Beeper reverse-engineered iMessage to bring blue bubble texts to Android users::The push to bring iMessage to Android users today adds a new contender. A startup called Beeper, which had been working on a multi-platform messaging

Are their messages from their app going to show blue to iMessage users or something? Cuz I don’t see why you’d need to reverse engineer that otherwise. Even then… How hard is it to spoof a Mac address or other hardware identifier that says the message came from an iPhone?

The fact this is even an issue is just ridiculous to begin with. If you give that much of a shit: Use a different god damn messenger that treats everyone the same.

permalink
report
reply
2 points

afaik, their while thing is that they do everything on-device, so your device is the only one with access to your messages

permalink
report
parent
reply
13 points

Why is this even a need to be solved? are people that stupidly superficial about the color of y fucking message bubble? (im not american but where im from literally nobody wiorth their salt gives a hoot)

permalink
report
reply

are people that stupidly superficial about the color of y fucking message bubble?

Yes, apparently.

permalink
report
parent
reply
2 points

Lol the world we live in

permalink
report
parent
reply
15 points

The color of the bubble is only important because it helps iPhone users know who not to add to group chats, since the presence of a non-imessage user in an iMessage group chat downgrades the entire chat to grainy photos, no reactions/ read receipts, voice memos, typing indicators, etc. I don’t blame them at all, many of them don’t use any third party messaging apps because iMessage is built in and gives them everything that other chat apps have, with the benefit that they don’t have to convince anybody to install it because all their iPhone owning friends have it preinstalled.

permalink
report
parent
reply
16 points

are people that stupidly superficial

Yes.

permalink
report
parent
reply
1 point

understandable i suppose, a good deterrent tho if they speak about it openly

permalink
report
parent
reply
13 points

Assuming that it’s actually reverse engineered, this is great news. If not, there’s a massive lawsuit brewing.

permalink
report
reply
-12 points

They didn’t reverse engineer shit. Not sure where this lie comes from

permalink
report
parent
reply
2 points

They did for Beeper Mini but not for the original Beeper (now called Beeper Cloud) which uses Mac’s as a server.

permalink
report
parent
reply
11 points
*

Seems like Beeper will see the cleartext of the replies, though, since they send the notifications via BPNs, right?

[edit: thanks for the replies. I see now the footnote on their BPNs diagram: “Push notification does not contain message contents” so it seems like the answer is “no they will not”]

permalink
report
reply

No, with this new app messages are encrypted between you and Apple’s iMessage servers using iMessage encryption more or less the same way an iPhone does.

The push service simply notifies your device it has a message waiting, no message content passes through Beeper servers.

permalink
report
parent
reply
17 points

No, they know that a message has been received, but the phone is what decrypts the message. Beeper can’t see it.

permalink
report
parent
reply
4 points

I don’t know for sure, but often mobile notification protocols are more like “wake up and check your incoming messages” than “user foo says bar”. If this is true then the best they could do is collect timestamps of when you probably received messages.

permalink
report
parent
reply
4 points

I really want to sign up for Beeper, but the fact I have to give them my phone number to sign up for a waitlist seemed like a red flag. How is their security profile?

permalink
report
reply
5 points

This post is referring to beeper mini. It’s confusing naming, but that’s not the same as beeper(cloud service). Beeper mini is available to everyone on the play store and is not a cloud service. You just get it, login to Google (to pay the subscription cost) and it works. No invite needed

permalink
report
parent
reply
6 points
*

deleted

permalink
report
parent
reply
4 points

By that logic, there’s nothing guaranteeing iMessage on iPhones is secure or private either because it’s closed source. If you don’t want to trust Beeper mini, you’ll be free to run their iMessage bridge on your own Matrix stack when they open source it at some point, which they’re promising to do (and you still won’t know that Apple isn’t scraping your messages on the iOS side). When I decide to trust a company, it’s because I look at what they’re transparently communicating to their end users. Every indication is that they are trying to get out of the middle of handling encrypted messages. Their first move to make this happen was allowing people to self host their own Beeper bridges (which you can still do with Beeper Cloud if you prefer and you will know that your messages are always encrypted within the Beeper infrastructure). They aren’t going to release the source for their client ever because that’s the only way they make any money.

permalink
report
parent
reply
2 points
Deleted by creator
permalink
report
parent
reply

Notice how in the article they say “we’re not the middle man… Any more”? That’s because, up until now, Beeper has been working on a system where they operate as a middle man for your data.

To be fair they never claimed otherwise and all of the code for the bridges are open-sourced and can be run on your own servers so that those servers you control (as opposed to Beeper-owned servers) act as a “middle man” and none of your messages need be trusted to a 3rd party.

To put it simply: only the actual bridge on Beeper Cloud has access to unencrypted messages and you do have the option to run the bridge yourself while continuing to use the Beeper app. You can use as many or as few self-hosted bridges as you’d like.

A few bridges are preconfigured for self-hosting with just a couple of clicks for free through fly.io here

permalink
report
parent
reply
5 points

They do have to run servers in order to keep the service alive. If you want to run this stuff yourself on your own server that’s possible using PyPush. The reason they have to run those servers for you is to keep the notification service alive.

permalink
report
parent
reply
1 point
*

deleted

permalink
report
parent
reply
4 points

Want a invite code? Its just to prevent people from mass signing up

permalink
report
parent
reply
1 point

@Merlin404@lemmy.world

Can I get a code, please please?

permalink
report
parent
reply
1 point

@Merlin404@lemmy.world

Yes please, I would love an invite code

permalink
report
parent
reply
3 points

That’s to prevent multiple entries by one person. Their security is very good, with audits and their products being largely open source (for this, PyPush. For Beeper Cloud, their Synapse fork and their bridges.). Only the parts that don’t matter to security (the clients, mostly) are closed source.

permalink
report
parent
reply
1 point

Btw will they continue to live as Element changed licences to Synapse and Dendrite projects ?

permalink
report
parent
reply
1 point

Yes. They have a fork of Synapse that they can continue to use even if the license prevents them from using upstream (which doesn’t seem true, but I could be wrong).

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 15K

    Monthly active users

  • 13K

    Posts

  • 568K

    Comments