this post was submitted on 14 Nov 2023
386 points (91.8% liked)

Technology

58157 readers
3528 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
386
Nothing Phone builds a blue bubble iMessage bridge while Google and Apple fight over RCS (www.androidcentral.com)
submitted 10 months ago by DannyMac@lemmy.world to c/technology@lemmy.world
148 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] GenderNeutralBro@lemmy.sdf.org 152 points 10 months ago (1 children)

They've stated that they are using Mac minis as relays. They claim that they do not store messages or credentials, but I don't see how that's possible if it relies on a Mac or iOS relay server that they control.

[–] LWD@lemm.ee 94 points 10 months ago* (last edited 9 months ago) (2 children)

deleted

[–] SHITPOSTING_ACCOUNT@feddit.de 18 points 10 months ago (2 children)

They might be able to relay them in a way that the end to end encryption is actually handled on the phone and the relay only relays encrypted messages.

That would likely still give them a capability to MitM but it's plausible that they couldn't passively intercept the messages.

[–] LWD@lemm.ee 10 points 10 months ago* (last edited 9 months ago) (1 children)

deleted

[–] KairuByte@lemmy.dbzer0.com 10 points 10 months ago (1 children)

Absolutely. The iMessage network isn’t some unknowable beast, it “just” requires an Apple device be involved and activated to work. In order to spoof that far, you’d essentially need to emulate quite a bit on device.

[–] LWD@lemm.ee 6 points 10 months ago* (last edited 9 months ago)

deleted

[–] LWD@lemm.ee 1 points 10 months ago* (last edited 9 months ago)

deleted

[–] Rootiest@lemmy.world 3 points 10 months ago* (last edited 10 months ago)

If it's anything like Beeper 's Matrix bridge then it's E2EE Matrix encrypted between your device and the bridge server and then using Apple's iMessage encryption between the bridge server and Apple/the other user.

The weak point is always going to be the bridge software as by necessity the message must be decrypted there to re-encrypt for iMessage.

At least in Beeper/Matrix the bridge software is open source and one can host their own bridge while continuing to use the existing Beeper/Matrix main server.

Doing so gives you no-trust security since the Beeper/Matrix host cannot decrypt the messages between you and the bridge you control and rubbing your own bridge eliminates that weak point.