesting that Apple couldn't easily check this, and was very aware of the issue.

collegeburner
0 replies
18h32m

you already have to do this to get certain apple services (including imessage) working on hackintoshes. turns out there's a really easy work-around: guess-and-check serial numbers on apple's web site until one works. they rate limit it a bit but you can usually find a working one without a terrible amount of hassle.

remram
2 replies
19h24m

Non-Apple devices could just lie

nroets
0 replies
12h8m

Beeper will know only a small number of valid serial numbers

If it ever becomes popular, there will be a lot of duplicate serial numbers. That's easy to detect and ban.

koffiezet
0 replies
1h8m

Not if they require a certificate containing the serial number/imei/... + a nonce provided by Apple, signed with a private key/certificate stored in the secured enclave, loaded into the device when it's manufactured.

1231232131231
0 replies
3h54m

I believe you can bruteforce/generate IMEIs somewhat easily. https://github.com/bstein/py-imei-generator

jonhohle
0 replies
18h29m

There’s also the registration process that could be locked down and/or hardened. There may or may not be additional metadata (including out of band) that could identify first-party clients.

I would think that’s the biggest issue right now. If spammers can register “real” iMessage accounts at scale without Apple hardware, Messages becomes less pleasant, very quickly.

afavour
32 replies
21h37m

That would make sense: because Apple have deeply coupled iMessage to the OS they can’t simply roll out a new version of the app with protocol changes that would block Beeper, they’d have to release entire OS updates.

No matter the method it would be a scorched earth approach. I suspect the number of people actually using Beeper will be far below a rounding error for Apple.

threeseed
13 replies
20h10m

because Apple have deeply coupled iMessage to the OS

No they haven't. On my Mac it's just an app and a reusable framework.

There is nothing stopping them releasing it on the App Store similar to Mail.

afavour
10 replies
20h7m

I’m talking about the iPhone.

threeseed
9 replies
20h2m

Messages is the same on OSX and iOS.

It's not deeply integrated into the iOS by any normal definition. It's just shipped together.

lotsofpulp
3 replies
19h38m

The Messages app in macOS is less capable than the Messages app in iOS. It cannot even edit sent messages.

a_carbon_rod
2 replies
18h41m

It can, by right clicking the desired message to edit. This is in macOS Sonoma, and I believe was a part of Ventura as well.

lotsofpulp
1 replies
18h33m

Oh interesting, I have a 2015 MacBook Air. Wonder if the feature is not available on whatever macOS version I have.

SllX
0 replies
18h23m

It’s a Ventura and later feature and your MacBook Air probably topped out around Monterey or earlier. 2016 MacBooks Pro also didn’t make the cut for Ventura.

chatmasta
3 replies
19h30m

Messages has a bunch of special privileges on iOS, which is why they had to add the whole Blastdoor protection framework and why it's such a juicy target for sandbox escape exploits.

saagarjha
2 replies
18h34m

Nope. It just happens to be on everyone’s device and usually enabled

chatmasta
1 replies
18h20m

Yes, and when it's enabled it has more privileges than most other apps, doesn't it? But yeah you can still remove the app.

Btw, maybe related, on iOS I have "app privacy report" enabled, to show me a list of apps and the recent entitlements they used. Every Apple app, even those that don't need access to them, is shown as having recently accessed my Contacts. I find this weird. Anyone know why they do that? e.g. I've never even used the Health app and yet it's accessing my Contacts for some reason.

saagarjha
0 replies
10h15m

It’s basically the same as any other app, there are some special permissions it has to integrate with the OS a bit better but nothing too interesting. Not sure what’s going on with Contacts but it might be a bug?

andygeorge
0 replies
19h51m

fwiw it hasn't been called "OSX" for awhile now

saagarjha
0 replies
18h33m

Mail is also deeply coupled to the OS. The app itself does very little.

afavour
0 replies
18h5m

There is nothing stopping them releasing it on the App Store similar to Mail.

In the sense that the app is just a wrapper around a system framework, sure. But changing that framework would be an OS release.

jotux
8 replies
21h9m

I'm not that familiar with ios apps, can they not push out updates to individual apps?

matthew-wegner
4 replies
21h5m

Not the OS-included ones, afaik. Some Apple apps are through the AppStore normally, which can be updated independently (i.e. TestFlight, despite its deep hooks).

philsnow
3 replies
20h23m

Why did google break out Google Play Services as a separate app, was that when they started integrating more with third-party android phone suppliers, and they didn't want to have to wait for OS upgrade cycles from slower-moving companies?

derefr
2 replies
20h13m

Probably they originally did it because Android has high-assurance embedded use-cases (compare/contrast: Windows IoT Core) where you want to strip out everything possible from the attack surface.

But mainly it's because base Android (AOSP) can be arbitrarily modified by the OEM; and Google doesn't want to have to trust installations of Google Play Services that have been arbitrarily modified by OEMs.

(Especially because those versions would likely all act differently-enough from one-another that they would be forced to loosen their server-side, network-traffic-fingerprint-based "authentic Android device" detection that allows them to ignore/block bots pretending to be Android devices.)

By shipping Google Play Services through the store, they can ensure that, on devices that run it, it's exactly the same code for every device that runs it, with no OEM alterations. (And they can also include various checks to reject devices that would try to alter that code at load time. This is the real reason why e.g. Huawei devices are blocked from using Google Play Services — they try to patch unspecified parts of the Play Services code while loading it, "breaking the integrity of the platform" from Google's perspective.)

riversflow
1 replies
17h54m

Man, that's contrived. Really its simple: Google seperates out Play Services so they can harvest user data from virtually all Andoid devices. It lets them market Android as OSS while still reaping the benefits of closed source data scraping.

hedgehog
0 replies
16h17m

derefr cited one reason but there's another that's relevant to this thread: updates. In the Android model handset manufacturers and carriers decide when (or if) to ship updates. Google distributing their apps through the store gives them a way to roll out new features to a reasonable portion of their user base.

threeseed
2 replies
20h7m

On iOS many of the individual apps e.g. Mail, Notes you can delete and then re-download from the App Store.

And as part of Security Updates they have patched vulnerabilities just in the relevant apps.

So there is nothing technical stopping them. It's just been customary to treat iOS as a product where all features ship together.

saagarjha
0 replies
18h32m

Apple never patches security vulnerabilities in individual apps except for Safari, and they’ve stopped doing that too.

lxgr
0 replies
13h42m

I don’t think this actually physically deletes the app, given that it’s back once you reset the phone. It’s most likely just hidden/deactivated until you “reinstall it from the app store”.

Actual updates require the app binary/bundle to be mutable.

nebula8804
3 replies
21h29m

Uptake for OS updates is very high on iOS though right? I heard a while back that it is like 90+% in 6 months. (could be totally wrong on that can someone confirm?)

afavour
1 replies
21h26m

There’s a ton of devices out there unable to upgrade to the latest iOS. Obviously you can release point upgrades for old versions but I do wonder what the uptake of those is like. I’d wager there are a ton of very old iOS devices out there. At the very least many more than there are potential users of Beeper.

dylan604
0 replies
19h11m

anecdote of 1, but i have a 6S+ that is kept up with any updates it receives which is 15.8. there maybe some devs that have older devices that they intentionally keep at even older versions, but if someone is using an old iDevice as a daily driver, they're probably still more likely to run the updates. at least, that's my reaches up and grabs for an opinion

pashky
0 replies
20h4m

Uptake of updates is, uptake of devices isn’t. Here I have 1st gen retina iPad from 2012 which is on the latest iOS available for it - 9.3.5 (from 2016, current version is 17.1.2). As of today FaceTime and iMessage still work perfectly fine.

That and reading the books is actually about the only thing it can do right now.

dylan604
2 replies
19h15m

You say this like Apple doesn't release OS updates. Why are you putting that as some arbitrary limiter to what Apple could do to protect its walled garden?

1231232131231
1 replies
3h52m

They don't usually remove features as important as iMessage from older iOS versions. I don't believe they push updates to the iPhone 7 and older anymore, so they'd be unable to use iMessage.

dylan604
0 replies
2h41m

I have a 6sPlus, and messages work just fine, and it may not be iOS 17, but I recently-ish ran an update for its OS that Apple deliberately updated (which you just know must have been an important update). You can stop making stuff up now

lxgr
0 replies
21h0m

Non-Apple legitimate users aren't the only concern for Apple: Once third-party clients are readily available, this makes spam much harder to filter.

Right now they can probably just ban known-spam-originating devices, which is much more effective than banning iCloud accounts since there is a much higher cost to the spammers.

crystaldecanter
0 replies
11h34m

will iMessage Contact Key Verification coming in iOS 17.2 break Beeper — or just make it super annoying like the “not a genuine Apple part” warning when replacing a screen or battery

meesles
1 replies
21h37m

It's not too hard to think through -

They would need to accept and verify a flag from messages that the copycats can't reproduce. At the very least that would require a client update from anyone using official iMessage clients, which covers many millions of devices.

Unless they're able to hook into already existing flags/keys on the devices since they already verify application signatures and a whole other host of things.

Apple can probably do it, but much like jailbreaking how fast can they release breaking changes?

IshKebab
0 replies
10h22m

They could probably require a new check but whitelist already registered numbers.

mattgreenrocks
1 replies
21h20m

What's brilliant is they get press either way this goes down.

dylan604
0 replies
19h8m

i understand no such thing as bad news/publicity, but if the 800lb gorilla squashes the little guy, then that's some pretty bad news. with the recent Twitt...er,X and reddit debacle with 3rd party apps, that 800lbs is pretty powerful when it wants to be

edit, because i used the wrong turn of phrase

superduty
29 replies
19h17m

What is currently not interoperable between the majors mobile OS makers?

rezonant
28 replies
18h58m

Well messaging for one thing...

Some others:

- Find my device features including Bluetooth ping networking (airtags, Tile, Android's upcoming network)

- Airdrop/Nearby Share

- Bluetooth LE proximity pairing (at least I doubt this works when pairing cross ecosystem)

- Carplay/Android Auto

- Airplay/Google Cast

collegeburner
17 replies
18h28m

okay but this "interoperability" is legitimately hard without degrading the user experience because apple's unique level of control allows it to produce a superior product with more consistency. airdrop is best-in-class; open-source solutions like wi-fi direct are dumpsterfires with trash UX. LE proximity pairing is, i believe, a custom chip apple put in airpods (h1 chip) because bluetooth is stuck in 2005 and still doesn't have easy pairing, full quality two-way audio, etc. carplay/auto have different feature sets and airplay is an objectively easier experience than google cast.

the EU is fundamentally interested in these changes regardless of consumer welfare. this is sour grapes because they fail at tech by every conceivable metric and by degrading everything to a common feature set and commoditizing certain standards, they hope to give domestic companies a prayer. that it prevents innovation and improvements is merely a secondary concern for the hard-headed anti-Americans in brussels.

nhumrich
5 replies
16h48m

apple's unique level of control allows it to produce a superior product with more consistency

Another way to read this: Apple has a superior product because they perform anti-competitive practices and don't allow other companies to out-product them. And when they do, they buy them/shut them down before anyone is the wiser.

collegeburner
4 replies
14h58m

editorialization. you know as well as anyone that restricting your feature development to your own platform rather than doing a retarded design by committee helps one innovate faster.

rpdillon
2 replies
13h25m

We don't need to speculate; internal emails from the Epic trial discuss the motivations.

https://www.theverge.com/2021/4/27/22406303/imessage-android...

In short, Eddy Cue proposed in 2013 that Apple owning the best-in-class messaging app would be a win, and even mentioned the cost being low. Phil Schiller shut him down, arguing it would remove a barrier preventing iPhone parents from buying their kids Android phones.

That reads like anti-competitive motivation to me. In particular, it looks like tying, where two unrelated products are connected artificially. The wikipedia article on anticompetitive behaviors has a section on tying, and mentions another case involving Apple that bears some resemblance involving iPods being artificially restricted to only playing tracks either from iTunes or direct CD rips.

So I think the anti-competitive angle has some real merit.

The innovation claim, though, I have a harder time with. I don't see how releasing Messages for Android implies design-by-committee. They could just release it, like Beeper Mini just did, but without the reverse engineering part.

rezonant
1 replies
5h8m

They could definitely just release an app for Android instead of opening the protocol, but as an Android user I'd reject it for the same reason I reject my Apple friends suggesting we all use WhatsApp or Signal: I don't want different conversations living in different chat apps for no reason. That to me is the bad old days of Facebook Messenger+Twitter DMs+SMS where I had to remember which platform each of my contacts prefers to use and then deal with missing features and an inconsistent experience all the time.

As much as I think Beeper's work on iMessage is important, apps like that do not and have never solved this problem. Because then you have different contact identifiers to contend with, the inability to make groups amongst those users, differing features, and the list goes on.

If you look closely at what I'm saying here, it's easy to compare it to what iMessage users say about why Android users create problems for them, and that's true. That's why messaging interoperability is important.

doix
0 replies
3h14m

Interestingly enough, in my life, WhatsApp has just won. Everyone I know uses it, people I meet when traveling use it. Pretty much every Airbnb host tries to contact me on WhatsApp. My physio right now in Malaysia organizes all my appointments on WhatsApp. But I only travel East of the UK, so Europe/Afria/Asia, I have no idea what South America is like, and can guess that it's not as ubiquitous in North America based on these threads.

I cannot remember the last time I've received a non-spam SMS. The whole iMessage thing feels so alien to me. My girlfriend is an Apple fan-girl and has never used iMessage in her life. I kinda wanted to see what was special about it and when I asked her about it, she had no idea what I was talking about.

rezonant
0 replies
7h45m

Innovation is a good thing, but for many items on this list there's no more innovation happening. Google Cast and Airplay have been mostly unchanged for the last ten years, and the same is true for Airdrop and Nearby Share.

You can definitely make the argument about innovation in the messaging space, but RCS is very extensible. RCS Encryption definitely needs to be standardized, but I recommend you check out how Google layered it on top of RCS [1] including handling fallbacks for corner cases like switching your RCS client away from Google Messages before the system realizes it.

This is to say that RCS is pretty flexible, the key is handling the fallback paths in the extension design and working with other vendors to standardize promptly, so we don't end up with the same kind of broken mess that the carriers made.

[1] https://www.gstatic.com/messages/papers/messages_e2ee.pdf

Kab1r
5 replies
17h15m

It's really not. Just make the "superior product" interoperable.

omeid2
4 replies
16h42m

But it often not that simple, anyone who has done cross-platform development can tell you this by heart, it doesn't matter what you do, you must adhere to the lowest common denominator. Interoperability isn't free.

Kab1r
3 replies
16h36m

I'm not asking them to implement these things on every platform, but it's not difficult to make documentation they certainly already have about protocols available.

omeid2
2 replies
10h1m

Protocols calcify when you don't control all the endpoints, consider the case in point, iMessage, it is seems like there is some security implications for spoofing iMessage for any random number, yet, apple's recourse is very limited if it can't update all the endpoints (devices).

The same is also true, say about AirDrop, if apple makes it "Open" and they have to make a breaking change for security or whatever reason, they can't feasibly even make an update available for non-apple devices let alone enforce it.

Now "Apple" has broken your non-apple device and along with it their reputation.

Open is good, but the cost is non-zero.

rezonant
1 replies
5h14m

By that logic the Outlook for Windows team should be responsible for patching Gmail for Android.

This argument is silly. You could use this line of reasoning to justify why all computers should use the same OS from the same vendor. Of course then you'd have a monoculture where implementation bugs that cause vulnerabilities are universally exploitable, instead of only exploitable on machines running that vendor's software.

redserk
0 replies
4h9m

This isn’t uncommon at all when dealing with development that requires interoperability.

Far from it, actually.

If a part of your user base uses another service, you’ll inevitably have to add workarounds specifically to cater to users for that service. It’s just a fact of life when multiple groups have to implement a spec. If you aren’t willing to add workarounds, users will think your software is broken when they should be blaming someone else.

For example, Firefox maintains a few workarounds for websites that ship in the browser. They aren’t the web developers responsible for the sites but someone has to make it work.

Interoperability is not free.

goosedragons
2 replies
15h42m

Have you used Nearby Share on Android? It's IME just as good Airdrop, the only real issue is that it's not baked into Windows PCs like Airdrop is with Macs (confusingly MS has their own thing called Nearby Share for Windows devices). I've actually had less issues with Nearby Share, my iPhone stopped sharing to my mini after a few months but could talk to everything else. Android solved BT pairing in a superior way years before with NFC pairing. Touch two things and paired. I could get my airpods to pop up on my iPhone 1/10 times. Finnicky, overhyped crap IMO. Only reason NFC pairing didn't catch on is Apple holding the NFC chip hostage for the sole use of Apple Pay.

collegeburner
1 replies
14h56m

yes, i primarily use an android phone. nearby share is janky and terrible. additionally, the fact that it's not built in everywhere is a ding from the standpoint of an end user.

rezonant
0 replies
5h17m

It is built in to the Share dialog, so it is accessible anywhere the Share dialog is shown. And when you copy something to clipboard, the popup at the bottom includes Nearby Share. Where else would you like to see it?

Certainly not every iOS app has a custom Airdrop integration either.

Every time I've nearby shared it's worked just fine. What phone do you have?

zik
1 replies
17h8m

apple's unique level of control allows it to produce a superior product with more consistency

Honestly, this reads more like marketing spin to cover anti-competitive behaviour than a forum post.

collegeburner
0 replies
14h55m

i am not, nor have i ever been, employed by apple. i use none of their products as my primary devices. stop breaking the forum rules.

windexh8er
6 replies
11h31m

Find My / Airtags

Another Apple ecosystem that can be used by non-Apple devices. OpenHaystack [0] has been working well for quite a while.

[0] https://github.com/seemoo-lab/openhaystack

nolongerthere
3 replies
10h45m

Does this still work? that repository appears to be abandoned.

fy20
1 replies
10h27m

Apple did actually open up the network, there are plenty of third party devices that are 'Find My' compatible. It's intended for integration into things like bikes or scooters.

You can buy tags from AliExpress for $5 that implement it. I've been using a few for a couple of months, and no issues so far.

rezonant
0 replies
8h0m

It would be preferable if Find My capable smart devices could forward tag pings on to non-Apple owners and vice versa. Right now, Find My is strong in the US where iPhones are very common, but it works worse in places where most phones are Android, and vice versa for Androids in the US versus abroad.

You are referring to being able to track devices via the Find My portal on Apple.com or your Apple devices, but I am referring to being able to merge the networks so that Apple devices will forward pings onto Android's Find My network and vice versa.

mritzmann
0 replies
10h17m

that repository appears to be abandoned

The last commit and release is from october.

rezonant
0 replies
7h57m

See my comment below for why this isn't the interoperability I'm interested in. I don't want to use Apple's service, I want Bluetooth tag pinging to be standard across Apple, Tile, and Android ecosystem devices so that they all work equally well regardless of the percentage of one brand of phone or another in the area the tag is pinging from.

r14n
0 replies
3h17m

Is there a way to SEE the location of my Apple manufactured Airtags from Android?

fy20
2 replies
10h29m

- Carplay/Android Auto

Are there any headunits that only support one or the other? The cheap Chinese unit I got last year supports wireless for both. It would be nice to have an open protocol though, so third parties could develop alternative UIs.

tdy_err
0 replies
8h43m

Sadly, yeah- even in OEM units.

rezonant
0 replies
7h55m

Or so that there isn't a duopoly lock in for a new phone OS or an android fork that doesn't have Google Play Services on it. Just like Google Cast and Airplay, this should be an open standard, not a pair of incompatible proprietary locked down solutions.

wslh
21 replies
19h50m

One of my companies lives from this kind of things so it would last if someone could fund it. More food for thought: "Reflecting on 16 Years of Work on Adversarial Interoperability" (now, more than 20...) [1]

[1] https://blog.nektra.com/2020/01/12/reflecting-on-16-years-of...

smashah
20 replies
16h21m

Have you ever received C&D for your work? There's a big problem of OSS projects being TOS-trolled by billion dollar companies and having to shut down out of fear.

sneak
15 replies
15h13m

What would they demand they cease doing? Publishing software?

If the use of this software is against their rights in some way, the end users running it would be the ones in violation. Publishing original software is protected expression.

graphe
7 replies
14h33m
sneak
6 replies
14h30m

Emulation software isn’t wholly original as it needs firmware and software from the device so emulated. An iPhone emulator with no bootrom and no iOS isn’t very useful.

An open source client for an API need not include any non-original works.

graphe
2 replies
14h0m
rezonant
1 replies
4h50m

After digging in more I believe that is only done in that proof of concept. If that's the case then it's too bad they didn't go back and update the POC to avoid the need for the binary.

sprite
0 replies
3h3m

For the app it is probably just done server side.

lxgr
1 replies
12h31m

Depends on whether you consider a private key an "original work": https://github.com/JJTech0130/pypush/blob/main/albert.py#L16

The situation seems very similar to the AACS key leak back in the day: https://en.wikipedia.org/wiki/AACS_encryption_key_controvers...

comex
0 replies
11h33m

Note that a key cannot be copyrighted, but it can be considered a circumvention tool for access controls that protect other copyrighted works.

captn3m0
0 replies
12h49m

There is a very useful iPhone emulator with no bootrom and no iOS: https://touchhle.org/

It targets games, so manages to be useful without having to emulate or re-implement the majority of the OS.

lxgr
3 replies
12h37m

One prominent counterexample to this thesis is DRM circumvention software, which regularly gets taken down via DMCA notices. I wouldn't be surprised if Apple even invokes that particular law.

berkes
2 replies
11h20m

"Section 1201 provides for felony liability for anyone commercially engaged in bypassing a DRM system: 5 years in prison and a $500,000 fine for a first offense."

So it's even worse than the risk of being taken down. Way worse.

https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-w...

crystaln
1 replies
7h35m

iMessage is not DRM. It is not protecting IP.

Spoom
0 replies
59m

The component that tries to identify that you're accessing it from the right device isn't DRM? I don't think courts would agree with that.

p-e-w
1 replies
13h44m

Publishing original software is protected expression.

That means Jack Shit in a world where a lawsuit can ruin a person's life regardless of its legal merit, with zero consequences for the corporation that filed it even if it gets tossed out by a judge eventually.

LPT: Live as if human/constitutional rights didn't exist. Because if push ever comes to shove, you will quite possibly find that they indeed don't exist in practice.

rezonant
0 replies
4h48m

But there are consequences. Even if the financial costs are not meaningful to a big company, the backlash created by such actions can have wide ranging implications, from lost sales to loss of the public mindshare, to attracting legislative attention.

__MatrixMan__
0 replies
12h38m

Tell that to Alexey Pertsev.

wslh
3 replies
15h59m

You know, your question is very interesting: no, we didn't.

Anecdote: we reverse engineered several Microsoft products and before Microsoft Windows 7 launch we were contacted by Microsoft QA and they offered us support to check if our software was compatible with it! BTW, our software was installed in millions of computers around the globe. For example, Trend Micro used our software for supporting their antivirus in Outlook Express and Windows Mail.

Our Deviare Hooking Engine [1] was eclipsed when Microsoft Detours [2] turned to an MIT license and free. Even when our was superior in several ways. This is why I wrote that you should continuously fight for "adversarial interoperability".

[1] https://github.com/nektra/Deviare2

[2] https://www.microsoft.com/en-us/research/project/detours/

smashah
2 replies
15h52m

I agree. After receiving a C&D from Meta for my OSS project (along with some other maintainers from some other projects) I strongly believe adversarial interop is a basic digital right that is required to fulfil the broken or revoked promises of web 2.0

If you know anybody that can help please let me know because I want to get back to maintaining the project.

wslh
0 replies
15h43m

Did you contact specific organizations such as FSF, EFF, etc and/or specialized lawyers? There were well known people defending itself or being plaintiffs. For example, https://cr.yp.to/export.html

rezonant
0 replies
4h53m

What is the project? On what grounds did they C&D you?

Rygian
7 replies
20h41m

On the contrary, the EU law that enforces interoperability should put some wind under this project's wings.

hansoolo
5 replies
18h2m

Exactly what I thought

jackjeff
4 replies
9h28m

But EU interoperability laws are cancelled out by DMCA (aka EUCD). That’s why reading a DVD with VLC has always been “technically” illegal.

If Apple is able to update the protocol in such a way that it requires some kind of signed attestation from the secure enclave (basically a DRM) they’ll get legal protection.

Also. Nobody uses iMessage in the EU. It’s all WhatsApp here. Blue bubbles are an American obsession.

Youden
1 replies
6h47m

The recently enacted DMA requires interoperability. Unless Apple wins its case against iMessage being classified as a gatekeeper service, it'll be required to support interoperability. I'd be surprised if tricks like hardware attestation were compliant, unless Apple allowed other companies' hardware.

rezonant
0 replies
4h43m

Furthermore some implementations cannot provide hardware attestation, so it probably couldn't be limited to implementations which can, if the EU really means "interoperable"

tekknik
0 replies
1h42m

Blue bubbles are an American obsession.

No it’s not, it’s an obsession by a small number of users, not widespread at all.

rezonant
0 replies
4h45m

What exactly is considered bypassing DRM in the case of Beeper Mini, and what copyrighted content is the DRM protecting?

This might be news, but the DMCA laws don't allow you to restrict software which is compatible with your own, especially if the competitor never used your code.

geraldhh
0 replies
20h33m

it might even be the reason for it's existence

djvdq
5 replies
19h48m

A universal chat application would be amazing

You mean like WhatsApp, Signal, Telegram and dozens of different chat apps available for both Android and iOS?

bleachedsleet
3 replies
19h37m

Beeper is an app that unifies all the messaging protocols you mentioned (and others) into a single app. They are not introducing another protocol.

Universal in this context is referring to the ability to use a single app across protocols rather than the ability to use a single app across platforms.

jayknight
1 replies
11h33m

I miss the days of jabber being able to senselessly talk to aim, msn, yahoo, icq, etc. All chat contacts in one account.

anthk
0 replies
5h16m

Jabber transports, they were great.

djvdq
0 replies
11h19m

Ok, I get it.

It's what EU mandated and from March '24 all major chat apps have to be able to communicate with each other.

sohzm
0 replies
14h38m

Relavent xkcd: https://xkcd.com/927/

toastal
2 replies
10h7m

We had universal chat applications & standards and interoperability in the 2000s. Pidgin (et al.) + libpurple allowed users to use a singular application for chat--even the proprietary protocols. We also had (& still have) XMPP from that era which many of the big boys like Google jumped on, killed, then jumped off (EEE?). Are we just repeating history (https://ploum.net/2023-06-23-how-to-kill-decentralised-netwo...)? There’s an XKCD about inventing yet a new standard despite us having good ones for decades…

rezonant
0 replies
4h36m

This was never enough for me. On paper Pidgin did the trick, but you still had to remember which of your friends preferred which platform, you had multiple "friend" entries for the same person, many used silly pseudonyms that they certainly didn't go by IRL, you had no way to tell if your friends actually were monitoring each of their accounts (I uninstalled aim months ago, have you been sending me messages on it?), you couldn't have group conversations across networks without mental gymnastics or compromise, the features offered on each platform were inconsistent, both on their native apps and the features pidgin actually implemented.

That to me is not universal chat, that's just welding 10 chat apps into one, somewhat poorly.

That being said XMPP was well on the way to becoming something universally supported, and though the protocol itself was way more complicated and crufty than I'd like, it's a shame that Google particularly abandoned it for really no reason.

nani8ot
0 replies
2h56m

Given how many large chat systems are based on XMPP, it should be possible to select a set of standard extensions to interoperate with each other. Sadly, I don't see it happening.

vmfunction
1 replies
6h39m

A universal chat application would be amazing

It would be, however would not bet my chatting account history on a phone number. Phone number does get lost over time. Email is more reliable, but may be a private key for authentication instead. Also a modern day chat app, one would expect to have chatting over bluetooth as well Internet such as Briar, and chatting over Tor such as Quite would be much more needed.

nani8ot
0 replies
3h4m

I'm not so sure about email being more reliable than a phone number. I believe more people have a contract with their cellular provider than with their email. Free email accounts could be banned with no recourse.

cavisne
1 replies
13h24m

The timing is potentially clever. Apple has committed to supporting RCS next year, and will face regulatory pressure in places like Europe.

Even if short lived they could onboard a lot of Android users and then use RCS once it’s supported.

rezonant
0 replies
4h40m

I wonder if these events are connected. Imagine Apple hearing through the grapevine that someone had a proper iMessage implementation and that they planned to release it for Android. Perhaps one way to get in front of that would be to commit to RCS. One could imagine the Nothing Phone events having the same cause.

DeathArrow
0 replies
4h17m

A universal chat application would be amazing Can't Whatsapp, Signal, Telegram, Viber and other chat apps be installed on both Android and iOS?
altairprime
47 replies
23h30m

This downloads from GitHub and ’executes’ specific code points in what looks like a proprietary Apple binary, ‘IMDAppleServices’. Where was that binary sourced? Could you provide more context for what is performed at the hard-coded call-in addresses in your code? Does this relate to how you’re presenting a unique device identifier to the network? Do all clients share one identifier, or is it generated per Apple ID? Have any Apple IDs been locked out of iMessage during your development and testing?

dadoum
46 replies
23h5m

I am not the developer but I also looked at that binary to help the project at some point.

It's taken straight from OS X 10.8 (more precisely from an Update Combo on their download portal). It's calling NACInit, NACKeyEstablishment and NACSign functions from it (which have no entry points but with reverse engineering the offsets have been figured out). They are themselves relying on OS X system functions to get device information. The Python code is using Unicorn to emulate it and patch the calls to those functions to stubs returning pre computed values from a Mac machine (stored in a data.plist file). All clients are using the same machine identifier. IIRC, nobody did get its account locked but if the Apple ID has not been used at all it might fail (it depends on the donor device that generated data.plist, if it's a hackintosh for example it will likely not work).

stefan_
41 replies
21h27m

That seems like a problem. Emulating the protocol is okayish-to-gray but having the binary there will just be a straight DMCA.

Wonder what the actual app is doing since this is just the PoC.

chatmasta
27 replies
19h20m

I don't think the finer legal points matter too much. If Apple wants to sue them, they'll sue them, regardless of legal merit. And I suspect Beeper is betting they can make their case from a more philosophical angle, such that it's irrelevant what grounds Apple cites when suing them. Beeper will fight it either way.

I'm an Apple user who has no need for this app. But I really appreciate that Beeper has the balls to reverse engineer the protocol and build a business around it while fully expecting a lawsuit. That's some old school hacker shit and I'm here for it.

Apple tried and failed to sue Corellium for emulating their hardware, and now Corellium has a viable business around it. I don't see why Beeper should fare any differently. They just need to be prepared for a fight, both legally (lawsuits) and technically (ongoing game of cat-and-mouse).

dylan604
16 replies
18h53m

Beeper will fight it either way.

That sounds nice and all, but what happens when the first bill comes due from their legal team?

brokencode
11 replies
18h32m

I’d donate to a legal fund on this personally. I think a lot of people and large corporations would like to see Apple have to make concessions here.

I think if it comes to it, Apple will wind up looking very bad in a trial. Their behavior here is deeply anticompetitive. iMessage is just too important to modern text communication to be as locked down as it is.

If Apple doesn’t want to make an Android app, they should at least make an API so other developers can.

Domenic_S
10 replies
18h22m

iMessage is just too important to modern text communication to be as locked down as it is.

What do you mean; if a private company creates something, and enough people buy/use it, at some point it becomes a common good? I like the idea of iMessage being open, but I don't like the idea of forcing Apple under government threat to open it

brokencode
5 replies
17h51m

I don’t know what you mean by “common good” in this context, but if a company has a dominant market position and uses its power to cripple competition, then it falls within antitrust laws.

iMessage is so important today, especially to young Americans, that its exclusivity to iOS has become a significant barrier to Android or other operating systems from being competitive.

It’s up to regulators and the court system to decide whether that is a violation of antitrust law. But if it is, then yes, the government should force them to open it. That’s what it means to enforce antitrust law.

mardef
4 replies
12h42m

I feel so old. What is it that I'm missing out in iMessage that is so important?

Honest question, I've been texting since t9 and have never owned an Apple device.

lxgr
2 replies
12h16m

It provides a much better group messaging experience than SMS (you can see who’s in a group and add and remove people), delivery/read receipts, better image quality, is encrypted (although that gets somewhat negated by automatic iCloud backups), and is free as long as a data connection is available.

Of course many other messengers offer most of these features too, but for some reason, no alternative has been able to establish itself in the US.

chefandy
1 replies
9h29m

iMessage was heavily integrated into the ios flow when sms was the dominant mobile text messaging system. It's not special, and that's the point. It just worked the way people want texting to work as smart phones gained momentum, and iPhones have so much of the market share that it's way more irritating to use a separate messaging app when you can't change the default integration on ios. I miss the convenience of heavily integrated iMessage comms at least twice per day.

lxgr
0 replies
3h1m

Interesting, I use both Messages and a few third-party messengers, and I wouldn't say that Messages is integrated more deeply with iOS, in the way that e.g. Safari and Mail were for a long time (before you could re-associate http and mailto URLs).

The share sheet just shows my most-frequently-used messengers, as well as direct contact names for my most important contacts, no matter what messenger they're actually on.

The only thing I can't yet do on my third-party messenger is initiate messages from my Apple Watch, but that's presumably due to a lack of a native watch app more than anything.

brokencode
0 replies
12h15m

It’s really nothing special. I personally use WhatsApp with most of my friends.

The problem is when you have one person in a group that is on Android when everybody else is on Apple. This causes the iMessage conversation to use SMS instead. To signify this in the app, texts appear as green bubbles instead of blue, so it’s obvious when it happens.

This is bad because SMS is totally obsolete. It causes images and videos to be shared in extremely low resolution, along with problems of messages not getting delivered reliably and other missing features.

So effectively to the iPhone user, Android users very visibly cause group chats to be super crappy in iMessage.

This is not the fault of the Android user really, because it’d work way better if Apple supported RCS like Android phones do, but many people have a very strongly negative impression of Android due to this.

In fact, some iPhone users put social pressure on people with Android devices due to this in the form of excluding them from group chats or complaining about how they cause problems.

Apple has been perpetuating this problem because it suits them. People know this, but it’s Android and Android users that suffer regardless due to Apple’s dominant market position.

not2b
2 replies
17h49m

Yes, governments can require interoperability and can limit monopolies. That's how antitrust laws work, like it or not. But if you want to get all libertarian, why should companies be able to use government power (as in courts, DMCA and the like) to shut down smaller companies that reverse-engineer their protocols?

rpmisms
1 replies
17h22m

I'm a major libertarian, and you have a great point. Apple should maintain their competitive advantage via technical means or let more cooks in the kitchen.

dylan604
0 replies
16h32m

Which is pretty much where "if you can't innovate, litigate" has its roots.

LesZedCB
0 replies
17h27m

coughs in AT&T

Domenic_S
1 replies
18h26m

I have a hard time believing that the folks who were smart enough to do all this work somehow forgot that lawyers cost money

dylan604
0 replies
18h7m

i don't disagree, but nobody can compete with the money Apple can spend. not every David can find a Rainmaker when competing against Goliath. Goliath still wins a lot. He was a champion after all

chatmasta
0 replies
18h24m

I imagine they'd use some of the $16m+ they raised in VC money to pay the lawyers...

canada_dry
0 replies
12h53m

The Streisand effect will certainly boost enrollment if Apple sues.

vbezhenar
6 replies
15h56m

Reverse-engineering and documenting protocol is OK. Implementing protocol according to the documentation is OK.

Copying and modifying binary with proprietary license is not OK.

fragmede
5 replies
15h44m

How do you run the binary if that's not OK? In order to install it, The binary gets copied from the installer (dmg/zip/app store/CD install media), and then to run it, it gets copied from your hard drive to RAM, so that's clearly okay in some circumstances. Furthermore, once it's on my hard drive, I can copy it over and over again in random places on my hard drive for funsies and the operating system will gladly cooperate. Once it's on my drive, I can go in with a hex editor and randomly change bytes for funsies. It's on my hard drive. Am I then not allowed to delete the program from my system? If I use shred to delete it, which will set the bytes in the file to zero, or format the hard drive, am I breaking the law?

ketzo
3 replies
13h30m

In my very limited understanding, distribution is the key.

It’s legal for Apple to distribute Apple binaries. It is not legal for someone else to distribute Apple binaries.

Copying a binary from installer to app folder: not distribution

Putting the binary on a USB and giving it to your buddy: gray area, not worth prosecuting, but maybe technically distribution

Uploading the binary to a GitHub repo titled “Apple binaries here”: obviously distribution

fragmede
1 replies
11h59m

Which is weird if you think about it. If I buy a car, give it a paint job, mount some LEDs, and a new sound system, I'm totally within my rights to sell it. I can't say that I'm Ford or Honda when selling this modified car, but I'm totally allowed to sell it.

chatmasta
0 replies
11h35m

Yes, and this analogy is even more valid than usual, because unlike most software where each binary is an exact copy of all the others, in this case each binary is actually unique to a device.

But it's more like a ticket, or an NFT. It's a unique blob that was sold to you. You should be able to transfer it.

Apple's best argument here might be that the blob is meant for one person, and distributing it this way is like sharing a ticket to the cinema between multiple people. I can't enter the cinema, then come outside and pass you the ticket so you can enter it too.

Shawnj2
0 replies
10h1m

In that case the easy way out (and what plenty of Hackintosh/console hacking/emulation/etc. communities have done since the beginning of time) is to just download the file directly from Apple when the app starts up the first time or have an “import BOOT.bin here” button you use to activate the app. If someone can source the binary you need to get the app to work I think that’s DMCA legal.

zamadatix
0 replies
15h8m

Those are all fine but it's not the context of the copying in the discussed scenario.

madeofpalk
1 replies
16h41m

I dont believe Apple would sue. I think they would just change the protocol to block this from happening.

chatmasta
0 replies
16h40m

I think you might be right, especially with the heat on them from the EU right now. It's faster to play the technical cat-and-mouse game for as long as possible.

zamalek
0 replies
18h27m

There's also a very small chance that the EU would sit idly by and watch Apple wreck compatibility.

threeseed
4 replies
19h58m

There are reverse engineering/interoperability exemptions to the DMCA so it may not be that simple.

So would be curious if they have already sought legal advice which says they are in the clear.

throwaway-blaze
3 replies
19h46m

they raised $16mm. I assure you they've talked with a lawyer or two.

qwytw
1 replies
18h56m

If they actually just took a binary from OSX and stuck it into their app it probably wasn't the best lawyer

chefandy
0 replies
9h25m

I believe it's server-side: not distributed.

viraptor
0 replies
16h45m

Sam Bankman-Fried raised $1.8B, yet we know how that ended even with lawyers available, so... We'll see.

WD40ForRust2
3 replies
21h5m

I hope we get to a place where people like this simply generate an OpenPGP key/OpenSSL certificate for a pseudonym and just throw this stuff up on .onion and .i2p domains. A place where DMCA and copyright literally cannot be enforced because it's impossible to.

philsnow
0 replies
19h56m

This reminds me of the near-ish-future "Rainbow's End" by Vernor Vinge, wherein instead of giving out phone numbers or email addresses or screen names (identifiers), people give out opaque GUIDs [0] that act as communication handles with capabilities baked in. So, you could give out one to friends that allows people to open a synchronous voice channel to you, but give out one on your business card that just allows people to send text messages to you.

The book doesn't talk about it too much, but presumably these handles could be limited-use (time-based or only granting a capability to send a certain number of messages) and could be revoked.

I know it would probably be off-putting to give each person I meet a different GUID for contacting me (kind of like telling them your email address is <their_name>@<my_vanity_domain>), but it might reduce the spam I receive.

[0] if you're searching the ebook, they're called "golden enums" in the text

apitman
0 replies
20h5m

It's not impossible, just currently not worth the tradeoffs of enforcing. There's nothing stopping governments from passing laws holding IP address owners responsible for the traffic they originate. At that point VPNs and Tor exit nodes will stop allowing illegal activity. VPNs are already moving this direction, no longer supporting port forwarding ie hosting content on bittorent.

Wytwwww
0 replies
20h46m

Not sure how likely is that considering that Beeper is an actual/company startup which seems to have received funding from YC?

However, considering that I'd except they'd know better than to just outright take a binary from MacOS and use it in their app (assuming that's actually the case..).

altairprime
1 replies
19h21m

There’s no need for Apple to react to this project at all.

Eventually, someone will send spam using this app, at which point automated systems at Apple will “console ban” the hardware identifier shared by all of the app’s customers. The project presumably has a library of valid hardware identifiers collected and ready to go, and eventually that’ll be drained by spammers faster than revenue versus device purchasing allows for. Apple can just wait silently as the app exhausts their pool of hardware identifiers, each banned by pre-existing anti-spam automation, without ever acknowledging their existence.

smashah
0 replies
16h17m

Apple may not buy WhatsApp will. If there's ever a commercial or OSS third party WhatsApp voice client I would expect they will try to send their Perkins Coie dogs after the project. They've already done it to many oss projects, terrifying Devs from continuing their work

dadoum
0 replies
20h0m

The app is not redistributing it, it just requests a server to get validation data (since anyway the actual library loading involves patching every system function, making the function independent from the host device, see [0] if you want to see how it's stubbed to run on Linux using a data.plist file), and thus there is no need to emulate it on device.

[0]: https://github.com/Dadoum/imd-apple-services

JimDabell
0 replies
17h32m

Doesn’t this already have precedent? Nintendo used to check for the existence of their logo in cartridges before loading them so that anybody who wanted to create an unauthorised cartridge for a Nintendo system would have to reproduce their logo and infringe on their copyright. I’m pretty sure the court ruled that reproducing the logo for the purpose of interoperability was fair use.

viraptor
3 replies
16h42m

If that becomes a problem and they get enough funding, I'm sure they can spend a few days / weeks reverse engineering the functions they need. At this point it just needs some effort, not some crazy research capabilities.

ronsor
1 replies
14h23m

Given that these are cryptography-related functions, I feel like symbolic execution could yield the actual algorithm they use.

viraptor
0 replies
9h23m

It's probably not even that hard. If some block looks like a crypto section, you can likely match the relevant constants to the algorithm. It's not like Apple will use some super custom solution there. "Where is the AES and how is the IV generated" is more likely question.

dadoum
0 replies
10h39m

It’s already in the works, someone has already made a lot of progress on this front on pypush’ Discord server.

InTheArena
44 replies
23h40m

Its awesome to reverse engineer this... but..

At the end of the day, this product is taking money for using Apple Services with no recompense to Apple. It won't last.

Apple should have added an iMessage client to Android (and charged for it) long, long, long ago, but it doesn't change the ethics problem here.

(This is the downside to the "just pay for it with hardware" model people always love rather than paying subscription fees.)

jpalawaga
13 replies
23h24m

iMessage is offered as a free service. If they would like to 'receive recompense', then they should simply charge people.

Do we provide recompense to YCombinator for using hackernews?

olliej
4 replies
23h13m

iMessage is not free though?

Apple's "free" services are all dependent on you having bought apple products. When you buy a device, the "profit" on the hardware (the oft reference BoM only cost) also pays for the software development, the services, etc.

Claiming that anyone should be able to use those services because they're "free" is like saying anyone should be able to get free service at Toyota garages because Toyota does free service for people who bought a Toyota vehicle.

kelnos
3 replies
22h41m

I think it's a lot more nuanced than that. Should we, as a society, allow companies to lock people into platforms, and discriminate against those who have decided not to fall prey to that lock-in? Especially when avoiding that lock-in (which is often a passive financial/economic choice, not an active rights/freedom one) actually causes social and emotional harm (the whole "green bubble bullying" is a real thing; yes, I think it's dumb too, but what we think is irrelevant).

Personally, I think the answer is "no", we should not allow that sort of thing. Profit is not the most important thing in the world, by far.

Your car analogy falls flat, as is the case with most car analogies. No one would expect to get free service at any garage, and that is unrelated to the topic at hand. You can go to any garage, and they're mostly not model specific; even when they are, there are plenty of third-party alternatives. (And this is why locking down car hardware/software such that only the manufacturer can provide service is a garbage practice that we should legally disallow.)

olliej
2 replies
22h16m

No it's not.

Running a service costs money.

That money has to come from somewhere.

Google makes that money by spying on people and using that for ads.

Apple makes that money by selling hardware.

You're saying that both companies should be required to provide the services they render, but apple's model of paying for it by selling hardware should be banned.

Also, go talk to someone who has bought a new car, and ask them how much their servicing costs. If they go to their manufacturer's service centers the regular services are free for the first few years, but if they go to an unrelated mechanic it costs money.

triangleman83
1 replies
19h58m

I do have a spare iPhone in a drawer, still works and can message on iMessage. There, I have purchased Apple hardware, now can I use iMessage on my Android phone?

olliej
0 replies
13h19m

No.

For the same reason that if you buy a game for xbox, and then when you later buy a playstation you can't turn around and demand that MS port the various xbox services to the playstation, or a publisher port an xbox game to playstation.

dang
2 replies
23h21m

I see your point, but please steer clear of personal attacks - you can make your substantive points without that.

jpalawaga
1 replies
23h15m

sorry, it wasn't meant to be a personal attack. I'll edit it so that it reads less hostile.

dang
0 replies
22h21m

Appreciated!

SllX
2 replies
23h13m

Correction: iMessage is offered as a value-add to people who purchase supported Apple hardware (iPhones, Macs, iPads, Apple Watches).

danieldk
1 replies
22h58m

That’s a positive way to formulate it. The more cynical formulation is that it is a way to lock people into the Apple ecosystem and (especially in the US) to apply social pressure to people to buy an iPhone.

SllX
0 replies
22h35m

Apple isn’t in the business of offering anything to Android users without getting anything in return. A value-add is something you offer only your existing or prospective customers, and that can have a lock-in effect, but only if you value it a lot. Keep in mind when iMessage launched, that it only worked with other iPhone users was a much heftier limitation because the smartphone market still had Symbian, BlackBerries, Windows Mobile, and Palm in it in addition to some very early Android models, and not everybody buying cellphones was buying smartphones yet.

yonatan8070
0 replies
23h12m

Apple charges people to use iMessage by requiring you to use their hardware

bredren
0 replies
20h2m

Do we provide recompense to YCombinator for using hackernews?

Yes. Asking this question is original content. My reply is additional. Those reading this thread are community members.

All of this drives the visibility of new YC batch application kickoffs. Ultimately, YC founders, and some of these early leads result in big investment returns.

erohead
12 replies
23h31m

Apple announced that they will support RCS. Presumably they will not charge Android users for sending RCS messages to iPhone users right?

olliej
5 replies
23h17m

RCS isn't encrypted, doesn't work without phones, doesn't have a single identity across multiple devices, etc so it's not going to replace iMessage.

addandsubtract
2 replies
22h41m

If only there was an encrypted chat service, that works on multiple devices, has a single identity across all of them, etc. Oh well, guess we'll all have to buy iPhones to use iMessage.

olliej
0 replies
13h15m

Correct! There are numerous options available across a wide variety of platforms, and yet people obsess specifically over iMessage because of perceived (and seemingly US only?) obsession with blue bubbles.

elashri
0 replies
22h27m

There is matrix.

freedomben
1 replies
22h39m

RCS can be encrypted. Whether Apple chooses to do so is yet to be seen of course, but I'm guessing they will reserve encryption for "blue bubbles."

olliej
0 replies
13h16m

Yes, as a non-standard google extension that is not guaranteed to be present.

To illustrate the issue, imagine apple added support for "encrypted RCS" that was just iMessage's message blob stuck in an RCS blob (this is essentially how google's encrypted messaging solution works). Would you be ok with that being presented as "encrypted RCS"?

rootusrootus
1 replies
23h28m

Does RCS rely on Apple servers? If it just goes through the same carrier network the way SMS does, why would Apple need to be compensated for the use of their cloud infrastructure?

erohead
0 replies
23h19m

Yes, Apple will most likely run their own RCS servers.

divbzero
1 replies
23h26m

Yes, I think RCS will be supported free of charge similar to SMS and MMS today. I also suspect that Apple will reserve blue bubbles for native iMessage and use green bubbles for RCS.

verwalt
0 replies
23h21m

There was an info somewhere that RCS will still be green:

https://9to5mac.com/2023/11/16/apple-confirms-rcs-messages-w...

geniium
0 replies
23h18m

Thank you I just came by to say that

SllX
0 replies
23h17m

RCS is in theory and intended to be a carrier service. From what Apple announced, all we know of what they are doing is is 1) adding RCS protocol support to Messages and 2) working with the GSM Association to beef up security, somehow.

In reality, RCS is practically a Google service at this point, and we don’t know a damn thing about how that is going to affect interoperability since the carriers have more or less outsourced the service to Google.

standardUser
7 replies
23h23m

The only "ethics" problem I see is a company using it's considerable weight to deliberately segregate users of different platforms, resulting in discrimination and bullying. I understand a lot of people here may not understand this, on account of not being a teenager or young adult, but it is a very real phenomenon.

nullwarp
3 replies
23h2m

Not even young at this point. I overheard two grown men talking about how much they hate people with green bubbles and purposely skip inviting them into group chats because of it.

schmichael
1 replies
22h24m

I have been a grown man on both sides of that conversation: left out of group chats due to being a green bubble, and now tacitly approving of not including green bubbles in otherwise pristine-seas-of-blue chats.

It's less about the background color and more about the endless series of interoperability paper cuts that exist with green bubbles. Will my reaction emoji come through as intended? Will my shared media get downsampled to feature phone quality? Will referencing the person's name in chat work the same? etc etc etc.

Interop is always a pain, but the sooner Apple can be forced into making any concessions the better.

It would help if Google wasn't a complete joke in the messaging space though. As much as I want iMessage interop with Android users, I have no faith or trust in any Google-based messaging app or initiative. Fool me once, shame on you; fool me dozens of times ... well I'd be an idiot to trust Google messaging again.

The fact that a huge number of perfectly good third party chat apps exist and yet most Apple users prefer iMessage is a huge testament to iMessage just being a really well made product. I wouldn't put up with the obnoxious interop and lockin issues if it weren't!

entropicdrifter
0 replies
21h42m

As an Android user who texts with other Android users, RCS works just fine. Automatic e2e encryption whenever it's available, reactions work (and support every unicode emoji, not just the 6 Apple supports), threading works perfectly, photos and videos come through in full quality.

Recently Google Messages started automatically translating the shitty little 'So-and-so hearted "<previous message>"' SMS messages Apple sends out from iMessage into reactions as well.

It's genuinely quite good. I prefer it over Signal when I know the other person has an Android too.

yowzadave
0 replies
22h31m

To be clear, I don’t think people actually look down on green bubbles vs. blue ones, it’s just that the presence of a green bubble in a Messages chat leads to numerous issues with threading, reactions, etc. (which is also something we can blame Apple for, but different than disliking a person for using an Android phone).

nozzlegear
2 replies
22h29m

I think the ethics problem probably lies on the shoulders of the bullies, not on Apple.

standardUser
1 replies
22h1m

If I were a profitable company and I knew I could end bullying resulting from my product without significantly harming my business, and I chose not too, would I be acting ethically?

nozzlegear
0 replies
18h54m

Apple could also end bullying by giving their phones away for free so every kid in high school could use iMessage. Is it acting ethically if they don't do that? Exactly how much of Apple's products and services should be made available to everyone, and where/how do you draw the line?

To be clear, I don't have a dog in this race. I have an iPhone but barely use iMessages.

gorkish
2 replies
23h25m

OTOH this software existing does change the conversation, especially if the solution gains significant media attention or becomes popular. Hopefully this solution passes muster and does effect some kind of change.

Remember when Apple promised that Facetime would be based on SIP and would be interoperable? Neither does anyone. I hope that someone opens this Pandora's box also and gives it to every grandma on the planet before Apple has a chance to ban it.

wicktron
0 replies
23h16m

The VirtnetX patent case is what crushed interopable FaceTime.

danieldk
0 replies
23h0m

This indeed changes a lot. If this gets enough traction to be visible and Apple blocks it, it’ll further complicate their relations with the European Commission, who are currently investigating whether iMessage should be regulated under the Digital Markets Act.

ryaneager
1 replies
23h27m

As if Apple doesn’t have hundreds of Billions in the bank... I think they can afford to foot the bill.

SllX
0 replies
22h54m

One of the ways they got to having billions in the bank is by selling things for money at a profit. If Apple ever offers iMessage to Android users directly, Apple is going to get paid somehow.

WisNorCan
1 replies
22h37m

Agree. We have seen this before.

What if someone reverse engineered Twitter's services and built a separate client and tried to monetize it. What would Twitter do?

What if someone reverse engineered Reddit's services and built a separate client and tried to monetize it. What would Reddit do?

What if someone reverse engineered Instagram's services and built a separate client and tried to monetize it. What would Instagram do?

stevefeinstein
0 replies
21h28m

Not really. Twitter, and Reddit publish(ed) API's that required one to obtain a key in order to use at scale. No one reverse engineered them.

unshavedyak
0 replies
22h59m

At the end of the day, this product is taking money for using Apple Services with no recompense to Apple. It won't last.

I wish companies wouldn't see it like this. I'm not going to speak on this one specifically, but the other one (Beeper Cloud) "makes Apple money" in that i'm more likely to buy into the Apple ecosystem. Ie normally i'm wanting to get out, because Apple likes to play all-or-nothing with the features that i buy from them. As someone who has an Apple watch, phone, laptop, tv, tv+, airpods.. yet works on Linux & PC, it makes me want to switch away from Apple if i can find better hardware.

Beeper lets me get _some of the features i pay for_, which makes me not want to switch.

Makes me sad that so many companies have this view of direct income or piss off. Secondary benefits are real imo, and it's what i personally want to buy. Apple feels actively hostile to me, and it makes me want to leave.

CaptainFever
0 replies
22h25m

There's probably indeed a pragmatic issue with the service not lasting, but it is not an ethics problem. If anything, it's unethical for Apple to be so damn proprietary.

pyrophane
41 replies
1d1h

I'm on the fence about using this. I don't want to switch all my conversations over to iMessage and then have Apple figure out how to ban this. That kind of feels like a recipe for lost messages.

modeless
30 replies
1d

If Apple bans this they will have to answer to EU courts. I very much doubt they will in this political climate.

runako
18 replies
23h59m

They wouldn't have to ban it, they could just alter the protocol to make it impossible. iMessage is designed to only work on devices manufactured by a single company. All of those devices have secure cryptographic elements built into them. It's not a stretch to think Apple could lock down iMessage under the guise of security.

modeless
10 replies
23h56m

Again, they would have to answer to EU courts. They are legally required to be interoperable now. Banning non-iPhones would definitely be litigated.

dbbk
6 replies
23h44m

This is not true. iMessage hasn't been declared a core service by the EU. This takes seconds to Google.

modeless
5 replies
23h24m

Yet. There's a decision happening next year. This also "takes seconds to Google". https://arstechnica.com/gadgets/2023/11/google-argues-imessa...

They are already a gatekeeper with core services that are required to be interoperable. Even if iMessage specifically hasn't yet been declared a core service, Apple is in the crosshairs and behavior like banning competitors will be harmful to their legal position at a very sensitive time for them.

danaris
2 replies
22h58m

Your link—hell, even the URL slug and headline—make it clear that this is something Google is claiming to the EU, not something the EU itself is claiming.

Yes, it's possible that the EU will rule that iMessage needs to fall under these rules, too, but citing a major competitor (who's even more under the gun for the same stuff themselves) making the argument that Apple should be restricted is, shall we say, not super persuasive on its own.

entropicdrifter
1 replies
21h58m

who's even more under the gun for the same stuff themselves

Are they, though? Google allows alternative app stores on Android, they already implement an interoperable, open standard in their primary texting app (RCS), they allow alternative browsers on the Play store itself, and they don't block interoperability with other platforms the way Apple does.

That's not to say they're not under the gun, but what they're under the gun for is different, like bribing Epic and others to not move to their own app store or make a self-updating app downloadable from their website.

They're both monopolistic asshole companies, don't get me wrong, but they're using fairly different strategies.

willseth
0 replies
21h8m

they already implement an interoperable, open standard in their primary texting app (RCS)

Yes, but Apple has announced they will do the same thing. That is not the same thing as interop with the actual iMessage protocol. Similarly, Google Messages does not allow interop with its encryption and newly announced sticker/effects, which remain proprietary to the Google Messages app.

dbbk
1 replies
20h4m

You said "They are legally required to be interoperable now." which is factually incorrect. It's okay to just admit that you were wrong.

modeless
0 replies
19h39m

You're right, my statement was factually incorrect. The correct statement is "Apple is currently fighting an effort to require iMessage to be interoperable".

The argument stands. It would be a bad idea for Apple to ban competition from iMessage, even with an attempt at plausible deniability, while they are fighting European regulators about interoperability on multiple fronts.

gabeio
2 replies
23h47m

Good luck testifying that they specifically adjusted a private internal protocol to block an App vs improve/iterate on the existing protocol.

nicolas_17
0 replies
22h59m

That would break old devices.

freedomben
0 replies
22h34m

That would be easy and wouldn't even require lying. "We identified and fixed a security vulnerability and fixed it"

ixwt
4 replies
22h3m

The only way I could see this happening is if they have all of the public keys of the secure cryptographic elements in a database of all Apple devices ever created. Because otherwise, it would just be trivial to emulate a "secure cryptographic element" if it's just a public/private key.

They aren't running a client by Apple. A glance at other posts seems they are using Apple code, but that would just be a matter of reverse engineering if the code required the secure enclave.

I can't think of a way that a server would be able to prove a device is Apple or not if you were to replicate the protocol completely. Only if there was some established public/private key would this be possible. And then the private key on the device would be in a secure enclave that you could feed it data to sign to prove the device is an authorized device.

0x0
1 replies
21h37m

I wouldn't be surprised if they in fact do have a list of serial numbers for all the mac, ios, tvos devices they have ever sold, linked with some corresponding device-unique public key data?

ixwt
0 replies
21h27m

After reading some other comments, this very well might be the case.

philsnow
0 replies
19h37m

I don't know how the secure enclave works in detail but if there is a private key inside it that it uses for attestation / signing, presumably it could also have a certificate signed by an internal Apple provisioning CA infrastructure which Apple can verify on their end.

Importantly, this matters even for those older devices that were created without secure enclaves. iMessage still used this PKI architecture back before every new mac/iphone/ipad had a SE.

eclipxe
0 replies
21h11m

Of course they have all of the public keys of the secure cryptographic elements of all Apple devices (that run iMessage) ever created. Why wouldn't they?

bluedino
1 replies
23h43m

Could they just require the client to send over the Apple logo, which is trademarked, like Nintendo did with the GameBoy?

gafage
0 replies
23h42m

That was defeated 30 years ago https://en.wikipedia.org/wiki/Sega_v._Accolade

MBCook
10 replies
23h45m

And if Beeper keeps it up they’re likely running afoul of the CFAA in the US.

The EU doesn’t rule the world. They haven’t forced iMessage open yet, and Apple is clearly trying to avoid it with their announced RCS support.

I don’t think things are as far along as you do.

addandsubtract
5 replies
22h39m

Probably because no one uses iMessage in the EU.

Wytwwww
4 replies
20h38m

I'm pretty sure almost everyone sending messages from an iPhone to another is using it.

throwaway-blaze
1 replies
19h38m

Even iPhone users in Europe tend to just use WhatsApp. It's the default there, largely because of the history of carriers charging thru the nose for SMS back in the day...when WhatsApp offered "free" messaging (uses tiny amounts of your data plan), it took off.

qwytw
0 replies
19h15m

Even iPhone users in Europe tend to just use WhatsApp

Europe is not that homogenous, WhatsApp isn't even the most popular messaging app in much of Central/Eastern Europe and Scandinavia (in addition to that iOS has a similar/higher market share in Norway/Sweden/Denmark than it does in the US).

of the history of carriers charging thru the nose for SMS back in the day.

Again, this wasn't the case in every European country (where I am text messages were already free or very cheap in the early 2010s so WhatsApp didn't really take off that much and FB Messenger is still quite a bit more popular to this day because it worked on PCs/browsers and most stuck to it when smartphones were becoming popular ).

same applies to Britain and Switzerland.

xwolfi
0 replies
11h0m

I'm from Europe and live in Hong Kong, in both places, iMessage to us is like Edge for Windows users: a gimmick we see auto-installed but we dont use. So many people don't have an iPhone, and we change phone number every few months anyway. The US experience might be diff, and Europe / Asia aren't a single country, so maybe it even varies within.

philsnow
0 replies
19h35m

addandsubtract is referring to low usage rates of iMessage in Europe compared to other messaging systems, especially Whatsapp.

cvwright
2 replies
23h35m

Can you explain more about the suspected CFAA violation?

TheDong
1 replies
14h5m

See https://en.wikipedia.org/wiki/Craigslist_Inc._v._3Taps_Inc.

The CFAA says that "having knowingly accessed a computer without authorization or exceeding authorized access [is a federal crime]".

The courts held that 3Taps scraping the Craigslist website was accessing a computer and exceeding authorized access because it should have been obvious to 3taps that craigslist did not authorize them to scrape their website (namely from some IP blocks and a C&D letter), so it stands to reason that talking to the iMessage API from a non-apple device is a federal crime. Apple has only authorized apple-devices to talk to their API, it should be incredibly obvious to all of us that this is not being done with apple's authorization, hence crime.

In case it's not clear, I think the CFAA is a rather poorly thought out law since "authorized access" seems like it could be as vague as a ToS violation, which means it escalates things that seem more like civil matters into federal crimes.

Miner49er
0 replies
13h0m

The Supreme Court has significantly weakened the CFAA since then in Van Buren. The weakened version might not apply.

freedomben
0 replies
22h32m

Not to mention, nearly everyone in power in the US has an iPhone, and Apple is a darling of the establishment in the left and the right, and virtually nobody else has any power.

tomstockmail
2 replies
23h1m

For those trying it out or if it does get banned, here's the iMessage unregistration link:

https://selfsolve.apple.com/deregister-imessage/

gobeavs
0 replies
21h18m

I tested it out, unregistered in the app and now I can't receive SMS from iPhones. This link says my phone isn't registered either. Yikes!

Edit: it's working now, took 15 mins to work itself out.

crayboff
0 replies
22h35m

Thank you, this was probably my biggest concern

kevincox
2 replies
1d1h

That's my main concern as well. I don't want to strengthen such a closed ecosystem by building their network.

(That and desktop support is a must for me)

modeless
1 replies
1d

Beeper desktop supports iMessage too, I'm using it right now.

meetingthrower
0 replies
22h23m

Do you have an invite - I'm on beeper mini but on the waitlist for the desktop!

xinayder
1 replies
1d

It doesn't help that they want to pursue the exact same approach for the other apps they want to provide service for.

They are looking to get banned and completely damage the Matrix/Mautrix bridge ecosystem.

graphe
0 replies
1d

What's the point of matrix integration if not to use it? Gaim/pidgin ended because of changes not because it was too powerful.

stl_fan
0 replies
23h18m

Same concern here. I think it's a more valuable use of time to get all your friends/family to switch to Signal. AND pay for (donate) to Signal.

erohead
0 replies
1d

Tis better to have loved and lost than never to have loved at all.

xinayder
31 replies
1d

From their blogpost: https://blog.beeper.com/p/beeper-cloud-and-product-roadmap

Everything changed in August when a security researcher reverse engineered the iMessage protocol.

At a high level, here’s our product plan for the near future (in very rough order, and very subject to change): > Add support for SMS, WhatsApp and Signal into Beeper Mini, using the same end-to-end encrypted client-side connection architecture. No cloud servers in the middle.

so they are changing their whole business model to rely on illegal proceedings, breaking the ToS of every service they want to provide an alternative for.

I'm pretty sure Apple isn't fond of random people using their servers and their proprietary protocol on a client they haven't created. Signal is the same, they C&D every fork that becomes popular, the only official clients are the CLI and the ones they release (Signal is open source though). WhatsApp is also similar.

It's interesting and disappointing to see that they are hoping to create a business model on top of that, and it will probably backfire and hurt Matrix users as well, because these chat companies will become stricter and completely forbid third-party clients.

erohead
9 replies
1d

Beeper (Cloud) has been around for 3 years. It supports iMessage, Whatsapp, Signal and 12 other chat networks. We have 100,000 users on Beeper Cloud.

We haven't had a single problem like the one you're describing. Not to say it will never happen.

esrauch
6 replies
23h38m

If Beeper Cloud uses a Mac in the middle then I would have assumed that is actually permitted, as its presumably a legitimate iMessage client and some software to forward your messages after that.

It seems similar to the parallel of iOS builds where its been possible to do so with virtualized MacOS on non-Mac hardware for a long time but its a violation of the TOS of MacOS to do so. Apple does spend effort ensuring that companies running cloud builds do so on Mac hardware; they don't care that the true end user is running Windows and achieving an iOS build as long as there was Mac hardware doing the actual building.

So this reply is along the lines of "we did something for 3 years that allow and they never stopped us" which isn't very strong evidence they won't stop you now that you're doing something they don't allow.

They may not do anything here thanks to the current EU climate though, I only mean that the fact they did nothing about Beeper Cloud is not evidence one way or the other.

ronsor
5 replies
22h32m

Apple or Meta (WhatsApp) trying to take down something like this would almost certainly be viewed unfavorably by the ever-lurking EU regulators.

freedomben
2 replies
22h11m

That's the only reason I'm not confident that Apple will kill this. They wouldn't want the regulatory attention and (at least for now) this is a niche area that few people know about.

xgl5k
1 replies
20h19m

Easier to kill something when it is a small niche area that few people know about rather than wait until it gets bigger and more people use it.

xinayder
0 replies
19h21m

Except that Matrix never profited from it. Beeper is the first company to provide a paid service for it and had their own servers. But now they are providing a paid (with a free tier) service that runs on Apple/Meta/Signal infrastructure.

This is asking to draw unwanted attention towards yourself.

smashah
1 replies
16h2m

Please read this:

https://gist.github.com/smashah/667d4d5cf31670ee87547450861a...

The game being played here is poker. If they call beeper's bluff then they risk setting a whole industry wide precedent that interop supercedes ToS (that's the only angle).

As it stands, ToS based C&D for interop is untested afaik.

We as a community need to discuss ToS-trolling and fight against it.

xinayder
0 replies
8h0m

This doesn't hold up.

https://github.com/signalapp/Signal-Android/issues/9966

https://github.com/libresignal/libresignal/issues/37

unless the EU rushes out their legislation that interop is not grounds for terminating someone's account, I'm sorry, but they can do whatever they want to with their app.

Would you feel happy if someone used your home network to seed torrents? Using your bandwidth to seed them?

xinayder
0 replies
19h16m

As others pointed out, you used official Apple hardware.

Now you're replacing that with Apple's own infrastructure.

They won't like this and I really hope an eventual C&D from Apple, Meta and Signal won't affect the development of the Mautrix bridges.

stevefeinstein
0 replies
21h19m

Do you remember back when Pidgin, Trillian, and others created clients that worked across AOL, MSN, and other messengers. They worked for a while, they'd stop working, they'd update and start working, and that went over and over again. I'm not really looking forward to having that experience again.

modeless
6 replies
1d

When TOSes forbid interoperability, breaking them is just.

ysofunny
4 replies
1d

but now explain this in "Legaleeze" to Apple, to Nintendo, etc....

xsrMcVdvV3
3 replies
23h25m

Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph (1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.

17 U.S. Code § 1201 - Circumvention of copyright protection systems

solardev
1 replies
19h57m

Has this ever succeeded in court? Has it ever even gotten to court or do people just give up at the first lawyer's letter?

sudosysgen
0 replies
19h48m

Yes, it has been tested many times, famously for unlicensed video games on consoles.

xinayder
0 replies
19h19m

You do know DMCA is not the only law they can refer to to sue freeloaders, right?

xinayder
0 replies
19h14m

I agree with this statement but in the end, the effects of Beeper will negatively impact everyone else who hosts a bridge for these services.

Just because a legal binding document seems stupid it doesn't mean you can break them.

I find most laws stupidly worded, it doesn't mean I should disrespect them.

hanniabu
6 replies
23h38m

Signal is the same, they C&D every fork that becomes popular, the only official clients are the CLI and the ones they release

This always rubbed me the wrong way and made it seem like it's an NSA operation

martin1975
4 replies
22h50m

The source to Signal is open to analysis if you doubt its security. I suspect they C&D forks because they don't follow coding/security practices as upstream does, and it would be too hard to ensure they would if they just let anyone fork it.

hanniabu
2 replies
22h15m

No guarantee the build on the app store is the same as on github.

pavon
0 replies
20h26m
chimeracoder
0 replies
20h31m

No guarantee the build on the app store is the same as on github.

I don't know why this comment always pops up on HN every time Signal is mentioned.

Signal builds on Android have been reproducible on Signal for nearly eight years - basically the entire time Signal has existed as an app under that name.

On iOS? No, because Apple doesn't allow reproducible builds on the App Store, period. But you can't blame Signal for that.

xinayder
0 replies
19h18m

Not really. Moxie just said "we pay for the infrastructure so it's unfair that you get to use the servers we pay for".

codeslave13
0 replies
22h38m

Nah. Not NSA. CIA

jchw
3 replies
1d

Yeah Apple won't like this or ever officially approve of it, but you make it sound like you'd call the police if you saw someone using an unofficial AIM client. I think the dramatics can be chilled. The ToS is dumb and not worth the virtual paper its written on. If Beeper can keep up with the cat-and-mouse game, this is no different than Trillian or GAIM/Pidgin/Bitlbee/libpurple or aMSN or Miranda IM or Gtkcord4 and on and on and on... Apple doesn't need an internet defense force for their stupid ToS.

JoblessWonder
1 replies
23h58m

I feel like there are two questions Beeper needs to ask itself...

1) Are they going all-in on being an antagonist to Apple?

2) Will the users be willing to stick around during any outages/downtime/failures due to the cat-and-mouse game? (That I agree will follow and continue.)

jchw
0 replies
23h43m

I can't answer for Beeper, but why would they be unnecessarily antagonistic to Apple? It's not related to their product or mission. Beeper offers interoperability. Antagonism is an undesired byproduct of any of this work, and it's immature to be antagonistic for no reason.

Will it be a cat-and-mouse game? Maybe. Will users stay? Probably. In many cases, Beeper users already WERE iMessage users. Beeper users ARE Discord users. They are users of the upstream service and explicitly want a unified and interoperable chat system, for one reason or another. Maybe it's more practicality than ideals, but it's all the same in the end.

That said, it's not like Beeper is new, and it doesn't seem like antagonism is a primary driver of operational issues yet, so it's not clear it's about to start any time soon, either. Perhaps one of the most annoying tech company strategies is to try to establish a horrid status quo before regulators and law enforcement have time to catch up with you, making it much harder to actually do anything about. I see Beeper as one of a small number of companies that are basically on the opposite end; if they gain a large enough mass of users, it's going to be harder and harder to antagonize Beeper without antagonizing their own userbase, especially when you consider that the value of IM networks is largely in the connections between users. So, the clock is ticking.

xinayder
0 replies
19h20m

When there's money involved, the results are way more dramatic.

If Beeper was free, sure, they wouldn't bother that much.

But Beeper relies on this business model. Apple and co wont let this slip.

muxator
2 replies
1d

Signal is the same, [...], the only official clients are the CLI and the ones they release

Is there an officially supported CLI for Signal? Please tell me it's true, that would mean so much for small scale automation!

jenny91
1 replies
23h42m

Not official but this works darn well: https://github.com/AsamK/signal-cli

xinayder
0 replies
19h13m

It's not official but they don't want to kill it for some reason, maybe their own devs use it for testing

rootusrootus
28 replies
23h29m

At this point, why not just wait for Apple to release their RCS implementation?

The nicest thing about iMessage (for me, at least) has always been that it was a significant improvement to SMS that just worked, with graceful fallback to SMS for anyone who didn't use it. No installing third party apps, wondering if someone new I wanted to contact would be on that messaging app, etc. A nice bonus, but not something that would ever get in my way. Wanting to install a third-party app on an Android phone just to get blue bubbles is weird.

standardUser
12 replies
23h20m

WhatsApp, Telegram and many other platforms do everything that iMessage does and more, without the deliberate segregation of users on different platforms.

In effect, you are using a third party app (as opposed to stock SMS), but Apple has integrated it into their OS and refused to release versions for other platforms.

rootusrootus
6 replies
23h14m

So you're saying that if I install WhatsApp on my phone, I can text anyone I want, if I have their phone number? Doesn't matter if they have WhatsApp installed? I just say "send this to 5551212" and it gets there?

standardUser
5 replies
23h11m

They need to install the app, which is free. What they don't need to do is buy an iPhone, which is not free.

rootusrootus
3 replies
22h42m

Android phones are free? I have to buy the phone no matter what, so I don't see that as a differentiator.

I don't want multiple ecosystems that don't interoperate at all. I don't want to give my private conversations over to an ad company like Facebook. I like iMessage because it adds features without taking. I don't worry about what app I need to use depending on who I want to talk to, I just send them a message and move on with my life.

gkbrk
2 replies
22h33m

You can run Android apps on almost any non-Apple brand of phones, Windows PCs, Linux, Mac OS and Chromebooks.

You can run iMessage on Apple devices, nowhere else.

Surely you see the difference.

rootusrootus
1 replies
22h17m

Surely you see the difference.

I know what argument you're trying to make, but I think it is disingenuous to pretend that WhatsApp is free while iMessage is not. As a practical matter neither is free, and both are free.

standardUser
0 replies
21h56m

iMessage is not free insofar as one much purchase an iPhone to use it.

danaris
0 replies
22h51m

So they absolutely segregate users onto their proprietary platform, it just happens not to cost money to use.

cchance
4 replies
23h12m

Your literally talking about WhatsApp and Telegram as if they aren't their own segregated microcosms you can't message from whatsapp to telegram for instance so obviously they are their own segregated users by platform, its just a software platform not a hardware platform.

standardUser
3 replies
23h11m

They are hardware agnostic, iMessage is restricted to users of very specific hardware.

chronicsonic
2 replies
22h16m

Its only now just arrived in beta on the iPad.

nicolas_17
1 replies
12h15m

...what is the "it" that just arrived to the iPad?

lotsofpulp
0 replies
4h16m
matsemann
6 replies
23h6m

with graceful fallback

Have you ever tried to stop having an Apple device? Hopefully better now, but a few years ago there was no way to unlink iMessage. So say good bye to all your Apple friends, as them texting you goes to the Apple cloud and not your new phone.

Zr40
4 replies
22h43m

a few years ago there was no way to unlink iMessage

Deregistration[1] has been supported since November 2014.

[1]: https://support.apple.com/en-us/HT203042

freedomben
2 replies
22h25m

Maybe that would be obvious to the average Apple user, but as a non-Apple user, it would never occur to me that I'd have to explicitly de-register my phone number with Apple after activating a new phone.

rootusrootus
1 replies
22h21m

That seems okay? It's only applicable to the Apple user to begin with.

freedomben
0 replies
22h10m

heh, fair point. I was mainly thinking about somebody dipping a toe in or trying out an iphone for a little bit before switching back

matsemann
0 replies
20h17m

There was a time after you still needed to have the iPhone to do it, though. And I'm not sure how many are actually aware you have to do this, just getting messages for them sent into the void.

rootusrootus
0 replies
22h39m

Yep, I used to switch back and forth between iPhone and Android every couple years. I'd deregister the phone number when switching over to Android. I don't remember a time they didn't offer that ability.

jpalawaga
2 replies
23h22m

It's not weird. It might be weird in your eyes, but given how much exclusionary behaviour I've seen based on bubble colour, it's not weird in the slightest. I'd like to believe that apple supporting RCS will magically fix the whole 'green bubble/blue bubble' thing but I'm bearish as it seems to be more a cult thing than anything to do with functionality (I say this as an iMessage user).

And please, spare me the trite 'get new friends' comment.

rootusrootus
1 replies
22h23m

And please, spare me the trite 'get new friends' comment.

Wow, okay then.

Anyway, I'd argue that the bubble color serves a useful purpose. At this point I definitely want to know whether someone I'm talking to is SMS or iMessage, because there's a meaningful difference in capability that will affect choices I make (like how to get pictures or video to them). Whether it's colored bubbles or something else, it's going to exist in some form.

I'd be bearish too if that were an important thing to fix, because it's human nature that's the problem, not the technology. The solution is a universal messaging technology that is as good as iMessage and has the broad reach of SMS. Perhaps if Google can get their proprietary extension of RCS standardized and implemented by the carriers directly.

lelandbatey
0 replies
12h24m

I mean, the way everyone else solves this problem is by having an SMS app and a "proprietary messaging platform". Cramming them together in order to increase adoption of the proprietary thing is definitely a... choice.

danaris
2 replies
22h53m

If what you care about is the color of your bubbles, then that won't make a difference.

Green bubbles don't mean "second-class citizen" or "doesn't support proper group chats"; they mean "SMS" (or possibly "not iMessage"; that's not yet clear).

It's extremely unlikely Apple will make RCS bubbles blue—even if they don't make them green (and keep that reserved specifically for SMS), they'll make them some other color.

It's not a way to make sure you can identify the outgroup and shun them; it's a meaningful signal of what technology other people you're chatting with are using, which tells you useful information about their capabilities.

freedomben
1 replies
22h23m

It's not a way to make sure you can identify the outgroup and shun them; it's a meaningful signal of what technology other people you're chatting with are using, which tells you useful information about their capabilities.

That seems like a false dichotomy to me as those are not mutually exclusive, and indeed can (and are) both easily accomplished with the current system.

danaris
0 replies
19h39m

Sorry; I was, perhaps, unclear.

Apple does not in any way intend it to be used to identify the outgroup and shun them.

SMS on the iPhone used green bubbles for years before iMessage existed. When iMessage was introduced, it had blue bubbles simply to distinguish it and make clear "these are users of the new service you can video chat with, send files to, etc". Like I said: a useful informational signal.

It wasn't until years after that that this wailing and gnashing of teeth about blue vs green bubbles started. To the extent that such a social dichotomy exists, it is a purely emergent socially-created one, not one that Apple has pushed in any way.

Furthermore, it would be a regression for Apple to remove that useful informational signal just because people are upset that they get accurately identified as "the one in the group who is using a different device, and thus cannot safely be added to group chats for reasons entirely outside of Apple's control".

The bubble color isn't the problem. The problem is, as you somewhat allude to, inseparable from the fact that there is a way to tell the difference between People Using iMessage on Apple Messages and People Using SMS.

nomel
0 replies
23h22m

The full app, Beeper Cloud, has a bunch of clients built in, that they'll be adding to this (as said in the link). This isn't just iMessage support, it's (eventually) multi-client.

Over time, we will be adding all networks that Beeper supports into Beeper Mini, including SMS/RCS, WhatsApp, Messenger, Signal, Telegram, Instagram, Twitter, Slack, Discord, Google Chat and Linkedin.
lostlogin
0 replies
23h25m

SMS that just worked, with graceful fallback to SMS

I’ve never seen it fall back gracefully. My experience is that there are missing messages, unsent messages and confusing group threads.

I’m not in the US and am in New Zealand which may or may not be relevant.

jdiez17
27 replies
23h33m

It seems that at least the push notification registration part uses a "leaked/extracted" FairPlay private key [1]. As far as I understand, FairPlay certificates/keys should be unique to each iDevice. Couldn't Apple trivially ban all subscriptions originating from this fake device? The comment says you know how to generate more; does Beeper Mini generate one for each install? Why would Apple believe those certificates are authentic?

P.S.: the source repo mentioned in the comment (https://github.com/MiUnlockCode/albertsimlockapple) is 404.

[1] https://github.com/JJTech0130/pypush/blob/main/albert.py#L16

chdefrene
21 replies
22h50m

Snazzy Labs did an overview video [1] about this implementation. According to them, reusing a specific hardware token is such s common practice that Apple would need to "redesign their entire authentication and delivery strategy" to mitigate this problem. I guess we'll see how this statement holds up in the coming weeks/months.

[1] https://youtu.be/S24TDRxEna4?t=5m38s

bitwize
11 replies
22h35m

We're talking about a company that changes CPU architectures for their ecosystem every few years, completely seamlessly. If redesigning their entire authentication and delivery strategy is what it will take to mitigate this problem, Apple will do it.

semi-extrinsic
10 replies
22h27m

What problem? Increased compatibility?

Zak
6 replies
22h22m

From Apple's perspective, yes. Social pressure to buy Apple devices to use Apple's messaging app is part of Apple's marketing strategy.

Apple also claims that blocking devices by serial number or similar unique hardware identifiers is a key part of its anti-spam strategy. If true, an end-run around that will likely create problems for users as well.

devmor
4 replies
22h16m

Isn't apple implementing full RCS support next year?

Aaargh20318
1 replies
22h1m

There is no encryption in the RCS standard, so of course no encryption.

chrisfinazzo
0 replies
21h56m

The current state of affairs re encryption is an accident of history that I would bet doesn’t last much longer once Apple gets formally involved.

“Apple says it won't be supporting any proprietary extensions that seek to add encryption on top of RCS and hopes, instead, to work with the GSM Association to add encryption to the standard.”

https://www.techradar.com/phones/iphone/breaking-apple-will-...

ptman
0 replies
22h8m

Not encryption, apparently. And the blue iMessage bubbles indicate encryption, so RCS bubbles will be green.

Zak
0 replies
22h8m

I think so, but something makes me think they're not going to do it in a way that gives RCS users full parity with iMessage users.

oceanplexian
0 replies
21h42m

The creator of this is screwing things up for everyone. If it was an obscure, open source project Apple would probably let it slide and we’d be able to enjoy this indefinitely. This has been the case for Hackintosh stuff and the like.

But no, the author had to make a dumb, flashy looking website that looks like they’re advertising a product built around reverse engineered Apple tech. I bet they get a Cease and Desist by the end of the week and the hole is patched shortly after.

stevefeinstein
0 replies
22h12m

One man's increased compatibility is another's security vulnerability.

op00to
0 replies
21h41m

Bridging the blue bubble moat.

entropicdrifter
0 replies
22h6m

Apple has control issues. If they don't control it or at least sign off on it, they want it to be incompatible with their hardware.

Hell, they don't even allow alternative browsers on their iOS devices. All the non-Safari browsers are just Safari in a (Chrome, Firefox, etc) skin

saagarjha
8 replies
22h32m

This didn’t really say much. Apple definitely knows about Hackintosh users, they mostly just don’t care. The question is whether they will actually do something if made to care.

oceanplexian
5 replies
21h45m

This is too high profile. Apple is absolutely, 100% going to kill this and it’s gonna screw this over for those of us who leverage iMessage in Hackintosh environments.

andrewshadura
2 replies
21h36m

It's been around for ages, and Apple has taken no action so far.

skiman10
1 replies
20h15m

It has never been this easy and it has never been behind a subscription fee.

hbn
0 replies
57m

Yes it has... Beeper, before Beeper Mini.

Using the aforementioned Mac Mini server farm method.

layer8
0 replies
19h14m

Apple may be reluctant to kill this exactly because it is high profile, given the current anti-trust investigations.

apitman
0 replies
20h1m

You might be right, but if ever there was a regulatory environment under which Apple would think twice, this might be it.

nebula8804
1 replies
21h24m

They 'don't care' because they know that the M series processors were coming and now there is a built in death counter coming for Hackintoshes...the day they drop Intel support.

June 5, 2028: Intel hardware will reach "vintage" status after having been discontinued five years prior, ending most of Apple's service and parts support for Intel hardware.

June 5, 2030: Intel hardware will reach "obsolete" status after having been discontinued seven years prior, ending all of Apple's service and parts support for Intel hardware.

raydev
0 replies
20h57m

They 'don't care' because they know that the M series processors were coming and now there is a built in death counter coming for Hackintoshes

No, they don't care because they don't think about it at all. Hackintosh's numbers never mattered, it's always been too onerous to maintain even when it was at its easiest.

blopker
3 replies
22h39m

Does this look like the same file from the deleted repo? https://github.com/rdxunlock/albertsimlockapple/blob/main/AL...

I'd love to see an open source version of Beeper with no analytics. I'd be happy to host my own notification server.

ebb_earl_co
1 replies
21h18m

Beeper already advertises the self-hosting route: https://github.com/beeper/self-host

rd07
0 replies
15h8m

I hope they open source their client app or at least makes it possible to connect to other matrix server. For me, their client app is the best matrix client in terms of UI.

malermeister
0 replies
22h2m

The python library they provide should be a good start at least: https://github.com/JJTech0130/pypush

kristofferR
0 replies
21h58m
ronyeh
22 replies
21h36m

This is a wonderful project. It highlights how silly Apple is. For those defending the existence of green bubbles, why don’t we swap blue with green then? Would you be okay with all your iMessages in that ugly green while your SMSes with Android friends are in calming blue?

I am typing this on an iPhone 15 pro max and I have several MacBook pros (M3 Max on the way) and everyone in my family has their own iPad.

I hate that Apple has created this thing where some folks ostracize others because they can taint your group chat with ugly green.

ggreer
7 replies
21h27m

SMS messages on iOS have always been green. iMessage was released four years after the original iPhone.

ronyeh
5 replies
21h24m

People keep telling me this as an excuse but the original color scheme was more pleasing to the eye. The current color scheme is painful to the eyes. I know because I see the ugly green bubbles on my messages app on my iPhone. I also have an iPhone 3 in a drawer that sadly no longer works.

You know you wouldn’t want to swap the green and blue bubbles.

qup
1 replies
20h55m

It's 2023, why can't the iMessage app allow some user preferences. Christ.

ronyeh
0 replies
20h50m

Apple.

cityofdelusion
1 replies
21h16m

I run dual sim, so my other number is not enrolled in iMessage and is all green. I don’t care and imagine most people don’t. It’s a neutral, normal, natural green color.

ronyeh
0 replies
20h49m

I’m glad the white text on green is neutral and pleasing to your eyes.

I wish I could change just that one color in my iMessage app without messing up the rest of my iOS color scheme.

jxdxbx
0 replies
20h48m

Instant messages on the Mac were the same green for a decade before that.

markus92
0 replies
20h26m

They used to be black-on-green, now they are white-on-green. iMessage also used to be black-on-blue, see the announcement at https://www.youtube.com/watch?v=NrBIgjodpFs

sircastor
5 replies
21h23m

It's not the "ugly green bubble" that people hate, and ostracize others because of. It's the limitations of SMS messages coming into an iMessage group chat that can mess up the whole experience. Media is crappy, group messages don't work well, it's not encrypted. That said, It doesn't justify people being jerks about it. And yes, if the colors got swapped it would turn out the same - nobody cares about the color. I grant that the blues chosen probably have a branding and emotional draw to them, but this is seriously not about the color of the bubble.

kayson
3 replies
21h15m

That's not entirely true. By one metric, at least, the green bubble is "uglier" - https://uxdesign.cc/how-apple-makes-you-think-green-bubbles-...

ronyeh
2 replies
21h6m

Thank you.

Old school iOS SMS used black text which was much more readable.

It’s as if I’m writing with yellow highlighter on white paper. Painful.

Worse, it changes the color of (gasp) the iPhone owner’s outgoing messages. So as an android user, you’re messing up MY texts and ruining MY perception of myself. Ugh.

Yes, humans are stupid. But it would be nice if Apple let me customize the colors in my app. I did just pay them over $2K for new phones for my wife and me.

VincentEvans
1 replies
20h35m

Normal people choose an app that works for everyone. If they can’t be bothered to switch to something, like Telegram, or Whatsapp, or Discord, or Line or Signal, or… is because they value your companionship not worth the bother.

So buy an iphone to fit in, or respect yourself a bit more and move on and find a better group to interact with.

sircastor
0 replies
15h18m

I think we started using WhatsApp for our family communication because my wife (the only Android user) _hates_ group messages. She hates them because the SMS experience has been so crappy in a mixed environment, but iOS users (my mom, our exchange students, our nanny) default to it in messages because it’s so easy otherwise .

ronyeh
0 replies
20h51m

I swear my 75 year old mom doesn’t care about the limitations of SMS. White text on a bright green background is tough to read and straining on the eyes. Luckily it is only her own texts that are colored that way (even though she is on iPhone).

We switched to using FB messenger because it’s easier to use and read for everyone in our family.

evgen
3 replies
21h26m

Absolutely lqughing at anyone who thinks the particular colors matter. Ugly green? Calming blue?

The specific color does not matter, the only thing that matters is that they are differentiated for the Star-Belly Sneetches hadbellies with stars and the Plain-Belly Sneetches had none upon thars...

sudosysgen
0 replies
20h49m

The color kind of does matter, it pains me to read white on light green.

nwienert
0 replies
20h37m

Actually the green is far less saturated, making it less contrasting with the white text, making it look much worse.

johnsillings
0 replies
21h21m

fantastic reference

hedgehog
1 replies
21h14m

Who cares what the color is? One message type is E2E encrypted over Apple's infrastructure, and you can message while not on cell. The other is not E2E and may have carrier billing and whatever other restrictions on it.

tomrod
0 replies
20h50m

XMPP/Pidgin coming back!

klardotsh
0 replies
21h25m

I'm so glad I don't have friends who give a darn what color my texts show up in - or the ones who do, are using customizable SMS clients on Android/Linux phones/who-cares-what.

iOS makes culture wars where there is no need to have one, for people too immature to have better things to worry about.

iwontberude
0 replies
21h30m

A moment where we can all learn from those with blue/green color vision deficiency. Who sees the world more accurately in this context?

happyhardcore
22 replies
1d1h

It's really impressive that a high school student [1] has managed to reverse engineer iMessage. What I'm wondering is:

1. How stable is it; would it be trivial for Apple to patch this?

2. If it's as simple as reverse engineering the protocols, how has it taken this long?

[1] https://github.com/JJTech0130

Obscurity4340
21 replies
1d1h

Its more a commentary on how amateur it is in my respectful view. iMessage is a fundamentally unserious "product" in search of enough collateral flaws to harm those foolish enough to depend on it for anything.

happyhardcore
19 replies
1d1h

How so? Other than the security issues that get exploited by NSO group from time to time (that appear to be mitigated fairly well by lockdown mode if that's something that's important to you) or the obvious flaw that you can't talk to anyone that doesn't have an iPhone it seems to be a perfectly good platform. The alternatives either have worse encryption (Telegram, RCS), worse privacy (WhatsApp), or the same platform lock-in as iMessage (Google's RCS).

Obscurity4340
17 replies
1d

iMessage is the LastPass of messaging apps. This has been endlessly discussed and I want people to use their curiosity to help direct them to why I would comment in this way. In practice (not whitepaper or the ideal implementation), it is no more secure than sms (actually worse)

saagarjha
14 replies
23h52m

This is absolutely not true. iMessage is a full E2E implementation; it’s nothing like SMS.

modeless
11 replies
23h43m

"E2E" is a joke when Apple holds the encryption keys to the vast majority of all messages, and uses them to respond to law enforcement requests. (It's how iCloud backup works by default and we know people don't change defaults. This is documented by Apple, not a conspiracy theory.)

jwells89
3 replies
23h36m

It’s still a substantial upgrade over SMS or unencrypted (non-Google) RCS, where anybody can snoop on conversations with little effort.

Obscurity4340
2 replies
23h12m

Last time I checked, everyone knows SMS is cleartext and can't take over your phone in the profound way built-in 1st party apps/services you emphatically cannot remove (only toggle) can seize the means of production so to speak.

jwells89
1 replies
22h42m

“Everyone” may be overly broad… just about everybody with any technical inclination knows yes, but for many years now the overwhelming majority of smartphone users have not been particularly technically inclined, and as such I would not expect most of them to be aware of the security and privacy implications that come with use of the various messaging services.

With that in mind, I’d say that most messaging apps don’t go far enough to make that distinction clear. Any app handling SMS or any other unencrypted messages should have ever-present, readily visible warnings when conversations aren’t encrypted.

Obscurity4340
0 replies
22h37m

Didn't mean to sound so bratty, I just get frustrated by this topic. My apologies if I was a bit testy. I just mean that iMessage is extremely misleading and overly-technical in what it takes to truly have a chance at making it secure and private to the extent it extolls itself.

This shit matters now that people aren't able to receive proper reproductive care and education and other grey areas where Apple is setting its users and itself up for terrible and unjust outcomes that depend on everyone but Apple having flawed/imperfect information and Apple pretending 'Saul Goodman...

Bagged2347
3 replies
23h16m

It's how iCloud backup works by default and we know people don't change defaults

Are you referred to Advanced Data Protection being opt-in?

If I'm using ADP then these concerns are moot, right?

modeless
1 replies
23h15m

Not unless everyone you talk to also has ADP enabled.

Obscurity4340
0 replies
23h4m

Thats a Bingo!

Obscurity4340
0 replies
23h1m

No, when you sign into iCloud/your account in Settings, it sets a bunch of insane defaults like iMessage and Facetime and every app you add is opt-out for iCloud storage. Defaults are end-runs around true explicit and informed consent and open people to implications they didn't knowingly understand

saagarjha
2 replies
23h34m

Ok, but you can change yours, yes? Just like Signal isn’t installed by default on your phone and if you want what it offers you can use it.

modeless
1 replies
23h29m

But unless everyone you talk to also changes it then Apple still holds the keys to your conversations. If you care, it is best to avoid software with bad security defaults altogether.

Obscurity4340
0 replies
23h14m

Bingo

Obscurity4340
1 replies
23h8m

I'm curious how Apple implements Keychain in the sense that they claim it is also e2ee but they also use e2ee for ADP and its absolutely not (or at least not zero knowledge), rather it is convergent encryption which is not zero-knowledge and also allows for knowledge of filenames and hashes cuz "de-dupe" is so important for people with TB of cloud storage at the expense of their privacy.

saagarjha
0 replies
22h17m

Pretty sure they use a different implementation, iCloud Keychain long predates Advanced Data Protection.

nickpeterson
1 replies
23h56m

The joke will be when they increase iMessage security to prevent these solutions from working well ;)

Obscurity4340
0 replies
23h51m

That's the thing tho: it will never be secure because its the skeleton key. It was never truly intended to be secure. Same reason why only WebKit's allowed on all billion+ iPhones. Access is only guranteed if its monocultural.

standardUser
0 replies
23h15m

the obvious flaw that you can't talk to anyone that doesn't have an iPhone

That's because iMessage is a first and foremost a marketing tool that Apple compels users to rely on.

foobiekr
0 replies
23h19m

Do you somehow think complexity is the opposite of amateur - that is, complex = professional?

Because I have bad news for you. If iMessage is simple that means literally the opposite of what you think it means.

cdchn
21 replies
1d1h

The unfortunately fatalist question to ask is... how long until Apple shuts it down?

matchbok
10 replies
1d1h

I give it a week, tops. The next iOS update at the latest.

olah_1
6 replies
1d1h

Right. What is stopping Apple from requiring a valid unique device key with every request now?

graphe
5 replies
1d

Old hardware that doesn't have it. Are they gonna ban my iMac from 2009 that was before iMessage was a thing?

ianlevesque
4 replies
23h47m

Yes, they are. You already don't get OS updates.

graphe
3 replies
21h1m

No they aren't. My iMessage still works, and so will other devices that had iMessage.

ianlevesque
1 replies
20h17m

Ask someone with 32-bit Mac apps about Apple’s willingness to leave parts of their userbase behind.

graphe
0 replies
18h45m

They still work. Apple doesn't stop services from working or programs from functioning.

throwaway-blaze
0 replies
19h35m

just because it works now doesn't mean it will tomorrow. You're on officially unsupported hardware / os version.

trillic
2 replies
1d1h

They’re gonna break iMessage for the ~50% of population not on the latest version of iOS next week?

matchbok
1 replies
1d

...They obviously would do it in a way that doesn't do that? Do you think this company can outsmart them in the long-run?

ixwt
0 replies
21h48m

This is a replay of the Messenger Wars. Yahoo IM, AIM, ICQ, etc played a game of cat and mouse with clients that wanted to get all of the messengers in one spot.

psittacus
7 replies
1d1h

Besides being allegedly hard to shut down without breaking iPhones, there's also this statement given to Ars Technica:

Migicovsky had a few different answers. The broadest one, regarding the tech behind the app, is that reverse-engineering for interoperability is legal—a fair use exemption to the Digital Millennium Copyright Act's restrictions against circumventing encryption or other protections. The app also goes out of its way to avoid trademarks like iMessage, referring instead to "blue bubbles" and the like, and the rest might be considered nominative fair use.

https://arstechnica.com/gadgets/2023/12/beeper-mini-on-andro...

anon373839
3 replies
18h13m

I’m curious to know if this tech requires spoofing an iPhone or otherwise falsely representing to Apple’s servers that the Android device is an iPhone. If so, I would be looking at the CFAA more than the DMCA.

smashah
2 replies
16h9m

Van Buren protects it from CFAA.

The only avenue that is untested is based on Terms of Service.

I did a OSS WhatsApp reverse engineering project and got a C&D from 800 billion dollar Meta's lawyers all based on violation of their Terms of Service.

As far as I'm aware, there's no precedent for interop against ToS.

anon373839
1 replies
15h58m

Way outside my area of experience, but Van Buren itself doesn’t appear to address this issue. I was thinking more in terms of Apple framing a claim based on access through an act of fraud.

smashah
0 replies
15h55m

I've been told by a C-level exec at a similar company (but relating to banking) that citing Van Buren against CFAA claims gets the claimant's lawyers to back all the way off.

kevincox
2 replies
1d1h

It's legal. But it doesn't mean that Apple has to quietly allow it.

What is maybe more relevant is the EU talking about forcing federation. If Apple lets this live it may give them more bargaining power in those discussions. If they shut it down thatay throw jet fuel on the fire.

jenny91
1 replies
23h29m

Or it may lose them bargaining power. This is a very real technical proof of concept, and deprives Apple of one fewer claim that opening up is a technical challenge.

freedomben
0 replies
22h4m

Apple can easily argue that this implementation violates their security controls and doesn't count as a PoC. As soon as the last iphone without a secure enclave loses support, they can flip the switch and kill Beeper('s iMessage service) instantly

kwerk
0 replies
1d1h

Seems like the local implementation may be durable, but the system for backend polling (BPN) they built appears to ping Apple servers server side. I imagine that creates a block of homogeneous traffic for Apple to spot.

drampelt
0 replies
1d1h

That's what I'm curious about too.

If it does manage to do a good job imitating what an actual iPhone would do though - is there any way Apple even could shut it down without breaking iMessage on old iPhones or forcing people to update?

szszrk
18 replies
1d

OK, took a while to figure out what it is, as I barely know anyone using iphone. Though it's not for me, BUT if they deliver this:

Over time, we will be adding all networks that Beeper supports into Beeper Mini, including SMS/RCS, WhatsApp, Messenger, Signal, Telegram, Instagram, Twitter, Slack, Discord, Google Chat and Linkedin. We'll also bring Beeper Mini to desktop and iOS.

I'm interested, even if it's paid. I'd love to have most of those apps gone and use a cleaner one.

slig
6 replies
1d

Is this some sort of new mobile Adium?

djbusby
5 replies
1d

Trillian

philsnow
4 replies
19h54m

EveryBuddy

wiml
1 replies
19h9m

Pidgin

CaptainNegative
0 replies
18h51m

Gaim

edoceo
1 replies
19h37m

Not sure what EveryBuddy is. Trillian was a multi-protocol chat client from 2000 [0] named after Trillian [1] from 1979.

[0] https://en.wikipedia.org/wiki/Trillian_(software)

[1] https://en.wikipedia.org/wiki/Trillian_(character)

philsnow
0 replies
19h8m

ah didn't realize it had gone away. its successor appears to be [0]

now I'm reliving the chaos of the late-00s/early-10s instant messaging apocalypse when AOL sunsetted AIM. Clients like Trillian were absolutely necessary before AIM shut down. Everybuddy was a good linux-friendly client. When I still spent time on IRC, I really really liked Bitlbee [1] with ERC [2]. Gaim was one of the first open-source projects I ever contributed to.

(I'm not saying that there's a connection there, but rather that all the chat protocols started getting used less around the same time for the same reason, which was smartphones becoming commonplace in late-00s.)

[0] https://en.wikipedia.org/wiki/Ayttm

[1] https://www.bitlbee.org/

[2] https://www.gnu.org/software/emacs/erc.html

striking
5 replies
1d

Happy Beeper customer and original poster here to tell you: Beeper Cloud is already out there and works really well! It's also free, though you'll have to get through the waitlist somehow. It doesn't perfectly replace every app just yet but it covers the most important functionality extremely well. And it's available on mobile as well as desktop devices.

lyton
3 replies
13h29m

Do you mind giving me a referral for Beeper?

Wintereise
2 replies
13h9m

Here you go - refer.beeper.com/39gJJ0

Melatonic
1 replies
10h31m

Possible to generate another ? Says invalid code

Edit: I mean a code for Beeper Mini on Android - not desktop

PrimeMcFly
0 replies
7h14m

Says invalid code

Well yeah it was already used and you came 3 hours after the fact.

kelnos
0 replies
22h35m

IIRC, though, Beeper Cloud does not come with end-to-end encryption on messaging services that usually have that feature through their regular app. Messages are encrypted between your device and Beeper's servers, and between Beeper's servers and the other end of the conversation, but the Beeper folks can still read your messages if they want.

(Please correct me if I'm wrong; the architecture of their product is pretty confusing.)

kyawzazaw
3 replies
19h51m

as I barely know anyone using iphone.

where are you located?

midasz
1 replies
19h22m

I'm from the Netherlands and I know plenty of people who have iPhones but I also know (and am) plenty people with androids. People use either WhatsApp or Telegram. Isn't iMessage just texting within a walled garden?

hn_throwaway_99
0 replies
18h40m

The situation is very different in the US, primarily because in other countries SMS fees tended to be really high a decade and change ago, and thus drove users to WhatsApp, but in the US most carriers had adopted some form of unlimited texting shortly after the iPhone first came out.

Thus, for many socio-economic groups, iPhone is definitely king in the US, and for them iMessage is just the default way to message people because when it was introduced it was the default way to use SMS on iPhone. A restaurant in Texas famous for their funny signs put this out, https://twitter.com/ElArroyo_ATX/status/1693316647677825160 , and tons of people (myself included) could immediately relate.

szszrk
0 replies
19h46m

Poland. I know a few apple fanboys but those aren't people I communicate with outside of work. Just not my bubble.

It's actually weird and silly when they send me text messages and somehow I end up in the same conversation multiple times - like once 1:1, once in a group chat with myself included twice or more (as a number, as an email, as a second number). It's a bizarre experience and usually iPhone user can't see anything wrong :D

neither_color
0 replies
21h22m

Ive tried the legacy version to consolidate Signal, Whatsapp, etc and you can't send/receive calls, only messages. It's very much still a work in progress

joshstrange
16 replies
19h43m

Beeper is a really cool idea by some cool people (people behind the Pebble smartwatch) but I've resisted using it for fear of bans. I don't want my Slack/Discord/Instagram/AppleId/etc to get banned for using something not allowed under the terms of service. How are people who use Beeper dealing with this? Are you just using dummy/test accounts that you don't care about or are you just rolling the dice.

I would like to live in a world where I could use Beeper without worry but I don't feel like we currently live in that world. Am I wrong?

chatmasta
7 replies
19h26m

If you have an Apple account, why are you even using Beeper? I guess it might have some advantages for convenience (multiplexing chat apps), but is that the main selling point right now? I'd imagine the target market is Android users who want to talk to people on Apple Messages. So they can just create a new Apple account, right? (Isn't that kinda hard anyway, though? You need to tie it to billing, etc.) And if that gets banned, who cares? It's not like they were using it for anything else anyway.

altintx
4 replies
19h19m

I sit in front of my work laptop which is signed into my work apple account. My iPhone is signed into my personal Apple account. I cannot iMessage from the keyboard because they won't play together. I've been using Cloud Beeper since early summer, and it makes the two apple systems play nice together. I also have a Windows machine signed in to it, but that's a nice to have.

chatmasta
3 replies
19h13m

Wait, how does this work? Is it using Handoff and sending from your phone, or Beeper is just a GUI and you've extracted a token from your personal phone to use with Beeper on your work device?

Btw, this is mostly unrelated, but do you work for a large company? I'd assume most security teams would have a problem with a setup like this.

altintx
2 replies
18h34m

Neither. Their cloud server is a farm of Mac Minis or similar. Then Beeper Cloud is basically a proxy from the app to that data center.

chatmasta
1 replies
18h23m

Ah I see. I thought I remembered reading about that on Twitter (in the context of people criticizing it as false advertising). So basically this Beeper mini is the "proper" implementation of full e2e encryption, while the cloud service was the bridge to get them here?

altintx
0 replies
18h15m

That's my understanding, yeah. I don't love my apple ID being signed into a box I can't access, so would love to see THIS service go cross platform.

joshstrange
0 replies
19h24m

I'm more interested in the multiplexing aspect, yes I'm iOS/macOS so I don't care about the iMessage aspect alone though I'd love to pull all my chats into 1 extendable app.

chefandy
0 replies
15h50m

An Apple account isn't particularly useful for messaging without an Apple device to message people with.

yellow_lead
3 replies
19h29m

Since they've been on waitlist-mode for several years, it's not currently easy to try out in any case.

Brajeshwar
1 replies
14h28m
Melatonic
0 replies
13h38m

Says invalid - maybe used already ?

nusl
0 replies
18h18m

They’ve opened invites from existing users

quantumsequoia
0 replies
9h7m

Beeper mini does not require an apple account so there's not much harm Apple can do

nusl
0 replies
18h20m

I’ve been using Beeper as my main chat client for multiple years and haven’t had any issues with account blocks or bans on any of their supported platforms. I have Discord, Signal, WhatsApp, iMessage, and LinkedIn connected. There are technical issues at times but they are well communicated and usually resolved pretty quickly.

gaws
0 replies
19h4m

I would like to live in a world where I could use Beeper without worry but I don't feel like we currently live in that world. Am I wrong?

I've been using Beeper for close to six months, and it's been a dream.

ChaseT
0 replies
13h19m

I've used Beeper for about a year with Facebook, Signal, Instagram, Twitter, LinkedIn, and iMessage. Instagram signs me out once a month or so for security suspicions, but I just reconfirm my account with 2FA. Other than that, no issues.

windowshopping
15 replies
18h29m

Dang, I support your efforts but I just don't have any incentive to pay for a texting app. Normal texting and WhatsApp and discord and Instagram and tiktok messages etc etc are all free. So I just don't really have a reason to subscribe to this.

rattray
8 replies
15h13m

I recently paid >$1000 for the privilege of access to iMessage when switching from Android to iPhone. I'd have been _much_ happier staying on my preferred operating system and paying $24/yr.

(iMessage has, for me, actually been worth it - but still, I frequently find myself wishing that something like Beeper Mini existed so I could go back to android).

azinman2
4 replies
14h34m

What do you prefer about Android?

rattray
1 replies
14h15m

Long list, I've been meaning to write a blog post.

eddyg
0 replies
3h15m

Would be very interested in seeing the list of things that you feel _aren't_ possible on iOS and aren't things I'd consider extremely "niche" or purely "cosmetic". (Sadly, I'll probably never know if you ever write such a blog post...)

cutler
0 replies
13h23m

Affordability.

PrimeMcFly
0 replies
7h11m

How about not being in a walled garden and actually having access to your device?

dwaite
2 replies
8h15m

You switched from Android _just_ for iMessage? Why on earth for? Could you elaborate?

robk
0 replies
1h43m

it's very hard to socialize with non-techies in the US without it. you miss so much.

quantumsequoia
0 replies
5h1m

I did as well. Because there are group chats I need to be in that I can only access if I have iMessage

I can't convince dozens of people in the groups to go sign up for signal just to accommodate me

hn_throwaway_99
2 replies
14h45m

Normal texting and WhatsApp and discord and Instagram and tiktok messages etc etc are all free.

This product is not for you. I don't know where you're commenting from, but I'm guessing it's not from the US. Using WhatsApp or Discord or Instagram or TikTok messages only have value because the people you want to talk to use them. In the US, iMessage is by far the dominant messaging service for iPhone users, and iPhones dominate certain socioeconomic groups. This situation sucks, but there are lots of Android users who get extremely frustrated when a large group of their friends are on iPhones, to the point it can be socially isolating when you're "the odd man out" in a group chat (and it's not the whole green/blue bubbles the media likes to talk about, it's that interoperability between iMessage and other clients sucks and breaks many features).

This is a great option for US Android users who want to be able to better communicate with their friends that have iPhones.

xwolfi
0 replies
11h5m

In Hong Kong everyone has an iphone but everyone uses Whatsapp. I'm so surprised iMessage is even used at all, we all consider it a gimmick here, like, Whatsapp and Telegram are so great at their respective subset of features and WeChat does the rest.

windowshopping
0 replies
10h41m

I am in the US and have been here my whole life. My entire extended social circle uses whatsapp. I realize that is the minority but it does exist.

geor9e
0 replies
16h58m

Their older app, Beeper Cloud, is free anyhow.

Friskyseal
0 replies
17h52m

Yeah, the cost is a bummer but if I look at it as spending $2 a month to avoid buying an iPhone, it's worth it.

Ayesh
0 replies
17h18m

There really is no free lunch.

// insert some clever "you are the product" here.

sprite
11 replies
17h25m

Did you get permission from Apple to connect to their servers? Google Play does not allow apps to connect to 3rd party APIs without consent.

The relevant policy can be found at: https://support.google.com/googleplay/android-developer/answ...

"We don’t allow apps that interfere with, disrupt, damage, or access in an unauthorized manner the user’s device, other devices or computers, servers, networks, application programming interfaces (APIs), or services, including but not limited to other apps on the device, any Google service, or an authorized carrier’s network."

From what I understand your app connects to APNS without permission from Apple.

I have personally had my Google Play Developer account banned for making an app that connected to a 3rd party service

CobrastanJorji
7 replies
16h33m

Is this specifically unauthorized, though? The user is permitted to use Apple's services, and Apple has, as far as I know, not announced that third party apps may not use their services.

ryukoposting
5 replies
14h7m

Even Signal pitches a fit if you use a third-party app with their servers. It's a common (and unfortunate) practice.

colinsane
3 replies
11h9m

what does this mean? plenty of 3rd party signal clients exist (flare being a well-known one); signal explicitly factored out a libsignal presumably to _encourage_ this.

i’ve run multiple 3rd-party signal clients, even alongside the official apps, and never seen any problems or warnings.

[flare]: https://gitlab.com/schmiddi-on-mobile/flare

joecool1029
2 replies
8h42m

what does this mean?

Moxie (Signal's founder) has thrown fits in the past over the existence of third-party clients using their servers: https://github.com/libresignal/libresignal/issues/37#issueco...

droopyEyelids
1 replies
6h43m

By calling that a “fit” it sounds like you’ve an axe to grind.

That was pretty damn polite for a heated mailing list discussion.

ryukoposting
0 replies
3h55m

I use my own personal fork of the official Signal app (I absolutely despise the idea of going back to having a separate SMS app), so I do. Sort of.

remus
0 replies
11h13m

It's a common (and unfortunate) practice.

It would be nice if third party clients were allowed to connect, but it's totally understandable if they don't want to allow it. Servers cost money, and misbehaving client apps that you have no control over sound like a pain in the ass.

sprite
0 replies
16h24m

If Apple files a complaint with Google it will definitely get taken down under this clause, so I think the only way it will stay up is if Apple doesn’t care.

With the trouble Apple goes through to ensure you are accessing APNS from an Apple device including obfuscating the signing algorithm and requiring unique hardware identifiers I think it’s safe to assume they don’t want 3rd parties accessing their services.

KTibow
1 replies
17h13m

I have personally had my Google Play Developer account banned for making an app that connected to a 3rd party service.

Well what did it do with the service?

sprite
0 replies
17h7m

I had app that connected to the Snapchat API and let you upload photos with custom effects and photos from your photo album before that was a feature (not sure if it is today, I don't use Snapchat)

geor9e
0 replies
16h59m

I'm surprised Apple hasn't cut them off yet. They must not be able to for some legacy reason. I suspect the only way to cut them off would be to cut off all the older phones like iPhone 3GS as well.

the iMessage protocol and encryption have been reverse engineered by jjtech, a security researcher. Leveraging this research, Beeper Mini implements the iMessage protocol locally within the app. All messages are sent and received by Beeper Mini Android app directly to Apple’s servers. The encryption keys needed to encrypt these messages never leave your phone. Neither Beeper, Apple, nor anyone except the intended recipients can read your messages or attachments. Beeper does not have access to your Apple credentials.

We built Beeper Mini by analyzing the traffic sent between the native iMessage app and Apple’s servers, and rebuilding our own app that sends the same requests and understands the same responses.

https://blog.beeper.com/p/how-beeper-mini-works

paul7986
11 replies
1d

Isnt Apple adopting RCS and won't that solve the green / blue bubble issue?

Personally if it's a business / marketing advantage unless their hand is forced for business reasons they should never change it.

lotsofpulp
7 replies
1d

Green/blue bubble is about the prior probabilities people use to make assumptions about others. E.g., if you use Android/iPhone, there is a prior probability of x% of being y type of person.

WhatsApp/Signal have been available for a long time for anyone that has wanted group chats with modern capabilities.

fragmede
3 replies
1d

Whatsapp and signal don't load messages that were sent before joining a channel, a modern feature that slack has had since launch.

lotsofpulp
2 replies
23h37m

I would not expect/want that behavior from a chat app. If I was having a conversation with 3 people, and then a 4th person walked up and joined the conversation, I expect them to not be privy to anything discussed prior to them joining.

A “channel” that shows all participants the entire history seems more like a private forum thread than a “chat”, and should probably be distinguished separately.

fragmede
1 replies
22h58m

Whatever you want to call it, if we're having a conversation, say, planning a birthday party for Bob, and we forgot to invite Alice to the conversation, through the magic of computers, instead of us having to start the conversation from the beginning again when every new person joins, they can just read the scroll back.

If you're the type of person having conversations about people that you wouldn't want them to hear, maybe you shouldn't be having them?

lotsofpulp
0 replies
22h52m

I understand the pros and cons, I just think there should be a clear demarcation of which is which. I can see a chat app deciding to keep this feature out if they think it would make the app too confusing for its audience.

mholm
2 replies
1d

WhatsApp/Signal involve other people you want to communicate with having those apps, which is fairly unlikely in the US (at least outside of tech/international social groups). Only chat apps out here you can count on are facebook messenger, sms/rcs, groupme, or imessage. iMessage is probably the best of these.

lotsofpulp
1 replies
1d

I have directly asked many relatives/friends in their 20s/30s, and they have told me they would assume an Android user has a higher likelihood of being “weird”.

The barrier to entry to installing WhatsApp or Signal is near zero, just a minute of one’s time. And given that most everyone is using Meta’s other apps anyway, the privacy costs are moot. In fact, all of the people I asked have WhatsApp already, but mostly to remain in legacy group chats with older family.

paul7986
0 replies
23h12m

Also in many countries Android is a sign of your social/economic class as many such headsets are super inexpensive compared to an iPhone.

If Apple started a new color "purple," that indicates sent via iPhone 15 Max well then that would be a further marketing boost for the multiple millions of ppl who care about social class & flaunt it. Apple overall is a luxury brand another one of their marketing strategies.

runjake
2 replies
1d

Apple is adopting RCS, and no, that won't solve the green/blue bubble issue. They'll still distinguish RCS and SMS from iMessage.

iMessage is Apple's value-add and has its own app ecosystem, apparently/allegedly true E2E.

  *> Personally if it's a business / marketing advantage unless their hand is forced for business reasons they should never change it.*
Yep, that is Apple's intent, according to Apple emails leaked from various court cases.

dbbk
1 replies
23h40m

To the vast majority of people though it will solve the problem. Android to iPhone communication will be close enough to the iMessage experience.

runjake
0 replies
22h41m

Yeah, maybe it will make some improvement for Android people, who are the majority of the mobile market.

For iPhone users, they'll still be some non-blue bubble people who lack the E2E[1] and tight iMessage app integrations that are popular among iPhone users these days. At least until governments possibly intervene.

1. E2E insofar as not carrier-accessible (unlike RCS), which is a bit of a hot button issue in the US, post-Snowden/PRISM. If carriers have access to RCS payloads or even metadata, they will most definitely harvest it for marketing purposes, as well as ship it off to the US government.

Mg6yDfjp5U
8 replies
1d

I just downloaded it, and can't get past the landing/sign-in page: "Google sign in error.null"

Unfortunately, signing in with Google is the only option.

skiman10
3 replies
1d

For some reason this security setting was turned off on my account even though I don't remember turning it off and use sign in with Google in other places.

https://help.beeper.com/en_US/beeper-mini/beeper-mini-how-to...

mwhdc
0 replies
13h40m

Note that if you have added more than one Google account to your phone, this setting must be enabled for ALL accounts (not just the one you intend to use to activate Beeper Mini) or the "null" error will appear.

moeffju
0 replies
18h46m

Unfortunately, I'm still getting the error even after switching this on.

Oanid
0 replies
23h49m

Thanks! I was having this issue as well.

wkat4242
0 replies
21h23m

Me too but I have no Google account logged in on my phone. Google shouldn't be the only login option though. Why always the push to give up privacy??

ryanlitalien
0 replies
23h16m

Same as above. Pixel 5, running Android 14. (Edit: the help link provided did not help, as the toggle was already on)

mwhdc
0 replies
23h23m

Same. Activated Google Account sign-in prompts and the error still appears.

hnuser435
0 replies
19h33m

Same. Wanted to sign up immediately but couldn't on a de-googled Pixel.

kevincox
7 replies
1d1h

Very interesting. I was under the impression that Apple used hardware keys to validate iMessage accounts. But it seems that this is able to talk directly to Apple without and Apple hardware? In the post it just says that you need to send and receive a SMS to register.

RulerOf
4 replies
1d

I would have also made that assumption, but I have to admit I'm not surprised it doesn't. IIRC, iMessage was introduced with iOS 5, which supported iPhone 3GS. The secure enclave didn't show up until iPhone 5S which shipped with iOS 7.

freedomben
3 replies
22h8m

ah interesting, so Beeper's days may be numbered by when Apple drops support for older devices. But if they can grow quick enough then they'll have enough users that Apple can't quietly nail them and stuff their body into a dumpster.

filmgirlcw
1 replies
21h16m

Perhaps. They didn't start including the SE with Macs until the first TouchBar Mac in 2016. So there are many millions of non-SE devices in use right now. Of course, Apple could still decide to unilaterally drop support for iMessage on older devices, but doing that risks pissing off and probably losing for life tens of millions of users to prevent, let's be realistic, several hundred thousand users (this is a paid app, this isn't free) from using iMessage on Android using this method.

I wouldn't put it past Apple and other reverse-engineering routes might have to be taken but I don't think this is as easy of a "Apple will instantly shut this down" scenario as many others seem to.

freedomben
0 replies
21h7m

If it realistically stayed with just several hundred thousand users, I would agree.

My suspicion though is that there will now be a rush of apps doing imessage on android or windows etc, and probably also spam on iMessage will go up which might stoke the fire a bit.

I guess we'll see what happens!

RulerOf
0 replies
17h45m

Blocking it might be a cat-and-mouse thing that works with heuristics, which would of course be unreliable in both directions.

wmf
0 replies
23h41m

Old Macs didn't have a secure enclave so I assume this is using an old version of the protocol that was used in those days.

jenny91
0 replies
23h37m

In the related pypush repo it mentions something about hardware serial numbers used in rate-limiting, etc. So I guess they do something?

But yes, I was expecting it to be based on some kind of hardware root of trust certificate system that comes from deep within the hardware and secure enclaves!

cbsks
7 replies
23h44m

https://blog.beeper.com/p/how-beeper-mini-works

SMS access is used to send an SMS text message from your number to Apple’s “Gateway” service. The gateway sends a response via SMS, and the contents from that SMS response are sent to Apple to register your phone number as a blue bubble. Your SMS chat history is also used to determine if any of your recent SMS chats were with people who have iPhones. If so, these chats are shown in the inbox.

Does this mean that Apple is sent the phone number of every person you have ever sent or received an SMS with?

Very cool program, by the way. It’s refreshing to see a company take privacy seriously.

asadm
4 replies
23h42m

seems likely? or atleast a hash of it.

cbsks
3 replies
23h39m

A hash of a phone number would be trivial to brute force.

aqfamnzc
2 replies
23h26m

Hmm, could it be salted somehow?

freedomben
1 replies
22h16m

Not sure why downvoted, this is a reasonable question.

No, even a gigantic salt wouldn't help because the input data is too low entropy - only 10 digits that are 0-9. Salts are only helpful to prevent rainbow table attacks by making the size of the pre-computed output space too large to fit on a drive.

The salt has to be stored in plain text in order for the verifying algorithm to compute the hash of the input and compare it, so if you have the hash you also have the salt and can brute-force old school and crack all of them in short order.

aqfamnzc
0 replies
21h54m

That makes sense. Thanks.

erohead
1 replies
23h9m

Beeper Mini checks only the last 50 contacts and determines if any are on iMessage.

cbsks
0 replies
13h23m

Thanks for answering. Any plans to make the check optional? Some people may not want to send that info to Apple.

actionfromafar
7 replies
23h15m

Recently I got a spam iMessage from a sort of empty contact. There was no number, no email address. I thought this was impossible, that there had to some kind of ID connected.

Can someone explain what's going on?

riddlemethat
6 replies
22h37m

I just got some iMessage spam yesterday. Now I know why.

This jailbreak will make it less likely for someone to be able to trust iMessage.

sudosysgen
3 replies
20h16m

iMessage spam has been a thing for months, and if these guys could reverse-engineer iMessage, so can criminals.

actionfromafar
2 replies
18h44m

But why can you register an iMessage account with no email and no phone number? It doesn’t make any sense to me. Signal avoided that and that protocol is documented.

sudosysgen
1 replies
18h30m

You can't. Either it sends an SMS to an Apple server, or you need to sign in with your Apple account.

actionfromafar
0 replies
7h58m

So how could I get an iMessage spam with no sender...

freedomben
0 replies
22h30m

and that's exactly the justification Apple needs to squash this. I'm not saying you're wrong (you're not), just that I'm pessimistic on this project's future.

actionfromafar
0 replies
22h18m

Well, is it related to this jailbreak or not? I guess it might very well be, but I’m sure. Are you going to force me to read the article?! :-)

mcgeez
6 replies
1d1h

I was added to a waitlist, despite their blog post saying there's none. Is anyone else dealing with this?

Rebelgecko
4 replies
1d1h

I'm on the wait list for Beeper, except sometimes when I check my position I've actually gone further back in line somehow.

jaktet
3 replies
23h24m

I can invite you if you want. I just need a platform to send you a message on then I can do it through the app.

Rebelgecko
2 replies
22h34m

Thanks, that'd be awesome. If email works you can use my username @gmail.com

jaktet
0 replies
1m

I messaged you but you might be able to use this link http://refer.beeper.com/YTRsJd

jaktet
0 replies
22h6m

Are you on Google chat? It says not found

erohead
0 replies
1d1h

You may have used the wrong link, this is the correct one: https://play.google.com/store/apps/details?id=com.beeper.ima

impish9208
6 replies
22h26m

Whenever this issue of iMessage crops up on HN, I’ve come to expect the usual points from both sides. However, the one thing that’s never addressed is the “why” of it all. For a group that ostensibly values openness and interoperability, why spend so much effort and energy to climb into a walled garden?

stanleydrew
1 replies
22h18m

Blue-bubble envy is real. I myself am a green-bubbler but every once in awhile I feel this tinge of "otherness" when I see "Loved an image" in the group chat.

fragmede
0 replies
22h3m

it's location tracking and sending money that you don't feel.

HenryBemis
1 replies
22h22m

Because half our friends/family/etc own an iPhone and they either use iMessage or WhatsApp, and neither is acceptable for the likes of me. And since they don't 'stoop' to the level of Signal, we can 'stoop' to the level of iMessage (but definitely not WhatsApp).

aembleton
0 replies
21h51m

Whats wrong with WhatsApp?

noman-land
0 replies
22h22m

To pry a closed system open and force it to interoperate. Climbing into a walled garden and breaking down one of the walls.

fullstop
0 replies
21h38m

Receiving videos which aren't crunched down to 320x240 resolution would be nice.

graphe
6 replies
1d1h

Beeper was made by the pebble dev. Eric should have read the goal by Eli goldratt, it's a case study of TOC. I still love my slides of time.

Pebble: https://en.m.wikipedia.org/wiki/Pebble_(watch)

https://www.kickstarter.com/projects/getpebble/pebble-time-a...

drcongo
3 replies
1d1h

What's Pebble? It's mentioned on the Beeper home page too with no context as though everyone should know what it is, sadly I don't.

mikestew
2 replies
1d1h

One of the original smartwatches, if not the original:

https://www.kickstarter.com/projects/getpebble/pebble-e-pape...

(At least I think that's what the word salad of parent is referring to.)

folmar
0 replies
1d

I would name Seiko Data-2000 the original, some 28 years earlier. Even if you'd like something more modern-looking the list still has IBM Linux Watch and Samsung SPH-WP10 and others before.

drcongo
0 replies
1d

Thanks. I had one of those and quite liked it.

mtlynch
1 replies
1d

For anyone confused, "TOC" refers to "theory of constraints":

https://en.wikipedia.org/wiki/Theory_of_constraints

I also enjoyed The Goal and found it helpful for my manufacturing business, although I'm having trouble understanding how it connects to this blog post.

graphe
0 replies
1d

It doesn't do with this post. It has to do with pebble. They overproduced and were too carried away with efficient over production and (probably) had warehouses full of pebbles. For years after you could get a new in box one for $40 or $99 at retail when it was supposed to be $200 or so.

sauwan
5 replies
1d

Can I make this work with my Google Voice number?

xd1936
3 replies
23h54m

Same question. No RCS, no iMessage... Us few Google Voice users have been forgotten by Google. I live in constant fear that the service will be "spring cleaned".

JZL003
1 replies
23h27m

Yeah I'm too far commmitted. I hope they'll let us buy the number off them

But my theory is that too many google execs use it so it'll hurt them too if it gets canned. They did update the app semi recently

xd1936
0 replies
21h56m

My main glimmer of hope is that Google has started selling Voice as a hosted VoIP enterprise solution[1] recently, showing that they are doing _something_ with the technology... even if the consumer offering is languishing.

1. https://workspace.google.com/products/voice/

CobrastanJorji
0 replies
16h19m

You know, if Apple wanted to be really snarky, they could run some of those "Make Apple support RCS" ads, except with Google Voice.

kilroy123
0 replies
21h43m

They started working on a bridge. I have endlessly begged them to make one.

https://github.com/beeper/googlevoice

If I knew Go I would roll up my shelves and work on this myself.

pelletier
4 replies
1d

How does the generation of validation data for registration work? As far as I understand, this requires details from an actual Apple device (serial number, model, etc.)

erohead
1 replies
1d
pelletier
0 replies
23h15m

They mention the generation needs a plist from an actual Apple device, and provide one of their own in the repository. I wonder what Beeper does. Maybe they have just one serial number? Maybe they have multiple and rotate?

dadoum
1 replies
1d

I think it's calling a server generating validation data (probably with a pre-set hardware informations to be able to run it on a Linux machine which is cheaper, with emulation as pypush does it or by directly loading the macOS executable in the memory and run the right code snippets there).

pelletier
0 replies
23h14m

I'm curious what are the implications of having pre-set hardware info. Maybe rate-limiting? or easier for Apple to flag those particular serial numbers to block the service if they wish?

oldandboring
4 replies
20h0m

Thinking maybe this isn't working. I downloaded, installed. It said it detected all my chats with iPhone users and that I was 'upgraded' to iMessage chats with them. I then tried using Beeper Mini to message someone I know has an iPhone (continuing our existing chat that it 'upgraded' from SMS) and I asked him if I was coming up as a blue bubble and he said it's 'grey', not green and definitely not blue.

seanw265
2 replies
19h21m

Can't comment on whether it works or not, but it sounds like there's a mix-up here. On iOS, it would be their bubble that is either blue or green when messaging you, not yours. To an iOS user, everyone else is a grey bubble.

oldandboring
0 replies
14h43m

Hah! Whoops!

chatmasta
0 replies
19h15m

Also, even then, sometimes existing conversations won't automatically switch from SMS to iMessage. I'm not sure what the trigger is - he might just need to wait a while, or delete the thread and start it again.

LetsGetTechnicl
0 replies
19h2m

That's because received messages are grey, but the messages sent from an iPhone to an iMessage recipient are blue. So I'd ask if when he texts you back if his texts are blue.

lobochrome
4 replies
16h0m

In principle - it's cool - but I already dread the increased iMessage spam that this will surely bring.

WhatsApp is already almost useless with Notifications turned on for me. Maybe this is specific to Japanese phone numbers, but iMessage was always the safe spot where no fishing/scams happened.

My mother actually got scammed out of ~2000 USD on WhatsApp.

I think I hope Apple kills this fast.

dkarp
3 replies
15h58m

I get spam messages on iMessage and never on WhatsApp, weird

barkerja
1 replies
15h51m

I don't know if I have ever received an iMessage spam, and I have 6 addresses associated (5 emails, 1 phone number).

SMS I get spam almost daily.

dwaite
0 replies
8h11m

I've gotten local political messages from volunteers, but those were sent from their cellphones (and may have resulted in them being banned from iMessage a few days later)

I've never gotten an automated spam via iMessage protocol.

fragmede
0 replies
15h41m

I mistakenly gave my number to a bot on Tinder, and now I get random texts on WhatsApp all the time, consisting of a highly photoshopped photo of a woman and some short intro.

dabluecaboose
4 replies
1d

Hi Eric! Big fan of Beeper, Pebble, and hopefully the yet-to-be small android phone. I had some questions that I was ill-equipped to answer, and hoped I could throw them your way!

When I installed beeper, I mentioned it to my friends that I was using it as a bridge for Signal. They threw a pretty big conniption about the implementation and the fact that all our messages were being routed through an unknown server in Germany with source code we could not read or audit (the Synapse/Matrix server beeper.com, as I understand it).

There were also some unfounded tinfoil-hat allegations that Beeper is an intelligence honeypot meant to slurp up all Signal encrypted comms that pass through its Matrix bridge, before forwarding them (although I don't give those any credence)

What reassurances might I be able to provide them? The UX for the Signal app has been going somewhat downhill as of late and I'd like to keep using Beeper if I can assuage their fears.

erohead
3 replies
23h55m

You can self-host any of our bridges if you prefer: https://github.com/beeper/bridge-manager

dabluecaboose
2 replies
23h35m

Thanks for the response! I don't think I phrased my question properly, since they were mostly concerned about what kind of access the beeper.com matrix server has. If I set up my own bridge, it will still send all of my messages to e.g. @dabluecaboose:beeper.com, right? Their concern was what's happening in the Matrix server that's hosting my account, not as much the bridge.

erohead
1 replies
23h25m

All messages are encrypted by the bridge before being sent to the matrix homeserver. Homeserver cannot read or see any message contents. If you want to self host everything, including the homeserver, you can do this: https://github.com/beeper/self-host

dabluecaboose
0 replies
23h12m

Thanks! Appreciate the responses. I'll forward things to the interested parties. They're already all atwitter about the potential for a direct Signal reimplementation like the imessage one. That might just be the ticket!

bambax
4 replies
19h21m

I'm sorry but don't understand exactly what this is. Is it a universal text app that you can use for all your contacts? Or do you need to know if the person you're texting with has an iPhone or not?

Given the excitement and number of upvotes I'm obviously missing something, but I'm at a loss.

hn_throwaway_99
3 replies
18h34m

The excitement is because previously it was impossible for Android users to communicate with iPhone users over iMessage. If you're not in the US, you probably won't get this, but in the US it's very easy to be "the odd man out" as the only Android user in a group of friends. Group chats between iMessage and Android users is basically horrible right now - I seriously considered getting an iPhone solely because friends were annoyed with me for breaking their group chats.

What Beeper does (especially since it's such a huge technological achievement by reverse engineering the iMessage protocol, as opposed to just using a Mac server as a "man-in-the-middle" iMessage communicator) is unlock a part of the iOS ecosystem to non iOS users in a way that Apple has been avoiding for years.

dkdbejwi383
1 replies
18h22m

What is it about iMessage that breaks group chats? Where I live everyone uses WhatsApp (SMS is for 2fa codes pretty much exclusively for me)

hn_throwaway_99
0 replies
17h47m

There are tons of interoperability problems. Google put up this website a while back, before Apple announced they would support RCS interoperability with iMessage, that explains a lot of the broken experience: https://www.android.com/get-the-message/

bambax
0 replies
10h9m

Thanks for the clarification.

Yes I'm not in the US. Here in France (Europe?) pretty much everyone uses Whatsapp; it's not a problem to do normal text between Android and iOS, but I'm not aware of group chats that would be exclusive to iPhone users (I have never been offered/asked to join an iMessage group).

b8
4 replies
16h35m

The fee and requiring account signup are a dealbreaker. Hopefully someone will create a FLOSS alternative.

jmprspret
1 replies
15h57m

AirMessage is open source (and quite old, unsure if its maintained). It requires a Mac computer to run some kind of forwarding software however.

tamu_nerd
0 replies
15h10m

BlueBubbles is the new hotness I believe.

hn_throwaway_99
0 replies
14h43m

Why are people so godawful cheap that they demand so much labor from others for free? I'd gladly pay for this, it's hella cheaper than me having to switch from Android to iPhone.

colinsane
0 replies
10h49m

there are FLOSS alternatives: jabber/XMPP (or arguably Matrix, etc)

okay, i sound snarky: but how is this aligned at all with FLOSS projects/communities/ideals? how/why would a FOSS project tie itself to a network run by a company that’s going to constantly be trying to kill their implementation? both the users and the devs would be constantly fed up with the breakages: you solve that either with open protocols or by paying somebody to do the dirty work of defending against Apple.

awat
4 replies
23h13m

Fortunately, I think this is going to be a forcing function for the RCS conversation.

Unfortunately, I'll be waiting for the data loss post coming in the near future. As some one who had to deal with a stuck iMessage validation with Apple support on a genuine iPhone a few years back this can get sticky.

olliej
3 replies
22h53m

RCS is not an iMessage replacement though? it's not encrypted, it doesn't support a single identity for multiple devices, it requires cell service and a phone number

entropicdrifter
1 replies
21h33m

RCS supports end to end encryption (it's on by default for Google Messages), Apple just isn't implementing it in their planned implementation of RCS. Google Messages does support a desktop app and you can link it to your phone with a QR code, so it can use a single identity for multiple devices.

olliej
0 replies
20h51m

No, google has an extension they use that is not part of the RCS standard.

awat
0 replies
21h33m

I don't mean to insinuate they are like for like. I just mean Apple is starting to pick up scrutiny on interoperability which started with USB-C and I think the focus on this project is going to increase the scrutiny especially if Apple cuts it off.

VanTheBrand
4 replies
10h57m

I think this might be launching at an opportune time. The EU is already trying to force them to open up the App Store and iMessage has a target on its back. A cease and desist about this won’t look great in the inevitable antitrust hearings…

apexalpha
3 replies
9h25m

Does iMessage have a target on its back? It doesn't have a dominant position here in messaging, if it has a position at all.

yalok
2 replies
9h17m

over 50% of US market (and a few other countries), for starters. Not EU's jurisdiction, but it is a major messaging service.

apexalpha
1 replies
8h49m

Yes, I know but I was specifically talking about the EU, since that's the only government legislation for open access.

geraldhh
0 replies
7h59m

bit of irony that this can fly because of legislation in a mostly irrelevant market

TrueDuality
4 replies
3h54m

The biggest question I have is what does the exit story look like? I know it's a common problem for people switching to Android from an iPhone (keeping their phone number) and not receiving any messages from iPhones as their contacts are still trying to send via iMessage.

What happens at the end of the trial when I choose it's not for me. Will I suddenly loose my ability to text with every Apple user? What about in the event of a service failure of your infrastructure (it says it talks directly to Apple's servers but does it also rely on you?)... What if Apple does go after you or makes a breaking change to the protocol?

In all those scenarios, what happens to my messages? Can I export and keep them?

I'm very interested to try but the potential to loose access even for a day or two is a really hard ask.

Workaccount2
2 replies
2h10m

Someone on r/android reported that they could not receive messages from iPhones once they uninstalled the app. They had to remove their contact from the iPhone and re add it to fall back to SMS.

Someone else commented that you can de-register your number on Apple's site, but the person then said that it didn't work either.

So yeah, I am holding back on it to until there is more clarity about this. The overwhelming majority of people I text are on imessage and it would be a royal pain if I had to have all those people delete and re-add me.

hbn
1 replies
1h8m

Someone else commented that you can de-register your number on Apple's site, but the person then said that it didn't work either.

I don't know how Beeper could possibly prevent Apple's iMessage deregister form[1] from not working. Apple handles whether or not you have an iMessage account, not Beeper. It might take a bit for it to fully be purged, but this was only announced/launched less than a day ago so I can't believe that person really waited before confirming it somehow doesn't work.

[1] https://selfsolve.apple.com/deregister-imessage/

Workaccount2
0 replies
1h1m

They complained that when they entered their number to de-register, they were presented with a "number not found" error. Which seems like a plausible error for a backdoor imessage implementation.

hbn
0 replies
1h12m

Apple has a form to de-register a number from iMessage here:

https://selfsolve.apple.com/deregister-imessage/

yodon
3 replies
1d

How long until this gets forked into an iMessage spam bot?

matsz
2 replies
1d

There's already a ton of those operating, I get iMessage spam at least once per day.

sgt
1 replies
23h41m

Never ever seen that myself. SMS however yes, lots if spam by companies using bulk SMS services. But those show up as green bubbles so easier to ignore.

matsz
0 replies
23h9m

The spam iMessages I've received had the "iMessage" text above, were sent from a seemingly normal phone number and had a "Report Junk" button at the bottom of the screen (which text messages don't have).

xyst
3 replies
22h11m

Isn’t iMessage, amongst other things, the subject of some upcoming EU reg forcing it to be cross platform (or at least make APIs accessible)?

Thus, preceding the need of Beeper Mini.

smashah
0 replies
15h58m

DMA.

These companies have many years to comply and drop Fred functionality to 3PAs.

It's not enough imo.

DMA should've explicitly greenlight adversarial interop, superceding any existing agreement between gatekeeper and interop developers.

londons_explore
0 replies
21h50m

Proposed EU regs... I'd bet it'll be years till it is truly an open platform, and even then, they may restrict the openness to the EU only.

impish9208
0 replies
22h9m

I think you meant to write “preempting”.

varun_ch
3 replies
22h6m

If this really works, it is what Nothing's partnership with Sunbird claimed to do (and lied about) a couple weeks ago - before being called out and shut down

https://texts.blog/2023/11/18/sunbird-security/

xd1936
1 replies
21h57m

It's really not. Beeper (and Sunbird, and others) up until today used a Mac server to sync messages. OP is describing an Android app that's natively talking directly to iMessage infrastructure, for the first time.

varun_ch
0 replies
19h42m

Sunbird was claiming they reverse engineered iMessage (either to maintain e2e encryption, or to just do stuff on device).

It looks like Beeper has actually managed to do the latter, which is really exciting!!

batuhanicoz
0 replies
20h42m

I’m one of the authors of the blog post you linked — Beeper Mini is entirely different.

There is a great blog post by JJTech (author of the pypush library, tech Beeper Mini is based on) also on the front page right now: https://news.ycombinator.com/item?id=38532167

notdang
3 replies
23h34m

Trying to use this an I am stuck at the AppleID login screen (I don't have an AppleID).

However from your message it seems that it should not be required:

No Apple ID is required
erohead
2 replies
23h27m

Sounds like phone-only registration didn't work. This may happen if you don't have a SIM card that can text outbound. If you are outside of US, Apple's SMS registration number is in the UK (+42)

ryan-c
0 replies
23h19m

+42 is Czechoslovakia

+44 is UK

notdang
0 replies
23h17m

Yes, I am outside of US and it could not send the verification message to the short number.

keyme
3 replies
20h30m

Whatsapp is known for banning accounts that use any kind of third party clients.

For Android users on iMessage (insane achievement!) obviously this isn't such a big issue, as they didn't have an account before, so the sanction of being banned is not so important.

I would never dare, however, to switch over my WhatsApp to a 3rd party client. Do you have something planned in this regard?

greentea23
1 replies
20h20m

The best you can do now is run whatsapp apk on an emulator or spare device, then auth that with the matrix bridge, then you can avoid needing to use whatsapp clients on daily drivers. Works decently well: https://github.com/mautrix/whatsapp

smashah
0 replies
16h7m

Emulator based WhatsApp accounts are highest risk of bans just f.y.i

If you're worried about using beeper due to bans then just get a second hand burner phone (needs to have had WhatsApp before so it is safe from being identified as "poisoned") then make an account on there to use with beeper.

Beeper is very helpful NGL.

modeless
0 replies
10h13m

Beeper Cloud has supported Whatsapp a long time and I haven't heard of anyone getting banned for using it.

jerdthenerd
3 replies
19h47m

Can anyone explain to me why it matters if you have iMessage or not? So what my friends see a green bubble when I message them?

space_fountain
0 replies
19h44m

This is set to change, but right now iPhones only support the most basic form of text messaging with android phones. Texting between iPhones just works better. The images are higher quality, reacting to messages works right you can can reply to people, where as soon as you try to include an android number all of that drops away

dvngnt_
0 replies
19h40m

gpt says

The distinction between iMessage (blue bubbles) and regular SMS/MMS (green bubbles) on iPhones matters because iMessage offers additional features like read receipts, typing indicators, higher-quality media sharing, and seamless syncing across Apple devices. While the color of the bubble itself may not be significant, the functionality and experience differ between the two, impacting communication capabilities.

Terretta
0 replies
19h14m

Your telco/carrier can (and do) "read"* your SMS chats.

* Capture, store, share with various authorities and data services, and sometimes advertise against, as well as make available to other people on your account and carrier support.

gadders
3 replies
22h54m

It's got one of those "We'll charge you if you forget to cancel" subscriptions. Might be google's fault, but I'm not signing up.

I remember Meebo (https://en.wikipedia.org/wiki/Meebo) tried to do a similar multi-chat client as well, but for the web.

mynameisvlad
2 replies
21h40m

I mean… yes, that is generally how subscriptions work. Google and Apple make it relatively easy to cancel in-app subscriptions.

gadders
1 replies
17h45m

Yeah. It's pretty shitty. You should get cut off after a week with a positive opt-in to continue.

modeless
0 replies
10h18m

If you want that, just cancel the subscription immediately. You still get the free trial period and you can subscribe at the end if you want to. Works for any Google Play subscription free trial AFAIK.

fuddle
3 replies
23h35m

I'm really surprised people will go to so much effort for a blue bubble.

spiderice
0 replies
23h6m

I'm really surprised people still pretend they don't know it's not only about the bubble color

nomel
0 replies
23h26m

For me, it's not a blue bubble as much as the higher quality images/videos, compared to SMS/MMS. Trying to figure out which proper app a certain person has/uses, and remembering which to open for a certain person, is a huge pain. The full Beeper app is like old school Trillian: a bunch of clients in one. I just see messages from people. It's great!

mrweasel
0 replies
21h0m

It's the images, videos and most of all, this the group chats. Being the only person on Android sucks if everyone else is on a group chat.

endisneigh
3 replies
1d

So you can use this to spam iMessage?

happymellon
2 replies
22h20m

You could spam iMessage before this.

riscy
0 replies
21h4m

Before, there was an Apple ID or device that could be banned for spamming. Here, there is no account required at all, just a phone number.

endisneigh
0 replies
20h35m

No, because you needed an actual account which could be trivially banned.

SpencerOMG
3 replies
20h8m

I remember Nothing tech did something similar-ish not too long ago, but I can't find their announcement of it. But then I stumbled upon a video talking about privacy concerns[0]. What's the difference between what they did and what Beeper is doing? Sounds cool though, impressive work! (also, "hacker"-news needs to be more embracing of their name lol)

[0] https://www.youtube.com/watch?v=fMdj8RyMb64

nani8ot
0 replies
17h35m

Nothing/Sunbird lied about how their bridge worked, while Beeper has an open source matrix <-> imessage bridge implementation with docs.

Technically they are similar with both using macs in a server farm for their hosted offers.

[0] https://github.com/mautrix/imessage

dvngnt_
0 replies
19h38m

this one doesn't have reports of using insecure http during account linking and I think you have the option to self-host

drewtato
0 replies
19h18m

Nothing's thing was a branded version of Sunbird https://www.sunbirdapp.com/ which is technically similar to the iMessage part of Beeper Cloud. It is essentially a way for you to login with your Apple ID on a Mac Mini in a server farm, and then interact with its desktop iMessage client from an Android app.

This was done because Apple obfuscates how its notification system works, so the cheapest short-term solution is to just use real Apple hardware.

When Nothing released it, it was found to have many flaws, which is where that video comes in. Nothing unreleased it and hasn't followed up since.

Beeper Mini uses the long-term solution of reverse engineering Apple's notification system so that it can run independently of an Apple device.

unshavedyak
2 replies
23h30m

Side note, i'd love if Beeper could impl some "standard" open APIs to brute force us in a new unified direction. I feel like the chat ecosystem is in the days of pre-LSP editors. Anytime i wanted to try a new fancy term based editor, i'd lose out of very basic features like code completion, jumping, etc. Since LSP came around, i can basically jump to any editor because everyone has this baked in now, and it works with "all" languages - it's great!

I want this for chat. I loved how great everything looked and felt with Telegram, but then i left for Signal and it was super bare bones. Eventually Signal got some stuff, but it's still missing a lot of stupid features that make it fun for me (integrated gif lookups, etc).

I'd love if we could unify around some of these behaviors and as we add new chat apps, users don't lose "basic" functionality.

Anyway, wishes aside - Beeper is really cool. I just signed up to Cloud, and my wife has been a happy user for quite a while.

notpushkin
0 replies
22h20m
FireInsight
0 replies
20h57m

Beeper (Cloud?) is based on Matrix, so I guess that's the open standard you're looking for?

tibbydudeza
2 replies
19h10m

Good luck with this one - dunno how Apple is going to react - a Steve Jobs nuking upon from high via API changes or Tim Cook ignoring it and just disgruntled acceptance that it exists but not care why folks in the US choose Apple.

rpmisms
1 replies
18h13m

There is probably a tense debate happening internally right now about how they want to respond. PR says no, Product says nuke it, Legal is stretching their fingers, and Engineering just finished reproducing the issue.

tibbydudeza
0 replies
17h29m

My understanding is that they are re-using a device serial number but they imply that changing this means a major change to how iMessage works so they banking on Apple inertia.

Charging $2 before the horse has bolted seems a bit ... would have preferred that Apple was involved.

skygazer
2 replies
17h6m

Does this mean it’s trivial to spoof iMessage from arbitrary phone numbers not already registered with iMessage, or hijack any non-iPhone users SMS messages by tricking the iPhones they communicate with to send replies via iMessage to the spoofer rather than SMS? If this is true, (edit: probably not true,) and I’m just speculating without specific knowledge, it seems Apple would shut this down for legitimate security reasons, and perhaps re-engineer things to prevent this.

brenns10
1 replies
16h54m

I just tried out the app - an SMS challenge was sent to my phone number, and the app sends a response via SMS. By challenge, I mean there's several fields with encoded data (not just a 6-digit OTP).

I have no idea how it's implemented by Apple but I'd hope there's some sort of expiry time. I'm sure they've thought of SIM-swapping as a way to take over people's accounts.

skygazer
0 replies
16h51m

Does that challenge seem to come from Apple or Beeper? I hope Apple. That would largely allay my concern. I guess I should have given Apple more credit, because this “vulnerability” would likely have come to light much earlier otherwise, as they’ve always needed reliable means to establish ownership of a number — it’s just been automatic and invisible on the iPhone.

mikae1
2 replies
22h17m

Will this be available from F-Droid or as an APK? I'm using a deGoogled device. Too cool!

wkat4242
0 replies
21h25m

Nope even if you install it using aurora store it requires a Google account linked in play services (you can't even log into it manually!). So even on a device with play services but no Google account logged in I get an error logging in. On a Google free device it definitely won't work.

nani8ot
0 replies
17h26m

Beeper's clients never were open source. They were based on Apache 2 licensed Element. The new client won't be open source either, given how they don't even open source their server part (contrary to their matrix bridges).

matsz
2 replies
1d

Great job! Just from taking a quick look at this, what you have here is much bigger than iMessage itself.

This could literally allow things like Universal Clipboard to work on Linux and Windows - by using the method presented here to access the iCloud Keychain and generating Continuity keys and placing them there - then the iPhone will broadcast its clipboard data encrypted with those keys via BLE. If I understand all of this correctly.

crooked-v
1 replies
16h37m

I had been wondering where Beeper's route to profitability was, but if they can get Continuity and AirDrop stuff working with Windows that will be an instant no-brainer subscription for a lot of people (including me), so I guess it works out.

LectronPusher
0 replies
9h16m

It works over wifi, but you might be interested in KDE Connect [1]. It can do clipboard, remote input, file sending, command running, etc. on Windows and Linux.

[1] https://kdeconnect.kde.org/

llm_nerd
2 replies
1d1h

My first thought is "was Apple behind this?" I understand that they claim to have reverse engineered it...but if it's such a trivial conversation exchange, it is a bit surprising this hasn't been utilized before. Seems convenient given the loud exchanges happening about RCS and the like. And unlike RCS, iMessages actually has E2E baked in.

The next thought it the utilization for abuse such as spam. E2E is wonderful but it also means that the normal cryptoscammer / phishing checks can't apply. There are mentions of rate limits and that surely comes into play, but given the simple proof of concept it would be easy to scale out.

atlas_hugged
1 replies
1d

I don’t think so. The security researcher is a kid in high school that seems really fucking sharp.

nicolas_17
0 replies
22h55m

I have confirmed with him that he hadn't been born yet when Steve Jobs announced the iPhone.

keepamovin
2 replies
13h59m

https://blog.beeper.com/p/how-beeper-mini-works

Very cool. A question: will you be revenue sharing with JJTech0130? Their work made this possible, correct?

graphe
1 replies
13h56m

This project is licensed under the terms of the SSPL. Portions of this project are based on macholibre by Aaron Stephens under the Apache 2.0 license.

This project has been purchased by Beeper, please contact them with any questions about licensing.

They seemed to comply with the SSPL as well.

keepamovin
0 replies
13h2m

Nice! Glad they took care of it.

itslennysfault
2 replies
23h14m

First... I want to say this is awesome and really really cool. I'm an android user and honestly don't care about blue bubble or iMessage features, but I know A LOT of people care a lot about it, and its really cool to see a solution that doesn't involve passing Apple credentials to some 3rd party service.

That said... I will be SHOCKED if Apple doesn't prevent this in some way in short order.

Could be through legal action (not a lawyer don't know if they have a leg to stand on)

Could be through technical means (pretty sure there are multiple ways they could break this)

...but regardless I highly doubt they will let this fly for long.

kilroy123
0 replies
21h53m

I've been a beeper user for a while now. I, too, share this concern. There's no way Apple won't try to kill this somehow.

freedomben
0 replies
22h29m

Agreed, and it needn't ever address Beeper directly. Simply fixing the "security hole" that allows invalid devices to register would put a knife in Beeper's back and needn't ever be acknowledged by Big Gray

ilteris
2 replies
16h49m

It is normal these days to have login with buttons BEFORE the subscription info? I mean I wouldn't even try to download if I knew there was a monthly subscription fee. Thanks

ddxv
0 replies
14h21m

Right? I felt like it was some kind of trick to at least get your email before showing you the app actually is a subscription only app.

Urgo
0 replies
13h14m

100% this. I don't really care about the whole bubble thing. I just though oh cool, let me try this and find some iphone user to see if it works. Downloaded, auth'd my google account which was the only option which is not right either... and then bam, paywall. Yes it does say it costs $1.99/mo almost at the bottom of the linked page, but I 100% would not have downloaded this if I knew that up front. And absolutely would not have auth'd my google account.

There 100% should be a message BEFORE logging in that has the pricing. And allow for actual email signups too, not google or any other 3rd party logins.

heyoni
2 replies
17h20m

How come there’s a waitlist for the main product but not this one? I feel like it should be the other way around?

mr_sturd
1 replies
16h44m

There's no stress on their servers with Beeper Mini, as it communicates with Apple servers directly.

heyoni
0 replies
16h15m

Oh that makes sense. I was thinking that there’s added risk of spammers and botters on mini and they’d want to gate that

classicmotto
2 replies
13h11m

If this is a standalone app (not requiring ongoing server/relay maintenances), why charge a monthly fee and not a one-time fee?

modeless
0 replies
10h19m

They still run a server on your behalf to translate from Apple push notifications to Android ones. Somehow they were able to do it without compromising the end-to-end encryption too, which is awesome.

abhibeckert
0 replies
13h9m

Why charge $10, when you can charge $10 per month?

But seriously, Beeper does have server side components. They're just optional ones. If you don't pay, you don't get those features.

chirau
2 replies
19h42m

I'd love to try this. Anyone with a referral code?

spogbiper
1 replies
19h10m

You don't need a code. Just install the beeper mini app from the play store

Melatonic
0 replies
10h34m

When I installed it after it asked for a 2 dollar a month charge or referral code

brailsafe
2 replies
18h46m

This is really cool, at least in theory. I keep hearing from only iPhone users on podcasts that they find it annoying to message amyone not on iOS. As an Android user, I couldn't imagine this being a concern to me; have any of you Android users even had the passing thought that you're missing out on hypothetical conversations between people who only use iMessage?

I use Messenger for the gen x people in my life, Signal for others, and sms and google chat for some others, but I don't even know what devices any of my friends use on a regular basis, seems arbitrary to me.

halfblindsalt
1 replies
17h47m

Every single person I message regularly uses iMessage. As far as I know none of them are “iPhone users” in the sense that they particularly care, they just use ‘the normal thing’ (which is iPhone).

So for the opposite question, I’ve never had the passing thought of missing out on what Android users do either.

I wonder if people just sort of mostly self select into mostly non-overlapping groups?

brailsafe
0 replies
16h20m

Android users don't have platform specific messaging apps as far as I know, so the fact that some people use iMessage as their normal is mostly inconsequential to Android users, but not the other way around since things appear differently based entirely on the platform. But I suppose I answered my own question, and something like this would enable iMessage to be more platform-independent, and thus an iOS user could hypothetically switch to Android without concern that they'll be ostracized from their messaging group or whatever.

benmanns
2 replies
20h53m

Is there any way to do this on iPhone? I use a Google Voice number since Google Voice came out, and I would love to iMessage from it, but Apple won't let me add it as a number for the device.

modeless
0 replies
10h11m

It only runs on Android for now, although I think a desktop version is on their roadmap. But also, Apple will refuse to register Google Voice numbers. You need a number tied to a real carrier account. You'd have to port your number into a carrier, do the registration, then port it back.

devindotcom
0 replies
20h13m

I believe all you need is an apple id with a valid email to use imessage. my devices sometimes ask me if I want to message from/to a number or an associated email. I could be wrong though.

bagels
2 replies
21h20m

Why do people care so much about the bubble color?

electrondood
1 replies
21h16m

For one, teenagers are ostracized and excluded from their friend groups because of what OS they're using in group texts. It's insane, but there it is.

canucker2016
0 replies
20h35m

It's most likely too late to save the USA teen population from smartphone homogeneity - from 2022's https://appleinsider.com/articles/22/01/06/gen-z-survey-says...:

"Analyst firm Piper Sandler's approximately twice yearly survey of teenagers in America shows that iPhone ownership is up 1% to 87% since its last report. At the same time, the new figures claim 88% of teenagers say their next phone will be an iPhone, which is down 1% from the last report."

from my informal poll of young relatives in past years, females were typically iPhone users and males were more likely to own Androids. I guess peer pressure was too great to fight the supposed Android benefits.

But, hey, Apple doesn't have a monopoly in smartphones, right? so Apple doesn't need to be forced to play nice with anyone...

KETpXDDzR
2 replies
13h46m

Do I understand correctly that you charge $8/month for this? I can't wait for an open source version of this app.

khaki54
1 replies
13h39m

If you're paying for it, it becomes feasible that maybe they aren't selling your information or doing something nefarious

KETpXDDzR
0 replies
12m

Paying or not doesn't matter. In the end, you have to trust them.

The sweet thing about open source is that you can review the code to build that trust.

I wonder how they'd react is someone reverse engineers their app and makes an open source version of it.

zufallsheld
1 replies
19h59m

I'm more interested in the future of now beeper cloud. As I understand it you will deprecate it at some point in the future. Does that mean that you will stop supporting the matrix bridges and go all in on the client side beeper?

Will beeper mini be open sourced?

yellow_lead
0 replies
19h57m

From their description it seems like they will move these into beeper mini and drop the "mini."

xd1936
1 replies
1d1h

Really happy to see that original customers are getting this included as well. I was worried that this was a ploy to say "we know we said you all would be grandfathered in, but that was for _Beeper Cloud_, our old legacy one. This new one is a monthly charge". Thanks for being great, @erohead

modeless
0 replies
10h20m

Yes, they didn't have to do that, and I certainly appreciate it. I think this business model is going to work for them, and the timing couldn't be better with the recent kerfuffle about Nothing's terrible attempt at this. They knocked it out of the park here especially with the no-compromise completely functioning end-to-end encryption.

walteweiss
1 replies
22h29m

No Apple ID is required

How are you going to send the messages? Whom from, a phone number?

freedomben
0 replies
22h28m

Third paragraph:

With Beeper Mini, your Android phone number is registered on iMessage
tiborsaas
1 replies
6h47m

Does anyone care about what color a message is?

activitypea
0 replies
6h44m

Almost everyone in the United States, unfortunately.

servalan
1 replies
1d1h

I've been using Beeper for 3-4 months. I find it very useful, easy to use, and easy to setup. I use both the mobile app and the desktop app.

aacid
0 replies
1d

Same here. I really like it. Don't mind occasional connection issues, but what really irks me is that every message has separate notification. When someone sends me 5 consecutive messages I get 5 beeps. In whatsapp app I only get notification for the first one. So when there is some conversation going in group chat and I don't have time to read it right now I'm getting bombarded with notifications.

madeofpalk
1 replies
16h43m

many people always ask ‘what do you think Apple is going to do about this?’ To be honest, I am shocked that everyone is so shocked by the sheer existence of a 3rd party iMessage client.

These are two completely different concepts?

I’m aware third-party clients have existed for eons.

I also believe Apple would shut this down.

chefandy
0 replies
15h53m

Third-party standalone clients? Which ones?

glitchc
1 replies
12h19m

I was excited until it asked me to login with my Google account. If it doesn't need an iCloud account why does it require my Google one?

modeless
0 replies
10h25m

For the $1.99/mo subscription fee via Play Store in-app payment.

ddxv
1 replies
14h56m

First they require email and personal info. Then they tell you it's a monthly subscription. Felt like a terrible onboarding experience and a bit of a dark pattern.

mianos
0 replies
12h14m

If you scratch around enough they do say it's a paid product. Pretty cool yes,"show hacker news"? Dunno.

david_van_loon
1 replies
10h19m

Great work, this looks very cool and seems to work well. I hope one day to see a local backup option, as it's important to me that my chats are not lost.

css
0 replies
9h27m
dadoum
1 replies
1d

Could it technically work without BPN by fetching messages from iCloud? I know that's a whole another story (another tricky protocol to reverse) but it will make it one step closer to perfection imo.

Kab1r
0 replies
1d

There is an option in the app to disable push, which I assume is disabling the BPN connection

brianjking
1 replies
14h45m

The thing that leaves me confused is what will happen to the main Beeper app?

lysp
0 replies
14h9m
alxjsn
1 replies
1d
dang
0 replies
18h37m

Related ongoing thread:

iMessage, explained - https://news.ycombinator.com/item?id=38532167 - Dec 2023 (73 comments)

Normally we'd downweight it as a follow-up but I think it's worthy of an exception.

NelsonMinar
1 replies
19h0m

It's shameful that Apple forces people to go to these lengths to send messages to their users.

dkdbejwi383
0 replies
18h35m

You don’t need to use iMessage to contact an iPhone user. You can use plain old SMS, or WhatsApp, messenger, telegram, etc.

LanzVonL
1 replies
11h37m

I've had a lot of trouble getting dates, women see the Android-colored bubbles when I message them, then they typically blow me off. I'm sure it's the Android-colored bubbles.

Krasnol
0 replies
11h35m

Come to Germany, everybody uses Whatsapp, nobody cares about the color of your bubbles or what phone you have.

DeathArrow
1 replies
4h14m

Great, now we need a good AirDrop client for Android and Windows. :)

1231232131231
0 replies
3h38m

The AirDrop (https://github.com/seemoo-lab/opendrop) is there. We just need an app

yincrash
0 replies
23h10m

Looking at the pypush, it looks like it uses Mac framework code with a .plist from a real Mac to generate encryption keys. Is beeper sending the metadeta of a genuine mac to the client so the client can generate the encryption keys that Apple will trust?

worldsavior
0 replies
7h33m

Also see BlueBubbles[1]. It could easily be integrated with pypush/rustpush.

[1] https://github.com/BlueBubblesApp/bluebubbles-app

wkat4242
0 replies
21h29m

Really annoying that I need a Google account though. I don't have one of those (yes I'm on Android but not Google)

wills_forward
0 replies
17h10m

Is this part of the reason Apple decided to support RCS? They knew the iMessage system would get opened up eventually anyway...

vzaliva
0 replies
16h5m

"Beeper does not have an official office, and we all work from home: ..., Sochi, ..., Kiev, ....".

So they work with Russia and do not know how to spell the capital of Ukraine.

vinniepukh
0 replies
21h15m

I tried Beeper Mini today on my android phone/phone number and it works!!

I probably won't use it with my main AppleId due to fear of being locked out of it. They really do have me in an iron grip with their lock in.

very_good_man
0 replies
17h55m

The people in control of Apple know their market power, ironically, derives from a closed-garden messaging product. Exactly like Blackberry.

The longer the anti-customer behavior continues the greater the resentment becomes. Customers do not like being treated as captives to Wall Street thinking. Mega-tech will face consequences for the unapologetic greed they exhibit right now.

unshavedyak
0 replies
1d1h

My wife has been using Beeper for a while (6+ months? not sure), think i should give it a try.

unobatbayar
0 replies
3h56m

But, why?

underlines
0 replies
1h3m

Gives me Trillian vibes.

So let's introduce my bias:

All Multi-Messengers in the past that relied on reverse engineering proprietary protocols vanished.

ulyssys
0 replies
16h52m

I'd like to use this without a Google account, and at most using only sandboxed Google Play services. Is that an option? It doesn't seem to work.

topsycatt
0 replies
19h14m

Very cool, but some basic stuff is broken having used the app. For example, I'm unable to create a new conversation since I'm unable to click on a contact after having searched for their name in the "New Chat" flow. Looking forward to using it once this is fixed!

Edit: Seems like I have to double tap instead? Not super easy to use but it works so I'll take it!

tantalor
0 replies
23h1m

As Android user, this seems useless to me. What do I get by switching over to this "blue bubble" platform? RCS messaging is pretty good and has most of these advertised features already.

system2
0 replies
12h45m

I already got 2 iMessages from scammers. This won't last a long time. I am sure Apple will stop it by checking the device type.

spullara
0 replies
21h20m

I am pretty sure this exploit is probably the source of iMessage spam so I hope they figure out how to close this hole.

sneak
0 replies
14h5m

What is the license for this app?

smashah
0 replies
16h20m

Congrats on the Eric & Team. Can't wait to try it

skeptrune
0 replies
1d1h

This is incredibly awesome. You really don't think Apple is going to attempt to crack down on this?

sirmike_
0 replies
21h36m

Curious to see the shelf life of this app. Very cool. Will have to test out. Although keeping at arms length in case ONE iOS update or android update nukes it.

rpmisms
0 replies
21h51m

Well, it works, and works extremely well. I'll be paying for this, simply because group chats are currently hell.

rock_artist
0 replies
4h5m

We currently offer a 7 day free trial, afterwards there is a $1.99 per month subscription. Beeper Mini is available to download today with no waitlist.

Our business model is simple - we build a great app and earn money from those who find value in it. We feel that this business model aligns our success with your goals. No ads. Complete data security and privacy. Plus, we’re incentivized to continue improving the app with new features and improvements.

So... Until a fully blown beeper with multiple services. This app basically is still a subscription based reversed engineered iMessage (unofficially) compatible client.

riversflow
0 replies
21h2m

How are you going about your treatment of disappearing messages?

rdl
0 replies
1d

This is amazing -- I've been a happy Beeper user for everything except iMessage and Signal until now, and this mostly kept me from using iMessage much at all. Congratulations to the team, and wow -- that high school kid hopefully has a long and impressive career ahead of him.

rahimnathwani
0 replies
22h45m

I would love for this to work with my Google Voice number, instead of the number from my SIM.

pyrophane
0 replies
19h2m

'many people always ask ‘what do you think Apple is going to do about this?' I am shocked that everyone is so shocked by the sheer existence of a 3rd party iMessage client.

I'm not shocked that someone figured out how to create a 3rd-party iMessage client, however I am somewhat skeptical of the notion that Apple will not find a way to break it.

purpleidea
0 replies
9h56m

Has anyone played with pypush enough ( https://github.com/JJTech0130/pypush ) that I think this is based on to get it easily usable in the same way that signal-cli is? Would be neat to use this for actually cli sending to my one or two friends stuck in Apple land. Thanks!

podviaznikov
0 replies
13h12m

this is nice!

I'm working on small tool to make microblog using iMessage. Proper API would simplify many things.

https://bubbleboi.com

pcl
0 replies
19h37m

Awesome!!

I'm an iOS user, and juggle SIMs a lot. For your upcoming iOS app -- what sorts of SIM liveness requirements do you require? I'd love to be able to auth periodically and predictably and then disable my iMessage-aware SIM for some period of time.

pcdoodle
0 replies
1d1h

Wow, this is cool. Thanks everyone for their hard work.

nikolay
0 replies
21h10m

Bad idea. I had my iCloud account in a constant autoblock mode. This works only with insecure Apple account setup.

nfriedly
0 replies
18h35m

This reminds me of using Trillian to connect to AIM, MSN, ICQ, etc. back in the day.

moron4hire
0 replies
1d1h

So yeah, it seems ok for one-on-one chats, but for group chats it's super buggy. Can't tell who said what in the history of any of my group chats because Beeper Mini is confused and thinks all of the messages, left and right, are from me.

monkeynotes
0 replies
23h12m

I am shocked that everyone is so shocked by the sheer existence

Huh? It's not being shocked, the legitimate question is what is Apply going to do? Saying you are shocked does not answer the question, if people buy into Beeper how likely is it that they lose functionality due to an Apple lock out?

mderazon
0 replies
14h35m

I love the concept of Beeper or now "Beeper Cloud" and I am trying really hard to use the app but the app is just too sluggish to be usable. I am not sure why, perhaps because it's built on top of the Matrix oss app, not sure.

Eventually, opening WhatsApp/Telegram is super quick and Beeper is too slow

lxe
0 replies
23h36m

I've been using beeper for a long time for Linux, and it has been a delight to use. The updates are regular and they seem to constantly be working on improving performance and staying ahead of various breaking changes forced upon them by the messaging services.

lemax
0 replies
20h32m

This is a really impressive reverse engineering feat of the iMessage protocol, all the way down to the iMessage auth flows and identity credentials. The deep dive the authors posted is interesting

https://blog.beeper.com/p/how-beeper-mini-works

kwerk
0 replies
1d1h

The referenced technical write up is fascinating[0]

I wonder how well this architecture (including privacy preservation) would work for LinkedIn messaging?

Specifically the BPN service since that seems to come from a data center IP and more likely for Apple / others to have a choke point.

[0] https://blog.beeper.com/p/721485af-aad0-4962-b418-eea9bc1e8f...

kwerk
0 replies
1d1h

Curious how the BPN service presents to Apple.

kbrisso
0 replies
20h44m

Subscribed! I'm guessing that nothing needs to be done to let my friends know? It just works?

janandonly
0 replies
1d

I'm using Beeper on my Mac and iPad, specifically to chat with friends who are on arcane chat platforms such as Instagram.

I'm quite happy with how the service works, and wrote a review a while back: https://news.ycombinator.com/item?id=37745270

itaysk
0 replies
9h22m

i'd pay for a good whatsapp client for apple devices. unfortunately it's so prevalent that i have to use it

hospitalJail
0 replies
23h41m

Enjoy your job at Apple. RIP to this App.

To be fair, you really have to be an Apple fan to disable your messages for the sake of blue bubbles.

hemmert
0 replies
19h19m

Great to see this! Keep it up, Eric and team!

globular-toast
0 replies
2h36m

How can the most popular article on HN this week be just a bog standard messaging app? This should have been a solved problem long ago. But instead of a bunch of greedy bastards can't give up even a tiny bit of control they have over other people.

etchalon
0 replies
1d

Apple is 100% going to ban this. While reverse engineering the protocol is fine, legally, Apple has a legal right to decide which clients can connect to its servers and from which clients it trusts data.

dheera
0 replies
22h15m

Blue bubbles on Android

I don't get it, what's the obsession with blue bubbles? I like my grey bubbles, they're less eye-piercing.

If you want blue bubbles just use Facebook Messenger.

darkest_ruby
0 replies
19h36m

can somebody explain why everyone so obsessed with getting iMessage on Android?

it's a genuine question, no sarcasm. I the last 12 years of using Android i've never had to send message to iMessage. So i really dont get the hype.

danpalmer
0 replies
1d

I already had a significant respect for Beeper (Cloud) as a technical product. The backend being Matrix with open source bridges was a great choice.

This write up adds so much more to that respect. It would have been easy to botch this, it would have been easy to do a worse implementation that would have caused problems for users whether they cared or not, but Beeper seemingly took the time to get right.

Congrats to Eric and the team on the launch!

cschep
0 replies
21h34m

This is an amazing technical achievement and there is no world where it doesn't get banned.

chupchap
0 replies
13h34m

Sounds like Texts the app Automattic acquired https://www.theverge.com/2023/10/24/23928685/automattic-text...

These all-in-one messaging apps should be interesting

bmikaili
0 replies
6h2m

That's painful for nothing phone

bigallen
0 replies
17h36m

This is the coolest thing I have seen all day! I’ve been using Jared [1] running on a Mac VM to send and receive iMessages from my locally hosted AI. If I could just use a python library that would make my life significantly easier

[1] https://github.com/ZekeSnider/Jared

barbazoo
0 replies
12h35m

I don’t know what’s going on but these blue bubbles must be extremely important for people.

artursapek
0 replies
22h53m

What's hilarious about all this is the main reason people want iMessage on Android is not missing features, or speed, or anything practical. It's because Apple chose an intentionally terrible shade of green to use for SMS messages, to make messaging Android users unpleasant. If they had used a green with similar contrast and saturation as their iMessage blue, this wouldn't be such a big deal. Literally a single color swatch, that's what this is about.

PawgerZ
0 replies
3h3m

#191,000 in the waitlist. Can't wait to try it in a couple months hahaha.

Melatonic
0 replies
13h26m

The real question is - even if they cannot find a way to lock out Beeper - will they find a way to identify beeper devices and make the bubbles green ?

Melatonic
0 replies
10h26m

Does anyone have a code for Beeper Mini and not just desktop Beeper ? On Android Beeper Mini always asks for a 1.99$ a month fee or a referral code and regular beeper codes do not seem to work.

Melatonic
0 replies
13h39m

Anybody got a referral code ?

LelouBil
0 replies
15h58m

I have tried Beeper before, and I am really happy that you are pivoting to client side bridges !

Kab1r
0 replies
1d

Hate to be "that guy", but pypush technically isn't open source because SSPL isn't an OSI approved license.

EricMausler
0 replies
20h49m

Hi, I immediately subscribed.

Is there any way to adjust the display name for my contacts to use nicknames instead of contact name?

DigiEggz
0 replies
20h34m

This is incredible! Excellent job on this. I regularly hunt for an app that can do what you've done, so it was a very pleasant surprise to see it as an HN post.

BorisMelnik
0 replies
20h35m

this month has been crazy for Apple and text messages. First RCS now this! I am a bit nervous about jumping into this not knowing privacy implications. Normally I let HN "vet" apps like this but I think more will be revealed with this app, and not saying that in a bad way. It is going to be a crazy week!

Always_Anon
0 replies
20h46m

I wonder how much money Apple would make by releasing an Android app that for $1 a month, would allow Android users the ability to have a "blue bubble" or whatever.

999900000999
0 replies
21h5m

I don't actually think Apple will care enough to get rid of this.

But why not simply migrate away from iMessage, FB Messenger, Whatsapp and other services already offer most of the same features.

Or, hear me out. Normal texting still works. Trying to get in the cool Apple club without paying the toll seems counter productive.

Anyway, I'm not trusting a startup with my communications in this situation. I have no way to know what controls you have in place.