this post was submitted on 13 Sep 2023
29 points (93.9% liked)

The Signal messenger and protocol.

1647 readers
1 users here now

https://signal.org/

founded 4 years ago
MODERATORS
 

I love Signal. But despite my best efforts, I still have friends using WA and iMessage. Managing multiple apps is kinda a pain. Beeper offers a convenient way to combine them into one interface, and it claims to re-encrypt the content. Does anyone know anything about this claim?

From their website:

Messages sent using Beeper to other chat networks are re-encrypted if the other network supports encryption (like Signal, WhatsApp and iMessage).

So..Safe? Or no?

all 12 comments
sorted by: hot top controversial new old
[–] Skimmer@lemmy.zip 16 points 1 year ago* (last edited 1 year ago) (1 children)

I'd be cautious of Beeper. I guess my biggest concern personally is that it introduces an unnecessary middle man, and its closed source and proprietary, so there's no way at all to verify any claims they make.

To be charitable, I do think their claim on re-encryption of messages through the services themselves is true, but I think the bigger concern here is that whatever messages you send/receive also go through Beeper and not only services like Signal/iMessage/WhatsApp, and I'm unsure if Beeper encrypts the data they receive, or what access they have to it/how they handle it. That's my biggest issue, as it would effectively make end to end encryption on these services useless if Beeper just had full access and could see all of your messages and any metadata, which is what I suspect is the case.

[–] v3ritas@infosec.pub 6 points 1 year ago (1 children)

They do have a self-host option, but I haven’t had the chance to dig into it yet: GitHub: beeper/self-host

[–] Skimmer@lemmy.zip 2 points 1 year ago (1 children)

Interesting, that's good to know, that'd definitely alleviate some of my issues, so I guess the concern comes down to whether the client itself is open source or not and if it can be trusted.

[–] v3ritas@infosec.pub 2 points 1 year ago (1 children)

Yeah, definitely. Maybe I'll have some time this weekend to play around with the server & some dummy accounts to see how it all goes.

[–] Skimmer@lemmy.zip 3 points 1 year ago* (last edited 1 year ago)

Let me know how it goes if you do get to play around with it. I'm definitely interested in the idea and concept of Beeper, like being able to use WhatsApp without having the app installed on your phone seems nice, same with using iMessage without an iPhone. If its done right and safely, it could definitely be worthwhile.

[–] HughJanus@lemmy.ml 2 points 1 year ago* (last edited 1 year ago) (1 children)

tl:dr If you have a high threat model, definitely do not. If you want a good compromise between privacy and convenience, go for it.

"Safe" is not really a binary concept so it's a bit more complicated than that.

Beeper is a forked Matrix app. As such, it subjects all of your messages to all of the vulnerabilities of Matrix, mostly being that it collects a ton of metadata on whatever server of your account (in this case Beeper) and also whatever other servers you communicate across. So it's "safety" is really dependent on whether you trust Beeper not to sell or leak that info. They will definitely cough it up if they get a warrant. Where Signal doesn't have this data.

So you're increasing your attack surface by basically creating a metadata archive of your Signal messages.

As for the security of your message content, Beeper will get the decrypted info from the server you connect to your account, and then re-encrypts it as a Matrix message, so theoretically they don't have any of that. Some people make a big deal out of this, as they will actually have access to your plaintext messages (duh, you signed their server into your account) but I don't see anything to indicate these messages are stored.

There is a spectrum across convenience and privacy and this leans toward the latter.

[–] mulcahey@lemmy.world 1 points 1 year ago

Thank you for his helpful answer!

[–] BrikoX@lemmy.zip 2 points 1 year ago

By definition if content is re-encrypted then at some point it was unencrypted and available in plain text.

[–] zerodawn@leaf.dance 1 points 1 year ago

I can't speak on anything with beeper but a similar service that is self hostable is matrix-synapse. I mention self hosting as an answer to your concerns of safety but the other side of the coin is this isn't introductory stuff, if you don't have a background or general enterpris experience with this kind of thing i don't recommend it. If you do then this seems like a good fit as you can run your own bridges into the matrix service you're hosting so all your data stays on your own systems.

[–] Orbituary@lemmy.world -1 points 1 year ago (1 children)

What is the "pain" you're experiencing? You having a hard time with clicking the notification every app sends you? Difficulty identifying their unique app icons? Must be tough.

[–] mulcahey@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

"If it's not a problem for me, it's probably not a problem for anyone else." - Gandhi and Albert Einstein