85
Beeper Chat App (www.beeper.com)
submitted 1 year ago by monty@lemmy.one to c/privacyguides@lemmy.one

Has anyone taken a good look at this from a privacy standpoint? I love this in concept, but not sure if it would be privacy conscience to share credentials for all of these different apps.

top 19 comments
sorted by: hot top controversial new old
[-] dingus@lemmy.ml 33 points 1 year ago

I was on the waitlist when it was a paid app and I had not pre-paid for access, and my opinions are based on that.

I would start by saying any privacy bonafides this application has are from it running on the Matrix protocol and using Matrix bridges.


I was on the waitlist for over a year. I was honestly initially very excited when my turn came, because this was after they changed their funding method, switching from "everyone pays" to "some users pay for additional features to be unlocked."

I got a Zoom link sent to me for "onboarding." This was because initially, setup was fairly complicated for some people, and folks needed to be walked through it.

The first notification that I would not have privacy and my communications with this company would be recorded was when I entered the Zoom chat room and was notified that Beeper would be recording the session.

At no point in the year before this had it been made clear that any communications with this company would be recorded. I logged off and wrote an email stating that this is why I did not join the onboarding process. I left for work shortly after and thought about it the rest of the day.

I would not receive a reply offering for a non-recorded zoom session until the next day. By that point, I had questions, and I asked that they answer some of these questions before I re-scheduled a new meeting.

The questions were all related to Eric Micigovsky and his previous entrepeneurship with Pebble watch. When he sold Pebble, he screwed the workers on the way out, in my opinion, and it did not give me hope that he would make sure to sell Beeper to a company with the same values as he laid out in creating the application. He was happy to sell his company when it became unprofitable before: what would prevent him from doing it again?

More importantly: If the company is sold, how is there any guarantee that the privacy policy would not change?

I never received a response to these questions at all. I declined to ever use the service, ever since. I figured if they didn't think it was worth spending the time to answer such questions to me and lose me as a customer, they must not be very worried about the answers to such questions. Based on this, and the CEOs past history, I felt using the service was inadvisable.


Finally, in something that isn't so much my opinion as much as a fact.

When it comes to using iMessage specifically, you need a macOS server or an iPhone (both need to be relatively new) to run the iMessage bridge from. Beeper runs a fleet of these, but to make this work, you have to turn off some extra security settings on your Apple ID, and you have to give Beeper your password just once. They claim it is never stored, logged, or cached. It's quite possible that this is true, but it does mean you technically have your Apple ID logged in on a foreign machine you have no control over. What if this machine and all the other macOS servers got hacked to be part of a botnet? What if Apple bans all the Apple IDs involved for being part of a botnet? It leaves more questions I'm skeptical there are good answers for.

https://help.beeper.com/en_US/chat-networks/imessage

[-] Sternhammer@aussie.zone 4 points 1 year ago

… you have to turn off some extra security settings on your Apple ID, and you have to give Beeper your password just once.

If they’re using Apple’s app-specific passwords feature then that’s workable but if it’s your master Apple ID password, no way.

[-] LunchEnjoyer@lemmy.world 3 points 1 year ago

This is good insight, thanks for that

[-] wildbus8979@sh.itjust.works 17 points 1 year ago

not sure if it would be privacy conscience to share credentials for all of these different apps.

No, it would not.

[-] dingus@lemmy.ml 1 points 1 year ago

My personal feelings about the application aside (I am not a fan)...

I think the only one where it's conceivable that they could have access to your credentials is the iMessage bridge, and they claim to have done a lot of backend work so they don't store your password in any way.

https://help.beeper.com/en_US/chat-networks/imessage

[-] wildbus8979@sh.itjust.works 3 points 1 year ago* (last edited 1 year ago)

One way or another you're still temporarily sending your credentials or token to them even if they don't store it

[-] southsamurai@sh.itjust.works 14 points 1 year ago

Their privacy policy lists what they collect, and it's a fairly large amount of stuff.

Copy/paste from their site:

What data does Beeper collect?

In order to provide the service, Beeper collects device information, including OS, hardware, public IP addresses, network routing information, information on the installed Beeper client, and other device settings. Beeper also uses user account information, such as email addresses and phone numbers, to authenticate users to their accounts.

See our Privacy Policy for more details on how we collect and use personal information.

Now, that isn't exactly what I'd call privacy friendly. However, for something like Facebook messenger, it isn't any worse.

I intend to at least try it out if they ever send me the damn email to let me use it at all lol. But that's primarily to see how it interacts with imessage for the folks I know that use that. I'm not going into it hoping for security, since they dick around with encryption in a way that breaks it.

[-] HughJanus@lemmy.ml 2 points 1 year ago

It only collects what Matrix needs to function.

It's 1000x better than Meta so I'm happy to use it for those services.

[-] eco_game@discuss.tchncs.de 7 points 1 year ago

While I can't comment on the beeper side of things, I did look into matrix and bridges a bit.

From what I understand, for all e2ee services you use through beeper (and matrix in general), all messages get sent to the server encrypted by matrix, then the server decrypts them and they get re-encrypted in a different protocol (ie. WhatsApp/Signal/...) and then the encrypted message goes out to whatever service.

This would mean that technically the matrix server is able to read all your messages.

This is my main reason for still using the native apps for encrypted services. For unencrypted services I use a my own matrix server with bridges.

[-] HughJanus@lemmy.ml 5 points 1 year ago* (last edited 1 year ago)

Been using this for about a month now.

Depends on which service you're looking at.

If you use it with Facebook Messenger/WhatsApp, it's probably more secure, as it's the only way I know of to get messages without having the spyware app installed on your device.

If you use it with Signal, Beeper (Matrix) will log of a bunch of metadata that Signal will not.

I was not able to get iMessage working, and had a couple of services that I was repeatedly logged out of for reasons I can't explain.

The problem with apps like this is that they're designed to make third party services do things those parties don't want you doing. And ultimately those third parties are the ones in control. All they have to do is change 1 line of code to break your shit. And then the developer has to fix it, and it becomes this constant whackamole game, and meanwhile you're missing your notifications/messages.

[-] jacktherippah@lemdro.id 3 points 1 year ago

Does it work with Discord?

[-] HughJanus@lemmy.ml 2 points 1 year ago

Only for PMs

[-] dingus@lemmy.ml 1 points 1 year ago
[-] Dr_Evil@sh.itjust.works 4 points 1 year ago* (last edited 1 year ago)

While beeper service itself is extremely convenient, I personally would never use it for anything sensitive. Do note though that all of their connections to services are open source and relatively easy to set up (with the exception of imessage) on your own matrix homeserver to improve privacy

[-] independantiste@sh.itjust.works 3 points 1 year ago

I quite like it, though I wouldnt share anything private using it as I think they can store any messages that goes through the linked services, and as another comment mentionned, if they ever get bought out, they could decide this data is theirs and to do bad stuff with it

[-] katemolly1829@lemmy.world 1 points 1 year ago

I've seen others say chat messages have been viewed by the beeper platform, so security is something I think is worth thinking about. In other words, SocialSmartly is a great substitute for Beeper. Why not try it?

[-] Schlemmy@lemmy.ml 1 points 1 year ago

I see no reassurances about privacy on SocialSmartly's website. Nothing about encryption either.

[-] mikejeason@feddit.ro 1 points 1 year ago

Are you tired of waiting in long queues just to register for Beeper? Are you tired of being strung along by their invitation-only registration system? Well, we have a solution for you - SocialSmartly! Unlike Beeper, SocialSmartly allows you to register and start using the platform right away, without any waiting time or invitation codes. With SocialSmartly, you can seamlessly integrate multiple social media accounts from different platforms, including Facebook, Twitter, WhatsApp, and Instagram, all in one place. SocialSmartly's secure login process eliminates the risk of account suspension when managing multiple accounts on the same platform, ensuring that you can continue to manage your social media presence without any interruptions. So why wait for Beeper's invitation-only registration system when you can join SocialSmartly and start optimizing your social media presence immediately? Don't let Beeper's gimmicks hold you back. Choose SocialSmartly for a hassle-free social media management experience.

[-] mulcahey@lemmy.world 1 points 1 year ago

wow Chat GPT sucks

this post was submitted on 18 Aug 2023
85 points (100.0% liked)

Privacy Guides

16263 readers
45 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS