Let me edit in one more relevant info:
I don’t use it, but my contacts may or may not use it.
For those who don’t know, Beeper is an app that aims to unite all your messaging apps into one. To do this, it makes use of Matrix, bridging all those services together. So far, so cool.
However, since different services often use different encryption protocols, messages between those services and Matrix have to be decrypted on Beepers’ servers, before being re-encrypted with the protocol of the recipient.
They are completely open and transparent about this (which I can very much respect), and state that chats on their servers are encrypted, so they can’t read them.
Still though, decrypting mid-transit kinda throws the whole end-to-end part out of the window.
Some might say that everyone needs to decide for themselves if that’s a problem. But the issue with that is that if you decide to use Beeper, you also decide that every person you chat with is okay with it. Not very cool in my book.
That’s where the question asking for independant audits comes in, because I certainly don’t have the expertise to look at their code. If everything is safe from attackers, then cool.
But me for example, I switched to Signal specifically for verifiable and proper End-to-End Encryption, so chatting with someone who uses Signal through Beeper kinda defeats the point.
Because, how does Beeper even get what they need to decrypt a message I send to a Beeper user?
I don’t consent to a third party decrypting my messages, simply because one of my contacts uses their service. That is fundamentally wrong in my opinion.
What are your thoughts on this?
I don’t think WhatsApp can read my Signal messages, just because they are bridged to the same Matrix account of someone who uses both. Chats from different services are still isolated to themselves, as far as I understand it.
If that client changes how they expect my and their messages to be delivered, yes.
Lol OK if anyone is seriously concerned about beeper reading all their messages then they can just set up their own matrix instance. Beeper is more about convenience than explicitly privacy. If you’re really concerned about privacy than you shouldn’t be using any of these services that you dont host yourself.
@krolden @miss_brainfart the problem is that Beeper breaks the encryption chain. Not only for your messages but for everyone involved. So if you communicate with someone that uses Beeper, your messages are in the open too.
Again, I don’t use Beeper.
Again, I dont get your argument against it
My argument against it is that contacts who use it have handed over encryption keys to our chats without me consenting, let alone even knowing.
You’re doing that anyway. When you send someone a message on any service theres any number of things the person could be doing with that text. Beeper is not the only service that does this. Things like rocketchat, slack, and discord all have bridging built in to some extent, so why single out a company thats actually contributing FOSS code to the community?
The issue is deeper than Beeper, I agree. Beeper is just the one that made me aware of it, and I’m using it as an example to lay out the problem.
The fact that this is so normal is precisely what people should be concerned about, and speak out against.
Now, what someone does with that text I sent them is out of my control. I have to trust them. But they’re just one part of a whole process I have to place my trust in.
Any number of things that decrease how private and secure my messages are can happen, and I will raise concerns over every single one of these things, because too few people are aware of what happens to their data.