Adversarial interoperability is one of the most reliable ways to protect tech users from predatory corporations: that's when a technologist reverse-engineers an existing product to reconfigure or mod it (interoperability) in ways its users like, but which its manufacturer objects to (adversarial):
"Adversarial interop" is a mouthful, so at EFF, we coined the term "competitive compatibility," or comcom, which is a lot easier to say and to spell.
Scratch any tech success and you'll find a comcom story. After all, when a company turns its screws on its users, it's good business to offer an aftermarket mod that loosens them again. HP's $10,000/gallon inkjet ink is like a bat-signal for third-party ink companies. When Mercedes announces that it's going to sell you access to your car's accelerator pedal as a subscription service, that's like an engraved invitation to clever independent mechanics who'll charge you a single fee to permanently unlock that "feature":
Comcom saved giant tech companies like Apple. Microsoft tried to kill the Mac by rolling out a truly cursèd version of MS Office for MacOS. Mac users (5% of the market) who tried to send Word, Excel or Powerpoint files to Windows users (95% of the market) were stymied: their files wouldn't open, or they'd go corrupt. Tech managers like me started throwing the graphic designer's Mac and replacing it with a Windows box with a big graphics card and Windows versions of Adobe's tools.
Comcom saved Apple's bacon. Apple reverse-engineered MS's flagship software suite and made a comcom version, iWork, whose Pages, Numbers and Keynote could flawlessly read and write MS's Word, Excel and Powerpoint files:
It's tempting to think of iWork as benefiting Apple users, and certainly the people who installed and used it benefited from it. But Windows users also benefited from iWork. The existence of iWork meant that Windows users could seamlessly collaborate on and share files with their Mac colleagues. IWork didn't just add a new feature to the Mac ("read and write files that originated with Windows users") – it also added a feature to Windows: "collaborate with Mac users."
Every pirate wants to be an admiral. Though comcom rescued Apple from a monopolist's sneaky attempt to drive it out of business, Apple – now a three trillion dollar company – has repeatedly attacked comcom when it was applied to Apple's products. When Apple did comcom, that was progress. When someone does comcom to Apple, that's piracy.
Apple has many tools at its disposal that Microsoft lacked in the early 2000s. Radical new interpretations of existing copyright, contract, patent and trademark law allows Apple – and other tech giants – to threaten rivals who engage in comcom with both criminal and civil penalties. That's right, you can go to prison for comcom these days. No wonder Jay Freeman calls this "felony contempt of business model":
Take iMessage, Apple's end-to-end encrypted (E2EE) instant messaging tool. Apple customers can use iMessage to send each other private messages that can't be read or altered by third parties – not cops, not crooks, not even Apple. That's important, because when private messaging systems get hacked, bad things happen:
But Apple has steadfastly refused to offer an iMessage app for non-Apple systems. If you're an Apple customer holding a sensitive discussion with an Android user, Apple refuses to offer you a tool to maintain your privacy. Those messages are sent "in the clear," over the 38-year-old SMS protocol, which is trivial to spy on and disrupt.
Apple sacrifices its users' security and integrity in the hopes that they will put pressure on their friends to move into Apple's walled garden. As CEO Tim Cook told a reporter: if you want to have secure communications with your mother, buy her an iPhone:
Last September, a 16-year old high school student calling himself JJTech published a technical teardown of iMessage, showing how any device could send and receive encrypted messages with iMessage users, even without an Apple ID:
JJTech even published code to do this, in an open source library called Pypush:
https://github.com/JJTech0130/pypush
In the weeks since, Beeper has been working to productize JJTech's code, and this week, they announced Beeper Mini, an Android-based iMessage client that is end-to-end encrypted:
Beeper is known for a multiprotocol chat client built on Matrix, allowing you to manage several kinds of chat from a single app. These multiprotocol chats have been around forever. Indeed, iMessage started out as one – when it was called "iChat," it supported Google Talk and Jabber, another multiprotocol tool. Other tools like Pidgin have kept the flame alive for decades, and have millions of devoted users:
But iMessage support has remained elusive. Last month, Nothing launched Sunchoice, a disastrous attempt to bring iMessage to Android, which used Macs in a data-center to intercept and forward messages to Android users, breaking E2EE and introducing massive surveillance risks:
Beeper Mini does not have these defects. The system encrypts and decrypts messages on the Android device itself, and directly communicates with Apple's servers. It gathers some telemetry for debugging, and this can be turned off in preferences. It sends a single SMS to Apple's servers during setup, which changes your device's bubble from green to blue, so that Apple users now correctly see your device as a secure endpoint for iMessage communications.
Now, this is a high-stakes business. Apple has a long history of threatening companies like Beeper over conduct like this. And Google has a long history deferring to those threats – as it did with OG App, a superior third-party Instagram app that it summarily yanked after Meta complained:
But while iMessage for Android is good for Android users, it's also very good for Apple customers, who can now get the privacy and security guarantees of iMessage for all their contacts, not just the ones who bought the same kind of phone as they did. The stakes for communications breaches have never been higher, and antitrust scrutiny on Big Tech companies has never been so intense.
Apple recently announced that it would add RCS support to iOS devices (RCS is a secure successor to SMS):
Early word from developers suggests that this support will have all kinds of boobytraps. That's par for the course with Apple, who love to announce splashy reversals of their worst policies – like their opposition to right to repair – while finding sneaky ways to go on abusing its customers:
The ball is in Apple's court, and, to a lesser extent, in Google's. As part of the mobile duopoly, Google has joined with Apple in facilitating the removal of comcom tools from its app store. But Google has also spent millions on an ad campaign shaming Apple for exposing its users to privacy risks when talking to Android users:
While we all wait for the other shoe to drop, Android users can get set up on Beeper Mini, and technologists can kick the tires on its code libraries and privacy guarantees.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
I've used Matrix (ya know, the encrypted messaging protocol) for more than 4 years now, and even worked at Beeper for a few years. I'm very intimately familiar with the protocol and, after a long time trying to solve just one issue with it, can confidently say that I don't like it and don't think anyone should use it.
Over the course of trying to fix this one issue, I found tons of other examples of issues or vulnerabilities which the Matrix Project simply chose to ignore or sweep under the carpet. With that in mind, I wrote this paper detailing my experience and hopefully warning others about the risks posed by using this protocol.
You can read the paper here! Let me know what you think.
Meta claims it's because nobody uses it and for "safety" reasons. I think by now, we all know that's blatantly untrue. They want to use our messages to train their AI. And probably to be able to read messages of people who are at risk, shall we say, like journalists and such.
It also goes without saying that everybody uses encryption when it comes to messaging. If you're using the messaging feature, you're using the encryption by default.
Instagram's own Help Center literally explains the benefit of E2EE.
Like I said, we're not helpless in this. Fight For The Future has an open letter calling for all major platforms to implement end-to-end encryption as a default feature. They also have a lot of privacy and technology related projects that are worth checking out.
TikTok rechaza el cifrado de extremo a extremo - "Hace que los usuarios estén menos seguros"
Mientras gigantes como WhatsApp, Messenger y Google Messages compiten por ofrecer la máxima privacidad, TikTok ha decidido tomar el camino opuesto. La plataforma confirmó oficialmente que no implementará el cifrado de extremo a extremo (E2EE) en sus mensajes directos (DMs). La compañía argumenta que esta tecnología, considerada el “estándar de oro” de la privacidad, en realidad pone en riesgo a…
Discord is now enforcing E2EE on Server VCs & DM Calls
This means from today onwards, you must be using a version of Discord (and web browser if using web version instead of downloadable version) that supports End-to-End Encryption (E2EE) in order to connect to & join Server Voice Channels & Calls in DMs/GroupDMs.
Text chats are unaffected. This enforcement only affects voice calls in VCs & (G)DMs.
If you attempt to join a VC/Call using an outdated version, you will be blocked from the VC/Call with the error code "4017".
(As a reminder: they have been working on E2EE for VCs/Calls for a few years now. This enforcement comes after rolling out support over the past couple years.)
Discord's Status Page - A/V E2EE Enforcement for Non-stage Voice Calls.
“أبل” تقترب من تفعيل ميزة التشفير الكامل لرسائل RCS في النسخة التجريبية الثانية من iOS 26.3
كشفت النسخة التجريبية الثانية من نظام التشغيل iOS 26.3 عن تقدم جديد يُشير إلى قرب “أبل” من تفعيل ميزة التشفير من طرف إلى طرف (E2EE) لرسائل RCS، وهو ما طال انتظاره منذ إعلان الشركة في مارس من العام الماضي عن دعم هذا المعيار عقب توحيده من قبل رابطة GSMA العالمية.
وبالرغم من عدم وجود تفاصيل جديدة حول موعد الإطلاق، إلا أن النسخة التجريبية تضمنت مؤشرات تقنية تعزز التوقعات بإمكانية إتاحة هذه الميزة في التحديثات المقبلة للنظام. وقد رصد مطوّر فرنسي يُعرف باسم Tiino-X83 إعدادًا جديدًا ضمن حزم مشغّلي الشبكات، يسمح لهم بتفعيل أو تعطيل ميزة التشفير الكامل لرسائل RCS.
وأشار Tiino-X83 عبر منصة “إكس” إلى أن سطرًا برمجيًا يتعلق بهذا الإعداد ظهر فقط لدى أربعة مشغّلين رئيسيين في فرنسا، وهم Bouygues، SFR، Orange وFree، مما يوحي باختبار “أبل” لهذه الميزة بالتعاون مع شركاء محددين في فرنسا قبل تعميمها عالميًا.
وأوضحت الوثائق الرسمية من رابطة GSMA أن دعم التشفير الكامل يُعتبر مطلبًا أساسيًا في معيار RCS، حيث يتعين على جميع تطبيقات المراسلة استخدام هذا البروتوكول بشكل افتراضي، مع وجود استثناءات فقط في حالات الحظر القانوني في بعض الدول. كما يُلزم مزوّدو خدمات RCS بتفعيل الميزة لجميع المستخدمين، ولا يُسمح لهم بتعطيلها لفئات معينة.
وبشكل صحيح، يُفترض على التطبيق إبلاغ المستخدمين بعدم توفر الميزة في حال عدم إمكانية تفعيلها بسبب القيود المحلية. علاوة على ذلك، يتوجب أن يشمل التشفير كل أنواع المحتوى الذي ينشئه المستخدمون، باستثناء إشعارات “يتم الكتابة الآن”.
من الواضح أن الإعداد الجديد يتيح لـ “أبل” الامتثال لمعايير GSMA عبر تفعيل أو تعطيل الميزة وفقًا للأنظمة القانونية في كل سوق، مع الحفاظ على شفافية حالة التشفير أمام المستخدم. وعلى الرغم من أن ظهور هذا الكود لا يضمن تفعيل التشفير الكامل في النسخة النهائية من iOS 26.3، إلا أنه يُعد مؤشرًا قويًا على استعداد “أبل” لإطلاق هذه الميزة قريبًا.
تفعيل ميزة التشفير لمحادثات RCS بين هواتف آيفون وأندرويد سيكون خطوة هامة نحو تعزيز أمان وخصوصية تجربة التراسل لمستخدمي الهواتف الذكية، خاصة بعد منح “أبل” الإذن باستخدام رسائل RCS على آيفون العام الماضي بعد سنوات من الرفض. https://midad.news/%d8%a3%d8%a8%d9%84-%d8%aa%d9%82%d8%aa%d8%b1%d8%a8-%d9%85%d9%86-%d8%aa%d9%81%d8%b9%d9%8a%d9%84-%d8%aa%d8%b4%d9%81%d9%8a%d8%b1-%d8%a7%d9%84%d8%b7%d8%b1%d9%81%d9%8a%d9%86-%d9%84%d9%84%d9%85%d8%ad%d8%a7/?utm_source=dlvr.it&utm_medium=tumblr
on the off chance anybody reading this gives a shit:
I tested a bunch of decentralized, end-to-end encrypted chat systems in the past few weeks, to answer the "what if Signal Messenger gets shut down or compromised" question.
tl;dr every option I tried is a mess, but Delta Chat is the closest to becoming actually usable for normies and people who can't or won't devote more than 3 minutes to thinking about this type of thing.
so, I will be paying the most attention to Delta Chat going forward, encouraging my tech nerd friends to test it with me, and kicking the tires very thoroughly. if you want to chat with me on there, send me a DM or an ask for my code.
given how insistent people have been that Trump and his lackeys are Actual Fascists, there should be a lot more people in the "willing to devote between 1 and 3 minutes thinking about secure messaging" crowd than there currently are.
if you have ever done a single activisty thing in your entire life and you are still communicating with people via bare-ass SMS texts, Whatsapp, Telegram, or god forbid Facebook Messenger, you are officially Asking For It. time to install Signal and befriend a local security freak like me to stay in the know about systems which are harder for the Fourth Reich to shut down or infiltrate.
