Apple’s most valuable intangible asset isn’t its patents or copyrights - it’s an army of people who believe that using products from a $2.89 trillion multinational makes them members of an oppressed religious minority whose identity is coterminal with the interests of Apple’s shareholders.
–
If you’d like an essay-formatted version of this thread to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2024/01/12/youre-holding-it-wrong/#if-dishwashers-were-iphones
1/
Then there’s #iMessage, Apple’s default messaging tool - “default” in the sense that there’s no way to use other apps without taking additional steps. IMessage has #EndToEndEncryption - but only when you’re communicating with other Apple customers. The instant an Android user is added to a chat or group chat, the entire conversation flips to SMS, an insecure, trivially hacked privacy nightmare that debuted 38 years ago - the year Wayne’s World had its first cinematic run.
29/
About 41% of American mobile phone users have an Android phone, which means that any time an Apple customer tries to have a conversation with a colleague, a merchant, a loved one, a friend or a family member, there’s a 4 in 10 chance it’s going out “in the clear,” with zero privacy protections.
30/
This is not good for Apple customers. It exposes them to continuous, serious privacy risks. Our mobile devices are keepers of our most intimate secrets, and when mobile security fails, the consequences are grave, as Apple discovered in the hardest way possible, ten years ago:
https://en.wikipedia.org/wiki/2014_celebrity_nude_photo_leak
Apple’s answer to this is grimly hilarious. The company’s position is that if you want to have real security in your communications, you should buy your friends iPhones.
31/
Presumably, if those friends - or merchants, or colleagues - don’t want to change operating systems and throw away their device and all their apps, you should just stop talking to them:
One of the clinical signs that someone is in a cult is that they are encouraged to isolate themselves from people who aren’t also in that cult:
https://en.wikipedia.org/wiki/Isolation_to_facilitate_abuse#In_cults
32/
But there are billions of Apple customers and only a small (but vocal and obnoxious!) minority of those customers are actual cult members, which means that there are billions of people who’d prefer to have private, secure communications with everyone in their lives, not just their fellow Apple customers.
33/
That’s where #BeeperMini comes in: it’s a third-party Android version of iMessage that builds on the work of a teenager who reverse-engineered iMessage and found a way to let Android users receive secure messages sent by Apple customers:
34/
This was an immense service to Apple customers, correcting a gaping security vulnerability in Apple’s flagship product, that had been deliberately introduced, putting the company’s profits ahead of its customers’ safety and privacy.
Apple immediately rolled out a series of countermeasures to block Beeper Mini. When The @verge@mastodon.social’s @davidpierce@mastodon.social asked them why, Apple said they did it to protect their customers’ security (!!):
35/
The company claimed that there was some nonspecific way in which Beeper Mini weakened the security of Apple customers, though they offered no evidence in support of that claim. Remember, the gold standard for security claims is #ProofOfConcept code, not hand-waving:
36/
For its part, #Beeper engaged in a brief but intense cat-and-mouse game with Apple, taking countermeasures and countercountermeasures to preserve Apple customers’ access to secure communications with Android users:
37/
@pluralistic@mamot.fr IIRC, I think that the argument was that Beeper was a literal man-in-the-middle. Ergo, the blue bubble which means it’s encrypted was now silently decrypted by a party (Beeper) that users didn’t choose and couldn’t opt out of. Beeper literally made it work by running iMessage on their own Macs and relaying the messages to the app, right? That architecture undermine iMessage security for anyone unknowingly routing messages through that, no?