Key Points:
…after spending the last few months periodically poking around the trees inhabited by little birdies, I do have good news for fans of coercive government regulation,” Gruber says. “Apple’s hand was effectively forced. But by China, not the EU.”
“Coercive government regulation” lmao.
Gruber points to a new law in the works in China that will require that 5G devices support RCS in order to receive certification in the country.
Chinese carriers have been proponents of RCS for years, and last year, the Chinese government began the process of codifying into law that to achieve certification, new 5G devices will be required to support RCS. Shockingly, the Chinese government seemingly isn’t concerned that the RCS standard has no provisions for encryption. The little birdies I’ve spoken to all said the same thing: iOS support for RCS is all about China.
“Shockingly”.
Apple would prefer simply to continue ignoring RCS, on the grounds that they want to support neither any new non-E2EE protocols, nor any new carrier-controlled protocols (whether encrypted or not). But when the CCP says device makers must jump to sell their products in China, Apple asks “How high?”
The sheer Sinophobia omg.
One narrative in the months since Apple’s RCS announcement in November has been that the move was driven by the Digital Markets Act in the European Union. The DMA, however, makes no mention of RCS specifically – and now have official confirmation that iMessage is not big enough in the EU to fall under the purview of the DMA.
There goes EU, the saviour of digital rights.
Anyways, what an article.
You see, apple wants to keep everyone on their proprietary messaging app that has severely limited interoperability with non-apple phones because they just care about your privacy so darn much.
I love when Apple users try to make fun of Android users because APPLE PHONES HAVE WORSE FUNCTIONALITY.
It’s really nothing more than a wealth indicator for most people, or so they think
Rich people love to prove they'll pay double, triple, ten times the price for inferior goods just because they can
Rich drug dealers will use iPhones and advertise on instagram and Snapchat or spend thousands on an “encrypted” app that’s been infiltrated by feds and get arrested lol
Do you think they would write in the same paranoid fashion about the EU forcing Apple to adopt USB-C? In both cases the "coercive" government is making them provide a better product where market forces failed
There were definitely articles complaining about the EU big government restricting Apple's innovation for the next time they try to make a proprietary plug in the hypothetical future
Yes, actually. At least for the USB-C thing. John Gruber has always been one of the most insufferable Apple sycophants out there. When I was a teenager and in my early 20s I had thought he caught a bit too much flak for his takes and thought most of his justifications were sound (this is also likely because I was an Apple user myself and wanted the things he said to be true), but around 2016-17 he also started weighing in more on politics (massive turbolib) and it broke me out of that bubble right quick.
Since the pandemic started he's become an even more unbearable asshole with bad takes, and it looks like they're only getting worse.
Shockingly, the Chinese government seemingly isn’t concerned that the RCS standard has no provisions for encryption
that means it's also not forbidden, dipshit. Google's implementation has built in encryption. How do I know that? Because five minuets ago I did not know the acronym RCS so i looked it up and lo & behold i learned something. Chance Miller, do your job better
Well that’s the inherent problem. It shouldn’t rely upon vendor implementation to add basic functionality - this should be part of the spec. The RCS ecosystem is fragmented before it’s even got off the ground because vendors will take the path of least effort to be compliant.
We’ve had over thirty years to get this right and this is the best they could do.
I mean, that's completely Apple's fault for refusing to work with other companies. Genuinely, the level of greed and disregard for the good of the consumer by Apple necessitates seizure of the company since they are so popular and important to national security.
Apple isn't doing this because they think it's right. They're doing it to maximize their market share, and their customer base will dwindle if they lose their air of superiority. If they could strap you to a chair and beat you until you give them your banking info, they would.
No I’m referring to the failure of the GSMA to define encryption as part of the RCS Universal Profile - nothing to do with Apple or Google, but the carriers themselves.
Apple is doing the bare minimum because they’re implementing what’s there to the letter - and what’s there has no provisions for encryption.
Just because regulation is necessary, it doesn't absolve Apple of intentionally being lazy removed. We don't absolve factory owners in the 1800s, or today even. It's disingenuous to claim that this isn't Apple's fault. Nothing stops them from using good business practices.
I believe apple said they'd work to include encryption specifications in RCS
But when the
CCPlargest market in the world says device makers must jump to sell their products in China, Apple asks “How high?”Capitalists stop pretending that the market doing capitalist things is communism challenge (impossible)
I wish the US would grow some balls and stand up to these companies and pass legislation that’s in the consumer’s interest.
That does not require "balls" it needs them to give a shit about the consumer which they don't.
the class of people running those companies, the bourgeoisie, the ownership class— they also run the US government. why would they go against their own class interests?
gruber is racist trash and loving bootlicker of capital
When this comes out, turn rcs off. It’s not e2ee unless you’re using googles server.
rcs is a replacement for text messaging which has always been plaintext
You’re right!
Rcs doesn’t have any encryption by default unless you’re using the google rcs server.
For people that would be affected by this, ios users, the understanding that imessages are secure is very wide ranging. And it’s a correct understanding as far as those things tend to go. Few ios users know what rcs is but once support gets rolled out I imagine that understanding will be some variation of “android imessage” with the implicit assumption of security.
So my statement that rcs isn’t secure and that users should disable this if they’re able as soon as it rolled out wasn’t intended to get people to switch back to old insecure sms, but to make sure that they don’t see the new purple bubbles and assume they can speak freely.
Yeah, it’s a big part of the onboarding stuff when you make an account. It’s also in advertising and stuff.
They’re generally right too because the kind of mitm attacks that police or others make against texting with either stingray-likes or subpoenaed carriers are defeated by the encryption. It made the news some years ago even.
E: I had a little time to double check myself on this one and foiad training documents from the fbi showed that for both google rcs (not other rcs servers) and imessages they had to get warrants for the google cloud or icloud services the messages were backed up on instead of just using “normal” wiretapping methods in order to get the contents.
It is possible to turn off google cloud and icloud backup of messages, and that’s the smart way to go with it in my opinion.
If it's possible for the cloud service to comply with a warrant it's not correctly implemented end to end encryption.
That’s a great point, and while it’s generally frowned upon to use Wikipedia as a source, I’m not fucking digging through a bunch of crap to post a wall of links on a lib as we would normally do, both because I’m lazy and because you’re not a lib. To that end I’d like to direct you towards the modern usage and Compliance and regulatory requirements for content inspection sections of the Wikipedia article on end to end encryption.
The long and the short of it is that the language around e2ee is muddied now and sometimes a company is offering a service that would be illegal or prohibitively difficult to feature e2ee on in the state its operating in, and that’s important to know.
The point of my original comment way up there in our reply chain was that the default position of an ios user concerned about security should be “turn it off” with regards to rcs because the security posture of most users is to trust imessages and not to trust anything else, it would be too easy to say “ah ha, I can get android style imessages now!” under the assumption of some degree of feature parity including encryption and there is no guarantee that any old rcs message is encrypted. An ios user who turns off rcs will assume that the messages are insecure and will be more likely to have a safer set of interactions than if they trust the transportation layer security of the content which is ambiguously communicated, not communicated or communicated erroneously.
I’m actually pretty confident that the coming rcs implementation won’t be like that, but like you my default position is one of mistrust.
I'm quite a bit more doomer about security than that. An iOS user truly concerned about security should sell their iphone, get an old pre-Intel Management Engine laptop or something, install libreboot and linux, and manually encrypt all their emails with GPG. An iOS user only somewhat concerned about security should look into dedicated secure messaging apps made by companies or groups not subject to their own jurisdiction's laws. The casual iOS user who believes Apple marketing should just leave rcs on to make things that tiny bit more complicated for the world's various intelligence services.
That’s the point I was making though, there’s no guarantee that rcs would make things more complicated for the various intelligence services and a distinct (though, like I said, not my expectation) possibility that it would actually make things easier for them even if one of the encryption supporting rcs services isn’t actively collaborating with law enforcement.
It’s like opening a second loading bay door and suggesting it’ll make things more complex for intruders.
Some of the decisions around apples stuff are actually providing more security than just security through obscurity. Consider what we’re talking about: there’s the security of icloud and that’s it. You either have encrypted messages or plain old sms. The system communicates that to the user very clearly. Even if the system communicated the security of rcs communications as clearly as it does with imessage and sms, that’s still another thing for the user to screw up, another service for law enforcement to put the screws to.
At some point being able to say to people in a really clear way that this is secure, and the other thing isn’t is way better than having some weird in between added in.
We’re kinda chasing each other around a tree and missing the forest though, if the last few years are any indication they’ll just gobble up the push notifications and use them to establish probable cause to arrest then apply the rubber hose until you give up the passcode anyway.
Yup. Just do what I do and pass out encryption keys to everyone I text so they can decrypt the SMS messages I encrypt before sending.
Unfortunately I haven't been able to get my parents to encrypt the SMS they send me😔
