Let me edit in one more relevant info:
I don’t use it, but my contacts may or may not use it.

For those who don’t know, Beeper is an app that aims to unite all your messaging apps into one. To do this, it makes use of Matrix, bridging all those services together. So far, so cool.

However, since different services often use different encryption protocols, messages between those services and Matrix have to be decrypted on Beepers’ servers, before being re-encrypted with the protocol of the recipient.

They are completely open and transparent about this (which I can very much respect), and state that chats on their servers are encrypted, so they can’t read them.

Still though, decrypting mid-transit kinda throws the whole end-to-end part out of the window.

Some might say that everyone needs to decide for themselves if that’s a problem. But the issue with that is that if you decide to use Beeper, you also decide that every person you chat with is okay with it. Not very cool in my book.

That’s where the question asking for independant audits comes in, because I certainly don’t have the expertise to look at their code. If everything is safe from attackers, then cool.

But me for example, I switched to Signal specifically for verifiable and proper End-to-End Encryption, so chatting with someone who uses Signal through Beeper kinda defeats the point.

Because, how does Beeper even get what they need to decrypt a message I send to a Beeper user?

I don’t consent to a third party decrypting my messages, simply because one of my contacts uses their service. That is fundamentally wrong in my opinion.

What are your thoughts on this?

  • @[email protected]OP
    link
    fedilink
    4
    edit-2
    2 years ago

    Sure, but the more important issue is that other people use Beeper, so messages I send to them still get the decryption treatment even though I never consented to that.

    I don’t even know if one of my contacts uses Beeper unless they tell me, and that’s not okay.

    • @[email protected]
      link
      fedilink
      52 years ago

      That goes hand in hand with a level of trust with some companies/people and everyone has different threat tolerances. It also highlights the mindset that you have no idea what the person on the other end of the message is doing with it. End to end encryption helps keep in line eavesdropping down but if the recipient of the message has a compromised device or are screenshoting everything and posting it on facebook it’s out of your control.

      • @[email protected]OP
        link
        fedilink
        1
        edit-2
        2 years ago

        Which is exactly why I’m raising concerns over it. The fact that this can just happen should not be as normal as it is.

        A slightly different example would be WhatsApp having my name and phone number even though I don’t use it, but simply because someone else has me saved in their contacts.

        Stuff like this is a problem, and I want to make more people aware of that, give them a better understanding of what can and does happen to their data.

    • @[email protected]
      link
      fedilink
      62 years ago

      I think this is an issue for any messenger, not just those tied to the beeper service. E2E encryption only covers transmittal of the message, and you can’t control what the recipient does once they get it… What if the recipient has no passcodes on their phone, no disappearing messages, and the phone gets stolen? Whoever stole the phone now has access to all of your messages even when using a fully E2E encrypted messenger like signal.

      If you’re using any messenger for highly sensitive conversations you need to have trust in the recipient. Just have a conversation that they’re either not using a service like this, or like others said are choosing to self host it in a safe manner.

      • @[email protected]OP
        link
        fedilink
        12 years ago

        I fully agree with the sentiment. The recipient is the last, but most important link in the chain to trust with the contents of my message.

        But that doesn’t mean we can devalue the other parts of the chain. I need to be able to trust them, too. So if messages are being decrypted by a third-party without my knowledge, that’s a problem.

        • @[email protected]
          link
          fedilink
          22 years ago

          I guess what I’m saying is that if the recipient chooses to use Beeper, the chain ends there though… Signal did its job and delivered an encrypted message, and you can’t control that the recipient gave decryption keys to Beeper.

          Both Signal and Beeper aren’t doing anything inherently wrong, but if you don’t trust messages passing through beeper servers you need to have that conversation with the recipient.

          • @[email protected]OP
            link
            fedilink
            1
            edit-2
            2 years ago

            It just seems very wrong that some random service can decrypt my messages. Like, what.

            Beeper being able to do that without consent from both contacts is very wrong to me, at least.

            Signal should be firmly against this, seeing how they already proclaimed being against interoperability, but what do I know.

    • krolden
      link
      fedilink
      12 years ago

      If you’re using s service that bridges to a bunch of chat services that are evil fucks like Facebook and google then I think the last thing you should be worried about is beeper reading your messages.

      • @[email protected]OP
        link
        fedilink
        22 years ago

        I should’ve mentioned: I don’t use Beeper.

        My problem is with the fact that other people use it and hand over encryption keys to my chats without my knowledge.

        • krolden
          link
          fedilink
          12 years ago

          But other people are using WhatsApp and signal. What the concern over beeper reading your messages but not these bridged services?

          Think of beeper, or any matrix bridges, as the client you use to connect to these non free black box chat services. Now do you think that if you use an alternative client for any of these bridged services would you expect the person you’re chatting with to be notified that you’re using a third party client?

          • @[email protected]OP
            link
            fedilink
            12 years ago

            What the concern over beeper reading your messages but not these bridged services?

            I don’t think WhatsApp can read my Signal messages, just because they are bridged to the same Matrix account of someone who uses both. Chats from different services are still isolated to themselves, as far as I understand it.

            would you expect the person you’re chatting with to be notified that you’re using a third party client?

            If that client changes how they expect my and their messages to be delivered, yes.

            • krolden
              link
              fedilink
              12 years ago

              Lol OK if anyone is seriously concerned about beeper reading all their messages then they can just set up their own matrix instance. Beeper is more about convenience than explicitly privacy. If you’re really concerned about privacy than you shouldn’t be using any of these services that you dont host yourself.

                  • @[email protected]OP
                    link
                    fedilink
                    12 years ago

                    My argument against it is that contacts who use it have handed over encryption keys to our chats without me consenting, let alone even knowing.

              • Arbitter
                link
                fedilink
                12 years ago

                @krolden @miss_brainfart the problem is that Beeper breaks the encryption chain. Not only for your messages but for everyone involved. So if you communicate with someone that uses Beeper, your messages are in the open too.