- cross-posted to:
- tech@kbin.social
- cross-posted to:
- tech@kbin.social
All messages are end to end encrypted. Also you don’t need an Apple account and it connects directly to Apple servers.
All messages are end to end encrypted. Also you don’t need an Apple account and it connects directly to Apple servers.
huh, interesting. so from a security perspective is there any other concern with this protocol? at least they’re not using a mac relay server like Nothing Chats was
If the diagrams in their explainer are correct, their servers are only involved to forward Apple’s push messages to your phone through Firebase. That means Beeper knows when you’re receiving messages and how often, but nothing more than that; the phone syncs up with Apple’s servers.
I can’t find the source code so I can’t say much about the encryption code this app uses, but assuming they implemented the encryption well, security should be solid. However, the blog post explaining their architecture does link to another blog post that seems to have kicked off this project that says the most commonly documented format is the outdated encryption system without forward secrecy. I can’t find whether Beeper implemented the newer
pair-ec
encryption or not.There is the risk that Apple bans you for breaking the ToS by using this service, of course, and it’s possible Beeper’s servers get blocked, the company gets served by a cease and desist. If Beeper does go down, the app will stop working well, and you’ll need to unregister your phone number with Apple or your iOS friends won’t be able to text you until that registration auto-expires.
The app itself is closed-source, but they use PyPush, which also has a blog post explaining how it works.
You can ask more questions on Reddit!
If you have any questions, I’m hosting an ask-me-anything on reddit.com/r/beeper - feel free to ask any questions you have for us there (after reading our blog posts first to see if it’s already been answered!)
Heads up: People on Lemmy typically hate Reddit. That’s why we’re here and not there.