this post was submitted on 09 Apr 2024
88 points (100.0% liked)

Technology

37754 readers
282 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 86 points 7 months ago* (last edited 7 months ago) (3 children)

There's a lot of FUD in this comments section, so I'd like to clear the air. I'm pretty big on OSS myself, so it pains me to see a company doing all the right things get lambasted like this.

Beeper is just a Matrix server running in tandem with a series of custom, open source bridges written by Beeper. The value proposition is not having to deploy a Matrix server yourself, and not having to deploy each bridge yourself.

However, if you want to do that you absolutely can. I've been running Synapse + a subset of their bridges for a couple years now (the WhatsApp one being the oldest), and they are fantastic.

The devs contribute back to Matrix all the time and are great about supporting the spec as a responsible third party.

Their only closed source software is their client, which is - by definition - only written to work with their servers and not generic Matrix servers (e.g. It's just a preconfigured matrix client which expects each bridge to be deployed, and doesn't ask you for things like what server you want). As a result, you wouldn't want to use it with your own stack; you can just pick one of the myriad OSS clients available for Matrix and go with that. I use SchildiChat, for example.

I don't understand why, after doing all this work and publishing the source online for free (free as in freedom), they aren't allowed to offer a preconfigured service to non tech savvy folk?

Honest question: Shouldn't they be paid for their work?

Edit: And, please, stop asking questions like "How do they connect to X/Y/Z, anyway?" - just go read the source and see for yourself. These are the good guys working completely in the open, and you're treating them as if Twitter just wrote a chat app.

[–] [email protected] 20 points 7 months ago (3 children)

Not sure there is much FUD, let me see if I can sum up the points:

  • Beeper devs have written a bunch of bridges between Matrix and other services. ✅ Cool
  • They've contributed to Matrix. ✅ Cool
  • End-to-end encryption, ends at each bridge server, which needs to decrypt and re-encrypt every message (¹). ❌ Not cool
  • They're OpenSource, so anyone can self-host their own bridge. ✅ That's cool... but contrary to the "value proposition" of not having to do so 🤷
  • Encryption in anything closed source, like their client, is ❌ not cool... but you can use a different client, so 🤷
  • Decryption on not-selfhosted servers, is ❌ not cool... but you can self-host them, so 🤷
  • All clients come "preconfigured" for some service 🤷, but theirs is locked to a service. ❌ Not cool
  • People using a client with E2EE, get that expectation broken by Beeper (client) users giving their keys to a bridge hosted by a 3rd party. ❌ Not cool
  • FUD: The devs' monetization strategy isn't clear. ("premium features" in the client? 🧐)

TL;DR: Sounds like a reasonable way to move unencrypted messages around... but falls short of fixing the problem of having secure interoperable E2EE.

Should they get paid for it? Probably, if you find that useful.

(¹: if there is any bridge capable of forwarding encrypted messages without decrypting, please correct me)

[–] [email protected] 4 points 7 months ago

The not cool parts just relate to any sort of hosted bridge. If you don't trust them with decrypting messages on their end, then don't give them your data - there are no bridges capable of doing that, anywhere.

So it really comes down to "trust someone else with your data, or host it yourself"; and if you're - understandably - frustrated with those options blame companies like WhatsApp or Discord that make it nigh impossible to integrate their services with outside networks.

Functionally, these bridges just forward your content to a library acting like a headless client - there's no way to encrypt that as the reverse engineered clients are not libraries and need to take raw input. You can't end to end encrypt it as the client is one of the "ends".

As an example, the WhatsApp bridge uses WhatsApp web as a backend, and has all the limitations of WA web.

As a result, I find the expectations to be a bit unrealistic.

load more comments (2 replies)
[–] [email protected] 15 points 7 months ago

All of that needed to be said. Thank you.

[–] [email protected] 4 points 7 months ago (1 children)

Seems like they did good until now. I'm not confident, even skeptical, that will keep going after the acquisition though.

Gravatar was a great, independent, minimal service. Now it's a horrendous, bloated service.

load more comments (1 replies)
[–] [email protected] 29 points 7 months ago (4 children)

Bought by Automattic? After they non-consensually took all of Tumblr and hosted Wordpress to train AI? And after their big boss revealed his transphobia? I guess i'll skip this one

load more comments (4 replies)
[–] [email protected] 17 points 7 months ago (2 children)

Be so nice to notify your contacts about breaking e2ee then, will ya

load more comments (2 replies)
[–] [email protected] 15 points 7 months ago (3 children)

That seems really exciting! But don't services like Discord forbid third party clients?

[–] [email protected] 16 points 7 months ago

But don’t services like Discord forbid third party clients?

Me waiting for inflation to slowly increase Discord's yearly revenue until it tips into the legally defined Gatekeeper™ status under the EU Digital Markets Act so they'd be playing with fire if they banned people for using interoperability apps.

[–] [email protected] 12 points 7 months ago

I've been using Beeper with a Discord bridge for three years now. No problems.

[–] [email protected] 7 points 7 months ago (2 children)

Beeper isn't a Discord client.

load more comments (2 replies)
[–] [email protected] 10 points 7 months ago* (last edited 7 months ago) (3 children)

How is beeper reading my Discord DMs without breaching Discord TOS?

e: Their ToS and privacy clauses are way too opaque for something that's not open source. No from me, Ma'am.

[–] [email protected] 8 points 7 months ago (1 children)

I've been using a Discord bridge with Beeper for three years with no problems.

[–] [email protected] 20 points 7 months ago

That's not what I asked

[–] [email protected] 6 points 7 months ago* (last edited 7 months ago) (1 children)

It's open source, here's the code. It uses the discordgo library to connect to Discord and read your DMs.

e: You're free to download and deploy the source yourself, and write your own ToS. That's the nice part of open source software.

[–] [email protected] 4 points 7 months ago (2 children)

That's the source code for the Discord bridge, I'm talking about Beeper

load more comments (2 replies)
[–] [email protected] 9 points 7 months ago* (last edited 7 months ago) (1 children)

Alright, I got to ask. Having one app for all these services sounds great. I remember some drama around it though, don't recall the details. So what am I missing, is this actually good news?

Its not open source but neither are most of the apps it connects to.

Edit: Found a comment in another thread that sums up valid concerns https://feddit.nl/comment/8763492

[–] onlinepersona 9 points 7 months ago (1 children)

Another closed source chat app? Yeah, no thanks.

Anti Commercial AI thingyCC BY-NC-SA 4.0

[–] [email protected] 13 points 7 months ago (1 children)

Not closed source. It's just a Matrix server instance running their own bridges. All the backend stuff is open source, the only closed source part is their client.

The client is specific to their site and unnecessary: just deploy Synapse, then pick and deploy the bridges of their suite you want to your server. You can then pick and use any of the available Matrix clients to get the same exact features. You can even sponsor them on Github, as I've been doing for months.

[–] onlinepersona 9 points 7 months ago (2 children)

the only closed source part is their client.

Which is exactly what I'm referring to. Plus, they can say they run a matrix server, but if your frontend is closed source, there's no way I trust that they actually do run a fully opensource backend. Wouldn't surprise me one bit to hear/read that they have closed source components in the backend too. Big nope from me.

Anti Commercial AI thingyCC BY-NC-SA 4.0

[–] [email protected] 9 points 7 months ago* (last edited 7 months ago) (1 children)

You can use any Matrix client with Beeper, you don't have to use theirs.

Regardless, there's nothing stopping you from recreating the same stack using the available tools.

What makes their service unique are the bridges. Download their sources, compile them, and then pair them with any server client combo you want.

If you insist on using their stack, you can still use an OSS client. They chose not to make their client open source as it is, by design, for their service only.

They're trying to run a business aimed at people who don't care about open source, and want the same closed source experience they get from their other chat apps but with inter connectivity between third party services.

If you want the latter without any closed source code, you can just go and do that. They've released all the important parts.

Edit: Here's a guide to self hosting beeper.

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago) (8 children)

What is this "closed source experience" you are talking about? How would making the client open source hinder that in any way, especially when their stated goal is to earn money with premium features instead of the app itself?!

Imo being open source is a VERY big deal for an e2e encrypted chat client! I don't really care whether most of their stack is open if the app I'm actually using to type and encrypt my messages is not. This makes the whole thing look like a trick, pretending to be open when key parts are not.

[–] [email protected] 3 points 7 months ago (5 children)

What is this "closed source experience"

I can answer that: it's the "I don't care about security as long as I can send memes and inappropriate messages to most people" experience.

From the looks of it, it's as secure as having WhatsApp/Signal/Telegram/ProtonMail doing "E2EE" through each app's servers, and never knowing whether the client did the encryption right, or if it sent the keys to the server for messages to get intercepted... well, except you do know that the bridges are decrypting all messages anyway.

load more comments (5 replies)
load more comments (7 replies)
load more comments (1 replies)
[–] [email protected] 8 points 7 months ago (1 children)

thanks but I don't need this proprietary shit

[–] [email protected] 23 points 7 months ago* (last edited 7 months ago)

It's not proprietary, lol. You can download and deploy each of their bridges yourself to your own servers.

Source: been using their WhatsApp, Discord, and Signal bridges for over a year. I use Github sponsors to pay for development, as I appreciate how great they are.

The only closed source part of their stack is their client, which you don't have to use.

Also, they're some of the most prolific contributors to Matrix outside of Element. The emoji picker in Element was literally PR'ed by Tulir.

Love it when folk see people trying to make money off OSS and immediately resort to hysterics. It really makes closed source development look appealing if you're going to be damned by idealogues regardless of whether you release the source or not.

[–] [email protected] 6 points 7 months ago

I guess I can finally use proper WhatsApp web on iPad 😂

[–] starman 5 points 7 months ago* (last edited 7 months ago)
  • Discord? Not working (probably because of TOTP)
  • Facebook Messenger? Not working (probably because I use it without Facebook account)
  • SMS/RCS? Not working (looks like it requires Google account)

Seems like it's not ready yet

[–] [email protected] 5 points 7 months ago (1 children)
[–] [email protected] 13 points 7 months ago (1 children)

This is not applicable here, since Beeper is "just" Matrix + Bridges + Simplified UX!

[–] [email protected] 15 points 7 months ago (1 children)

Indeed. More like talking 14 competing standards and shoving them under one gui... and I'm here for it. I miss the days of trillian and gaim.

[–] [email protected] 9 points 7 months ago

I was a Trillian user as well.

[–] [email protected] 4 points 7 months ago

Sadly doesn't appear to be usable for SMS by Google Fi users who have web sync enabled. Guess I'll be holding off.

[–] [email protected] 4 points 7 months ago (1 children)

I wish there was an web app.

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago) (2 children)

There is, they just don't publicise it. Actually one of my favourite features of the service tbf. Just load up a web page and all my messages are there, regardless of where they came from.

load more comments (2 replies)
[–] [email protected] 3 points 7 months ago

Add iMessage and Viber and I'm in.

load more comments
view more: next ›