All messages are end to end encrypted. Also you don’t need an Apple account and it connects directly to Apple servers.

  • will_a113@lemmy.ml
    link
    fedilink
    English
    arrow-up
    44
    ·
    1 year ago

    Their “how it works” blog article is worth a read - they’re using a blackbox reverse engineering of the protocol and re-implementing it natively in the app, so there are no man-in-the-middle servers. Impressive software engineering for sure.

      • will_a113@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Yup, the PyPush python-based proof-of-concept can run pretty much anywhere there’s python.

      • shoe@beehaw.org
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        I’m aware regular Beeper can be self-hosted, but Beeper Mini can too? Is there any more information on this or is that the “if you have the knowledge” part?

        • biscuitswalrus@aussie.zone
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          1 year ago

          The mini version doesn’t need hosting, it doesn’t have a proxy middle man. A 16yo kid reverse engineered the protocol and then got contracted by beeper to implement it as beeper mini. It’s a client directly connecting to apple like imessage native.

          Will it break? I’d argue if the cost of breaking it in engineer time is worth doing to Apple, yes. All they’d have to do is roll their own crypto and reverse engineering that might be impossible. Probably easier ways to break it but then maybe it turns into a cat and mouse game.

          Legally it’s hard to say if it’s OK too, the end user is likely fine, but the developer especially being contacted may not be since to reverse engineer it could be breaking terms of service or licensing clauses though I’m not really sure what kind of damages could be claimed. To reverse engineer they had to use the original on jailbroken iphones to go through the engineering discovery.

          Anyway the point is, it’s not going through beeper or anywhere other than Apple. So there’s no component to host. It’s different to beeper.

            • biscuitswalrus@aussie.zone
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              Hmm you could be right. Keeping old protocols running for legacy compatibility reasons could in this case keep the solution working for some time.

          • Bene7rddso@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            what kind of damages could be claimed.

            According to Apple users, the color of their bubble has a lot of value

        • helenslunch@feddit.nl
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          I’m aware regular Beeper can be self-hosted, but Beeper Mini can too?

          The difference between old and new is that all the services on the old one rely on Matrix bridges and the new one will not. They claim iMessage, Signal and WhatsApp will all be working on-device. So those obviously won’t be self-hosted. The rest they have yet to decide exactly how they will implement them but Matrix is going to be part of it.

          Brad Murray said the end goal is to have everyone messaging each other directly on Matrix.

        • will_a113@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          I don’t know about the app itself, but the blog article links to the PyPush python-based proof-of-concept, which you can run pretty much anywhere.

    • Bri Guy @sopuli.xyz
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      huh, interesting. so from a security perspective is there any other concern with this protocol? at least they’re not using a mac relay server like Nothing Chats was

      • If the diagrams in their explainer are correct, their servers are only involved to forward Apple’s push messages to your phone through Firebase. That means Beeper knows when you’re receiving messages and how often, but nothing more than that; the phone syncs up with Apple’s servers.

        I can’t find the source code so I can’t say much about the encryption code this app uses, but assuming they implemented the encryption well, security should be solid. However, the blog post explaining their architecture does link to another blog post that seems to have kicked off this project that says the most commonly documented format is the outdated encryption system without forward secrecy. I can’t find whether Beeper implemented the newer pair-ec encryption or not.

        There is the risk that Apple bans you for breaking the ToS by using this service, of course, and it’s possible Beeper’s servers get blocked, the company gets served by a cease and desist. If Beeper does go down, the app will stop working well, and you’ll need to unregister your phone number with Apple or your iOS friends won’t be able to text you until that registration auto-expires.

  • helenslunch@feddit.nl
    link
    fedilink
    arrow-up
    20
    ·
    1 year ago

    The first thing it asks you for when you open the app is a Google login. That’s gonna be a no from me, dawg.

  • Moonrise2473@feddit.it
    link
    fedilink
    arrow-up
    20
    arrow-down
    1
    ·
    1 year ago

    I’m not American and I don’t see how having iMessage on Android is worth the $2 monthly.

    In my whole life I never knew a single person that was reachable only on iMessage or that was so stubborn to ignore messages on any other platform

  • Papamousse@beehaw.org
    link
    fedilink
    arrow-up
    11
    ·
    1 year ago

    But why the obsession with iMessage and apple product?!? We don’t care about the colour of the bubble!!!

  • TGHOST-V0@lemmy.ml
    link
    fedilink
    arrow-up
    8
    arrow-down
    5
    ·
    1 year ago

    A lot of work, data scrapping and security issue just for a pin ?

    Seriously ?

    What the point, except to simulate the possession of an iPhone to someone who should be a stranger for you or at least physically far from you ?

    I clearly don’t get it.

    Scam interest after a sim swapping attacks ? The goal, need to know it !!

    • shoe@beehaw.org
      link
      fedilink
      arrow-up
      13
      ·
      1 year ago

      I take it you’re not from the US 😅 texting is still the default here, and since apple refuses to open up iMessage and has not yet implemented RCS, Cross-Platform communication is pretty shitty. People get excluded from group chats because even a single user on a different platform will set it back to MMS

      • Evkob@lemmy.ca
        link
        fedilink
        arrow-up
        14
        ·
        1 year ago

        Yeah I’ve been excluded from work group chats on two separate occasions because they used iMessage and considering another platform was just entirely off the table.

        Although to be honest, I consider being excluded from work group chats to be one of the best features of my phone!

        • Apollo2323@lemmy.dbzer0.comOP
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          Lol me too but I just had some friends that refuse to answer messages if its not on iMessage. I really hate Apple for doing this and I hope they get forced to open the protocol.

    • QuarterSwede@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      iMessage is pretty great to use honestly. Supports encryption, Tapbacks, read receipts, sharing any file type (not just pictures and video). RCS isn’t implemented in iOS yet and on launch won’t support encryption (supposedly Google is working to add it to the RCS standard, not just Google’s fork, now that Apple announced future support for the standard).

    • Apollo2323@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      5
      arrow-down
      3
      ·
      1 year ago

      Did you even read the announcement? Please read it and then come back to comment and we can have a discussion.

      • You’re right, I see they reverse engineered iMessage (sort of). I confused Beeper Mini for Beeper, the encryption of which is often misstated.

        I’m not all too confident in using a chat app that relies on reverse engineering Apple’s protocol and lying about the device being used (especially since a large portion of it is still done with the help of a centralised Beeper server for APN callbacks). The riskiest part of this approach is that if Beeper does get blocked/banned by Apple, your phone number will still be registered as iMessage capable and you need to remember to unregister your phone number or you will not be able to receive any (SMS) text messages from iOS users.

          • I don’t think they’ll open iMessage to be honest. They are working on implementing RCS, though, and they have indicated that they were going to ask the standards body governing RCS for an official E2EE system (rather than relying on Google’s current, proprietary implementation based on open protocols).

            I expect their third party integrations to go through RCS unless they are ordered by a court to open the original protocol.