0

iMessage not working with Apple Native Protection

today I found iMessage unable to send a message while the Apple Native Privacy Protetion was on. After switching it off, it worked again.

It's is still in Beta phase, therefore reporting the bug...

19 replies

null
    • Calvin_Hobbes
    • 3 yrs ago
    • Reported - view

    I’ve been using this feature since it was introduced and haven’t had any problems with iMessage 

    • crssi
    • 3 yrs ago
    • Reported - view

    I have also been using this option from the beginning... more than a year now. Several iOS devices, tons of imessages... not a single problem.

    • tangerine_bee
    • 3 yrs ago
    • Reported - view

    Thanks, let me try it again - maybe it was "*icloud-content.com" which is pointed at/resolves to >> "*.content-storage-upload.googleapis.com" , as I had to put that on the allow list.

     

    UPDATE: i just checked the logs, that is the problem and things are working now: "*.content-storage-upload.googleapis.com" - so if you want to use iMessage, you need to give your share of data to goog*le

    • crssi
    • 3 yrs ago
    • Reported - view

    I do not see that icloud-content.com would be resolved to content-storage-upload.googleapis.com.

    Actually is an A record and not a CNAME.

    Also I am not really sure (do not believe) that Apple would use G services for it.

    • Calvin_Hobbes
    • 3 yrs ago
    • Reported - view

    I’m curious if you are outside the US.   I recall a different problem with an Apple service and we found it was location dependent.   Unfortunately I don’t recall the details, but I do recall the user seeing the problem was in Netherlands while I was in the US and did not see the problem here.     We had a thread on Reddit.   If you think this could be similar I can try to find it.

    • crssi
    • 3 yrs ago
    • Reported - view

    I am from EU. But if you check here https://dnschecker.org/#A/icloud-content.com (click any LOAD button on the page) the DNS servers all over the world reports the same... but, yes, I don't know from which IP (geo location wise) as a client this site is operating, so I can't be sure.

    but I do recall the user seeing the problem was in Netherlands while I was in the US and did not see the problem here.

    This is how CDN works.

    What does a command line command return at your place?:

    nslookup icloud-content.com

      • Calvin_Hobbes
      • 3 yrs ago
      • Reported - view

      crssi 

      Using Nextdns CLI

      Server:        127.0.0.1
      Address:    127.0.0.1#53
      
      Non-authoritative answer:
      Name:    icloud-content.com
      Address: 17.253.142.4
      

       

      Using google DNS

      Server:        8.8.8.8
      Address:    8.8.8.8#53
      
      Non-authoritative answer:
      Name:    icloud-content.com
      Address: 17.253.142.4

      Same results.   I am in US.

      • crssi
      • 3 yrs ago
      • Reported - view

      Calvin Hobbes Same here. But we are already past that, since the icloud-content.com was wrongly identified as a culprit. Cheers

    • tangerine_bee
    • 3 yrs ago
    • Reported - view

    crssi You are right and I wrote it wrong - "icloud-content.com" does not resolve to it. While sending an iMessage it actually connects DIRECTLY to that Goo*gle service - see the screenshot. and after doing it again this morning, to make a screenshot for this forum, even more Goo*gle services.

    Calvin Hobbes yes, I am in EU area.

    I think it's time to also bury iMessage, after having burried Whatsapp already ;-) With other messengers this does not happen! Shame on Apple!

      • tangerine_bee
      • 3 yrs ago
      • Reported - view

      BM If you block "*content-storage-upload.googleapis.com" the iMessage fails to send

    • crssi
    • 3 yrs ago
    • Reported - view

    You are right. I can confirm it now, when blocking content-storage-upload.googleapis.com.

    For now only when sending a picture, not for text or audio. Will keep an eye on it.

    Crap.

      • tangerine_bee
      • 3 yrs ago
      • Reported - view

      crssi Perhaps something for our friends Johannes Caspar & Max Schrems to add to their "To-Do" lists ;-) Unbelievable!

    • scrypt
    • 3 yrs ago
    • Reported - view

    crssi BM

    Apple uses third part cloud providers, but all data is encrypted before arriving to their servers and the content providers do not have the key. They use them for storage. Google/Amazon have no way to access the data, so there is no reason to be concerned.

    https://support.apple.com/guide/security/icloud-overview-secacde2d0da/1/web/1

    Each file is broken into chunks and encrypted by iCloud using AES-128 and a key derived from each chunk’s contents, with the keys using SHA-256. The keys and the file’s metadata are stored by Apple in the user’s iCloud account. The encrypted chunks of the file are stored, without any user-identifying information or the keys, using both Apple and third-party storage services—such as Amazon Web Services or Google Cloud Platform—but these partners don’t have the keys to decrypt the user’s data stored on their servers.

    If you read into the iOS security guide, you will find that these providers are used for iMessage attachments while normal messages are still send through Apple's servers. Everything is End to End Encrypted.

    Just because you see the word Google or Amazon does not mean it is the end of the world. Please think critically and find information before spreading rumors.

      • tangerine_bee
      • 3 yrs ago
      • Reported - view

      scrypt it's not a rumor, it is a fact documented in black on white. 
       

      If it would pass Apple Servers enroute to whoever or whereever and encrypted by Apple, that is no problem.
       

      The problem is a DIRECT connection to DATA Vacuum Cleaners! And they do receive personally identifiable information as in IP address, as it is a DIRECT connection. 
       

      and that is unacceptable!

      • scrypt
      • 3 yrs ago
      • Reported - view

      BM I can see you are more concerned about your premonitions (and your hatred of Google) about the subject than you are about the facts and how most complex data storage is done. You can complain to Apple's System Engineers about how they route data, but I can tell you quickly: it doesn't matter. All data is encrypted, and IP addresses are hardly personally identifiable information anymore.

      DATA Vacuum Cleaners

      They have hardware that runs storage solutions and part of the internet. Apple pays Google to use their hardware while they build their own. It is called a business transaction.

      • tangerine_bee
      • 3 yrs ago
      • Reported - view

      scrypt no hatred of anyone, just a conscious choice to use privacy-preserving services. If I would have wanted a direct connection to Goo*gle, I would have bought a Pixel Smartphone and used their services. 
       

      I recommend that you read the EU-GDPR to see what is personally identifiable information and then come back.

      • scrypt
      • 3 yrs ago
      • Reported - view

      BM If you do not want a direct connection to Google, I recommend you stay off the internet.

      This is now off topic. Instead of lamenting about how the internet works, lets keep it to NextDNS. I just wanted to dispel some misinfo.

      • crssi
      • 3 yrs ago
      • Reported - view

      scrypt 

      Thank you for info, except the last paragraph... which is a keeper... for yourself.

      This is not the place for that debate. And to throw at people about google believers and disbelievers.

       

      Cheers

      • tangerine_bee
      • 3 yrs ago
      • Reported - view

      scrypt there was no misinfo at play at any time - only facts, with the exception of you trying to create a veil over the subject. 

      there are many services available which function without Google. Thank you!

Content aside

  • 3 yrs agoLast active
  • 19Replies
  • 406Views
  • 4 Following