Archive for December 11, 2023

Monday, December 11, 2023

Apple Blocks Beeper Mini

John Gruber:

I installed Beeper Mini on my Pixel 4, and it worked like a charm. In addition to working seamlessly — including support for group chats, tapbacks (albeit substituting animated emoji in place of Apple’s monochromatic badges), undoing sent messages, and editing recent messages — it’s just a really nice chat app. It looks a lot like what I’d imagine an official iMessages Android client from Apple would look like. Just like with an iPhone, Beeper Mini even worked without requiring you to sign in to an iCloud account. Beeper Mini reverse-engineered the way that Apple creates a new implicit iMessage account based on your phone number, via a one-time exchange of keys sent through SMS. But, if you wanted to use your existing iCloud account with Beeper Mini, you were able to sign in — which, unlike Beeper Cloud, worked with an app-specific password. When I tried Beeper Mini, I used a secondary iCloud account that I use for testing and product reviews, but even with that account, I would not have signed in if Beeper Mini didn’t support app-specific passwords.

Migicovsky told The Verge and Nelson that Beeper believed Apple would be unable to cut off their technique without also breaking iMessage for a significant number of iMessage users on actual Apple devices. I found that hard to believe, given that part of Beeper’s technique involves masquerading as a legitimate Apple device, re-using device identifiers.

Ben Schoon:

Many reports across Reddit and other platforms confirm that Beeper Mini is currently unable to send or receive messages for many users. Some also report that Apple ID sign-in is currently not working if the app is re-installed or activated on a new device.

Sarah Perez (Hacker News, MacRumors):

However, Beeper CEO Eric Migicovsky responded to TechCrunch’s inquiry about Beeper Mini’s status by pointing us to the X post acknowledging the outage, and providing more detail. Asked if possibly Apple found a way to cut off Beeper Mini’s ability to function, he replied, “Yes, all data indicates that.”

[…]

In a statement shared with press, Apple said:

“At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users.”

The company said that it’s unable to verify that messages sent through unauthorized maintain end-to-end encryption.

Chris Welch:

The belief — or I suppose the hope — among Beeper’s developers and users was that it would be such an ordeal for Apple to block the Android app that doing so wouldn’t be worth the hassle. Apparently, it was easier than anyone expected.

[…]

Reached for comment, Beeper CEO Eric Migicovsky did not deny that Apple has successfully blocked Beeper Mini. “If it’s Apple, then I think the biggest question is… if Apple truly cares about the privacy and security of their own iPhone users, why would they stop a service that enables their own users to now send encrypted messages to Android users, rather than using unsecure SMS? With their announcement of RCS support, it’s clear that Apple knows they have a gaping hole here. Beeper Mini is here today and works great. Why force iPhone users back to sending unencrypted SMS when they chat with friends on Android?”

David Pierce (Hacker News):

When I ask Migicovsky if he’s prepared to do battle with Apple’s security team for the foreseeable future, he says that the fact that Beeper Cloud is still working is a signal that Apple can’t or won’t keep it out forever. (He also says Beeper’s team has some ideas left for Beeper Mini.) Beyond that, he hopes the court of public opinion will eventually convince Apple to play nice anyway. “What we’ve built is good for the world,” he says. “It’s something we can almost all agree should exist.”

Malcolm Owen:

In posts to X first reported by Engadget, Beeper is working on a fix that is “still in the works.” The fix itself is apparently “very close, and just a matter of a bit more time and effort.”

Beeper says that it has deregistered phone numbers of users from iMessage so they can still receive text messages, albeit as a dreaded green speech bubble to iOS users. However, as the iPhone messages app “remembers” the blue bubble status for between 6 hours and 24 hours before returning to SMS, Beeper warns “it’s possible that some messages will not be delivered during this period.”

John Gruber:

What I meant by it being “untenable” for Apple to look the other way at Beeper Mini wasn’t that Beeper made legitimate use of iMessage insecure. That’s part of the point of end-to-end encryption. But it was untenable perception-wise for Apple to allow unauthorized client software on a messaging platform heralded first and foremost for its privacy and security. Apple had even lost control over new account signups.

[…]

Again, I wish Apple would release an iMessage client for Android. (But what I really wish is that they’d done so a decade ago, before current platforms had gotten so entrenched, country-by-country around the world.) But I don’t buy the argument that Apple is under any sort of ethical obligation to do so.

The bottom line is that it would be better for Apple’s customers if they could use iMessage everywhere, but (Apple thinks) it would be better for Apple to keep it exclusive.

My own experience is, I guess, an outlier, but I’ve had such terrible problems with messages not being delivered and with the app itself that I often wish iMessage would just go away.

Nick Heer:

I am not falling for Migicovsky’s play-dumb act here and, I am certain, neither are you.

[…]

There are plenty of end-to-end encrypted messaging apps available for iOS and Android, like Signal and WhatsApp, so the premise that “iPhone users can’t talk to Android users except through unencrypted messages” is also complete nonsense.

The issue is that, at least in the U.S., iMessage is dominant, and there’s no way to get everyone you communicate with to switch to something else. Practically speaking, it’s as if the alternatives don’t exist.

Eric Migicovsky and Brad Murray (via Hacker News, MacRumors):

We’ve created an updated version of Beeper Mini that fixes an issue that caused messages not to be sent or received.

I wonder how long this arms race will last.

We’ve made Beeper free to use. Things have been a bit chaotic, and we’re not comfortable subjecting paying users to this. As soon as things stabilize (we hope they will), we’ll look at turning on subscriptions again.

[…]

We—of course—expected a response. What we didn’t expect was 1984-esque doublespeak. The statement is complete FUD. Beeper Mini made communication between Android and iPhone users more secure. That is a fact.

More secure both because the messages were encrypted and because Beeper prompted Apple to fix some latent bugs.

Many people have asked, ‘why don’t people just use Signal or WhatsApp?’. The answer is that Messages App is the default chat app for all iPhone customers. Not only is it the default, iOS makes it impossible to change the default chat app.

I am, of course, in favor of being able to change the default chat app, but I doubt that would make much difference.

Previously:

Update (2023-12-22): John Gruber:

In other words, what remains broken is the implicit creation of an iMessage account based on the cellular phone number of your device. I described this process in broad terms in a footnote on my column yesterday. It’s a magically-invisible-to-the-user process that’s been part of iMessage since it first debuted as an iOS-only feature in iOS 5.

[…]

If Android SMS users were interested in installing a third-party app to enable better cross-platform messaging, wouldn’t they be suggesting to their iPhone-using friends and family that they be the ones who install WhatsApp or Signal or something?

[…]

It is true that Apple does not allow third-party apps to handle anything related to your cellular account. So cellular phone calls only go through the built-in Phone app, and SMS messages only go through the Messages app. Messages isn’t merely the default handler for SMS, it’s the only handler for SMS. But there is no default for “chat”.

Adam Demasi:

I really commend JJTech and Eric for taking on iMessage with a serious and privacy-conscious implementation, but Beeper Mini’s implementation of iMessage seemed problematic to me from the outset for two reasons:

The iMessage protocol is well-documented, and has been pretty much since it was introduced in 2011. The challenge with iMessage has never been on the side of actually sending and receiving messages - the challenge is authenticating a user to their Apple ID, so they can even send or receive a message at all.

[…]

I hope they have more tricks up their sleeve, because it would be a shame to let 3 days of iMessage utopia be the end of it. But if you’re ever curious why nobody has successfully brought down the walled garden of iMessage/FaceTime in any way that doesn’t involve keeping a Mac always running at home or giving up your privacy to a 3rd-party (like Nothing and Sunbird’s security disaster of an app), this is why. It’s designed to be as close to impossible as it can possibly be. It frustrates me even as an iPhone user, because I feel iMessage becoming ubiquitous on Android will have an effect on how much the public (including the biggest Apple fans) believe Apple’s “but privacy!” excuses, but this is still the reality of the situation.

Jay Peters (Slashdot):

Here we go again: After investigating reports that some users aren’t getting iMessages on Beeper Mini and Beeper Cloud, Beeper says that Apple seems to be “deliberately blocking” iMessages from being delivered to about five percent of Beeper Mini users. The company says that uninstalling and reinstalling the app fixes the issue and that it’s working on a broader fix (though that apparently won’t be in place tonight).

Kevin Purdy (Hacker News, MacRumors):

That kind of grievance is why, after Apple on Wednesday appeared to have blocked what Beeper described as “~5% of Beeper Mini users” from accessing iMessages, both co-founder Eric Migicovksy and the app told users they understood if people wanted out. The app had already suspended its plans to charge customers $1.99 per month, following the first major outage. But this was something more about “how ridiculously annoying this uncertainty is for our users,” Migicovsky posted.

Previously:

Where Have the Network Tools Gone?

Howard Oakley:

When writing about network tools available in macOS just eight years ago, I identified three GUI apps:

  • Network Utility, tucked away in /System/Library/CoreServices/Applications,
  • Wireless Diagnostics, accessed via the WiFi menu,
  • Network Diagnostics, hidden in /System/Library/CoreServices.

It seems strange that of those three, only one has survived into Sonoma.

[…]

In Apple’s current support documents, there appears to be no mention of diagnosing network problems except those for WiFi, although Apple sells three models with Ethernet ports fitted as standard (Mac mini, Mac Studio and Mac Pro).

I don’t know why Apple wants us to go back to using command-line tools.

Howard Oakley:

Much of network diagnosis could also be automated, rather than relegated to the command line. Those users who currently struggle to work out why Safari isn’t able to connect to a website could initiate a series of checks, delivering a list of suggestions as to what to try next.

In other areas, adding a layer of simplicity over generic tools like Console can go a long way to revealing the cause of errors that currently only get recorded in the log.

[…]

For the first 17 years of the Mac there was no Terminal, and people bought Apple’s products on the strength of their human interface. If a feature is worth building into macOS, then that alone justifies providing an accessible means of using it.

Previously:

WhatsApp Supports Photos and Video in Original Quality

Tim Hardwick:

WhatsApp is rolling out a new option that lets users on iPhone share photos and video over the messaging platform in their original quality.

[…]

WhatsApp’s latest feature avoids compression altogether by allowing photos and video to be shared as files, thereby preserving their original quality.

Being able to send full-quality media is one of the primary reasons to use iMessage. However, unfortunately, sharing a video from iOS will sometimes resize and re-encode it, reducing the quality. To send a full-quality video, I find that I have to attach it as a file from my Mac.

Previously:

Opening URLs in Private Safari Windows

Jeff Johnson:

The problem with using both private and public windows is that when I open a URL in Safari from another app, such as Mail app, or such as my own Link Unshortener, which I use as my default web browser, I can’t control where exactly the URL opens. If the frontmost Safari window happens to be private, then the URL will open in a private window, whereas if the frontmost Safari window happens to be public, then the URL will open in a public window. Even worse, if Safari is running but currently has no windows, then the URL will open in a new public window, ignoring my “Safari opens with” setting!

I’ve come up with a solution to this problem. Actually, two solutions, two new Mac apps, which I’ve named, with great imagination, PrivateWindow and PublicWindow.

I’ve set PrivateWindow as the browser associated with certain logins in PasswordWallet. Among other benefits, this means I can download a financial statement and then “log out” simply by closing the tab.

Jeff Johnson:

Since Apple doesn’t provide any API for this, the apps use AppleScript to automatically click menu items in the Safari File menu in the main menu bar, a primitive but effective method. Or mostly effective. It turns out that this method didn’t support Safari Profiles, which add items to the Safari File menu. The shortcoming has been rectified in version 2.0 of PrivateWindow and PublicWindow.

Apple should add a real AppleScript API so that this sort of thing can be done without GUI scripting. You should be able to directly specify whether a URL should be opened in a private or public window and which profile should be used. Really, it should also be available at the Launch Services level. Currently, there’s a standard way to specify whether an application should open a URL in the background or whether a file should not be added to the recents. Private browsing should be in there, too.

Google Maps in Late 2023

Tim Hardwick:

When users get directions for driving, walking, or cycling, Google Maps now offers a “multidimensional experience” that can be used to preview bike lanes, sidewalks, intersections, and parking along the route, according to Google.

A time slider can be used to see air quality information and how the route looks as the weather changes throughout the day, while AI and historical driving trends simulate how many cars might be on the road at a given time.

Jack Wellborn:

Launching its own mapping service was Apple’s biggest gambit in its war with Google, way more than any lawsuit. The lawsuits were about iPhone verses Android and while many Android device makers did borrow liberally from iPhones and iOS, it turns out Apple’s fight with Google wasn’t really about one phone platform versus the other. It was about platforms versus services, and which one might commoditize the other. Up until Apple Maps, Google had the undeniable upper hand because it was a win-win for them as long as Apple had to use its services. Google would certainly win more if everyone suddenly started using Android, but they still won even if people stuck with iOS.

[…]

Google would not be paying billions of dollars annually to be the search default in Safari if Apple needed something equally as important from them. The only thing Apple truly ever needed from Google was mapping data. With its own mapping data, Apple no longer needs anything of significance, and so Google has to pay.

Elizabeth Laraki (via Hacker News):

Last week, the team dramatically changed the map’s visual design.

I don’t love it.

It feels colder, less accurate and less human.

[…]

Admittedly, I do think major roads, traffic, and trails stand out more now.

But the colors of water and parks/open spaces blend together.

[…]

So much stuff has accumulated on top of the map.

Currently there are ~11 different elements obscuring it[…]

Darren Allan (via Hacker News):

Google Maps now has gray roads like Apple, rather than white or yellow roads as before, and forests are a darker green.

[…]

These may not sound like massive changes – and to be fair, they aren’t, they’re essentially tweaks. But they have rubbed a number of users up the wrong way. As Android Authority points out, there’s some quite spicy feedback on the new Google Maps on Reddit, X (formerly Twitter) and other online forums.

John Gruber:

This is a very long way of saying that Google Maps’s app design should be like Apple Maps. In fact, Apple Maps has fewer UI elements obtruding actual map content than she’s proposing for Google Maps.

As I’ve said, I think the app design of Apple Maps is better, but I preferred the map design (colors, labels, decisions of what to shown when) of the old Google Maps. It’s frustrating that Google seems to be copying the wrong things from Apple. The new coloring perhaps looks nicer, but it’s less clear. Google Maps seems to be more aggressive about hiding street names that I want to see. I do still prefer it, especially for navigation, because of the way it draws street labels on the actual streets, instead of as horizontal bubbles that cover other parts of the map. Given that maps are now vectors, rather than pre-rasterized images, why can’t some of these details be configurable?

Previously:

Google’s Gemini

Casey Newton:

Google this morning announced the rollout of Gemini, its largest and most capable large language model to date. Starting today, the company’s Bard chatbot will be powered by a version of Gemini, and will be available in English in more than 170 countries and territories. Developers and enterprise customers will get access to Gemini via API next week, with a more advanced version set to become available next year.

How good is Gemini? Google says the performance of its most capable model “exceeds current state-of-the-art results on 30 of the 32 widely-used academic benchmarks used in LLM research and development.” Gemini also scored 90.0% on a test known as “Massive Multitask Language Understanding,” or MMLU, which assesses capabilities across 57 subjects including math, physics, history and medicine. It is the first LLM to perform better than human experts on the test, Google said.

Sundar Pichai (Hacker News):

Our first version, Gemini 1.0, is optimized for different sizes: Ultra, Pro and Nano. These are the first models of the Gemini era and the first realization of the vision we had when we formed Google DeepMind earlier this year. This new era of models represents one of the biggest science and engineering efforts we’ve undertaken as a company.

Demis Hassabis:

This promise of a world responsibly empowered by AI continues to drive our work at Google DeepMind. For a long time, we’ve wanted to build a new generation of AI models, inspired by the way people understand and interact with the world. AI that feels less like a smart piece of software and more like something useful and intuitive — an expert helper or assistant.

Today, we’re a step closer to this vision as we introduce Gemini, the most capable and general model we’ve ever built.

Gemini is the result of large-scale collaborative efforts by teams across Google, including our colleagues at Google Research. It was built from the ground up to be multimodal, which means it can generalize and seamlessly understand, operate across and combine different types of information including text, code, audio, image and video.

John Gruber:

Loosely speaking, Gemini Ultra is competing with GPT 4, and Gemini Pro with GPT 3.5. Nano, the on-device model, will first appear on Pixel 8 Pro phones.

[…]

It seems like the whole demo ought be considered fraudulent — a fake. What’s wrong with Google as a company that they repeatedly try to pass off concept videos as legitimate demos of actual products?

Nick Heer:

If you read the disclaimer at the beginning of the demo in its most literal sense, Google did not lie, but that does not mean it was fully honest. I do not get the need for trickery. The real story would have undoubtably come to light, if not from an unnamed Google spokesperson, and it undermines how impressive this demo is. And it is remarkable — so why not make the true version part of the story? I do not think I would have found it any less amazing if I had seen a real-time demonstration of the still frame of the video being processed by Gemini with its actual output, and then I saw this simplified version.

Previously: