this post was submitted on 27 Jul 2023
133 points (100.0% liked)
Technology
37746 readers
504 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
While I agree that it would be nice to only have one app installed in order to chat with everyone, the fact that it’s not open source makes me question the privacy involved. I’ve already sold my soul to these individual chat apps. I’d rather not compound that problem.
In the back of it, it seems to be a series of Matrix bridges https://github.com/beeper
oh sweet. I care far more about the backend than frontend
I see what you did there!
But how do you know that the frontend is trustworthy? People assume that frontends only talk to one backend.
Web should have thought people otherwise, but for most people it’s pretty indistinguishable from magic.
I was about to say, I do this already with Matrix.
The bridges are all open source, and they use matrix synapse as their server installation - though their client is a closed source fork of element with changes. You can use any matrix client to connect to it, and they say it's a standard synapse setup.
If privacy is a concern, bringing your own client should remove that concern as the rest is open source. It's also e2e encrypted, as any matrix server is.
I self host my own matrix homeserver with bridges set up using their code. The only bit of their stack I can't use is the client. I don't like that that's closed source, that's frustrating.
Edit: while writing this two more people made the same comment. Sorry!
> It's also e2e encrypted
well, in Beeper's case one of the ends is their server. your message gets encrypted when you send it, decrypted on Beeper's server, and then forwarded to the service you're bridging with.
Yeah, I should have clarified that. Hopefully the EU regulation regarding messaging interoperability removes this (currently unavoidable) flaw.
Yes you should. Because it’s not e2e encrypted then.
🚩🚩🚩
More like "e2mitm2e" encrypted, with the mitm being the bridges.
If the target network doesn't support encryption, that's "e2mitm2null"... does it at least alert you in that case?
Then run your own matrix instance with these bridges that they maintain for the community.
That still doesn't fix the e2e problem. Just because only me, and let's hope not too many others who manage to break into the instance, can mitm everything, doesn't make the mitm go away.
There really should be a standard, or at least a set of standards, on how to do e2e, so the bridges would only need to route the messages.
Beeper's server set up is actually a lot more complicated than just standard Synapse at this point. When they say you can "self host Beeper" that's really not accurate at this point at all. All of their 3rd party chat bridges are dynamically spun up on a per user basis with hungryserv and those servers operate in parallel with a synapse server for Matrix interoperability all behind a roomserv server. Here's a presentation that one of their lead developers created regarding their new architecture.
Most of that extra stuff is there to handle user contact privacy and security with the bridges, which is fair. I don't have any interest in self hosting beepers full setup, I want to get the functionality of multiple messaging services in one client - which I have, with my self-hosted matrix instance and the bridges they help develop and maintain.
I wish all of it was open source, but I did feel it necessary to head off comments that imply that the entire thing is closed source. Their implementation around dynamic servers and isolated containers spinning up isn't really the bit that seems relevant regarding user privacy with regards to data scraping or anything. There are a lot of comments in here implying it's fully proprietary, but there's a lot more nuance to it than that, as you point out.
Personally, I think it'd be nice if you could self-host just the bridge instances and connect them with beeper yourself, so that the part that isn't e2e encrypted is running on software you can validate and hardware you control.
I 100% agree this would be a great solution. That's what I thought this page was going to be at first until I kept reading and realized it's just a config guide for the Matrix Ansible setup. I wish they didn't say "self host Beeper" on that page at all because self hosting Matrix has absolutely nothing to do with the Beeper service other than their devs built the bridges that they're showing you how to set up with Matrix.
A bit off topic, but is this dev unironically using thin, light gray text on a white background?
It looks like they're slides from a powerpoint style presentation.. in the following frames, the light grey text is legible. Still, not a good way to present that data, heh. Stuff like that irks me so bad
Element seems like a perfectly good client to me.
The connections to the apps are all open source, as the other user said. And you can self host it too if you want to go that route