I co-founded one of the first consumer-focused, secure messaging startups. I’m more than familiar with what it takes to have probably secure comms over text.
I also know that people so tin foil hat about security can never be satisfied and that this hamstrings UX and resulting in lesser use and less used secure tools.
So there is a happy medium and there’s reasonable protection to cover 96 or more % of consumer comms.
Is iMessage secure? Maybe enough to send an SSN, but maybe not to send bank info. Would I send either over sms? Nope. That’s a call anyone can make on their own.
I don’t like this service hooking into iMessage. I don’t like the always connected jailbroken phone bridge idea.
I do think apple, of all consumer products companies, has made privacy and security core values and, at least for now, I trust the company.
I don't care how matrix is involved in the beeper’s bridge functionality nor am I evaluative of the technology.
I don’t know beeper, and don’t want the product hooking into my contacts’ end of our iMessage comms.
> I don’t like the always connected jailbroken phone bridge idea. [...] I don’t know beeper, and don’t want the product hooking into my contacts’ end of our iMessage comms.
At the end of the day though, that's a conversation you have to have with your contacts. The fact is that your contacts may jailbreak their phones already, and they'll still show up as green bubbles, and at some point you'll either trust your contacts to be secure with the tools that are provided to them or you won't.
It is not Beeper's job to sort all of this out for you. It's not their problem that you dislike people jailbreaking their phones, that's a personal choice you can make about who you communicate with.
To jump from, "I would prefer not to communicate with jailbroken iPhones or bridged services" to "this program is comparable to malware" is a massive leap in logic and a dismissal of personal responsibly. People have the right to jailbreak their phones and to use services that securely bridge their communication platforms, and if your security model requires you to avoid communicating over those channels, that's a personal choice you can make by checking with the people you communicate with and talking to them about security.
As to why these messages show up as green, it's because Apple doesn't have a visual indicator of jailbroken phones in iMessage, and because Apple allows old phones running old firmware/software to show up as green, and if you have a problem with that then you should take it up with Apple. Beeper didn't write iMessage, they're not the reason why the messages are green.
> So there is a happy medium and there’s reasonable protection to cover 96 or more % of consumer comms.
And if that happy medium for most users ends up including bridged services? What then?
What line are you drawing that says it's OK for Apple to avoid notifying you in iMessage about contacts with outdated firmware, but critically important that they let you know a contact is bridging? You're comparing this app to malware based on a completely subjective, personal security criteria -- one that it doesn't look like most other people share with you.
It's fine for you to be uncomfortable with bridges, but it's not fine for you to claim they're some kind of unique/novel threat that compromises iMessage when iMessage is already willingly making similarly large security compromises in other areas -- compromises that are also just as opaque to end users as Beeper is.
I also know that people so tin foil hat about security can never be satisfied and that this hamstrings UX and resulting in lesser use and less used secure tools.
So there is a happy medium and there’s reasonable protection to cover 96 or more % of consumer comms.
Is iMessage secure? Maybe enough to send an SSN, but maybe not to send bank info. Would I send either over sms? Nope. That’s a call anyone can make on their own.
I don’t like this service hooking into iMessage. I don’t like the always connected jailbroken phone bridge idea.
I do think apple, of all consumer products companies, has made privacy and security core values and, at least for now, I trust the company.
I don't care how matrix is involved in the beeper’s bridge functionality nor am I evaluative of the technology.
I don’t know beeper, and don’t want the product hooking into my contacts’ end of our iMessage comms.