Let me edit in one more relevant info:
I don’t use it, but my contacts may or may not use it.
For those who don’t know, Beeper is an app that aims to unite all your messaging apps into one. To do this, it makes use of Matrix, bridging all those services together. So far, so cool.
However, since different services often use different encryption protocols, messages between those services and Matrix have to be decrypted on Beepers’ servers, before being re-encrypted with the protocol of the recipient.
They are completely open and transparent about this (which I can very much respect), and state that chats on their servers are encrypted, so they can’t read them.
Still though, decrypting mid-transit kinda throws the whole end-to-end part out of the window.
Some might say that everyone needs to decide for themselves if that’s a problem. But the issue with that is that if you decide to use Beeper, you also decide that every person you chat with is okay with it. Not very cool in my book.
That’s where the question asking for independant audits comes in, because I certainly don’t have the expertise to look at their code. If everything is safe from attackers, then cool.
But me for example, I switched to Signal specifically for verifiable and proper End-to-End Encryption, so chatting with someone who uses Signal through Beeper kinda defeats the point.
Because, how does Beeper even get what they need to decrypt a message I send to a Beeper user?
I don’t consent to a third party decrypting my messages, simply because one of my contacts uses their service. That is fundamentally wrong in my opinion.
What are your thoughts on this?
Matrix is generally a platform good at violating your data. In order to make it pro privacy, a lot of extra work needs to be done.
Beeper is… A huge step in the wrong direction. It needs to decrypt your data across multiple services to offer it to you, and all that data gets smashed onto the same servers. Sounds like the opposite of privacy
Well this is not particular to Beeper, that’s always the case when using Matrix + Bridges for third parties right? Even though they are the main mainteners of a good part of the existing bridges
Yes, Beeper is basically Matrix + bridges. The one way you could make this private is to do the decrypting (and the bridging) yourself, but then you’d have to figure out how to run (and lock down) a web server, preferably on your own property.
There are good Matrix-based projects, BTW. One of them is Convene, which is a web client focused on making ad-hoc, E2EE, self-destructing rooms like back when CryptoCat originally came on the scene.