If this was removed by Google and not the beeper mini team I feel like this move is going to make it so much harder for Apple and Google in any future antitrust legislation.
Apple was already getting flak in the media for beeper mini, calling in Google to help makes it seem so much worse (even if it was done without a specific verbalized agreement). The obviousness of this makes me wonder if there is something else going on here (or maybe they really are that blatant now?)
This doesn't require bad faith in Google's part, there's any number of levers Apple can pull to pretty much force this: claim DMCA violation, CFAA violation, Play policy violation, etc etc.
It’s an obvious play policy violation. Can’t have apps that are deliberately and obviously intended solely to violate the terms of service of another service, or conduct illegal activity (CFAA unauthorized access).
You won’t find Reddit is Fun or any third party Reddit clients there anymore either even though it’s obviously trivially possible to just scrape it and keep trucking. Because that’s against Reddit’s TOS too, and doing so anyway is a CFAA violation.
Shockingly, google doesn’t want to be an accessory to your computer crimes.
Rightly or wrongly the law is quite broad in this area, you aren’t supposed to be accessing this system, it is an open-and-shut case just as much as illicitly connecting to TymNet. The only fact that matters is that the system operator doesn’t want you there, that is sufficient for this to be a felony, people have been globally extradited over this. Google isn’t going down because you want to use an open-relay that the system operator is actively indicating shouldn’t be open and is trying to lock down.
And if the tables were turned and some other third-party built a commercial service on reselling spoofed access to gmail smtp relays or something… google would shut you down themselves too, “gatekeeper” or no (lots of domains struggle to send mail to gmail and outlook).
Things have gotten real silly because of the extreme degree of apple-bashing that people entertain. And apple has been very very tolerant, because they know the optics would be horrible. But the law here is clear and the penalties are enormous. This is not different in kind to any other unauthorized-access case.
> Judge John Bates ruled on Friday that the plaintiffs' proposed research wouldn't violate the CFAA's criminal provisions at all. Someone violates the CFAA when they bypass an access restriction like a password. But someone who logs into a website with a valid password doesn't become a hacker simply by doing something prohibited by a website's terms of service, the judge concluded.
> "Criminalizing terms-of-service violations risks turning each website into its own criminal jurisdiction and each webmaster into his own legislature," Bates wrote.
> Scraping a public website without the approval of the website's owner isn't a violation of the Computer Fraud and Abuse Act, an appeals court ruled on Monday. The ruling comes in a legal battle that pits Microsoft-owned LinkedIn against a small data-analytics company called hiQ Labs.
So, uh... cool story, bro, but you seem to have a ridiculously extreme and pretty clearly unintended interpretation of this law. The users of Beeper have valid credentials to this service and are accessing only the things they were intended to be able to access... they merely are doing so with a modified or alternative client, which usually is protected under various laws due to an interest in competition and interoperability.
Ground level judges don’t matter all that much if they fuck around.
> (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains— or
(C) information from any protected computer;
(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;
> (2) the term “protected computer” means a computer— (B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; or (C) that— or (II) has moved in or otherwise affects interstate or foreign commerce;
Both of these clauses are being facially violated here. The clause of interstate commerce to be a protected system is trivially satisfied. Beeper additionally has taken commercial advantage in excess of $5k.
Ianal. Apple can come down like a ton of bricks though. That’s what people wanted in the 80s/90s.
The CFAA is overbroad and remains unclear with respect to "without authorization, or exceeds authorized access" even after the 2021 Van Buren v. United States ruling. But Beeper Mini doesn't damage or destroy any files on Apple's servers, so I think the CFAA doesn't apply [1]:
> The majority also recognized that the portions of the CFAA that define damage and loss are premised on harm to computer files and data, rather than general non-digital harm such as trespassing on another person’s property: “The statutory definitions of ‘damage’ and ‘loss’ thus focus on technological harms—such as the corruption of files—of the type unauthorized users cause to computer systems and data,” the Court wrote. This is important because loss and damage are prerequisites to civil CFAA claims, and the ability of private entities to enforce the CFAA has been a threat that deters security research when companies might rather their vulnerabilities remain unknown to the public.
The relevant text of the CFAA is 18 U.S. Code § 1030(a)(5) [2]:
> (A)knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
> (B)intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
> (C)intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.
You have the freedom to compile source code of https://GrapheneOS.org and various apps from source code and run them on a handheld device named Pixel. You also have the freedom to use Purism's handheld named Librem.
The smartphone space is completely open for competition, consumer choice, and consumer repairability. If you or someone you know does not have the wherewithal to have and exercise their own freedom, that is unfortunate, but Apple and Google owe nothing.
Imagine trying to hail a cab, buy something, find a romantic partner, scan a QR code, schedule an event, call a friend, find your way without one.
And that's just scratching the surface.
Without a smartphone, you basically can't exist equally.
100% not hyperbole. And before you think this is hyperbole, consider that menus at restaurants are no longer physical, that government IDs are being issued to smartphone, that POS systems are transitioning to smartphone, etc. etc.
Everything else will wither and die. The smartphone is the gateway to all modern commerce, communication, and mobility.
If it would get re-phrased a la "An important function of modern society", would nail it. Unfortunately! I loathe where societies are progressing towards. Imagine having to deal with all this tech BS when you are 70+. Travel is already complicated, dealing with fully automated "customer service" methods and figuring out why app xy stopped working right when you need it as a run-of-the-mill type of person is at lesst a nuisance and at worst a nightmare when preventing you from fulfilling life's chores.
But of someone things that how app store is administered is more important function in modern society than say food production then it is not looking well though out.
(I would prefer catastrophic breakdown or malicious takeover to happen with app store rather than food supply if I would need to choose between these two, and there are still many more important functions of modern society before you get to app stores. If food supply collapses I and my family and my friends will be likely dead within month. If app store collapses there are bad consequences but far from "everyone I love dies from starvation".)
(but yes, app store ARE important function of modern society and Beeper Mini seems to illustrate some of ways how current situation is broken)
That's why I like this Beeper mini saga, it breaks the illusion of competition that really doesn't exist between both companies and highlights the enormous power those two companies have.
The illusion of competition? This whole event has a lot of people talking about antitrust action against Apple for keeping iMessage exclusive to their own hardware, leaving Android devices out of the loop. Why would Google want to help Apple maintain iMessage's competitive edge over their platform?
Edit: just to be clear, I don’t buy the argument that Apple is doing anything wrong with keeping iMessage exclusive to their brand. I only wanted to relay that argument here to discuss in this context
Why would Apple let other companies use their servers and infrastructure ?
Have you ever heard of an independent car repair shop being allowed access to the manufacturer’s factory floor ? How about factory floors of all car manufacturers? It makes no sense. How about I go use your home’s toilet when I’m nearby?
> Have you ever heard of an independent car repair shop being allowed access to the manufacturer’s factory floor ?
Car manufacturers used to publish detailed (technical) manuals for all of their cars exactly so mechanics (owners, repair shops, etc) could work on their vehicles.
In modern times though, manufacturers seem to be DRM-ing (and similar) as much as they can in order to capture the repair business for themselves. It's not a good look. :(
While we're at it, let's outlaw web search as well. Clearly, those indexing bots are not paying customers.
If a niche enthusiast crowd worth of traffic will absolutely obliterate the underlying infrastructure, allow unchecked flows of spam and undermine the security posture, maybe Apple should just leave it to the telcos who might be marginally more competent.
I buy an Apple device and I know that part of the premium includes paying for Apple services. Why would other people who haven't given a cent to Apple be entitled to leech off their servers? I could understand complaining about AirDrop being closed off since it's peer to peer and offline, but iMessage really stretches it
It's not quite the same because Bundling seems to be about setting a price that is too low, so this isn't a legal precedent but it seems like a morally similar argument?
You are saying that you paid Apple for a device, and that entitles you to access to their services (e.g. Apple bundled their services with their device for free).
If this was Apple's main contention with Beeper, then why not allow people to pay a one-off fee to access their services (whatever fraction of the retail price of a device goes towards services)?
I suspect they can't do this because then you would be fully in Bundling territory: that the one-off price you pay to access Apple's services becomes cheaper when bundled with a device.
The whole idea that you paid a one-off fee and that covers your indefinite access to Apple's servers at a continuous cost to them also seems like a flawed model if that's really what the economics of iMessage are. Of course the contention is that the continuous fee to you is the fact that you are locked in and are therefore helping Apple attract other people to their ecosystem.
There is also another argument going round that somehow the issue is that Beeper is charging for their service. I don't buy that, because I pay for Beeper and I don't use their iMessage integration (because I live in the UK so this whole blue bubble green, bubble thing is just not a thing here and we can just enjoy watching it unfold with idle curiosity) and I pay the same as someone who would. I am paying them on a continuous basis because they are running servers that I want access to that bridge to other services I use and want aggregated in one place.
If that's the case, how long after the purchase of a new iPhone does your imessage subscription expire?
Of course it does not. The per user cost of delivering imessage is so low, Apple doesn't care about the individual user. In bulk, enough people are buying new iPhones to cover the ongoing cost (and then some).
Well WhatsApp and Telegram are free, so it's hard to make that argument there, but my understanding was that the problematic behaviour was for Apple to make the performance of those devices otherwise worse without disclosing the reasons why, which caused people to upgrade earlier than they otherwise would have.
The analogy would be for WhatsApp to make it take artificially longer to send messages on Android 4.4, which I think people would have a problem with but they have no good reason to that.
I can't speak for Telegram, but in the case of WhatsApp, they decide to deprecate particular SDK versions when the usage of those SDK versions drops below a threshold, and it's against their interests to do otherwise, because they lose market share and they are making a tradeoff between engineering support costs and users.
I’ve already made the same argument you just made here in a previous thread on the topic. My post here was intended to relay that argument without endorsing it (a difficult thing to do without being explicit).
Because they don't compete with each other? They are in different markets and they don't really care that a portion of users stick to Apple.
I'd say the opposite, having Android with a 90% market share would be a bad thing for Google since it opens easier antitrust lawsuits. The statu quo is more profitable.
See the "Our vision is that we work as if we are one company" quote from Google execs which is representative of what's happening in the space.
Thanks to Beeper mini, nobody can say "yeah technically you could implement iMessage if you wanted to, it's just a proprietary protocol" anymore, Apple has actively blocked the messaging platform as much as they could.
Nobody can say that the mobile apps are open markets anymore, the app would have been rejected on the appstore from the start and is now removed from the play store. Effectively the distribution of this app on mobile devices is in practice impossible now.
It also highlights the similar review process and lack of differentiating competitive factor between those two stores. They aren't interchangeable like supermarkets are.
We knew all of that already but I like that Beeper mini made it obvious enough that the PR lies of both companies cannot work here.
Has anyone ever claimed that iMessage is some kind of open network that anyone can build apps for? I think most people presume it's just as closed as the rest of iCloud.
I don't know what the legal status of the protocol per se is, but I don't think anyone thought that you would be allowed to utilize Apple's iMessage servers for your own app.
The other closed networks had third-party clients historically, such as MSN or ICQ. It's not enough to say that it's closed, now we know it's both closed and blocked by Apple.
Apple could have said that no other clients really even tried before this case and it would have been true. And that will make a difference in the next antitrust lawsuit, that's one less argument Apple can use to defend themselves.
I'm sure most developers expected them to behave like this but now there's a factual proof valid even outside of our tech developers little circle, it's not just speculation.
They were originally charging money for a service using third party servers without permission and which was obviously going to stop working (if nothing else, when the spam protection kicks in because they had thousands of people on the same device ID).
Removing this sounds like protecting Google's customers.
Tangential, but does anyone else think the world has lost its way in terms of standardisation and regulation of pretty much any communication mechanism after the telephone? I can dial a phone number for anywhere in the world from a phone made by anyone and it just works. I can't do the same for video or messaging or really even email.
Yes, but for telephone networks the network is indistinguishable from the product. Now we’ve got the internet, which allows you to address an IP anywhere in the world whatever its ISP and above that we have services. I’d argue that its a better situation to be in, whatever the competitive issues that arise (eg, see the digital markets act).
This wasn’t true in the early (and in some countries even quite recent) history of the telephone. Having to use a phone provided by the phone company was the norm, which prevented the use of modems and forced early BBS and Internet users to use (much less efficient) acoustic couplers.
Worldwide direct dialing is also a relatively recent innovation in the history of the telephone.
Maybe we’re just in a similar phase of technological development?
I agree with this. At some point, around 2000-2005 or so, it seems internet pivoted from being protocol-driven to becoming service-driven. For example, I remember a protocol FOAF, "friend of a friend" that tried to build a social network using protocols amd contracts. It got nowhere. This must have been before Facebook was born. It is easy to compare in retrospect. Protocols are losing out.
LTT recently did a video on the last model of the XServe and one of the interesting points is that it's got a self-hosted XMPP/jabber chat server (and mail/exchange, VPN, time machine backup hosting, etc), and he pointed out that probably one of the reasons it died out was precisely this pivot from product/protocol focus to hosted services.
It is, after all, not like we really need slack or discord or whatever. Text chat is not complicated or resource intensive, people were hosting IRC in 1985 or whatever. Even persistent chat or web-accessible are really just minor features too in terms of resources, and you can forward some ports or set up a subdomain just like anything else.
So I mean, to put this ball back in your court: I'm sure you use discord, and I'm sure your employer uses slack. Why do you pay money for that and not just host matrix yourself? Matrix comes with all the free animated emojis you can upload, and a docker container costs you how much? And Algo/Tailscale show that setup can literally be as simple as providing AWS account creds and running a script.
Collectively we seem to have decided that these hosted services deliver value, even if that's simply a couple hours of an engineer's time to set up. None of us walk away from Omelas. Why is that?
Everyone (even here) kinda rolls their eyes at the BSky/Mastodon folks but the fact of the matter is those are the people walking away while we pay for discord and slack and google business.
I don't think this is really a problem. Communications have always been a messy thing over time, from language issues to reliability issues to incompatibilities and costs.
Regardless of what stands, it's pretty damn good at the moment. I have a pocket computer that talks to people all over the world. So I have two messaging apps on it? I'm not even bothered.
The thing is I don't actually really dial anyone with their phone number any more other than close family. Most of the time I will use whatsapp video calls because said other person is usually somewhere that roaming doesn't work and is tethered on a WiFi hotspot instead. Granted that uses name resolution via phone number but it doesn't need to.
I disagree. I’ve lost touch with numerous casual acquaintances over the years because they went to one app and I didn’t or vice versa. If there was a better effort at standardization it would have been easier to maintain these connections rather than lose touch because some people went to Facebook messenger while others went to WhatsApp, discord, snap, etc and the fragmentation made it a nightmare to keep up with everyone. SMS is the standby but a surprising amount of people hate using text messages or email despite being completely comfortable with asynchronous text communication on other platforms. It makes no sense to me because it is functionally the exact same and the people I have met who have this concern are definitely not worried about things like message encryption
Additionally nowadays it’s becoming more common to be ideologically against usage of platforms and it sucks to be locked out of communication because of that. I don’t use meta products because I think they’re a disgusting company but a lot of my older family members refuse to move from the platform. If there was an open standard that allowed for me to use a platform I was comfortable with that could interoperate with Facebook messenger I could live with that.
I'm in a similar situation.
Would you be happy interacting with Meta-product users via a non-Meta-product if it involved your data being stored (e.g. in a "shadow profile") and used to target ads against you?
I'm not sure I would, but it hasn't cropped up yet.
That actually highlights the other issue of fragmentation: sometimes I would bother to download the app and register but then we’d fall out because I wouldn’t regularly check an app for 1 or 2 people. It’s notifications get lost in the sea of notifications
If I could just have one app that allows me to cross platform communicate that would eliminate this issue. And of course let it go both ways
The page loads the Beeper Mini listing for me, but if you try to install it on a device it says it cannot be installed. Are you seeing something different on your end?
I still don't understand the pro-Beeper argument here. They have absolutely no right to unauthorized access to Apple's servers or network, this seems fairly cut-and-dry, despite whatever "moral" argument people seem to want to make.
Many websites would also like to claim that you're not authorized to access them with an ad-blocker, and spammers would like to claim you're not authorized to use e-mail with spam filtering, and malware authors would like to claim you're not authorized to use antimalware software since all those countermeasures encroach on their respective business models.
Okay, but the concept of unauthorised access to a computer system isn't a new one, Kevin Mitnick and co were all convicted of it in the 90s. Maybe there was an argument before Apple released a statement, but it's pretty difficult to make one now.
A line has to clearly be drawn somewhere, otherwise as per my previous comment you could also consider that ad/malware blocking is unauthorized access to websites/malware developers' servers (since you download the ads/malware but then your security solution blocks them).
The typical cases of unauthorized access are quite different in the sense that a private system is being accessed and private data may be exposed. It doesn't really apply to iMessage though - alternative clients don't exceed their authorization (the use the same auth flow as a real device and are granted the exact same privileges) and no private data is being disclosed (just like a real device, the user only has access to their own Apple IDs/phone number's messages).
The only argument that could be made is that allowing non-iOS devices access effectively freeloads off Apple's server resources, but Beeper did offer to support payment of a reasonable fee and yet Apple never took them up on this offer nor ever raised this issue, which confirms the (expected) fact that server resource usage (which is minimal btw) is the least of their worries.
Apple was already getting flak in the media for beeper mini, calling in Google to help makes it seem so much worse (even if it was done without a specific verbalized agreement). The obviousness of this makes me wonder if there is something else going on here (or maybe they really are that blatant now?)