Let me edit in one more relevant info:
I don’t use it, but my contacts may or may not use it.

For those who don’t know, Beeper is an app that aims to unite all your messaging apps into one. To do this, it makes use of Matrix, bridging all those services together. So far, so cool.

However, since different services often use different encryption protocols, messages between those services and Matrix have to be decrypted on Beepers’ servers, before being re-encrypted with the protocol of the recipient.

They are completely open and transparent about this (which I can very much respect), and state that chats on their servers are encrypted, so they can’t read them.

Still though, decrypting mid-transit kinda throws the whole end-to-end part out of the window.

Some might say that everyone needs to decide for themselves if that’s a problem. But the issue with that is that if you decide to use Beeper, you also decide that every person you chat with is okay with it. Not very cool in my book.

That’s where the question asking for independant audits comes in, because I certainly don’t have the expertise to look at their code. If everything is safe from attackers, then cool.

But me for example, I switched to Signal specifically for verifiable and proper End-to-End Encryption, so chatting with someone who uses Signal through Beeper kinda defeats the point.

Because, how does Beeper even get what they need to decrypt a message I send to a Beeper user?

I don’t consent to a third party decrypting my messages, simply because one of my contacts uses their service. That is fundamentally wrong in my opinion.

What are your thoughts on this?

krolden
link
fedilink
-11Y

If you’re using s service that bridges to a bunch of chat services that are evil fucks like Facebook and google then I think the last thing you should be worried about is beeper reading your messages.

I should’ve mentioned: I don’t use Beeper.

My problem is with the fact that other people use it and hand over encryption keys to my chats without my knowledge.

krolden
link
fedilink
-11Y

But other people are using WhatsApp and signal. What the concern over beeper reading your messages but not these bridged services?

Think of beeper, or any matrix bridges, as the client you use to connect to these non free black box chat services. Now do you think that if you use an alternative client for any of these bridged services would you expect the person you’re chatting with to be notified that you’re using a third party client?

What the concern over beeper reading your messages but not these bridged services?

I don’t think WhatsApp can read my Signal messages, just because they are bridged to the same Matrix account of someone who uses both. Chats from different services are still isolated to themselves, as far as I understand it.

would you expect the person you’re chatting with to be notified that you’re using a third party client?

If that client changes how they expect my and their messages to be delivered, yes.

krolden
link
fedilink
-11Y

Lol OK if anyone is seriously concerned about beeper reading all their messages then they can just set up their own matrix instance. Beeper is more about convenience than explicitly privacy. If you’re really concerned about privacy than you shouldn’t be using any of these services that you dont host yourself.

Arbitter
link
fedilink
11Y

@krolden @miss_brainfart the problem is that Beeper breaks the encryption chain. Not only for your messages but for everyone involved. So if you communicate with someone that uses Beeper, your messages are in the open too.

Again, I don’t use Beeper.

krolden
link
fedilink
-11Y

Again, I dont get your argument against it

My argument against it is that contacts who use it have handed over encryption keys to our chats without me consenting, let alone even knowing.

krolden
link
fedilink
-11Y

You’re doing that anyway. When you send someone a message on any service theres any number of things the person could be doing with that text. Beeper is not the only service that does this. Things like rocketchat, slack, and discord all have bridging built in to some extent, so why single out a company thats actually contributing FOSS code to the community?

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.12K Posts
  • 78K Comments
  • Modlog