Technology

55693 readers

2875 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

223

Beeper reverse-engineered iMessage to bring blue bubble texts to Android users (techcrunch.com)

submitted 7 months ago by L4s to c/technology

139 comments fedilink hide all child comments

Beeper reverse-engineered iMessage to bring blue bubble texts to Android users::The push to bring iMessage to Android users today adds a new contender. A startup called Beeper, which had been working on a multi-platform messaging

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 7 months ago (1 children)

By that logic, there's nothing guaranteeing iMessage on iPhones is secure or private either because it's closed source. If you don't want to trust Beeper mini, you'll be free to run their iMessage bridge on your own Matrix stack when they open source it at some point, which they're promising to do (and you still won't know that Apple isn't scraping your messages on the iOS side). When I decide to trust a company, it's because I look at what they're transparently communicating to their end users. Every indication is that they are trying to get out of the middle of handling encrypted messages. Their first move to make this happen was allowing people to self host their own Beeper bridges (which you can still do with Beeper Cloud if you prefer and you will know that your messages are always encrypted within the Beeper infrastructure). They aren't going to release the source for their client ever because that's the only way they make any money.

[+] [email protected] 2 points 7 months ago (2 children)

[deleted]

[–] [email protected] 1 points 6 months ago (1 children)

You should read the docs. It's impressive.

I get where you're coming from, but after readinhow badly security is implemented in iMessage frankly I trust the Beeper devs more than Apple.

Get this, iMessage delivers the AES encrypted message in a package with the AES key, that package is encrypted with your RSA key.

iMessage lacks forward secrecy. So if anyone ever got your RSA key, they could read all your messages, including past messages, because your RSA key never changes!

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago)

deleted

[–] [email protected] 1 points 6 months ago (1 children)

I assume you're not using iMessage anyway then because Apple's Messages stack isn't open source. If you're not using iMessage anyway, it shouldn't matter to you what Beeper Mini is doing. This app isn't for the ultra paranoid. Neither is Google's RCS in Google Messages. This is where Signal and Matrix would be better choices. If you are using iMessage on an Apple device, you're choosing to trust Apple despite their app being closed source and you're not choosing to trust Beeper, which is fine and I don't judge you at all for that stance. But at that point, your qualms aren't simply about Beeper Mini being closed source, the implication is that you don't trust Beeper as a company and/or its developers which, again, is a valid stance even if it's one I don't share.

But I am personally pretty sure I can trust Beeper and Apple enough with my relatively meaningless conversations.