[Plura-list] An adversarial iMessage client for Android
Cory Doctorow
doctorow at craphound.com
Thu Dec 7 08:31:59 EST 2023
Read today's issue online at: https://pluralistic.net/2023/12/07/blue-bubbles-for-all/
Today's links
* An adversarial iMessage client for Android: Beeper Mini preserves end-to-end encryption and doesn't require an Apple ID.
* Hey look at this: Delights to delectate.
* This day in history: 2003, 2008, 2018, 2022
* Colophon: Recent publications, upcoming/recent appearances, current writing projects, current reading
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🛀🏿 An adversarial iMessage client for Android
Adversarial interoperability is one of the most reliable ways to protect tech users from predatory corporations: that's when a technologist reverse-engineers an existing product to reconfigure or mod it (interoperability) in ways its users like, but which its manufacturer objects to (adversarial):
https://www.eff.org/deeplinks/2019/10/adversarial-interoperability
"Adversarial interop" is a *mouthful*, so at EFF, we coined the term "competitive compatibility," or comcom, which is a lot easier to say and to spell.
Scratch any tech success and you'll find a comcom story. After all, when a company turns its screws on its users, it's good business to offer an aftermarket mod that loosens them again. HP's $10,000/gallon inkjet ink is like a bat-signal for third-party ink companies. When Mercedes announces that it's going to sell you access to your car's accelerator pedal as a subscription service, that's like an engraved invitation to clever independent mechanics who'll charge you a single fee to permanently unlock that "feature":
https://www.techdirt.com/2023/12/05/carmakers-push-forward-with-plans-to-make-basic-features-subscription-services-despite-widespread-backlash/
Comcom saved giant tech companies like Apple. Microsoft tried to kill the Mac by rolling out a truly cursèd version of MS Office for MacOS. Mac users (5% of the market) who tried to send Word, Excel or Powerpoint files to Windows users (95% of the market) were stymied: their files wouldn't open, or they'd go corrupt. Tech managers like me started throwing the graphic designer's Mac and replacing it with a Windows box with a big graphics card and Windows versions of Adobe's tools.
Comcom saved Apple's bacon. Apple reverse-engineered MS's flagship software suite and made a comcom version, iWork, whose Pages, Numbers and Keynote could flawlessly read and write MS's Word, Excel and Powerpoint files:
https://www.eff.org/deeplinks/2019/06/adversarial-interoperability-reviving-elegant-weapon-more-civilized-age-slay
It's tempting to think of iWork as benefiting Apple users, and certainly the people who installed and used it benefited from it. But *Windows* users *also* benefited from iWork. The existence of iWork meant that Windows users could seamlessly collaborate on and share files with their Mac colleagues. IWork didn't just add a new feature to the Mac ("read and write files that originated with Windows users") - it also added a feature to *Windows*: "collaborate with Mac users."
Every pirate wants to be an admiral. Though comcom rescued Apple from a monopolist's sneaky attempt to drive it out of business, Apple - now a three trillion dollar company - has repeatedly attacked comcom when it was applied to *Apple's* products. When Apple did comcom, that was progress. When someone does comcom *to Apple*, that's piracy.
Apple has many tools at its disposal that Microsoft lacked in the early 2000s. Radical new interpretations of existing copyright, contract, patent and trademark law allows Apple - and other tech giants - to threaten rivals who engage in comcom with both criminal and civil penalties. That's right, you can go to *prison* for comcom these days. No wonder Jay Freeman calls this "felony contempt of business model":
https://pluralistic.net/2023/11/09/lead-me-not-into-temptation/#chamberlain
Take iMessage, Apple's end-to-end encrypted (E2EE) instant messaging tool. Apple customers can use iMessage to send each other private messages that can't be read or altered by third parties - not cops, not crooks, not even Apple. That's important, because when private messaging systems get hacked, bad things happen:
https://en.wikipedia.org/wiki/2014_celebrity_nude_photo_leak
But Apple has steadfastly refused to offer an iMessage app for non-Apple systems. If you're an Apple customer holding a sensitive discussion with an Android user, Apple refuses to offer you a tool to maintain your privacy. *Those* messages are sent "in the clear," over the 38-year-old SMS protocol, which is trivial to spy on and disrupt.
Apple sacrifices its users' security and integrity in the hopes that they will put pressure on their friends to move into Apple's walled garden. As CEO Tim Cook told a reporter: if you want to have secure communications with your mother, buy her an iPhone:
https://finance.yahoo.com/news/tim-cook-says-buy-mom-210347694.html
Last September, a 16-year old high school student calling himself JJTech published a technical teardown of iMessage, showing how any device could send and receive encrypted messages with iMessage users, even without an Apple ID:
https://jjtech.dev/reverse-engineering/imessage-explained/
JJTech even published code to do this, in an open source library called Pypush:
https://github.com/JJTech0130/pypush
In the weeks since, Beeper has been working to productize JJTech's code, and this week, they announced Beeper Mini, an Android-based iMessage client that is end-to-end encrypted:
https://beeper.notion.site/How-Beeper-Mini-Works-966cb11019f8444f90baa314d2f43a54
Beeper is known for a multiprotocol chat client built on Matrix, allowing you to manage several kinds of chat from a single app. These multiprotocol chats have been around forever. Indeed, iMessage started out as one - when it was called "iChat," it supported Google Talk *and* Jabber, another multiprotocol tool. Other tools like Pidgin have kept the flame alive for decades, and have millions of devoted users:
https://www.eff.org/deeplinks/2021/07/tower-babel-how-public-interest-internet-trying-save-messaging-and-banish-big
But iMessage support has remained elusive. Last month, Nothing launched Sunchoice, a disastrous attempt to bring iMessage to Android, which used Macs in a data-center to intercept and forward messages to Android users, breaking E2EE and introducing massive surveillance risks:
https://www.theverge.com/2023/11/21/23970740/sunbird-imessage-app-shut-down-privacy-nothing-chats-phone-2
Beeper Mini does *not* have these defects. The system encrypts and decrypts messages on the Android device itself, and directly communicates with Apple's servers. It gathers some telemetry for debugging, and this can be turned off in preferences. It sends a single SMS to Apple's servers during setup, which changes your device's bubble from green to blue, so that Apple users now correctly see your device as a secure endpoint for iMessage communications.
Beeper Mini is now available in Google Play:
https://play.google.com/store/apps/details?id=com.beeper.ima&hl=en_US
Now, this is a high-stakes business. Apple has a long history of threatening companies like Beeper over conduct like this. And Google has a long history deferring to those threats - as it did with OG App, a superior third-party Instagram app that it summarily yanked after Meta complained:
https://pluralistic.net/2023/02/05/battery-vampire/#drained
But while iMessage for Android is good for Android users, it's also *very* good for *Apple* customers, who can now get the privacy and security guarantees of iMessage for *all* their contacts, not just the ones who bought the same kind of phone as they did. The stakes for communications breaches have never been higher, and antitrust scrutiny on Big Tech companies has never been so intense.
Apple recently announced that it would add RCS support to iOS devices (RCS is a secure successor to SMS):
https://9to5mac.com/2023/11/16/apple-rcs-coming-to-iphone/
Early word from developers suggests that this support will have all kinds of boobytraps. That's par for the course with Apple, who love to announce splashy reversals of their worst policies - like their opposition to right to repair - while finding sneaky ways to go on abusing its customers:
https://pluralistic.net/2023/09/22/vin-locking/#thought-differently
The ball is in Apple's court, and, to a lesser extent, in Google's. As part of the mobile duopoly, Google has joined with Apple in facilitating the removal of comcom tools from its app store. But Google has also spent millions on an ad campaign shaming Apple for exposing its users to privacy risks when talking to Android users:
https://www.theverge.com/2023/9/21/23883609/google-rcs-message-apple-iphone-ipager-ad
While we all wait for the other shoe to drop, Android users can get set up on Beeper Mini, and technologists can kick the tires on its code libraries and privacy guarantees.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🛀🏿 Hey look at this
* Why We’re Publishing Never-Reported Details of the Uvalde School Shooting Before State Investigators https://www.propublica.org/article/uvalde-school-shooting-investigation-details-publishing-decision
* Artificial intelligence needs to work with humans — not replace us https://www.cbc.ca/radio/ideas/artificial-intelligence-provocation-ideas-festival-1.7046841
* Freeing Ourselves From The Clutches Of Big Tech https://www.noemamag.com/freeing-ourselves-from-the-clutches-of-big-tech/
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🛀🏿 This day in history
#20yrsago Not to be read by Metafilter Matt https://web.archive.org/web/20031208053325/https://jonsullivan.com/thread.php?id=110&mat=8549
#20yrsago How many years does an Azeri have to work to buy a copy of WinXP? https://web.archive.org/web/20031204165358/https://firstmonday.org/issues/issue8_12/ghosh/index.html
#15yrsago How the Great Firewall of Britain works https://nock.co.uk/2008/12/08/great-firewall-of-britain/
#15yrsago Maker of squeezy arthritis-friendly handgun claims the FDA has classed it as a medical device https://www.newscientist.com/article/dn16207-company-tries-to-get-gun-classed-as-medical-device/
#5yrsago US governmental conservationists really hope that young endangered seals will stop getting eels stuck in their nostrils https://www.washingtonpost.com/nation/2018/12/07/make-better-choices-endangered-hawaiian-monk-seals-keep-getting-eels-stuck-up-their-noses-scientists-want-them-stop/
#5yrsago Every NSFWpocalypse sends users to small, indie platforms, who are threatened by the same factors that make no-platforming practical https://memex.craphound.com/2018/12/07/every-nsfwpocalypse-sends-users-to-small-indie-platforms-who-are-threatened-by-the-same-factors-that-make-no-platforming-practical/
#5yrsago Paranoid, miserable Facebook employees have started using burner phones to complain about the company to each other and the press https://www.buzzfeednews.com/article/charliewarzel/facebooks-tensions-zuckerberg-sandberg
#5yrsago PWC recommended that corporations should ask science fiction writers about the future https://onezero.medium.com/nike-and-boeing-are-paying-sci-fi-writers-to-predict-their-futures-fdc4b6165fa4
#5yrsago America’s largest sex-furniture manufacturer pays well, sources locally, and is profitable and fast-growing https://qz.com/1481545/what-the-largest-sex-furniture-manufacturer-in-the-us-can-teach-america-about-trade
#5yrsago #D5: Advice for people who just realized that Qanon is bullshit https://violentmetaphors.com/2018/12/04/your-q-anon-exit-briefing/
#5yrsago Devo’s open letter on “Drowning in a Devolved World” https://www.vice.com/en/article/qvqek5/devo-open-letter-devolution-rock-hall-trump-2018
#5yrsago Australia just voted to ban working cryptography. No, really. https://memex.craphound.com/2018/12/07/australia-just-voted-to-ban-working-cryptography-no-really/
#5yrsago Videos from the University of Chicago “Censorship and Information Control” seminar https://www.youtube.com/channel/UCeNP7NIWmB70wFBv9QolYkg
#1yrago EU to Facebook, 'Drop Dead' https://pluralistic.net/2022/12/07/luck-of-the-irish/#schrems-revenge
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🛀🏿 Colophon
Today's top sources: Eric Migicovsky (https://twitter.com/ericmigi).
Currently writing:
* A Little Brother short story about DIY insulin PLANNING
* Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS JAN 2025
* The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FORTHCOMING TOR BOOKS FEB 2024
* Vigilant, Little Brother short story about remote invigilation. FORTHCOMING ON TOR.COM
* Spill, a Little Brother short story about pipeline protests. FORTHCOMING ON TOR.COM
Latest podcast: Don’t Be Evil https://craphound.com/articles/2023/12/03/dont-be-evil/
Upcoming appearances:
* The Geneva Dialog (Dec 7)
https://genevadialogue.ch/event/geneva-manual-event/
Recent appearances:
* Artificial intelligence needs to work with humans — not replace us (CBC IDEAS)
https://www.cbc.ca/radio/ideas/artificial-intelligence-provocation-ideas-festival-1.7046841
* Explore the Future of the 🔥 Climate and Information Climate (Andrew Revkin)
https://www.youtube.com/watch?v=-OGT-cvs4_Q
* Digital Markets Act; Interoperability; Entrenchment; Copyright; "What-About-Ism" (Digital Markets Research Hub)
https://www.youtube.com/watch?v=Xm23pO5_WKM
Latest books:
* "The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3007/Pre-Order_Signed_Copies%3A_The_Lost_Cause_HB.html#/)
* "The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
* "Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.
* "Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
* "Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The *Washington Post* called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
* "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
* "Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
Upcoming books:
* The Bezzle: a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books, February 2024
* Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025
* Unauthorized Bread: a graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025
This work - excluding any serialized fiction - is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🛀🏿 How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Pluralistic.net
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/@pluralistic
Medium (no ads, paywalled):
https://doctorow.medium.com/
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
https://twitter.com/doctorow
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion Guy" DeVilla
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xBF3D9110957E5F4C.asc
Type: application/pgp-keys
Size: 4820 bytes
Desc: OpenPGP public key
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20231207/9bf4572f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20231207/9bf4572f/attachment.sig>
More information about the Plura-list
mailing list