Most active commenters
  • lxgr(7)
  • apitman(3)

←back to thread

Cross-Platform P2P Wi-Fi: How the EU Killed AWDL

(www.ditto.com)
223 points stusmall | 23 comments | 28 Mar 25 13:13 UTC | HN request time: 0.842s | source | bottom
1. mschuster91 ◴[28 Mar 25 14:07 UTC] No.43505607[source]
The interesting question is authentication/authorization - at the moment, macOS greatly simplifies this as long as both devices belong to the same Apple ID. On the opposite side, Samsung does the same.

How will that work out?

replies(3): >>43505810 #>>43506001 #>>43506685 #
2. bigfish24 ◴[28 Mar 25 14:23 UTC] No.43505810[source]
For something like AirDrop this will need to be sorted out, but already work occurred to reverse engineer this: https://github.com/seemoo-lab/opendrop

Would be cool if an open standard on auth forms on top of this.

replies(2): >>43506428 #>>43506708 #
3. api ◴[28 Mar 25 14:39 UTC] No.43506001[source]
Vanilla P2P Wifi is amazing for the possibilities it unlocks, but unfortunately most developers can't do security to save their lives. There will be a lot of insecure apps.
4. fire_lake ◴[28 Mar 25 15:09 UTC] No.43506428[source]
For this to succeed I think we need a C implementation that can be used by many languages and runtimes.
replies(2): >>43506720 #>>43510239 #
5. lxgr ◴[28 Mar 25 15:30 UTC] No.43506685[source]
That's certainly a nice feature, but in comparison to the elephant in the room, i.e. wireless file transfers between Android and iOS being completely impossible at the moment, it's completely insignificant.
replies(2): >>43507488 #>>43511001 #
6. lxgr ◴[28 Mar 25 15:32 UTC] No.43506708[source]
How would an open implementation be compatible with this, given that Apple's implementation is based on an Apple-operated PKI?

Note that this is only a conversation about sender identification, which allows sending to a "non-world-visible" receiving device and confirmation-less sending to devices with the same iCloud account on them. Anonymous sending isn't cryptographically gated by Apple, to my knowledge.

replies(1): >>43510252 #
7. lxgr ◴[28 Mar 25 15:33 UTC] No.43506720{3}[source]
Not in C, please, since this is something that by definition will handle at least some unauthenticated low-level protocol traffic.
replies(1): >>43511164 #
8. tsujamin ◴[28 Mar 25 16:46 UTC] No.43507488[source]
> wireless file transfers between Android and iOS being completely impossible at the moment

P2P proximal wireless transfer, sure, but there's half a dozen apps on your phone that'll let you punt a document, a photo, an invite to someone on the other phone OS platform.

Maybe I'm an edge case, but probably 90% of my Airdrop usage is between my own devices, so the platform taking care of the authentication story is of more utility than cross-platform transfers. If someone isn't on iOS I'll just send them the file on Signal since, if the source is my phone in the first place, it's probably not a huge transfer anyway.

replies(3): >>43507810 #>>43508002 #>>43508697 #
9. mschuster91 ◴[28 Mar 25 17:11 UTC] No.43507810{3}[source]
> P2P proximal wireless transfer, sure, but there's half a dozen apps on your phone that'll let you punt a document, a photo, an invite to someone on the other phone OS platform.

Yeah, via their server, which means it's slow even if you have wifi, requires valuable data credit if not, or it requires the installation of a companion app on the other device and putting the other device in the same network.

replies(1): >>43507997 #
10. MaKey ◴[28 Mar 25 17:30 UTC] No.43507997{4}[source]
The biggest point for me is privacy. I don't want to upload private data to some server just to send it to another device that's next to mine.
replies(1): >>43511148 #
11. lxgr ◴[28 Mar 25 17:30 UTC] No.43508002{3}[source]
> there's half a dozen apps on your phone that'll let you punt a document, a photo, an invite to someone on the other phone OS platform.

That's exactly my point: Apps – which users have to install, which requires an Internet connection.

Also all of them routing data through some centralized server, often not end-to-end encrypted.

> If someone isn't on iOS I'll just send them the file on Signal

Approximately none of the people that I've Airdropped photos to in the past have Signal installed, and even if they do, there isn't always an Internet connection available. Airdrop also sends the original photo including all metadata and resolution, which is another big reason I like it.

On top of that, I've Airdropped photos to complete strangers (e.g. if I managed to get a nice shot of something on a tour) with which I didn't have any desire to exchange numbers, and I just would not have been able to send the photo to Android.

replies(1): >>43511139 #
12. sneak ◴[28 Mar 25 18:42 UTC] No.43508697{3}[source]
https://sneak.berlin/20210425/signal-is-wrecking-your-images...

This also roundtrips to the internet, which is slow and expensive compared to a LAN transfer.

You also can't attach files >100MB in Signal. No transferring an installer .iso.

13. ryao ◴[28 Mar 25 21:56 UTC] No.43510239{3}[source]
The AWDL part is in C:

https://github.com/seemoo-lab/owl

14. ryao ◴[28 Mar 25 21:58 UTC] No.43510252{3}[source]
Their documentation suggests that is only needed by contacts only mode and they wrote some code to get the needed certificates from macOS:

https://github.com/seemoo-lab/airdrop-keychain-extractor

replies(1): >>43510582 #
15. lxgr ◴[28 Mar 25 22:34 UTC] No.43510582{4}[source]
That still requires you to have (access to) a Mac and an iCloud account.

It might be possible to reimplement the required Apple API, but as demonstrated by the iMessage/Beeper saga, they usually shut such things down pretty quickly.

16. dmitrygr ◴[28 Mar 25 23:27 UTC] No.43511001[source]
Nice of you to state your option as fact. Now let me try. Compat with Android is “completely insignificant” but magical auto-auth based on Apple ID is the “elephant in the room”. See how that works?
replies(1): >>43512344 #
17. apitman ◴[28 Mar 25 23:50 UTC] No.43511139{4}[source]
> On top of that, I've Airdropped photos to complete strangers (e.g. if I managed to get a nice shot of something on a tour) with which I didn't have any desire to exchange numbers, and I just would not have been able to send the photo to Android.

Comments like this are one of the few things that can make me jealous of Apple users. I just can't stomach how locked down the platform is as a developer. Android is also getting worse though.

18. apitman ◴[28 Mar 25 23:50 UTC] No.43511148{5}[source]
Most quality apps should be e2ee right?
replies(1): >>43515028 #
19. apitman ◴[28 Mar 25 23:51 UTC] No.43511164{4}[source]
I'm impressed you managed to not use the R-word
20. lxgr ◴[29 Mar 25 03:02 UTC] No.43512344{3}[source]
I meant the opposite: Cross-platform compatibility is what’s sorely missing, and authentication is only a cherry on top, so I don’t think it ought to be a blocker.
replies(1): >>43512460 #
21. dmitrygr ◴[29 Mar 25 03:25 UTC] No.43512460{4}[source]
The reason iMessage has less spam than SMS is that it has a cost associated: the cost of an apple device. It is our gated community and we do not want it force-opened to the public. Better?
replies(1): >>43512598 #
22. lxgr ◴[29 Mar 25 03:57 UTC] No.43512598{5}[source]
Not sure if you’re being ironic, but I use an iPhone too (and as such “own property in the gated community”), and I very much do want iMessage force-opened to the public if that’s what it takes to get Apple to make it interoperable.

Compared to a decade ago or two, there are too many silos in communication these days as it is.

23. MaKey ◴[29 Mar 25 12:33 UTC] No.43515028{6}[source]
Do you have an example for such an app? I don't know anybody using 3rd party file transfer apps. Usually files are uploaded to some cloud service (iCloud, OneDrive, ...) and then shared with a link if they can't be sent via messaging apps like WhatsApp or Signal.