this post was submitted on 14 Nov 2023
417 points (91.6% liked)

Technology

59568 readers
3790 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] penquin@lemmy.kde.social 91 points 1 year ago (3 children)

They use a Mac mini somewhere to route these messages. So you're logging into that Mac mini with your iCloud credentials. Sounds like a privacy/security nightmare and creepy as fuck.

[–] decodehug647@discuss.tchncs.de 14 points 1 year ago (1 children)

It seems like all efforts to "bridge" imessage to anything outside apple software work this way - there's a Matrix bridge and a dedicated open source app and they both rely on the imessage client on a mac. Is there a legitimate reason for it not being reverse-engineered yet?

[–] GamingChairModel@lemmy.world 22 points 1 year ago (1 children)

Is there a legitimate reason for it not being reverse-engineered yet?

The actual protocol isn't a secret. It's that the authentication of the device relies on a hardware key, and that key is fully locked down by Apple (as it also secures the user's biometric logins, keyring, financial information in Apple Wallet, etc.).

[–] scarilog@lemmy.world 1 points 1 year ago

If it relies on a hardware key then why is it that I can get the same setup working with a macos virtual machine?

Using [BlueBubbles] (https://bluebubbles.app/) for anyone wondering.

[–] EvokerKing@lemmy.world 2 points 1 year ago

I use beeper (a version of these apps that is actually released but kinda shit) and it's perfectly fine. Their solution would be better because it runs locally on the phone, however it's only on supported phones which is most likely just nothing phones.