• Fake4000@lemmy.world
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    5
    ·
    11 months ago

    I absolutely am not an iPhone or iMessage fan, but criticizing a company for blocking someone who reverse engineered they platform to gain access isn’t right in my opinion.

    If a 3rd party app is allowed to utilise Apple’s iMessage protocol/network, then every other messaging provider (WhatsApp, Telegram, etc) will be required to open up their platforms.

    I cant wait to see the day where WhatsApp allows 3rd party apps to use their messaging network.

    • Eldritch@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      15
      ·
      11 months ago

      It’s very right. All messaging platforms should be open or interoperable.

      Imagine if from Hotmail you could only email others on Hotmail. Or the same with Gmail. Or not being able to SMS anyone on at&t from any other telco. There’s no good reason to limit it like that.

      Also consider that they were charging for the service. The only part of the deal I wasn’t keen on. 1 because again, messaging should be open and interoperable. 2 they were basically charging a recurring fee for access to Apple’s service, not specifically theirs in this instance. Which seems bad on Beeper, until you realize that Apple is basically refusing to make money from their service. And they’re not doing it out of principle, ideology, or good will. They’re doing it because they don’t want to compete. Not with regards to iMessage, or anything else.

    • atrielienz@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      9
      ·
      11 months ago

      Apple has reverse engineered a lot of stuff to make it work on apple products. A fair number of Microsoft products specifically. I don’t know why they should be exempt from having similar happen to them.

        • atrielienz@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          4
          ·
          11 months ago

          DMCA specifically protects the right to reverse engineer something for interoperability. There is no reason other than being cordial to request “permission”.

          • mriguy@lemmy.world
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            edit-2
            11 months ago

            And that’s fine. Beeper and the 16yo hacker haven’t broken any laws, haven’t done anything wrong, and won’t go to jail. But that doesn’t mean Apple can’t close the hole they exploited. It is their messaging network, and they can make any changes to it that they want.

            • atrielienz@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 months ago

              I never made that claim. I never said it wasn’t Apple’s prerogative to close any loopholes or backdoors. I didn’t claim any ethics on the part of Beeper or the original exploiter. I am asking for a provable viable instance where the law was broken and what law and how. The person who blocked me made a lot of claims that they failed to back up with factual information with sources and repeated themselves several times with claims of unlawful conduct. They didn’t explain which laws had been broken or how. I would like that information still.

              I called myself a layman specifically because in the case of Apple products that’s what I am. I’m not criticizing apple for closing a potentially exploitable security flaw. I am saying that this tech company (like every other) is absolutely borrowing within the constraints of the law and outside it from other tech companies and that because that is the case there is some hypocrisy in the stance that somehow other companies are expected not to.

          • jard@sopuli.xyz
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            11 months ago

            Abjectly false according to established case law. There are exemptions to the protections for reverse engineering with both DMCA and EU directives; please go learn how the system works before you endanger others with these statements.

            In the US

            17 U.S. Code § 1201, article f (Reverse engineering) permits the use of reverse engineering to circumvent technological measures:

            • (1) … for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs … to the extent any such acts of identification and analysis do not constitute infringement under this title.
            • (2) a person may develop and employ technological means to circumvent a technological measure … for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
            • (3) in acts described by (1), and means described by (2), reverse engineering is done solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.

            In all 3 cases, Beeper developed and marketed an app specifically as “iMessage for Android”, and charged money for it. This goes far beyond “establishing interoperability,” as they were using this reverse engineered information to bolster their brand and profit off of it. I highlighted each salient point of the clauses specifically because these actions infringe on Apple’s copyright.

            You misunderstand what the purpose of the DMCA is: it’s supposed to protect corporations like Apple, not the hacker underdogs that you’re rooting for. In its literal first article it forbids all general forms of technological circumvention unless they can be shown to fall into a very specific category of “non-infringing” exceptions. If you actually read it, the DMCA limits reverse engineering, not protects it.

            Additionally, Beeper’s actions already violate Apple’s EULA, which is a legally binding contract, so what they’ve done (and actually, anyone who used Beeper Mini) is illegal under contract law as well.

            In the EU

            Directive 2009/24/EC of the European Parliament, article 6 (Decompilation) states that the protections of information obtained through reverse engineering or decompilation of a computer program do not apply if that information is:

            • (a) to be used for goals other than to achieve the interoperability of the independently created computer program;
            • (b) to be given to others, except when necessary for the interoperability of the independently created computer program;
            • (c) to be used for the development, production or marketing of a computer program substantially similar in its expression, or for any other act which infringes copyright.

            Beeper charged money for a subscription in order to achieve interoperability. This is a goal of profitmaking, not achieving interoperability. (a) disqualifies them for protection.

            Beeper, additionally, delivered access to their reverse engineered exploit to others in an unnecessary manner by charging money. (b) disqualifies them for protection.

            Beeper developed a computer program that is substantially similar to (Apple) Messages’ expression (it literally was a messaging app that was advertised as “iMessage for Android.”). This infringes on Apple’s copyright. (c) disqualifies them for protection.

            Beeper quite literally fails in all 3 cases that would protect them from litigation in the EU.

            The fact of the matter is simple: You are defending criminal behavior that is illegal in both the US and EU.

            There is no reason other than being cordial to request “permission”.

            This is also blatantly false. Reverse engineering intrinsically entails violating the copyrights or intellectual property of another party, thus entitling them to damages if pursued. DMCA provides a means for the “infringing party” to be protected from litigation in certain circumstances, but even better than the DMCA is the means of obtaining direct permission, which establishes a legally binding contract between the copyright holder and the infringing party. This is what white hat hackers and pentesters need to do all the time, because their actions would otherwise be completely illegal under any jurisdiction.

            • atrielienz@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              11 months ago

              Has Beeper actually charged money for it? My understanding is that this rollout was planned to be paid eventually but nobody has paid anything as of yet for the functionality.

              By your own admission though, beeper is using an exploit that they did not reverse engineer. They paid for someone else’s process which probably was covered under DMCA at the time. I will wait to see if Apple decides on litigation because so far I haven’t even heard a word about them suing beeper and I absolutely think they would if beeper has done something illegal.

              You quote directly from the same source I was using (Cornell law) and your quote directly suggests that reverse engineering for the purposes of interoperability (in this case with iMessage and it’s use on iPhones and the interoperability with android phones) appear to both be covered. If they aren’t covered you haven’t explained why your suggestion that they are doing so to profit makes sense except they haven’t charged anyone that I can find for the service. Even their FAQ has been updated to say they will continue offering the service free of charge and will warn users when it moves to a paid service. I don’t dispute that they do plan to have a paid service but at this juncture they haven’t actually implemented that.

              I don’t “misunderstand the purpose of DMCA”. I actually couldn’t care less about apple or beeper. I don’t use either brand or service and this is a solution to a problem I don’t have. I find the tech discussion around the interoperability of iMessage and RCS (assuming that actually happens) interesting, but again it doesn’t directly benefit me in any way. Pretty much my whole family use android phones. I don’t have any friends who appear to care about the blue bubble green bubble nonsense, though I am tangentially aware of it, mostly through tech articles.

              Are beeper required to agree to Apple’s EULA? If so, why? Please explain that.

              You assert that I am “defending”. I haven’t actually defended anything. I simply pointed out that wording in the DMCA would suggest that Beeper was exempt from certain restrictions. That’s not the same thing.

              Did I hurt your feelings or something? Are you taking out your frustrations with other people on me? Because it does seem like it.

              • jard@sopuli.xyz
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                11 months ago

                Has Beeper actually charged money for it?

                https://help.beeper.com/en_US/beeper-mini/beeper-mini-getting-started-guide-site

                Beeper Mini subscription (7-day free trial or an additional month of use if referred by an iPhone user):

                *Beeper Mini Subscription Update: Though Beeper Mini is a subscription-based app, it will be available free of charge temporarily. (Note: This was an update to Apple patching the iMessage security exploit on Friday) *

                What you get:

                • Send iMessages using your Android device.
                • Join iMessage-only group chats seamlessly.
                • Full-resolution images and videos, plus replies and reactions.
                • Secured with end-to-end encryption.
                • Cancel anytime.

                They also got two hundred thousand monthly subscriptions in the few days that it was available. Simply inexcusable.

                You quote directly from the same source I was using (Cornell law) and your quote directly suggests that reverse engineering for the purposes of interoperability (in this case with iMessage and it’s use on iPhones and the interoperability with android phones) appear to both be covered.

                Please refer to the following excerpt, because you didn’t bother reading anything I wrote:

                “In all 3 cases, Beeper developed and marketed an app specifically as “iMessage for Android”, and charged money for it. This goes far beyond “establishing interoperability,” as they were using this reverse engineered information to bolster their brand and profit off of it. I highlighted each salient point of the clauses specifically because these actions infringe on Apple’s copyright.”

                I actually couldn’t care less about apple or beeper.

                Then why are you even here? This is a community for Apple enthusiasts, to discuss Apple things.

                Are beeper required to agree to Apple’s EULA? If so, why? Please explain that.

                It’s directly stated in the acronym of EULA - End User License Agreement. If you use any Apple service, you become an end user and thus automatically agree to the terms by definition. To opt out or “disagree” with Apple’s EULA, don’t use Apple services or products like iMessage.

                The app had to be developed through the usage/exploitation of the iMessage API and Apple’s servers. This makes Mr. JJTech0130 and Beeper’s developers ‘end users’. Android users who enrolled their phone numbers in iMessage (which was necessary to use Beeper Mini) makes them ‘end users’.

                Are you taking out your frustrations with other people on me? Because it does seem like it.

                Yes, I’m annoyed that Android users continue to come in here again and again, completely misinformed about the situation, and write complete nonsense. Especially if it’s nonsense that’ll get you laughed out of a courtroom, and a lifetime of contractual payments to Apple.

                • atrielienz@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  edit-2
                  11 months ago

                  I read everything you wrote. I’m trying to understand and you come off as hostile and appear to be forgetting that not everyone has all the details you seem to be keeping in your head. Calm down and explain it for a layman, please.

                  Edit: Also, is Apple so exclusive that I can’t just have an interest in knowing about the tech? Because literally that’s why I am here.

  • Nogami@lemmy.world
    link
    fedilink
    arrow-up
    17
    arrow-down
    3
    ·
    11 months ago

    Yawn snooze. Nothing to see here. Hackers complaining their exploit got blocked.

  • damon@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    11 months ago

    I just fine it odd that people are unhappy with Apple. Beeper was spoofing Apple’s servers to make it look like an iMac was requesting the ping. Apple isn’t a charity they do not have to allow unauthorised third party access. I would hope none of us would allow unauthorised access to our servers.

  • No Face@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    11 months ago

    I feel like if they initially didn’t try to force people to pay a subscription for a free service, Apple wouldn’t have closed the issue.

    That being said, they fixed what was inarguably an exploit that could have led to scammers using Bluestacks to run iMessage spam campaigns. (These exist now, but would be amplified)