Has anyone taken a good look at this from a privacy standpoint? I love this in concept, but not sure if it would be privacy conscience to share credentials for all of these different apps.

  • Hot Saucerman@lemmy.ml
    link
    fedilink
    English
    arrow-up
    32
    ·
    1 year ago

    I was on the waitlist when it was a paid app and I had not pre-paid for access, and my opinions are based on that.

    I would start by saying any privacy bonafides this application has are from it running on the Matrix protocol and using Matrix bridges.


    I was on the waitlist for over a year. I was honestly initially very excited when my turn came, because this was after they changed their funding method, switching from “everyone pays” to “some users pay for additional features to be unlocked.”

    I got a Zoom link sent to me for “onboarding.” This was because initially, setup was fairly complicated for some people, and folks needed to be walked through it.

    The first notification that I would not have privacy and my communications with this company would be recorded was when I entered the Zoom chat room and was notified that Beeper would be recording the session.

    At no point in the year before this had it been made clear that any communications with this company would be recorded. I logged off and wrote an email stating that this is why I did not join the onboarding process. I left for work shortly after and thought about it the rest of the day.

    I would not receive a reply offering for a non-recorded zoom session until the next day. By that point, I had questions, and I asked that they answer some of these questions before I re-scheduled a new meeting.

    The questions were all related to Eric Micigovsky and his previous entrepeneurship with Pebble watch. When he sold Pebble, he screwed the workers on the way out, in my opinion, and it did not give me hope that he would make sure to sell Beeper to a company with the same values as he laid out in creating the application. He was happy to sell his company when it became unprofitable before: what would prevent him from doing it again?

    More importantly: If the company is sold, how is there any guarantee that the privacy policy would not change?

    I never received a response to these questions at all. I declined to ever use the service, ever since. I figured if they didn’t think it was worth spending the time to answer such questions to me and lose me as a customer, they must not be very worried about the answers to such questions. Based on this, and the CEOs past history, I felt using the service was inadvisable.


    Finally, in something that isn’t so much my opinion as much as a fact.

    When it comes to using iMessage specifically, you need a macOS server or an iPhone (both need to be relatively new) to run the iMessage bridge from. Beeper runs a fleet of these, but to make this work, you have to turn off some extra security settings on your Apple ID, and you have to give Beeper your password just once. They claim it is never stored, logged, or cached. It’s quite possible that this is true, but it does mean you technically have your Apple ID logged in on a foreign machine you have no control over. What if this machine and all the other macOS servers got hacked to be part of a botnet? What if Apple bans all the Apple IDs involved for being part of a botnet? It leaves more questions I’m skeptical there are good answers for.

    https://help.beeper.com/en_US/chat-networks/imessage

    • Sternhammer@aussie.zone
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      … you have to turn off some extra security settings on your Apple ID, and you have to give Beeper your password just once.

      If they’re using Apple’s app-specific passwords feature then that’s workable but if it’s your master Apple ID password, no way.

  • wildbus8979
    link
    fedilink
    English
    arrow-up
    17
    ·
    1 year ago

    not sure if it would be privacy conscience to share credentials for all of these different apps.

    No, it would not.

      • wildbus8979
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        One way or another you’re still temporarily sending your credentials or token to them even if they don’t store it

  • southsamurai
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    Their privacy policy lists what they collect, and it’s a fairly large amount of stuff.

    Copy/paste from their site:

    What data does Beeper collect?

    In order to provide the service, Beeper collects device information, including OS, hardware, public IP addresses, network routing information, information on the installed Beeper client, and other device settings. Beeper also uses user account information, such as email addresses and phone numbers, to authenticate users to their accounts.

    See our Privacy Policy for more details on how we collect and use personal information.

    Now, that isn’t exactly what I’d call privacy friendly. However, for something like Facebook messenger, it isn’t any worse.

    I intend to at least try it out if they ever send me the damn email to let me use it at all lol. But that’s primarily to see how it interacts with imessage for the folks I know that use that. I’m not going into it hoping for security, since they dick around with encryption in a way that breaks it.

    • HughJanus@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      It only collects what Matrix needs to function.

      It’s 1000x better than Meta so I’m happy to use it for those services.

  • eco_game@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    While I can’t comment on the beeper side of things, I did look into matrix and bridges a bit.

    From what I understand, for all e2ee services you use through beeper (and matrix in general), all messages get sent to the server encrypted by matrix, then the server decrypts them and they get re-encrypted in a different protocol (ie. WhatsApp/Signal/…) and then the encrypted message goes out to whatever service.

    This would mean that technically the matrix server is able to read all your messages.

    This is my main reason for still using the native apps for encrypted services. For unencrypted services I use a my own matrix server with bridges.

  • HughJanus@lemmy.ml
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    Been using this for about a month now.

    Depends on which service you’re looking at.

    If you use it with Facebook Messenger/WhatsApp, it’s probably more secure, as it’s the only way I know of to get messages without having the spyware app installed on your device.

    If you use it with Signal, Beeper (Matrix) will log of a bunch of metadata that Signal will not.

    I was not able to get iMessage working, and had a couple of services that I was repeatedly logged out of for reasons I can’t explain.

    The problem with apps like this is that they’re designed to make third party services do things those parties don’t want you doing. And ultimately those third parties are the ones in control. All they have to do is change 1 line of code to break your shit. And then the developer has to fix it, and it becomes this constant whackamole game, and meanwhile you’re missing your notifications/messages.

  • Dr_Evil
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    1 year ago

    While beeper service itself is extremely convenient, I personally would never use it for anything sensitive. Do note though that all of their connections to services are open source and relatively easy to set up (with the exception of imessage) on your own matrix homeserver to improve privacy

  • Pasta Dental
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I quite like it, though I wouldnt share anything private using it as I think they can store any messages that goes through the linked services, and as another comment mentionned, if they ever get bought out, they could decide this data is theirs and to do bad stuff with it

  • katemolly1829@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’ve seen others say chat messages have been viewed by the beeper platform, so security is something I think is worth thinking about. In other words, SocialSmartly is a great substitute for Beeper. Why not try it?

    • Schlemmy@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I see no reassurances about privacy on SocialSmartly’s website. Nothing about encryption either.

  • mikejeason@feddit.ro
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    Are you tired of waiting in long queues just to register for Beeper? Are you tired of being strung along by their invitation-only registration system? Well, we have a solution for you - SocialSmartly! Unlike Beeper, SocialSmartly allows you to register and start using the platform right away, without any waiting time or invitation codes. With SocialSmartly, you can seamlessly integrate multiple social media accounts from different platforms, including Facebook, Twitter, WhatsApp, and Instagram, all in one place. SocialSmartly’s secure login process eliminates the risk of account suspension when managing multiple accounts on the same platform, ensuring that you can continue to manage your social media presence without any interruptions. So why wait for Beeper’s invitation-only registration system when you can join SocialSmartly and start optimizing your social media presence immediately? Don’t let Beeper’s gimmicks hold you back. Choose SocialSmartly for a hassle-free social media management experience.