> Relying on the assumption of an “authorized client” is fundamentally not a reliable security or anti-spam mechanism, as this Beeper saga demonstrates.
That's fundamentally false given how Apple is a hardware company, and going forward they can ship a cryptographically secure hardware attestation mechanism. The issue is simply that older Apple devices were shipped without this capability, and Apple doesn't want to break them to prohibit Beeper.
But make no mistake, in a few years when those older devices are fully deprecated, there is nothing preventing Apple from shipping essentially uncrackable hardware attestation.
That's fundamentally false given how Apple is a hardware company, and going forward they can ship a cryptographically secure hardware attestation mechanism. The issue is simply that older Apple devices were shipped without this capability, and Apple doesn't want to break them to prohibit Beeper.
But make no mistake, in a few years when those older devices are fully deprecated, there is nothing preventing Apple from shipping essentially uncrackable hardware attestation.