Apple's iMessage May Dodge EU Regulatory Demand for Interoperability

[BaldiMac]

Simplification not an essay.

Again, it's not simplification. It's completely different. Symmetric encryption (which you described) is different than asymmetric encryption used in e2ee encryption. With symmetric encryption, both users have the same decryption key. With asymmetric encryption a public key is used to encrypt a message, but can't decrypt it. And a private key is used to decrypt it.

It’s a meaningless problem.

Did you forget what we are talking about? You claimed that you can't decrypt a message with only the private key. That's dangerous misinformation.

They aren’t accessing anything. Unless you’re claiming it’s illegal to send text and use their official push APIs etc.

Apple servers receives the message and prossess it as a normal iMessage.

Yes! Of course it is illegal to trick a private server into processing your data and accessing the private data of its users (most significantly their public keys).

If you actually read the linked iOS Application I’m talking about what beeper does as a service and completely separate from the DMA.

Beeper mini is a separate android app with iMessage integrated with the new function.

Beeper messenger will be updated with this superior implementation of iMessage in the near future.

I understood what you were talking about because we've discussed it multiple times. However, I actually read the post that you responded to which was about service interoperability, and you responded with something unrelated.

 

[contacos]

No.

Any provider of a number-independent communication service can ask a provider of a number-independent communication service who is a gatekeeper to make their service interoperable.

Wonder who is supposed to pay for the implementation

 

[svish]

Very good news for Apple

 

[RealE]

Nobody is bragging about it. It just became the standard at the time when SMS was still a thing and very expensive.

I would rather have one app to rule them all, and as an Apple fanboy i would like it to be iMessage. But that’s never going to happen, even with the adoption of RCS. It’s too little too late.

Apple had gold in its hands with iMessage and FaceTime back in the day but made a strategic blunder to keep it on their own devices. The only market where that worked out is the US. But today it would be much more valuable if they had the world’s premier messenger app.

And if anything the EU noting that iMessage is "not widely used by businesses" is a sign that Apple missed out on that usage group too.

Though iMessage is nowhere near as capable as Slack when it comes to intra-business messaging.

 

[Superhai]

The EU seems to hate Apple just as much as Apple seems to hate anybody who gives them a thousand bucks every couple years.

EU did not put iMessage on the list, it is Google who have requested that EU do that.

 

[Sophisticatednut]

Again, it's not simplification. It's completely different. Symmetric encryption (which you described) is different than asymmetric encryption used in e2ee encryption. With symmetric encryption, both users have the same decryption key. With asymmetric encryption a public key is used to encrypt a message, but can't decrypt it. And a private key is used to decrypt it.


Did you forget what we are talking about? You claimed that you can't decrypt a message with only the private key. That's dangerous misinformation.

Sure in a normal instance when it comes to encryption, but not in the context of iMessage and hot its security is implemented.
Now is apple’s iMessage security compromised? Many MacBook(s) pro/ air or iMac, Mac mini and Mac Pro doesn’t have any Secure Enclave’s such as the T1 or T2 chips on them at al. And majority of android phones today have a Secure Enclave and aren’t rooted.

You still need acces to the information. And with only the decryption key you won’t have the ability to access the information or to send information.

The public keys that are stored on a key directory service, which is operated by Apple and is protected by strong encryption and authentication?

The app doesn’t connect to any servers at Beeper itself, only to Apple servers, the way a “real” iMessage text would.

That means that Beeper Mini can function as a true iMessage client, supporting high-resolution photos and videos, threads, replies, read receipts, direct messages and group chats, tapback emoji reactions, editing and unsending messages, as well as support for stickers, GIFs, voice notes and more.

Yes! Of course it is illegal to trick a private server into processing your data and accessing the private data of its users (most significantly their public keys).

can you show its tricking anything?
This is now possible because the iMessage protocol and encryption have been reverse engineered by jjtech, an independent security researcher. Leveraging this research, Beeper Mini implements the iMessage protocol locally within the app. All messages are sent and received by Beeper Mini Android app directly to Apple’s servers. The encryption keys needed to encrypt these messages never leave your phone. Neither Beeper, Apple, nor anyone except the intended recipients can read your messages or attachments. Beeper does not have access to your Apple credentials.

It uses Apples push notification (APN) that is used to communicate with Apple servers are publicly accessible for any developers who uses push notifications in their applications.

They provide the client, and the user is using Apples iMessage services.

On my iPhone I will finally be able to run authentic iMessage in the beeper app instead of it using a relay service through a virtual machine that breaks the e2ee. And I can use the normal iMessage app as well if I want.

YI understood what you were talking about because we've discussed it multiple times. However, I actually read the post that you responded to which was about service interoperability, and you responded with something unrelated.

I responded to the fact and benefit of having the ability to send/receive multiple communication protocols in one application instead of 15 different apps.

The app he was inspired to build out of the founders personal need as a lifelong Android user.

Initially, Beeper launched a multi-network chat app that supported around 15 different networks, including WhatsApp, Messenger, Telegram, Signal, Slack, Instagram, LinkedIn, Discord, Google Chat, Android SMS, iMessage and others.

The intention of the DMA isn’t relevant to what this company is freely working on.

 

[Sophisticatednut]

EU did not put iMessage on the list, it is Google who have requested that EU do that.

EU did put it on the list by their own methods , Google had nothing to do with it at all.

 

[kc9hzn]

What is the point of the interoperate legislation? Email exists and is interoperable. Do people who use WhatsApp want to communicate (via Whatsapp) with users on Signal or Facebook or iMessage? If you want to talk to people on those other platforms, why not just use the platform's app ?

So, iMessage, RCS, WhatsApp, Facebook Messenger, etc., all have specialty features for communicating with businesses (for customer support, for instance). I’m not sure how they work on a technical level (I suspect RCS is doing something special/not entirely standard for business messaging, but I don’t really understand precisely what it’s doing). In the fine print about the EU’s push for interoperability (which most users on this forum, even myself, have largely glossed over), it’s always been about C2B (customer to business) communications (pretty typical for EU antitrust regulation it seems, which often seems to focus more on business impact than American antitrust regulation, which itself tends to focus more on consumer impact despite stereotypes about the US).

I guess the idea is that they want businesses to be able to use gateways to each service so that customers can use WhatsApp or Facebook Messenger or RCS or Telegram or iMessage or…. However, not many businesses are using iMessage for customer to business communications (likely because of the dominance of WhatsApp in the EU and the existence of RCS business conversations, and Apple’s [and especially iMessage’s] generally low market share in Europe), so it looks as though Apple’s lawyers were probably correct about iMessage not being a “gatekeeper” because of its low market share.

As an aside, we’re seeing a lot more regulation of the tech sector not so much for the sake of customer protection (though certainly, that’s the argument), but more as a way to assert the governments’ power over the tech firms. In the US, the whole Cambridge Analytics business seems to have been a rationale to push the idea of misinformation regulation and to weaponize US tech as a tool of US propaganda while reducing the spread of foreign propaganda. Never mind that this heavy handed sub rosa control* of social media platforms (under the threat of antitrust action, in the case of Facebook and YouTube) violates current 1st Amendment (and more generally Bill of Rights) jurisprudence in the US.

* If anything good has come from Elon Musk’s purchase of Twitter, it’s that it has opened a window to the level of control and influence that the US intelligence apparatus has over US social media. Transparency is always good in a democracy (and technocrats seem to be particularly allergic to light, for some bizarre reason…).

 

[BaldiMac]

Sure in a normal instance when it comes to encryption, but not in the context of iMessage and hot its security is implemented.
Now is apple’s iMessage security compromised? Many MacBook(s) pro/ air or iMac, Mac mini and Mac Pro doesn’t have any Secure Enclave’s such as the T1 or T2 chips on them at al. And majority of android phones today have a Secure Enclave and aren’t rooted.
View attachment 2322084
You still need acces to the information. And with only the decryption key you won’t have the ability to access the information or to send information.

That's a lot of words and pictures to distract from the fact that you were wrong. Again, the private key on the device should be protected and can be used to decrypt the message.

The public keys that are stored on a key directory service, which is operated by Apple and is protected by strong encryption and authentication?

That's a pretty ironic statement in a thread where you are supporting a service that accesses those public keys without permission.

can you show its tricking anything?
This is now possible because the iMessage protocol and encryption have been reverse engineered by jjtech, an independent security researcher. Leveraging this research, Beeper Mini implements the iMessage protocol locally within the app. All messages are sent and received by Beeper Mini Android app directly to Apple’s servers. The encryption keys needed to encrypt these messages never leave your phone. Neither Beeper, Apple, nor anyone except the intended recipients can read your messages or attachments. Beeper does not have access to your Apple credentials.

It uses Apples push notification (APN) that is used to communicate with Apple servers are publicly accessible for any developers who uses push notifications in their applications.

They provide the client, and the user is using Apples iMessage services.

On my iPhone I will finally be able to run authentic iMessage in the beeper app instead of it using a relay service through a virtual machine that breaks the e2ee. And I can use the normal iMessage app as well if I want.

You're being purposely obtuse here. Faking credentials doesn't make it legal to access a private server without permission.

I responded to the fact and benefit of having the ability to send/receive multiple communication protocols in one application instead of 15 different apps.

Exactly. However, the question you responded to was about service interoperability, not multi-service apps.

 

[jlc1978]

Price and value is so subjective and meaningless as a measurement for the government to determine anything.

Price is a good determinant - if prices are higher than in a competitive market regulatory actin may be appropriate.

Eu cares deeply for the market to be competitive, and the ability of all companies to have the freedom to compete on equal terms to decide who is best. Everyone on the market are taken in to account. Doesn’t care at all if a monopoly is developed

Given rhe EU's recent actions we are discussing it seems they are very concerned about monopolies developing and the associated market power. If they weren't there would be no regulations requiring interoperability.

And gets fined for it if it’s not equal for all parties because we have a single market. Honey exemption is a local company that is only active in an exclusively domestic market or historically relevant such as champagne or other specialties.

IIRC, the French were not fined for that law.

However, my point that countries take actions to protect local industries from outside competition is still valid.

Liquor can freely be imported by anyone. But not sold by everyone.

In the EU perhaps, but you can't legally ship liquor across state lines in some states as an individual.

 

[killawat]

Sure in a normal instance when it comes to encryption, but not in the context of iMessage and hot its security is implemented.
Now is apple’s iMessage security compromised?

agree 100%. I think it might be compromised and I don't say that lightly. I think this could be used as an attack vector where a piece of malware uses the same tech that Beeper is using to register virtual devices. a malicious actor could in effect add themselves as a device and then interact with the victim's messages just like a trusted device. not full iCloud compromise but for alot of attackers iMessages would be a solid next step.

 

[Sophisticatednut]

That's a lot of words and pictures to distract from the fact that you were wrong. Again, the private key on the device should be protected and can be used to decrypt the message.

Again no, if you read appless explanation of how iMessage is secured it won’t be enough. The per-message AES keys are encrypted using RSA-OAEP or ECIES to the public key of the receiving device, and they are not stored anywhere. Therefore, the malicious user cannot decrypt the per-message AES keys using the private keys of

or in human lingo they have some security mechanisms that prevent any practical exploitation of the compromised private iMessage decryption key and the signing key. One of them is the forward secrecyproperty of the iMessage protocol, which means that each message is encrypted with a different key derived from a shared secret and a random nonce. This means that even if the malicious actor has a copy of the private decryption key for one message, they cannot decrypt any other messages in the same conversation or in other conversations. The malicious actor would need to compromise the shared secret or the random nonce for each message to decrypt them, which is very difficult to do.

Another security mechanism is the authentication of the public keys that are stored on a key directory service, which is operated by Apple and is protected by strong encryption and authentication. The public keys are signed by Apple using a certificate authority (CA) that is trusted by all iMessage clients. This means that the malicious actor cannot impersonate any user or modify their public keys without having access to Apple’s CA private key, which is presumably very well guarded. The malicious actor would also need to bypass the SSL/TLS encryption that protects the communication between the iMessage clients and the key directory service.

As I said it’s much more complicated than it seems if you want to compromise everything

That's a pretty ironic statement in a thread where you are supporting a service that accesses those public keys without permission.

It’s the users public key, they use public information to communicate with another person.

You're being purposely obtuse here. Faking credentials doesn't make it legal to access a private server without permission.

The thing is what part is being faked? The credentials are real.
The user registers their phone number or uses an appleID to login.

in legal terms accessing isn’t the same as communicating. It’s not illegal to communicate with a private server. It’s not illegal to use a servers public APIs they freely provide for use.

Exactly. However, the question you responded to was about service interoperability, not multi-service apps.

The distinction between service interoperability and a multi-service app is that service interoperability refers to the technical and legal ability of different services to exchange data and information, while a multi-service app refers to a software application that integrates and displays multiple services in one interface. For example, a service interoperability solution could be a common protocol or standard that allows different services to communicate with each other, while a multi-service app could be a software application that allows users to access and use different services from one app.

The DMA does not require a specific solution for achieving service interoperability, but rather sets a general framework and principles for ensuring fair and open digital markets. Therefore, the DMA does not rule out the possibility of a multi-service app, but rather leaves it for the market to decide as long as users are not locked in to one app

 

[Sophisticatednut]

Price is a good determinant - if prices are higher than in a competitive market regulatory actin may be appropriate.

Could be, but there other variables more relevant in their analysis.

Given rhe EU's recent actions we are discussing it seems they are very concerned about monopolies developing and the associated market power. If they weren't there would be no regulations requiring interoperability.

Well no, as a monopoly is fully legal to exist. These laws are based on almost 30 year old anti competitive laws. This is just post anti legislation( the action is presumed harmful and illegal, unless proven otherwise) instead of punishing harm after the effect is felt.

Just look at why Microsoft was targeted with internet explorer, or why Google have been fined billions over their behavior. It’s always market impact first and foremost, consumers are just one variable of many.

Having market power is completely legal and fully allowed, it’s the abuse of said position that isn’t.

The fact a company have entrenched market power and aren’t impacted by their relevant competitors AND preventing said competitors to compete on equal terms on the market( revenue, user base etc isn’t included)is the issue.

IIRC, the French were not fined for that law.

Can you link it? As I can’t find anything online.

However, my point that countries take actions to protect local industries from outside competition is still valid.

True it happens, but it’s hard to implement without impacting the single market. And an investigation or lawsuit must still be launched to deal with it. And implementing something that benefits an Eau company to have an advantage over a U.S. company would be close to impossible without impacting another member country.

In the EU perhaps, but you can't legally ship liquor across state lines in some states as an individual.

Hmm that’s interesting and sad :/ surprised it’s not considering it’s a single country.

agree 100%. I think it might be compromised and I don't say that lightly. I think this could be used as an attack vector where a piece of malware uses the same tech that Beeper is using to register virtual devices. a malicious actor could in effect add themselves as a device and then interact with the victim's messages just like a trusted device. not full iCloud compromise but for alot of attackers iMessages would be a solid next step.

Absolutely but that would be an attack in the middle and the vulnerability is already an existing attack vector.

Beeper is going to abandon the virtual devices as it was a technical solution needed when the iMessage protocol wasn’t reverse engineered.

 

[BaldiMac]

Again no, if you read appless explanation of how iMessage is secured it won’t be enough. The per-message AES keys are encrypted using RSA-OAEP or ECIES to the public key of the receiving device, and they are not stored anywhere. Therefore, the malicious user cannot decrypt the per-message AES keys using the private keys of

or in human lingo they have some security mechanisms that prevent any practical exploitation of the compromised private iMessage decryption key and the signing key. One of them is the forward secrecyproperty of the iMessage protocol, which means that each message is encrypted with a different key derived from a shared secret and a random nonce. This means that even if the malicious actor has a copy of the private decryption key for one message, they cannot decrypt any other messages in the same conversation or in other conversations. The malicious actor would need to compromise the shared secret or the random nonce for each message to decrypt them, which is very difficult to do.

Another security mechanism is the authentication of the public keys that are stored on a key directory service, which is operated by Apple and is protected by strong encryption and authentication. The public keys are signed by Apple using a certificate authority (CA) that is trusted by all iMessage clients. This means that the malicious actor cannot impersonate any user or modify their public keys without having access to Apple’s CA private key, which is presumably very well guarded. The malicious actor would also need to bypass the SSL/TLS encryption that protects the communication between the iMessage clients and the key directory service.

As I said it’s much more complicated than it seems if you want to compromise everything

You're just saying a bunch of words that you clearly don't understand.

It’s the users public key, they use public information to communicate with another person.

No, it's not. I'm referring to the public key of the person they are messaging. As you said, they are retrieved from Apple's key directory service. That's how the outgoing message is encrypted.

The thing is what part is being faked? The credentials are real.
The user registers their phone number or uses an appleID to login.

Beeper Mini works by tricking the iMessage servers into thinking the requests are coming from a logged in user on an Apple device. I don't know how to be any more clear.

in legal terms accessing isn’t the same as communicating. It’s not illegal to communicate with a private server. It’s not illegal to use a servers public APIs they freely provide for use.

This is nonsense. Say I have a private server that processes messages from people that buy my product. You don't buy my product, but trick my server into thinking you did and use my server to send millions of messages. That's clearly illegal.

The distinction between service interoperability and a multi-service app is that service interoperability refers to the technical and legal ability of different services to exchange data and information, while a multi-service app refers to a software application that integrates and displays multiple services in one interface. For example, a service interoperability solution could be a common protocol or standard that allows different services to communicate with each other, while a multi-service app could be a software application that allows users to access and use different services from one app.

Correct. Glad you understand the difference after all of our conversations. Please stop confusing them.

 

[jlc1978]

Could be, but there other variables more relevant in their analysis.

Fair enough; but to me the ultimate question is "Is the consumer harmed?" If regulations result in higher prices then teh answer is yes, even if tehir is more choice, and attempts to maintain a competitive market place have failed.

Well no, as a monopoly is fully legal to exist. These laws are based on almost 30 year old anti competitive laws. This is just post anti legislation( the action is presumed harmful and illegal, unless proven otherwise) instead of punishing harm after the effect is felt.

Just look at why Microsoft was targeted with internet explorer, or why Google have been fined billions over their behavior. It’s always market impact first and foremost, consumers are just one variable of many.

Having market power is completely legal and fully allowed, it’s the abuse of said position that isn’t.

The fact a company have entrenched market power and aren’t impacted by their relevant competitors AND preventing said competitors to compete on equal terms on the market( revenue, user base etc isn’t included)is the issue.

I guess the question then becomes what constitutes "compete on equal terms on the market."

This whole notion of gatekeeper is somewhat problematic, IMHO, as it may force them to bear the costs and burdens of interoperability, as well as potentially reducing message privacy and security.

It will be interesting to see how it plays out.

Can you link it? As I can’t find anything online.

Sure: French pass minimum delivery fee to protect small booksellers...

Hmm that’s interesting and sad :/ surprised it’s not considering it’s a single country.

Sort of. Federal law is supreme but not all encompassing. Each state, district and territory can pass there own laws as long as they do no violate Federal law or are deemed unconstitutional at the Federal or state level.

 

[Sophisticatednut]

You're just saying a bunch of words that you clearly don't understand.

Or you have zero clue how the system works. It’s okey to not know

No, it's not. I'm referring to the public key of the person they are messaging. As you said, they are retrieved from Apple's key directory service. That's how the outgoing message is encrypted.

Okey and the acces to the public key isn’t a security issue.

Beeper Mini works by tricking the iMessage servers into thinking the requests are coming from a logged in user on an Apple device. I don't know how to be any more clear.

It’s registering your phone number to send and receive iMessage. nothing different than running a hackintosh and using iMessage. Or a virtual iOS device.

This is nonsense. Say I have a private server that processes messages from people that buy my product. You don't buy my product, but trick my server into thinking you did and use my server to send millions of messages. That's clearly illegal.

Then show that law that says it’s clearly illegal. Nothing is clearly illegal because you say so. Can you site any laws supporting this claim?

Any EU laws that support your take?

Correct. Glad you understand the difference after all of our conversations. Please stop confusing them.

I have understood the difference from the beginning, you have just got hung up on something irrelevant. EU DMA doesn’t care which way interoperability is implemented. And I don’t care how its done as long as I just need to use one app.

 

[Sophisticatednut]

Fair enough; but to me the ultimate question is "Is the consumer harmed?" If regulations result in higher prices then teh answer is yes, even if tehir is more choice, and attempts to maintain a competitive market place have failed.

It’s different values. For me I don’t care if consumers are harmed if the benefits are big enough for the market. Example Eau don’t care if chrome takes over the market, as the importance is the ability for other browsers to compete with safari on iOS.

Maintaining a competitive market isn’t the goal. The ability of competitors to access the market and succeed if they have a good product.

I guess the question then becomes what constitutes "compete on equal terms on the market."

If everything else is equal they compete purely on merits.

This whole notion of gatekeeper is somewhat problematic, IMHO, as it may force them to bear the costs and burdens of interoperability, as well as potentially reducing message privacy and security.

It will be interesting to see how it plays out.

Well why would it be problematic? They harm the market by preventing effective competition and consumers by locking them in.

So they carry the cost to fix it. There zero reason to think privacy and security is impacted.

Sure: French pass minimum delivery fee to protect small booksellers...

Well it seems it’s a new law is still pending with final ruling by the French Supreme Court.

Sort of. Federal law is supreme but not all encompassing. Each state, district and territory can pass there own laws as long as they do no violate Federal law or are deemed unconstitutional at the Federal or state level.

 

[Sophisticatednut]

Beeper Mini works by tricking the iMessage servers into thinking the requests are coming from a logged in user on an Apple device. I don't know how to be any more clear.

This is nonsense. Say I have a private server that processes messages from people that buy my product. You don't buy my product, but trick my server into thinking you did and use my server to send millions of messages. That's clearly illegal.

And just to clear I’m not arguing for the legality of the service, but honestly asking you for proof that it’s illegal. Especially when I never thought that someone let alone a 16 year old kid would reverse engineer the full iMessage protocol would ever happen.

My proof that it’s likely not illegal as claimed by the company.

• beeper have been running for 3 years with zero legal troubles from Apple.
• The app is approved on the AppStore
• Apple haven’t prevented updates to the app that updated the relay function of iMessage and replaced it with the localized implementation of iMessage in the app
• The way it works is apparently similar by running some MacOs specific code in a virtual machine

And it Seems according to the DMCA 1201 Reverse engineering is expressly permitted, providing a safe harbor where circumvention is necessary to interoperate with other software. And I’m not knowledgeable in US law. But if these things hold then it could make it hard to prevent them in EU without it being clear in USA.

• Your sole purpose in circumventing is identifying and analyzing parts of the program needed to achieve interoperability
• The reverse engineering will reveal information necessary to achieve interoperability
• Any interoperable program you created as a result of the reverse engineering is non-infringing
• Open-source software that decrypts protected content is not prohibited per se. Decryption done for the purpose of achieving interoperability of open source operating systems with proprietary systems is protected.
• Fair Use: The fair use doctrine allows users to make unauthorized copies in certain circumstances. Courts have found that reverse engineering for interoperability, for example, can be a fair use.

If you look at the original source project on Github, they talk about how they've reverse engineered everything but...

pypush uses a CPU emulator and a custom MachO loader to load a framework from an old version of macOS, in order to call some obfuscated functions that are essential for iMessage registration

And the previous way beeper used to enable iMessage comparability before was by running a bunch of Mac’s in virtual machines doing the same thing.

 

[jlc1978]

It’s different values. For me I don’t care if consumers are harmed if the benefits are big enough for the market. Example Eau don’t care if chrome takes over the market, as the importance is the ability for other browsers to compete with safari on iOS.

Maintaining a competitive market isn’t the goal. The ability of competitors to access the market and succeed if they have a good product.

That is an interesting philosophy - the market operates for the market participants, not the consumer since you are willing to allow harm to the consumer in exchange for market access to companies. I'm not sure the EU is as pro-corporate as you imply.

My experience in the EU is citizens and residents are just as interested in low prices was in the US. Just as in the US, if they really believed in local companies they'd shop there even if prices were higher; the growth of Amazon shows they value price a lot, IMHO.

If everything else is equal they compete purely on merits.

Well why would it be problematic? They harm the market by preventing effective competition and consumers by locking them in.

Yet they got their by making a better product and now are being punished for it.

You said you want companies to have access the market and succeed if they have a good product," which is what Apple et.al. did to get big. The iPhone competed against other smart devices and become one of the winners, for example, based on consumer choice.

So they carry the cost to fix it.

Once they open up there is no good reason, IMHO, to force them to continue to bear costs of operating in the market for competitors. Any App Store should not have to carry for free any app that offers third party purchases, for example. Or provide server space for messages sent via a this party app.

There zero reason to think privacy and security is impacted.

As long as a third party npp can send and receive messages within another company's ecosystem there is definitely an increased risk to security and privacy. How much may be debatable but it's not zero.

Well it seems it’s a new law is still pending with final ruling by the French Supreme Court.

Amazon is challenging it but illustrates my point. Not only did France set delivery prices in the new law but has minimum book prices as well to protect local companies; a law in effect since 1981. So yes, even in the EU companies can set prices to protect local companies from competition.

 

[BaldiMac]

Or you have zero clue how the system works. It’s okey to not know

Says the poster who started this conversation with an image of the wrong encryption scheme and defended it as a simplification.

Okey and the acces to the public key isn’t a security issue.

Hah! Please try and follow the conversation.

SN: Public keys are safe because they are protected by strong encryption.
Me: And yet you support Beeper Mini accessing the public keys without permission.
SN: Public key access isn't a security issue.
Me: ?!?!?

nothing different than running a hackintosh and using iMessage.

Yep. Something that is also illegal to commercialize.

I have understood the difference from the beginning, you have just got hung up on something irrelevant. EU DMA doesn’t care which way interoperability is implemented. And I don’t care how its done as long as I just need to use one app.

And yet, here's a post in our previous discussion where you admitted you didn't understand the difference. It goes on for multiple posts. And, as we've established, the DMA requirement is for service interoperability. Yet you keep repeating that a multi-service client would be an acceptable solution to the requirement.

Then show that law that says it’s clearly illegal. Nothing is clearly illegal because you say so. Can you site any laws supporting this claim?

Any EU laws that support your take?

And just to clear I’m not arguing for the legality of the service, but honestly asking you for proof that it’s illegal. Especially when I never thought that someone let alone a 16 year old kid would reverse engineer the full iMessage protocol would ever happen.

My proof that it’s likely not illegal as claimed by the company.

• beeper have been running for 3 years with zero legal troubles from Apple.
• The app is approved on the AppStore
• Apple haven’t prevented updates to the app that updated the relay function of iMessage and replaced it with the localized implementation of iMessage in the app
• The way it works is apparently similar by running some MacOs specific code in a virtual machine

And it Seems according to the DMCA 1201 Reverse engineering is expressly permitted, providing a safe harbor where circumvention is necessary to interoperate with other software. And I’m not knowledgeable in US law. But if these things hold then it could make it hard to prevent them in EU without it being clear in USA.

• Your sole purpose in circumventing is identifying and analyzing parts of the program needed to achieve interoperability
• The reverse engineering will reveal information necessary to achieve interoperability
• Any interoperable program you created as a result of the reverse engineering is non-infringing
• Open-source software that decrypts protected content is not prohibited per se. Decryption done for the purpose of achieving interoperability of open source operating systems with proprietary systems is protected.
• Fair Use: The fair use doctrine allows users to make unauthorized copies in certain circumstances. Courts have found that reverse engineering for interoperability, for example, can be a fair use.

If you look at the original source project on Github, they talk about how they've reverse engineered everything but...

pypush uses a CPU emulator and a custom MachO loader to load a framework from an old version of macOS, in order to call some obfuscated functions that are essential for iMessage registration

And the previous way beeper used to enable iMessage comparability before was by running a bunch of Mac’s in virtual machines doing the same thing.

If you can't acknowledge that accessing a private server without permission to send out millions of messages is illegal, than you aren't discussing this in good faith.

 

[Sophisticatednut]

That is an interesting philosophy - the market operates for the market participants, not the consumer since you are willing to allow harm to the consumer in exchange for market access to companies. I'm not sure the EU is as pro-corporate as you imply.

Consumers are also market participants, and we don’t want a company getting in the way for other businesses and consumers. It’s not pro business but pro markets.

in the USA you might consider freedom as only related with government intervention. But in EU this includes the government AND businesses, a business can interfere with your freedoms in the same way to harm competitors, the market and consumers

My experience in the EU is citizens and residents are just as interested in low prices was in the US. Just as in the US, if they really believed in local companies they'd shop there even if prices were higher; the growth of Amazon shows they value price a lot, IMHO.

Sure, but we are getting there in different ways. Amazon being successful don’t show people value their prices.

Amazon is able to provide a large selection of items that are easily accessible. They have provides a better experience, not prices.

Yet they got their by making a better product and now are being punished for it.

You can’t get in the way for other companies and your. Customers from interacting independently.

You said you want companies to have access the market and succeed if they have a good product," which is what Apple et.al. did to get big. The iPhone competed against other smart devices and become one of the winners, for example, based on consumer choice.

No not really, Apple having acces to the market doesn’t mean they can prevent others from accessing the same market.

EU don’t see iOS or android as competitors because they aren’t interchangeable or compatible. So Apple is harming the market by making it impossible for developers and consumers of iPhones to conduct business outside their services.

Safari isn’t successful because it’s the best, the AppStore isn’t successful because it’s the best, you don’t have a choice.

Once they open up there is no good reason, IMHO, to force them to continue to bear costs of operating in the market for competitors. Any App Store should not have to carry for free any app that offers third party purchases, for example. Or provide server space for messages sent via a this party app.

Well it depends the competing apps must have the same treatment as a first party offering if they are competing.

As long as a third party npp can send and receive messages within another company's ecosystem there is definitely an increased risk to security and privacy. How much may be debatable but it's not zero.

Well not if they comply with the security requirements of the protocol. No reason to have inferior standards.

Amazon is challenging it but illustrates my point. Not only did France set delivery prices in the new law but has minimum book prices as well to protect local companies; a law in effect since 1981. So yes, even in the EU companies can set prices to protect local companies from competition.

Well it’s before EU so not much they can do if that’s the case. And you must appeal to the EUCJ to hear your case.

 

[I7guy]

Consumers are also market participants, and we don’t want a company getting in the way for other businesses and consumers. It’s not pro business but pro markets.

in the USA you might consider freedom as only related with government intervention. But in EU this includes the government AND businesses, a business can interfere with your freedoms in the same way to harm competitors, the market and consumers

That’s why it’s important that government stop being a nanny state when vote with your $$$ should drive market requirements. If you don’t like the fact that apple is a closed ecosystem, then don’t buy the product, but don’t lobby for government to regulate some lifestyle product either (as long as it’s not about health and safety)

Sure, but we are getting there in different ways. Amazon being successful don’t show people value their prices.

Amazon is able to provide a large selection of items that are easily accessible. They have provides a better experience, not prices.

In many cases they have provided better prices also along with a worse experience. What they provide is convenience, but it’s true, buyer beware…just don’t press that buy button.

You can’t get in the way for other companies and your. Customers from interacting independently.

No not really, Apple having acces to the market doesn’t mean they can prevent others from accessing the same market.

EU don’t see iOS or android as competitors because they aren’t interchangeable or compatible. So Apple is harming the market by making it impossible for developers and consumers of iPhones to conduct business outside their services.

That’s a problem with a nanny state. Everything should be equal instead of allowing competition to guide natural selection.

Safari isn’t successful because it’s the best, the AppStore isn’t successful because it’s the best, you don’t have a choice.

And you shouldn’t have a choice with a closed ecosystem. Again vote with your $$$, even if it means less governmental regulation.

Well it depends the competing apps must have the same treatment as a first party offering if they are competing.

Well not if they comply with the security requirements of the protocol. No reason to have inferior standards.

Well it’s before EU so not much they can do if that’s the case. And you must appeal to the EUCJ to hear your case.

The EU is setting precedents that will come back to haunt them. History shows what happens with bad decisions.

 

[Superhai]

EU did put it on the list by their own methods , Google had nothing to do with it at all.

This is the list of Gatekeepers designated by EU: Gatekeepers
The reason why iMessage comes up is because Google and others asked for it, and thus EU are now investigating if iMessage is one. https://arstechnica.com/gadgets/202...-be-regulated-by-the-eus-digital-markets-act/

 

[kc9hzn]

This is the list of Gatekeepers designated by EU: Gatekeepers
The reason why iMessage comes up is because Google and others asked for it, and thus EU are now investigating if iMessage is one. https://arstechnica.com/gadgets/202...-be-regulated-by-the-eus-digital-markets-act/

It’s interesting that there are no EU firms on the Gatekeeper list. That’s probably as much a function of Europe’s failure to establish strong consumer technology firms as it is domestic (or at least EU, as it were) protectionism. Of course, 15 years ago, Nokia had Symbian, which was the leading phone OS by market share. It makes one wonder what happened between 2005/2006 and now (besides the iPhone and the failure that was Windows Phone), why Europe isn’t a bigger name in consumer electronics. (Firms like Grundig and Philips that would have been big names 20+ years ago have become some of those “in-name only” brands [or at least licensed their names out to cheap no-name Chinese firms], but Europe failed to have a follow-up, while Apple was the US’s follow-up to firms like GE and RCA, at least in terms of consumer electronics name recognition.)

 

[Sophisticatednut]

Says the poster who started this conversation with an image of the wrong encryption scheme and defended it as a simplification.

It was a simplification of encryption, I didn’t expect I was going down in details

Hah! Please try and follow the conversation.

SN: Public keys are safe because they are protected by strong encryption.
Me: And yet you support Beeper Mini accessing the public keys without permission.
SN: Public key access isn't a security issue.
Me: ?!?!?

Beeper in the AppStore does the same thing. What is it that you think will happen if the public key is accessed without having everything else as well? Or did you not understand the explanation I gave that walked through what’s needed to compromise everything?

Yep. Something that is also illegal to commercialize.

Perhaps, but it’s not beeper who wrote the software of the proof of concept. And seems it can count as fair use. But we will se.

Beeper claim that they have the law on their side.

And yet, here's a post in our previous discussion where you admitted you didn't understand the difference. It goes on for multiple posts. And, as we've established, the DMA requirement is for service interoperability. Yet you keep repeating that a multi-service client would be an acceptable solution to the requirement.

Because EU accepts both. The DMA doesn’t prescribe how Something should be done but as long as it’s interoperable.

If you can’t understand it and have a different understanding of the text then we will just see in a few months who was correct in their interpretation.

If you can't acknowledge that accessing a private server without permission to send out millions of messages is illegal, than you aren't discussing this in good faith.

Or you can use legal resources to support your claim.
Why would Apple otherwise allow it on the AppStore if it’s illegal?

Software that allows users to do illegal things aren’t themselves illegal such as torrent software or software for removing DRM etc