A lot of us privacy folks struggle to get our friends and family to use privacy-preserving instant messaging apps (like Signal) to contact us. One of the main problems I see is that most people have already many messaging apps (Messenger, Whatsapp, iMessage, Telegram, etc.) and they don’t want to install another one just to contact 1 person.
My solution to this specific problem is to propose that they install Beeper, instead of telling them to install Signal. The selling point is that they no longer have to install 5 chat apps on their phones. Beeper will allow them to communicate with their contacts on Messenger, Whatsapp, Telegram and contact me on Signal. It seems to me like a good middle ground when I struggle to have them install Signal.
Beeper privacy policy isn’t great tbh. It seems like a lot of data is being collected. But, it’s unclear if they’re sharing it with third parties.
However, the current situation is that these people already have apps like Messenger and Whatsapp installed on their devices, which is IMO worse than having only Beeper installed (privacy-wise but also when considering convenience).
So my question is: what do you think about recommending Beeper to my contacts that are unwilling to install Signal? What are the pros and the cons that I should keep in mind?
Defeating end to end encryption seems like the worst thing you could do.
Personally I would just install whatsapp myself. You can use contact scopes with grapheneOS and possbilly a different number.
Or you can go the route of just only being reachable on signal and you just see who follows, works quite well from experience.
I may be somewhat forced to use Messenger (mostly against my will) and I wonder if this is a good frontend for it? At least I can consolidate my chats into one App instead of many apps draining my phone.
Has anybody have a more updated impression of the project overall?
You need to trust the software that you use, especially for something as important and as personal as chat.
We aim to build trust with you through our software design decisions, like how we’ve open sourced privacy critical portions of our codebase for you to inspect and self-host, and how we’ve developed Beeper as an extension of an open source chat protocol.
Beeper encrypts your chat history with zero-access encryption before it is stored on our servers. This means that only you can read your chat history - Beeper (the company) does not have the decryption keys that can decrypt your chat history.
Also, we’re proud of our simple, transparent business model - we sell an optional paid subscription and use the profit from that to offer a free plan, which expands the addressable market for our paid subscription plan. This means our business is aligned with the long term interests of everyone who uses Beeper.
Instead of trying to convince everyone to use certain app, I have gave them the reasoning why I prefer Signal, and most of the most important people have either installed Signal to talk with me, or have done the same and are trying to move as uch conversations to Signal.
For the ones that don’t want to install a new app, I started using Beeper in order to avoid having the WhatsApp app installed on my phone, as I distrust the WhatsApp app more than the service itself.
What I did do is reduce how much access I give Beeper as much as possible. I self hosted the open source bridge, to make sure that the decryption and re-encryption happens in hardware and software I control. I also used an open source Matrix client and reset the encryption keys, as Beeper’s clients, although very nice, aren’t open source. That way I had a much clunkier experience, but I could use Beeper without having to trust Beeper with anything other than the metadata of who I talk to when on WhatsApp, which is something I’m also sharing with Meta.
But I achieved what I wanted: to not have WhatsApp installed on the phone, while still being able to talk to people on WhatsApp and without needing to open any port on my home network as I only hosted the bridge and not a Matrix homeserver
I personally would prefer trying to convince and om graphene have contacts scope and limited permissions. Maybe i’m missing something, definitely no expert, but in your situation, are you now not giving your meta data (who and when you send texts) to both meta and beeper? Installing whatsapp and only sending it to meta sounds like less hassle and a better option if i’m not wrong. Curious to hear your reasoning
The approach you describe is the most logical one. But I’m a bit unreasonably paranoid about the Meta apps, and particularly WhatsApp. It requires permissions for features that don’t need the permission, but that sound plausible: for example when listening to a voice message you just receive it will ask for full media access, when the app in Android needs no media access at all to store media files and open the media files it created. Why does it require that permission then? If this was a small developer, I would assume ignorance or laziness, coming from one of the most valuable companies in the history of capitalism, I can only assume malice. Thus, I don’t trust the app, and I can assume anything they can technically achieve that helps them surveil their users, they’ll do.
I have no alternative but to use the service, as they have a monopoly over all non-in-person communications in my country. But I’ll avoid installing the app, as to me, it’s like installing malware.
Giving Beeper access to that same metadata Meta has access to, was the way I found of having that app I deeply distrust out of my main phone. Next I’ll probably bother self hosting a matrix homeserver to avoid Beeper altogether.
While i agree with having little trust in Meta, i trust in GrapheneOS to block the permissions i dont allow. So in that sense if you are careful with your permissions in this case for me that’s the lesser evil (not having to trust meta in the first place as graphene blocks it).
Glad you found a way that works for you though may be interesting to others
I use Beeper to have access to Whatsapp on my main phone. I needed account for work, and installed WA on old, unused phone with 2nd phone number. I started usining other matrix server at first, but switched to Beeper as it was more user friendly.
I use their program only on PC, on my phone I use FluffyChat, as their andoird app has some trackers., and FC allows multiple accounts. Works well, I also use it for Telegram and SMS (2nd phone number)