Bluebubbles requires running Mac hardware, or a Mac virtual machine, which if run on non-Apple hardware violates Apples ToS. You may not care about that but enterprises certainly do.
This is worlds away from twilio which will provide you with orders of magnitude more throughout and deliver it with SLAs.
And unless you imagine Apple will hardware certify pebbles, how does Apple determine the BLE endpoint is actually a Pebble? If you have a way to ensure that without a key registry and TEE controlled by Apple, congratulations — Turing award is incoming.
Upshot: You’re a hacker on a hacker forum - cool. Sending one to ten programmatic iMessages in a hack is easy for you. But you may not have all the experience necessary to opine on how that compares to accessing an enterprise grade hyperscale sms messaging solution: building those is challenging, the companies that do a good job are worth billions of dollars and they exist solely to allow bulk SMS. To think blue bubbles somehow dunks on the idea that these economies of scale don’t matter isn’t correct in my opinion.
We're not discussing whether spamming SMS is easier - of course it is and I don't know why you keep returning to this relative comparison.
We're discussing whether authorizing third party smart watches to send messages via your iPhone would make it easy for spammers to send iMessage spam. Not just easy, but easier than it is right now using Bluebubbles' approach. Both require physical hardware, an Apple ID, and both are subject to the same server-side spam protection.
That's a very specific claim which you made and you haven't provided any supporting evidence for it, nor a coherent explanation.
> Sending one to ten programmatic iMessages in a hack is easy for you. But you may not have all the experience necessary to opine on how that compares to accessing an enterprise grade hyperscale sms messaging solution
I think if you dig deeper into this train of thought you'll get to the point that I'm making. Having relatively restricted API access to send a handful of iMessages from a 3rd party watch via your own physical iPhone will not enable mass-spam like you claimed it would.
Scaling an iMessage spam operation would be hard not because the client side is completely locked down (which it can never be, see the concept of "analog hole" [1]), but because server-side rate limits and user spam reports are the primary mechanism that keeps spam under control.
[1] This could be an ESP32 pretending to be a keyboard/mouse device that automatically navigates through iMessage UI on an iPhone to send messages just like a user would.
Many comments deep now but I think my original point was that this would change the security boundary, which I still believe, and that changing the security boundary is net negative for Apple users which I also still believe.
You’re saying there a logical gap between opening up a radio based endpoint on an iPhone and allowing more spam in the system, or at least there’s no reason to think that it would be a different order of magnitude than blue bubbles.
I want badly to agree with you, at least enough to stop bike shedding about it. So let me try: Some possible implementations of opening up sms probably don’t add easier volume and programmatic sms options for developers. If you’re happy with that then we’re in agreement.
I think the main ‘easiest path’ implementation would increase spam though - turning on an iOS app’s ability to directly programmatically interact with messages on device and send and receive them over a radio would allow for simpler automates message parsing, creation and distribution; Apple is clearly not interested in this being a feature available to App Store developers. And Apple would then be in the position of having to do some sort of bound to fail static analysis to prove the messages aren’t being sent out to an IP endpoint at some point, or including requests from some endpoint. And this is both because of the extension of the hardware security circle and because of the necessary feature of having a human out of the loop in iMessage actions.
I propose that this would increase spam on iMessage in that case. It would allow an app maker to use sms without human in the loop, essentially, extending notification to sms without humans opting in.
Either way I think that’s probably what I need as imagining, admittedly a bit vaguely in my initial reference. Appreciate the back and forth.
This is worlds away from twilio which will provide you with orders of magnitude more throughout and deliver it with SLAs.
And unless you imagine Apple will hardware certify pebbles, how does Apple determine the BLE endpoint is actually a Pebble? If you have a way to ensure that without a key registry and TEE controlled by Apple, congratulations — Turing award is incoming.
Upshot: You’re a hacker on a hacker forum - cool. Sending one to ten programmatic iMessages in a hack is easy for you. But you may not have all the experience necessary to opine on how that compares to accessing an enterprise grade hyperscale sms messaging solution: building those is challenging, the companies that do a good job are worth billions of dollars and they exist solely to allow bulk SMS. To think blue bubbles somehow dunks on the idea that these economies of scale don’t matter isn’t correct in my opinion.