Can’t recommend Beeper. The new app really is great but the services don’t want people using it that way and it shows. I got constantly logged out and even got a scary message from Facebook about how they would delete my account because I was using automation or something.
It also basically undoes all of the security and privacy features of Signal.
The source is basic documentation about how Matrix bridges work.
Not only is no longer NOT E2EE, but all of your Signal messages are stored (encrypted) on a remote server, with virtually all metadata attached to them. Things Signal themselves do not keep on their servers.
Further, you’re increasing your attack surface by adding another, likely easier way to hack into all of your messages, if one were so inclined.
When using one of their “cloud hosted” bridges, the bridge software (that connects between Matrix/Beeper and other protocols) has to read all message content. Otherwise, it’s impossible to bridge to another protocol. E2EE becomes end (other users) to bridge (beeper) encryption.
With “local hosted” bridges, E2EE stays intact, but messages can’t be sent/received if the device hosting the bridge is unavailable.
In the future, with MLS (a different E2EE protocol), it could be possible to keep E2EE even when bridging to Matrix on cloud hosted bridges.
I’ve been using it with Facebook for a long time and I’ve never had any issues or scary messages. It’s the main reason I use it as I don’t want Facebook on my phone.
Can’t recommend Beeper. The new app really is great but the services don’t want people using it that way and it shows. I got constantly logged out and even got a scary message from Facebook about how they would delete my account because I was using automation or something.
It also basically undoes all of the security and privacy features of Signal.
It’s a great Matrix client though…
I’d like to have a source for this claim, please.
The source is basic documentation about how Matrix bridges work.
Not only is no longer NOT E2EE, but all of your Signal messages are stored (encrypted) on a remote server, with virtually all metadata attached to them. Things Signal themselves do not keep on their servers.
Further, you’re increasing your attack surface by adding another, likely easier way to hack into all of your messages, if one were so inclined.
I don’t have a direct source other than the source code of the software they use: https://github.com/mautrix/signal
When using one of their “cloud hosted” bridges, the bridge software (that connects between Matrix/Beeper and other protocols) has to read all message content. Otherwise, it’s impossible to bridge to another protocol. E2EE becomes end (other users) to bridge (beeper) encryption.
With “local hosted” bridges, E2EE stays intact, but messages can’t be sent/received if the device hosting the bridge is unavailable.
In the future, with MLS (a different E2EE protocol), it could be possible to keep E2EE even when bridging to Matrix on cloud hosted bridges.
I’ve been using it with Facebook for a long time and I’ve never had any issues or scary messages. It’s the main reason I use it as I don’t want Facebook on my phone.
Cool? I’m glad it hasn’t happened to you.
Me too! Just commenting to show it doesn’t happen to everyone.
I’m contemplating trying to run the meta bridge locally to get around that issue, it has to do with their server running in I think Finland?