this post was submitted on 08 Dec 2023
106 points (95.7% liked)
Technology
59270 readers
3648 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I've been using it for a few days and was going to put it on my wife's phone tonight. Maybe the next one won't be so well publicized.
Yeah, she's grown used to, but not fond of, me installing buggy alpha or beta software on her phone. The promise of non potato quality pictures from her family was going to be the selling point :/
I tried it yesterday, it still has some growing pains (had some trouble getting it to connect).
Going to keep watching though, for a new app it looks pretty good, fluid, well designed from a UI standpoint.
Given the dev was able to reverse-engineer Apple's ANP (equivalent to Google's GCM), build an app, backend, etc, it should be fun to watch.
It's also generating a conversation around the misperception of iMessage being perfectly secure, and how SMS downgrades iMessage to not secure at all.
Hacker News story about the lack of Forward Secrecy and other concerns: https://news.ycombinator.com/item?id=38537444
A summary of what I think is the primary issue with iMessage security that most people can easily understand (I've quoted this from another commenter, this is in the article):
**BearOfATime Comment: **This lack of Forward Secrecy alone is enough to say iMessage is nowhere as secure as we've been lead to believe. The delivery of the AES key with the AES-encrypted message but the package encrypted with RSA that virtually never changes is so blindingly flawed. This setup makes the AES encryption pointless, if you're going to package the key with it. Because once the RSA is broken/acquired, they have the AES key for the message (and ALL messages)!
The concern over the RSA key length is a bit premature, I'd say it's more of a future concern that Apple is probably working on.
The other issues (unchanging identifiers, for example) are a valid concern. Something I've seen other apps take into consideration (Signal, Briar, SimpleX Chat).
If they don’t publicize, they won’t make any money.
The dev has always been pretty open. The published a self-hostable version of Beeper Cloud on github, and the dev published some docs on how iMessage works, how their implementation of ANP works, etc. Like detailed docs that are frankly above my pay grade.
The iptv guys seem to do alright and they stay out of the limelight.