As we know, the devices are not attested, because beeper works. They're also not attested on old iPhone versions which are valid iMessage parties. Some new devices being bound to the hardware key doesn't change that.

Spam doesn't matter here - same app is used for SMS, which gets spam, so there's nothing new here.

But if Apple wanted to, they'd just sort out a deal that allows hardware signing of iMessage accounts on Android. That's not an unfixable problem.

>As we know, the devices are not attested, because beeper works.

This argument doesn't make any sense.

They managed to figure out a way to create valid attestation data via old Apple binaries. Just because a security (well. "security") measure was circumvented, doesn't mean it doesn't exist at all.

Software attestation of hardware is just pointless anti-competitive behavior.

Hardware Attestation however can have an actual security benefit.

If beeper was able to attest without hardware, Apple isn't doing hardware attestation and it's therefore just anti-competitive.

From the way I see it described here, it's more in-depth hardware attestation on newer models. So they're doing the good security thing here, but also not making millions of users' lives worse by outright blocking old phones that don't have the necessary hardware features to perform this attestation. x (5? 15?) years in the future they'll block super old stuff that doesn't meet these security requirements.

That's not how it works. Beeper uses the old binaries, because those come from older iPhones where the hardware signing was not possible yet. It's not circumventing anything as far as I understand, just connecting the way an older iPhone would connect.

I mean, we're splitting hairs on terminology here I feel like?

Apple does not want you to connect to iMessage with non-Apple hardware and Beeper uses old Apple binaries to let you do just that.

That, to me, does fall under the umbrella term of "circumventing" some measures that Apple put in place to stop you from doing that; but I guess I can see the point where you'd object to use of that word?

That's a different argument. I was responding to you saying "This argument doesn't make any sense." to the attestation not being required. Whether you call that circumvention or not, ¯ \ _ ( ツ ) _ / ¯

The point was that if you can replicate it in software, then they're not requiring hardware attestation.

Google. The company that defines what can you call "Android". They can define it to include a hardware crypto chip, signed with the right keys for Apple interop.

I've not received a single spam message on Whatsapp or Signal for as long as I can remember.

I got lots spam on WhatsApp, None on signal.

Guess it's local issue?

i've gotten spam on signal

Was it from a number with the same area code as your Signal number? What was the spam for? Care to share the message if you still have it? I research around spam as a hobby.

Email is in my bio if needed. Thanks in advance.

I always delete it, but 100% of it is cryptocurrency scams.

I have not participated in any cryptocurrency-related groups, so I have always assumed it’s just random.

Same. Travelled all round the world for years using WhatsApp for local comms and Signal for long-term relationships, and never had spam on either.

Same, in years and years of use, never a single spam message.

good point. there are many other people who received more than once spam on whatsapp (to the point it become a meme in some subreddit).

Ditto. Add signal. Never