Let me edit in one more relevant info:
I don’t use it, but my contacts may or may not use it.
For those who don’t know, Beeper is an app that aims to unite all your messaging apps into one. To do this, it makes use of Matrix, bridging all those services together. So far, so cool.
However, since different services often use different encryption protocols, messages between those services and Matrix have to be decrypted on Beepers’ servers, before being re-encrypted with the protocol of the recipient.
They are completely open and transparent about this (which I can very much respect), and state that chats on their servers are encrypted, so they can’t read them.
Still though, decrypting mid-transit kinda throws the whole end-to-end part out of the window.
Some might say that everyone needs to decide for themselves if that’s a problem. But the issue with that is that if you decide to use Beeper, you also decide that every person you chat with is okay with it. Not very cool in my book.
That’s where the question asking for independant audits comes in, because I certainly don’t have the expertise to look at their code. If everything is safe from attackers, then cool.
But me for example, I switched to Signal specifically for verifiable and proper End-to-End Encryption, so chatting with someone who uses Signal through Beeper kinda defeats the point.
Because, how does Beeper even get what they need to decrypt a message I send to a Beeper user?
I don’t consent to a third party decrypting my messages, simply because one of my contacts uses their service. That is fundamentally wrong in my opinion.
What are your thoughts on this?
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.43K Posts
- 57.3K Comments
- Modlog
So, I’m self hosting basically this. I have a matrix server that is publicly accessible but I’m the only user on it. I’m also self hosting a handful of bridges, signal being one of them. I’ve played with the WhatsApp bridge, and I’m using an SMS/MMS bridge.
It’s basically a man in the middle for all your chat apps. The Signal bridge software will login to your signal account and have full access to everything. The bridge works by watching all the decrypted messages and posting them to a matrix room. The matrix room may or may not be encrypted. This means you need to put a lot of faith into the bridge code and the people hosting the matrix server. The SMS/MMS bridge I use doesn’t even support encrypted matrix rooms.
I personally would never use beeper. Even if I couldn’t selfhost, I would not trust one person/company with centralized access to all my messages. I’m sure they have good intentions and would never do anything to abuse their position but I won’t put anyone there.
I mean, I love the idea behind it. And Matrix bridges aren’t anything new either, Beeper just aims to make it easier to set up.
And with the Digital Markets Act pushing for interoperability, big services will have to decide on one protocol to use, so messages between those services should be truly e2ee then.
But what really irks me is that someone can just set this up, and now there’s a gap in the encryption that’s supposed to be end-to-end, without me ever knowing or having given my consent.