I love Signal. But despite my best efforts, I still have friends using WA and iMessage. Managing multiple apps is kinda a pain. Beeper offers a convenient way to combine them into one interface, and it claims to re-encrypt the content. Does anyone know anything about this claim?

From their website:

Messages sent using Beeper to other chat networks are re-encrypted if the other network supports encryption (like Signal, WhatsApp and iMessage).

So…Safe? Or no?

  • HughJanus
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    tl:dr If you have a high threat model, definitely do not. If you want a good compromise between privacy and convenience, go for it.

    “Safe” is not really a binary concept so it’s a bit more complicated than that.

    Beeper is a forked Matrix app. As such, it subjects all of your messages to all of the vulnerabilities of Matrix, mostly being that it collects a ton of metadata on whatever server of your account (in this case Beeper) and also whatever other servers you communicate across. So it’s “safety” is really dependent on whether you trust Beeper not to sell or leak that info. They will definitely cough it up if they get a warrant. Where Signal doesn’t have this data.

    So you’re increasing your attack surface by basically creating a metadata archive of your Signal messages.

    As for the security of your message content, Beeper will get the decrypted info from the server you connect to your account, and then re-encrypts it as a Matrix message, so theoretically they don’t have any of that. Some people make a big deal out of this, as they will actually have access to your plaintext messages (duh, you signed their server into your account) but I don’t see anything to indicate these messages are stored.

    There is a spectrum across convenience and privacy and this leans toward the latter.