derekmorr
About
- Username
- derekmorr
- Joined
- Visits
- 29
- Last Active
- Roles
- member
- Points
- 110
- Badges
- 0
- Posts
- 237
Reactions
-
Tim Cook made it clear that Apple won't adopt RCS any time soon
sireofseth said:derekmorr said:Just tell people to use Signal. It works regardless of platform and is much more secure than iMessage.The problems with iMessage are in two areas: the protocol itself, and everything else.
The iMessage encryption protocol isn't well designed:
- In 2016, researchers at Johns Hopkins demonstrated that iMessage messages can be decrypted of they’re intercepted. This is a link to their paper - https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garman.pdf. While the attack is difficult to execute, it should never be possible.
- The iMessage protocol doesn't have forward secrecy (https://www.tomshardware.com/news/imessage-weak-encryption-matthew-green,32466.html) -- that means it reuses the same encryption key indefinitely. That makes it much more susceptible to compromise. The Signal protocol has forward secrecy and changes the encryption key on each message.
- The research team said that Apple should replace the iMessage protocol with something more secure, like the Signal protocol. https://www.vice.com/en/article/d7y7vk/apple-should-replace-imessage-encryption-researchers-warn
- iMessage does not allow participants to verify one another’s identities and their shared encryption key. The system requires devices to implicitly trust Apple’s servers to distribute user’s public keys. In Signal, you can scan a QR code to verify the encryption key; this prevents man in the middle attacks. See this for more info https://blog.cryptographyengineering.com/2015/09/09/lets-talk-about-imessage-again/
In terms of "everything else" -- Apple has access to a lot of iMessage metadata, and in many cases to your chats (via iCloud backups):
- Apple logs your iMessage contacts, and can share them with law enforcement. https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/. Signal does not log your contacts.
- iMessage data is also accessible to governments since iCloud backups are not end-to-end encrypted. In November 2021, Rolling Stone published an FBI document showing that iMessage can reveal more information that most other messengers, link: https://www.rollingstone.com/politics/politics-features/whatsapp-imessage-facebook-apple-fbi-privacy-1261816/ and see this PDF: https://propertyofthepeople.org/document-detail/?doc-id=21114562
-
RCS is still half-baked, and Apple has no reason to adopt it
jimh2 said:bossbaby said:And the pathetic iMessage still dont have automatic spam filter. I really wish I could install Google message on my iPhone. The most annoying, I kept receiving spam Imessage from random emails. I both have iphone and Android and nope, RCS is not half baked. I use both and rcs has more feature than iMessage imho. Imessage doesnt have enough user base, atleast, outside america. -
RCS is still half-baked, and Apple has no reason to adopt it
iMessage security is highly overrated. It is nowhere are secure as people think it is.In 2016, researchers at Johns Hopkins demonstrated that iMessage messages can be decrypted of they’re intercepted. This is a link to their paper -https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garman.pdf
. While the attack is difficult to execute, it should never be possible. The research team said that Apple should replace the iMessage protocol with something more secure, like the Signal protocol. https://www.vice.com/en/article/d7y7vk/apple-should-replace-imessage-encryption-researchers-warniMessage does not allow participants to verify one another’s identities and the shared encryption key. The system requires devices to implicitly trust Apple’s servers to distribute user’s public keys. In Signal, you can scan a QR code to verify the encryption key; this prevents man in the middle attacks. See this for more info https://blog.cryptographyengineering.com/2015/09/09/lets-talk-about-imessage-again/iMessage data is also accessible to governments since iCloud backups are not end to end encrypted. In November 2021, Rolling Stone published an FBI document showing that iMessage can reveal more information that most other messengers, link: https://www.rollingstone.com/politics/politics-features/whatsapp-imessage-facebook-apple-fbi-privacy-1261816/ and see this PDF: https://propertyofthepeople.org/document-detail/?doc-id=21114562 -
Green texts in iMessages nudge teens to use iPhones
I'm honestly wondering why anyone would use iMessage at all. From a privacy perspective, it's a terrible product.- The iCloud backups are accessible by Apple. Deal breaker.
- The iMessage protocol is terribly designed. It's so bad that in 2016, researchers at Johns Hopkins were able to read encrypted messages. That should never be possible.
- Related to the above: iMessage doesn't have forward secrecy. That's just stunning.
- It's not open source, so it can't be independently audited.
- Apple routinely gives information to government agencies.