I love open source and open protocols as much as anyone on HN, but honestly, secretly, I love the tied-down nature of iMessage because that keeps it (mostly) free from spam and abuse.
If you want something more open, that exists too, which is great. It doesn't make sense to complain that iMessage isn't what you want it to be. Choice means that open and closed solutions exist in the market.
I don't know, I think you can have an open platform and keep spam low. I have yet to encounter any spam on Telegram for the past 8 or so months I've been using it. I think that might partly be a result of the openness of the platform -- since they provide an official API for bots, nobody is going to go to great lengths to reimplement that functionality through an unofficial API (especially for positive reasons... most Skype spam bots likely rely on some well-intended library somebody wrote for legitimate purposes). And since they're able to apply rate-limiting to the bots and let users report them, it makes it much easier to control those bots (as they're not even "real users" and have many more limitations on what they're able to do). I think that because of that, people with a legitimate reason to use bots are the only ones who actually put effort into making bots, which caused the apparent lack of spam bots.
As far as I can tell, Telegram keeps spam at bay through:
1. Requiring a unique phone number for signup, and heavily restricting accounts which appear to have used a VOIP phone number for signup (including Google Voice numbers). Restricted accounts can't initiate conversations, so they can't really send spam.
2. Allowing users to report spammers that get past #1, and limiting the accounts of users that get reported.
Yet I've received spam and been joined into groups without my consent multiple times since starting to use Telegram. Never received anything on iMessage, and I've been using iMessage since it came.
Yes, you should and the choice exists, like the root comment mentioned. There are other services which allow you to communicate with people without having to associate your phone number with the service.
The existence of an alternative protocol doesn't help without interoperability between the protocols, which will never happen. If I have to first convince anyone I want to communicate with to first e.g. make an account on my XMPP server, communication is going to be much more difficult and sometimes impossible. Telegram isn't the only service that assumes a 1-to-1 mapping of phone numbers to people; Signal also has this problem.
While you enjoy your "spam free" service, some of us will have to work with the separate but not equal alternative. In case you haven't noticed, as the common communication environment has become more and more locked-down (starting with mobile, and now spilling over into desktop), fewer people are using open alternatives. Simply observing that open protocols exist doesn't make them an actual de facto alternative.
I can be reached by telephone. What I don't have is a unique telephone number. This works perfectly fine for actual voice communication. If you think I can simply afford an extra monthly expense, you're wrong.
> You are like 0.0000001% of the market.
Made up statistics reveal your presuppositions.
There are a lot of people that don't have a unique phone number. It's a minority position, but that's kind of my point: chat services do not inherently depend on traditional phone numbers, and requiring one is going to exclude more people than you probably realize.
Err. A SIM card which comes with a phone number costs me £0 for the SIM and £5 minimum top-up. £10 for the phone, though half my friends seem to have old phones they could probably lend me.
Are you in a country which doesn't have pay-and-go service?
I'm in a country with a crazy healthcare system. Medical disability barely covers the absolute bare minimum; spending that 15 on a SIM (assuming I could find a phone somewhere) would require not paying of one of the drugs that are keeping me alive.
In any civilised country a prepaid phone number is almost free (if not free) so requiring a unique phone number will only exclude people I don't care about.
And of course that statistic is made up. It was a joke.
Spam is probably low because it's not yet a platform that spammers are interested in. That may very well change. From what I can tell most of the big networks have found that the only way to cut down on spam is to be aggressive abou securing the protocol.
It's not security. It's obfuscation. If you can use a client program to send messages, you can implement your own client code - if you put in enough effort.
The authority to send to your mailbox is ambient, meaning anyone can send to it at anytime, and ambient authority is trivially abused. Abuse can only be prevented by doling out least authority, not ambient authority.
In this case, at the very least a mailbox address would be a cryptographically unguessable identifier. Ideally, each person to whom you are introduced would get their own unguessable mailbox address that acts as a proxy for your real mailbox, and you can delete that proxy anytime you wish to stop receiving e-mail from that person (and anyone with whom they shared your address). This completely eliminates the viability of selling your personal information to advertisers and spammers. Obviously this process has to be simple and semi-automatic, preferably transparent, or people won't be able to use it (like the web of trust), but the idea is sound, and based on capability security.
People already do something like this manually with subaddressing, and it seems the general concept I presented above has an official name as "disposable e-mail addresses" [1].
> It doesn't make sense to complain that iMessage isn't what you want it to be.
Why not? I don't know the specifics of this case, but if you are a user as well as developer that is going to release apps on the App Store and give x% of your revenue to Apple, it might make a lot of sense for Apple to listen carefully when you complain that iMessage is horrible and a pain to script around.
You really love iMessage because it is free from spam and abuse, not because it is tied-down. It is Apple's job to make it the former and avoid the latter.
Because alternatives exist that satisfy your needs.
> You really love iMessage because it is free from spam and abuse, not because it is tied-down.
It is free from spam and abuse because it is tied-down. This isn't a controversial statement; it's one of the famously difficult problems in computer networks. Nobody has solved it.
> Because alternatives exist that satisfy your needs.
This argument makes sense only in applications that can be substituted for one another. With IMs, like with social networks, you'd have to replace not just the app, but also your friends.
Since you are in a way being forced to use that particular communications app, it makes sense to ask it to complain about it getting worse.
For one, other commenters in this thread (including the #1) post about receiving spam on iMessage. For two, you can't say that you receive less spam on iMessage for any particular reason, or that that reason can't apply to other messaging apps.
> I love open source and open protocols as much as anyone on HN, but honestly, secretly, I love the tied-down nature of iMessage because that keeps it (mostly) free from spam and abuse.
Spam on IM? I've honestly only seen this on skype. Is this actually an issue on other networks/countries?
It definitely is on Wechat but I am not really bothered by it: I have the people I need in a list and the rest I just ignore. It does not really interrupt but then again there might be people getting 1000s of these spam contacts per month and that would be painful...
Except in quite a lot of cases - like communication tools or social media platforms - you didn't choose anything. Your friends did, as an aggregate - as individuals they didn't chose anything either.
Somehow people recognize that illusion of choice when talking about Facebook, but fail to recognize it here? Weird.
Facebook is quite different from this case. If you friends use Facebook to communicate, you need to as well. There is, as far as I know, no alternative. But if your friends use iMessage to communicate, you can easily communicate with them through SMS. Just turn off iMessage, and Apple will recognize this and fallback to SMS. You are not forced to use iMessage just because your friends does.
You wish Apple would recognize this. But in fact my sister did this, and filled out their web form and did everything else they suggest. And Apple still does not recognize it. (On the inbound side. )
She can text me, but when I or anybody else On an iPhone try to text her it goes to iMessage and she never receives it.
Yes this is "just a bug", but it also seriously promotes lock-in. It's a very strategic bug, and if she hadn't bought a new phone she would probably be back on iMessage.
iMessage is not always a choice, sometimes it's for life whether you wanted it to be or not.
With signed content. Assuming you have a side channel for a one time joining process (email, SMS, real life etc) where you get a single use token/password etc you swap public keys and sign/encrypt all messages using it.
I think that's mostly a function of handling identification of the sending party. iMessage tied to an AppleID can still be controlled pretty well when it comes to spam even if it would use a completely open protocol and was open sourced.
Similarly if you'd only accept cryptographically signed mail by default the spam problem would go away as a bye product.
I don't think it actually helps with spam issue, at least not in China.
Almost every iMessage user who activated with a Chinese mobile number has been receiving 3~10 spam iMessages everyday about online gambling and etc since ~2012 when iMessage service went live in China. The content for those messages have been pretty much the same with some minor variant on wording.
With the scale of the spam, I believe it's likely not sent thru UI scripting, but the iMessage protocol might have been well reverse-engineered and exploited by spammers. So disabling UI scripting won't help anything but cause trouble for developers with legit usage.
Hadn't seen that before. But there's one disadvantage with breaking captchas: have you been challenged recently with Google captchas? They take much, much longer to solve and oftentimes you don't even pass. This is with their image neural net training captcha. It constantly asks you to select more than the visible and inserts new images until it's satisfied. What I'm saying is that any site that uses Google's captcha system before posting a comment or something similar takes up much more of my time than it did before. I'm not sure if this is strictly needed, seeing many sites that manage with simple captchas. My impression is that Google turned their captcha system into a mechanical turk for letting the masses work for them and train their image neural net.
I haven't gotten anything except that "I am not a robot" captcha.
Generally I am not that upset if a business uses a captcha; I'm willing to meet in the middle. I as the customer am the one paying for fraud, do you think the CEO just takes fraud as a deduction out of their paycheck?
The general idea of a captcha is valid and sound, but it's a problem if captchas turn into crowdsourced labor for Google's neural net. First it was reading house numbers, which was easy and not that time intensive, thus acceptable, but the new captchas are a time sink and hard to accept.
> It takes time to solve a captcha regardless of whether or not it's going to /dev/null or into some neural network.
Yes, and if Google's captcha didn't get much harder, I wouldn't mention it. At least they stopped showing impossible to read random words. They had one variant which I never once passed and had to reload until I got something with distinctive letters.
It's definitely getting worse. Last week I had to give up on trying to file a warranty claim for a WD hdd, because their warranty portal stuck me in a "select all images showing X" captcha loop for 45 minutes.
The captcha works on TBB, but the lag makes it take over a minute or two every couple of minutes.
As for /s: It's a sarcasm tag, to make sure people get the tone of the sentence "You'll see plenty of lovely captchas, courtesy of our CloudFlare overlords."
Out of curiosity I just tried and it never fully loaded and with NoScript and such it didn't work for me. Is it supposed to work in the default config with NoScript and via Tor?
It works for me with the default TBB install (I just got one when going to HN). Sometimes if you have too much lag they will give you the backup one. Refresh a few times and you should get it.
I am surprised by commercial sites now using captchas. Prime example is just-eat in the UK. They got their last order from me the day before they introduced captchas.
As shitty as it is to copy and paste spam messages all day for (probably) little money, I'm not quite sure it would qualify as a sweat shop. Even if it was quite warm in the office.
Perhaps the OP really is talking about the Messages.app UI, but the screenshot on github imply that this is some sort of alternate UI (curses-based). Perhaps I'm misundestanding.
There is no API for Message; this github repo was scraping/scripting the Message.app GUI to create a Message command line client. OSX has removed the ability to scrape/script Messages.app GUI, so the github repo is dead in the water.
Funny to see someone besides me post a link to one of my git repos :) What I've done to get around of some of these issues is run an OS X 10.10 VMware image to handle running iMessage-related code. This gets less UI interference since it is fairly AppleScript heavy. Another poster pointed out that disabling some of OS X's security features seems to make this work as well, but I didn't really feel comfortable recommending that anywhere. I just want to easily and programmatically send and receive iMessages!
I don't understand. In Yosemite you don't need any UI Scripting. Have they removed this from El Capitan as well? What happened to:
tell application "Messages"
set iMessageService to (first service whose service type is iMessage)
send "Hello World" to buddy "0123456789" of iMessageService
end tell
Cool, didn't realize that, thanks for checking. However this method doesn't appear to work for group chats as far as I can tell, only one-on-one messages
There were people selling apps that bought iMessage to other platforms, by using VMs in servers running the desktop App and using the scripting functionality.
This gets to the heart of why Apple probably did it and why it's significant.
It was a nasty hack for interoperability but it worked and is probably the only thing that would work. It also indicates how much Apple cares about squashing interoperability for iMessage. Whether you feel this is because it presents a security risk or a business risk is down to the cut of your tin foil hat.
It should be pretty easy to work around this, either by hacking around (e.g. with a debugger) whatever call was used to disable UI scripting, or by using the interface between Messages.app and the IMCore framework, which is a relatively high-level Objective-C API. On the other hand, for the record, reimplementing an iMessage client from scratch would be difficult due to DRM: while the protocol is generally sane, it includes an authentication layer based on FairPlay, involving heavily obfuscated code. Some information here, though I'm not sure if it's up to date:
In 10.11 Apple added System Integrity Protection[1][2], so it might not be as simple as it once was to hack preinstalled apps. From wiki:
Most preinstalled Apple applications in /Applications are protected as well. The kernel stops all processes without specific privileges from writing to flagged files and folders. It also prevents code injection, runtime attachment (like debugging) and DTrace
I've got a Mac at home which I use for my own personal iMessage bot to do certain tasks in my house. I specifically left this Mac at Mountain Lion, since I sort of anticipated problems further down the line with the newer versions of OS X. I can probably safely upgrade to 10.10 but it was finicky enough to set up the AppleScript to work with my scripts.
I just bought a jailbroken iPhone which I'll upgrade to a newer release supporting SMS handoff, etc; then use for running a message server so that I can send and receive synchronized messages on my Windows development PC the same way I can on my Mac.
I don't think this change was to intentionally block this repo. In OS X 10.11, more system apps including Messages.app has been white listed for SIP protection. Everything works if you disable SIP protection.
It is understandable that Apple doesn't want malware to easily read people's messages.
Why is everybody fighting so hard to use iMessage? I just tell people I can't use it since Apple doesn't provide a solution for everybody. I thought that was the normal response. Why are people losing sleep over this?
If you want something more open, that exists too, which is great. It doesn't make sense to complain that iMessage isn't what you want it to be. Choice means that open and closed solutions exist in the market.