Has anyone taken a good look at this from a privacy standpoint? I love this in concept, but not sure if it would be privacy conscience to share credentials for all of these different apps.
I was on the waitlist when it was a paid app and I had not pre-paid for access, and my opinions are based on that.
I would start by saying any privacy bonafides this application has are from it running on the Matrix protocol and using Matrix bridges.
I was on the waitlist for over a year. I was honestly initially very excited when my turn came, because this was after they changed their funding method, switching from “everyone pays” to “some users pay for additional features to be unlocked.”
I got a Zoom link sent to me for “onboarding.” This was because initially, setup was fairly complicated for some people, and folks needed to be walked through it.
The first notification that I would not have privacy and my communications with this company would be recorded was when I entered the Zoom chat room and was notified that Beeper would be recording the session.
At no point in the year before this had it been made clear that any communications with this company would be recorded. I logged off and wrote an email stating that this is why I did not join the onboarding process. I left for work shortly after and thought about it the rest of the day.
I would not receive a reply offering for a non-recorded zoom session until the next day. By that point, I had questions, and I asked that they answer some of these questions before I re-scheduled a new meeting.
The questions were all related to Eric Micigovsky and his previous entrepeneurship with Pebble watch. When he sold Pebble, he screwed the workers on the way out, in my opinion, and it did not give me hope that he would make sure to sell Beeper to a company with the same values as he laid out in creating the application. He was happy to sell his company when it became unprofitable before: what would prevent him from doing it again?
More importantly: If the company is sold, how is there any guarantee that the privacy policy would not change?
I never received a response to these questions at all. I declined to ever use the service, ever since. I figured if they didn’t think it was worth spending the time to answer such questions to me and lose me as a customer, they must not be very worried about the answers to such questions. Based on this, and the CEOs past history, I felt using the service was inadvisable.
Finally, in something that isn’t so much my opinion as much as a fact.
When it comes to using iMessage specifically, you need a macOS server or an iPhone (both need to be relatively new) to run the iMessage bridge from. Beeper runs a fleet of these, but to make this work, you have to turn off some extra security settings on your Apple ID, and you have to give Beeper your password just once. They claim it is never stored, logged, or cached. It’s quite possible that this is true, but it does mean you technically have your Apple ID logged in on a foreign machine you have no control over. What if this machine and all the other macOS servers got hacked to be part of a botnet? What if Apple bans all the Apple IDs involved for being part of a botnet? It leaves more questions I’m skeptical there are good answers for.
not sure if it would be privacy conscience to share credentials for all of these different apps.
No, it would not.
My personal feelings about the application aside (I am not a fan)…
I think the only one where it’s conceivable that they could have access to your credentials is the iMessage bridge, and they claim to have done a lot of backend work so they don’t store your password in any way.
Their privacy policy lists what they collect, and it’s a fairly large amount of stuff.
Copy/paste from their site:
What data does Beeper collect?
In order to provide the service, Beeper collects device information, including OS, hardware, public IP addresses, network routing information, information on the installed Beeper client, and other device settings. Beeper also uses user account information, such as email addresses and phone numbers, to authenticate users to their accounts.
See our Privacy Policy for more details on how we collect and use personal information.
Now, that isn’t exactly what I’d call privacy friendly. However, for something like Facebook messenger, it isn’t any worse.
I intend to at least try it out if they ever send me the damn email to let me use it at all lol. But that’s primarily to see how it interacts with imessage for the folks I know that use that. I’m not going into it hoping for security, since they dick around with encryption in a way that breaks it.
While I can’t comment on the beeper side of things, I did look into matrix and bridges a bit.
From what I understand, for all e2ee services you use through beeper (and matrix in general), all messages get sent to the server encrypted by matrix, then the server decrypts them and they get re-encrypted in a different protocol (ie. WhatsApp/Signal/…) and then the encrypted message goes out to whatever service.
This would mean that technically the matrix server is able to read all your messages.
This is my main reason for still using the native apps for encrypted services. For unencrypted services I use a my own matrix server with bridges.
Been using this for about a month now.
Depends on which service you’re looking at.
If you use it with Facebook Messenger/WhatsApp, it’s probably more secure, as it’s the only way I know of to get messages without having the spyware app installed on your device.
If you use it with Signal, Beeper (Matrix) will log of a bunch of metadata that Signal will not.
I was not able to get iMessage working, and had a couple of services that I was repeatedly logged out of for reasons I can’t explain.
The problem with apps like this is that they’re designed to make third party services do things those parties don’t want you doing. And ultimately those third parties are the ones in control. All they have to do is change 1 line of code to break your shit. And then the developer has to fix it, and it becomes this constant whackamole game, and meanwhile you’re missing your notifications/messages.