I don't think the finer legal points matter too much. If Apple wants to sue them, they'll sue them, regardless of legal merit. And I suspect Beeper is betting they can make their case from a more philosophical angle, such that it's irrelevant what grounds Apple cites when suing them. Beeper will fight it either way.
I'm an Apple user who has no need for this app. But I really appreciate that Beeper has the balls to reverse engineer the protocol and build a business around it while fully expecting a lawsuit. That's some old school hacker shit and I'm here for it.
Apple tried and failed to sue Corellium for emulating their hardware, and now Corellium has a viable business around it. I don't see why Beeper should fare any differently. They just need to be prepared for a fight, both legally (lawsuits) and technically (ongoing game of cat-and-mouse).
How do you run the binary if that's not OK? In order to install it, The binary gets copied from the installer (dmg/zip/app store/CD install media), and then to run it, it gets copied from your hard drive to RAM, so that's clearly okay in some circumstances. Furthermore, once it's on my hard drive, I can copy it over and over again in random places on my hard drive for funsies and the operating system will gladly cooperate. Once it's on my drive, I can go in with a hex editor and randomly change bytes for funsies. It's on my hard drive. Am I then not allowed to delete the program from my system? If I use shred to delete it, which will set the bytes in the file to zero, or format the hard drive, am I breaking the law?
Which is weird if you think about it. If I buy a car, give it a paint job, mount some LEDs, and a new sound system, I'm totally within my rights to sell it. I can't say that I'm Ford or Honda when selling this modified car, but I'm totally allowed to sell it.
Yes, and this analogy is even more valid than usual, because unlike most software where each binary is an exact copy of all the others, in this case each binary is actually unique to a device.
But it's more like a ticket, or an NFT. It's a unique blob that was sold to you. You should be able to transfer it.
Apple's best argument here might be that the blob is meant for one person, and distributing it this way is like sharing a ticket to the cinema between multiple people. I can't enter the cinema, then come outside and pass you the ticket so you can enter it too.
In that case the easy way out (and what plenty of Hackintosh/console hacking/emulation/etc. communities have done since the beginning of time) is to just download the file directly from Apple when the app starts up the first time or have an “import BOOT.bin here” button you use to activate the app. If someone can source the binary you need to get the app to work I think that’s DMCA legal.
I think you might be right, especially with the heat on them from the EU right now. It's faster to play the technical cat-and-mouse game for as long as possible.
i don't disagree, but nobody can compete with the money Apple can spend. not every David can find a Rainmaker when competing against Goliath. Goliath still wins a lot. He was a champion after all
I’d donate to a legal fund on this personally. I think a lot of people and large corporations would like to see Apple have to make concessions here.
I think if it comes to it, Apple will wind up looking very bad in a trial. Their behavior here is deeply anticompetitive. iMessage is just too important to modern text communication to be as locked down as it is.
If Apple doesn’t want to make an Android app, they should at least make an API so other developers can.
> iMessage is just too important to modern text communication to be as locked down as it is.
What do you mean; if a private company creates something, and enough people buy/use it, at some point it becomes a common good? I like the idea of iMessage being open, but I don't like the idea of forcing Apple under government threat to open it
I don’t know what you mean by “common good” in this context, but if a company has a dominant market position and uses its power to cripple competition, then it falls within antitrust laws.
iMessage is so important today, especially to young Americans, that its exclusivity to iOS has become a significant barrier to Android or other operating systems from being competitive.
It’s up to regulators and the court system to decide whether that is a violation of antitrust law. But if it is, then yes, the government should force them to open it. That’s what it means to enforce antitrust law.
Apple does not require any consumer to use iMessage, nor do they make installing alternatives such as Whatsapp difficult. iMessage is simply a messaging option. This is in stark contrast to how MS treated IE back in the antitrust lawsuit days.
The fact that lots of people prefer to use iMessage -- despite myriad easily-accessible alternatives -- doesn't feel anticompetitive in the slightest; in fact making a product that people freely choose over similar alternatives is the definition of winning competition.
The Messages app is the only one everybody has no choice but to use though, since it’s the only one on iOS that does actual SMS, which is needed for interacting with businesses and in other scenarios. It’s also the most discoverable one and the only one that comes on the phone by default. It has a privileged place in the ecosystem, and that’s why it’s a potential target for antitrust regulation.
It’s really nothing special. I personally use WhatsApp with most of my friends.
The problem is when you have one person in a group that is on Android when everybody else is on Apple. This causes the iMessage conversation to use SMS instead. To signify this in the app, texts appear as green bubbles instead of blue, so it’s obvious when it happens.
This is bad because SMS is totally obsolete. It causes images and videos to be shared in extremely low resolution, along with problems of messages not getting delivered reliably and other missing features.
So effectively to the iPhone user, Android users very visibly cause group chats to be super crappy in iMessage.
This is not the fault of the Android user really, because it’d work way better if Apple supported RCS like Android phones do, but many people have a very strongly negative impression of Android due to this.
In fact, some iPhone users put social pressure on people with Android devices due to this in the form of excluding them from group chats or complaining about how they cause problems.
Apple has been perpetuating this problem because it suits them. People know this, but it’s Android and Android users that suffer regardless due to Apple’s dominant market position.
It provides a much better group messaging experience than SMS (you can see who’s in a group and add and remove people), delivery/read receipts, better image quality, is encrypted (although that gets somewhat negated by automatic iCloud backups), and is free as long as a data connection is available.
Of course many other messengers offer most of these features too, but for some reason, no alternative has been able to establish itself in the US.
iMessage was heavily integrated into the ios flow when sms was the dominant mobile text messaging system. It's not special, and that's the point. It just worked the way people want texting to work as smart phones gained momentum, and iPhones have so much of the market share that it's way more irritating to use a separate messaging app when you can't change the default integration on ios. I miss the convenience of heavily integrated iMessage comms at least twice per day.
Interesting, I use both Messages and a few third-party messengers, and I wouldn't say that Messages is integrated more deeply with iOS, in the way that e.g. Safari and Mail were for a long time (before you could re-associate http and mailto URLs).
The share sheet just shows my most-frequently-used messengers, as well as direct contact names for my most important contacts, no matter what messenger they're actually on.
The only thing I can't yet do on my third-party messenger is initiate messages from my Apple Watch, but that's presumably due to a lack of a native watch app more than anything.
Yes, governments can require interoperability and can limit monopolies. That's how antitrust laws work, like it or not. But if you want to get all libertarian, why should companies be able to use government power (as in courts, DMCA and the like) to shut down smaller companies that reverse-engineer their protocols?
I'm a major libertarian, and you have a great point. Apple should maintain their competitive advantage via technical means or let more cooks in the kitchen.
There’s no need for Apple to react to this project at all.
Eventually, someone will send spam using this app, at which point automated systems at Apple will “console ban” the hardware identifier shared by all of the app’s customers. The project presumably has a library of valid hardware identifiers collected and ready to go, and eventually that’ll be drained by spammers faster than revenue versus device purchasing allows for. Apple can just wait silently as the app exhausts their pool of hardware identifiers, each banned by pre-existing anti-spam automation, without ever acknowledging their existence.
Apple may not buy WhatsApp will. If there's ever a commercial or OSS third party WhatsApp voice client I would expect they will try to send their Perkins Coie dogs after the project. They've already done it to many oss projects, terrifying Devs from continuing their work
Followup: One day after widespread press, Beeper has apparently triggered Apple’s protections and is temporarily offline until they rotate identifiers and perhaps IPs. Apple has neither acknowledged that Beeper exists, nor stated whether Beeper was blocked by automated or a manual process. This happens every year with third-party iMessage clients, but we’ll see how it goes for them. Perhaps it’ll be different this time.
The app is not redistributing it, it just requests a server to get validation data (since anyway the actual library loading involves patching every system function, making the function independent from the host device, see [0] if you want to see how it's stubbed to run on Linux using a data.plist file), and thus there is no need to emulate it on device.
My (very limited) understanding is that this "validation data" is related to the certificate generation (see [0]). So if the app isn't emulating this on device, and instead calling out to a Beeper server that is hosting the Apple binary, is this a potential security risk? Is it possible to use the data that gets sent off device to derive the client encryption key? If so, that would be a huge security hole in this implementation, completely negating their claim of maintaining secure E2E encryption.
I didn't implement all the IDS stuff, but I am pretty sure the certificate is not used at all to derive keys for anything related to iMessage. I think it is used to attest that the device running it is running Apple software, and it may generate keys to make that an identifier to Apple (probably also because the user may not have any Apple account, so they have to generate another identifier for that purpose).
Doesn’t this already have precedent? Nintendo used to check for the existence of their logo in cartridges before loading them so that anybody who wanted to create an unauthorised cartridge for a Nintendo system would have to reproduce their logo and infringe on their copyright. I’m pretty sure the court ruled that reproducing the logo for the purpose of interoperability was fair use.
I hope we get to a place where people like this simply generate an OpenPGP key/OpenSSL certificate for a pseudonym and just throw this stuff up on .onion and .i2p domains. A place where DMCA and copyright literally cannot be enforced because it's impossible to.
This reminds me of the near-ish-future "Rainbow's End" by Vernor Vinge, wherein instead of giving out phone numbers or email addresses or screen names (identifiers), people give out opaque GUIDs [0] that act as communication handles with capabilities baked in. So, you could give out one to friends that allows people to open a synchronous voice channel to you, but give out one on your business card that just allows people to send text messages to you.
The book doesn't talk about it too much, but presumably these handles could be limited-use (time-based or only granting a capability to send a certain number of messages) and could be revoked.
I know it would probably be off-putting to give each person I meet a different GUID for contacting me (kind of like telling them your email address is <their_name>@<my_vanity_domain>), but it might reduce the spam I receive.
[0] if you're searching the ebook, they're called "golden enums" in the text
Not sure how likely is that considering that Beeper is an actual/company startup which seems to have received funding from YC?
However, considering that I'd except they'd know better than to just outright take a binary from MacOS and use it in their app (assuming that's actually the case..).
It's not impossible, just currently not worth the tradeoffs of enforcing. There's nothing stopping governments from passing laws holding IP address owners responsible for the traffic they originate. At that point VPNs and Tor exit nodes will stop allowing illegal activity. VPNs are already moving this direction, no longer supporting port forwarding ie hosting content on bittorent.
Wonder what the actual app is doing since this is just the PoC.