Honestly I understand where you’re coming from but I’m going to be a bit pragmatic, it’s free, it centralizes all my shit chat apps into one “shit app” (the app is excellent so far) I won’t bridge it to signal because that would be my safe app but for insta, messenger, Discord, telegram and even SMS/RCS I have no issues
Bought by Automattic? After they non-consensually took all of Tumblr and hosted Wordpress to train AI? And after their big boss revealed his transphobia? I guess i’ll skip this one
Gravatar was a great, minimal, independent service. Until they acquired it and integrated it into their WordPress platform and onboarding (trying to get you to become a customer).
What made Gravatar great beyond that was that you set it up with your email account, and other websites would use your chosen avatar,identified by email address.
Had a longer answer that went away for some reason 😭
Your criticism is fair, but:
Using the email as a seed on the generator goes halfway there, here’s an example, although of course it could never change
Centralizing the avatar opens that service up to be grabbed for tracking like Gravatar did, or breaking the security of a site by injecting code without the consent of the site owner. The usual tradeoff between security/privacy and convenience.
Would be good to have a good user-managed way to do the same (well, beyond using an image on your own hosting, i guess)
There’s a lot of FUD in this comments section, so I’d like to clear the air. I’m pretty big on OSS myself, so it pains me to see a company doing all the right things get lambasted like this.
Beeper is just a Matrix server running in tandem with a series of custom, open source bridges written by Beeper. The value proposition is not having to deploy a Matrix server yourself, and not having to deploy each bridge yourself.
However, if you want to do that you absolutely can. I’ve been running Synapse + a subset of their bridges for a couple years now (the WhatsApp one being the oldest), and they are fantastic.
The devs contribute back to Matrix all the time and are great about supporting the spec as a responsible third party.
Their only closed source software is their client, which is - by definition - only written to work with their servers and not generic Matrix servers (e.g. It’s just a preconfigured matrix client which expects each bridge to be deployed, and doesn’t ask you for things like what server you want). As a result, you wouldn’t want to use it with your own stack; you can just pick one of the myriad OSS clients available for Matrix and go with that. I use SchildiChat, for example.
I don’t understand why, after doing all this work and publishing the source online for free (free as in freedom), they aren’t allowed to offer a preconfigured service to non tech savvy folk?
Honest question: Shouldn’t they be paid for their work?
Edit: And, please, stop asking questions like “How do they connect to X/Y/Z, anyway?” - just go read the source and see for yourself. These are the good guys working completely in the open, and you’re treating them as if Twitter just wrote a chat app.
Does the whole encryption/decryption thing still bother you if you self host?
I tried out the app, the value there is that it’s ready to go straight away, though I took it all down again because my messages being unencrypted on someone else’s server makes me uneasy. May end up self hosting it for that reason and not using anything closed source
Self-hosting on a hosting provider… it’s not my hardware, but maybe some trust.
OpenSource with non-reproducible builds, even self-hosted at home, little trust.
Local bridges, OpenSource, with reproducible builds, and a 3rd party audit, most trust.
All software can have bugs, and we’ve seen what cases like xz-util can bring, so I would rather have no decrypting bridges at all, particularly for sensitive information… but for random private chats, “mostly trusted” sounds like enough.
Public conversations (like this one) are fine going through random bridges, but I feel like bridging with E2EE networks, is subverting user expectations.
The not cool parts just relate to any sort of hosted bridge. If you don’t trust them with decrypting messages on their end, then don’t give them your data - there are no bridges capable of doing that, anywhere.
So it really comes down to “trust someone else with your data, or host it yourself”; and if you’re - understandably - frustrated with those options blame companies like WhatsApp or Discord that make it nigh impossible to integrate their services with outside networks.
Functionally, these bridges just forward your content to a library acting like a headless client - there’s no way to encrypt that as the reverse engineered clients are not libraries and need to take raw input. You can’t end to end encrypt it as the client is one of the “ends”.
As an example, the WhatsApp bridge uses WhatsApp web as a backend, and has all the limitations of WA web.
As a result, I find the expectations to be a bit unrealistic.
It’s not proprietary, lol. You can download and deploy each of their bridges yourself to your own servers.
Source: been using their WhatsApp, Discord, and Signal bridges for over a year. I use Github sponsors to pay for development, as I appreciate how great they are.
The only closed source part of their stack is their client, which you don’t have to use.
Also, they’re some of the most prolific contributors to Matrix outside of Element. The emoji picker in Element was literally PR’ed by Tulir.
Love it when folk see people trying to make money off OSS and immediately resort to hysterics. It really makes closed source development look appealing if you’re going to be damned by idealogues regardless of whether you release the source or not.
Not closed source. It’s just a Matrix server instance running their own bridges. All the backend stuff is open source, the only closed source part is their client.
The client is specific to their site and unnecessary: just deploy Synapse, then pick and deploy the bridges of their suite you want to your server. You can then pick and use any of the available Matrix clients to get the same exact features. You can even sponsor them on Github, as I’ve been doing for months.
Which is exactly what I’m referring to. Plus, they can say they run a matrix server, but if your frontend is closed source, there’s no way I trust that they actually do run a fully opensource backend. Wouldn’t surprise me one bit to hear/read that they have closed source components in the backend too. Big nope from me.
You can use any Matrix client with Beeper, you don’t have to use theirs.
Regardless, there’s nothing stopping you from recreating the same stack using the available tools.
What makes their service unique are the bridges. Download their sources, compile them, and then pair them with any server client combo you want.
If you insist on using their stack, you can still use an OSS client. They chose not to make their client open source as it is, by design, for their service only.
They’re trying to run a business aimed at people who don’t care about open source, and want the same closed source experience they get from their other chat apps but with inter connectivity between third party services.
If you want the latter without any closed source code, you can just go and do that. They’ve released all the important parts.
What is this “closed source experience” you are talking about? How would making the client open source hinder that in any way, especially when their stated goal is to earn money with premium features instead of the app itself?!
Imo being open source is a VERY big deal for an e2e encrypted chat client! I don’t really care whether most of their stack is open if the app I’m actually using to type and encrypt my messages is not. This makes the whole thing look like a trick, pretending to be open when key parts are not.
The thing is, we are talking about the Beeper service here. Yes Matrix is good, yes Beeper bridges are good, but a closed source Beeper app is bad. That’s what the criticism is about, and it doesn’t help if you deflect that by arguing about all the other things they are doing or that no one is forced to install it.
You’re definitely right that people are a bit too doom-and-gloom about it, Beeper did do a lot of good over the last few years!
But I also find it a bit odd that they talk so much about the importance of open source in messaging, and then release a closed source client without at least adressing the topic. Add the fact that they’ve been aquired by another company on the same day, and it starts to smell like another instance of openwashing.
I am worried about that acquisition, to be honest.
I’ve been supporting them via Github sponsors for about a year, now - as I only use their open source software; I’ve no intention of touching the service or closed source client.
As a result, I’d be lying if I didn’t say I was anxious about their new owners basically telling them “hey, why are you releasing all your bridges for free, anyway?”
Really hope that doesn’t happen, as their bridges have been my primary communication channels for a long time, now. I love not having to keep WhatsApp or Discord installed on my phone.
I can answer that: it’s the “I don’t care about security as long as I can send memes and inappropriate messages to most people” experience.
From the looks of it, it’s as secure as having WhatsApp/Signal/Telegram/ProtonMail doing “E2EE” through each app’s servers, and never knowing whether the client did the encryption right, or if it sent the keys to the server for messages to get intercepted… well, except you do know that the bridges are decrypting all messages anyway.
Closed source helps with the second part, the connecting with a majority of people using the same closed source platform (then different people use different platforms, which is where we are now… but the DMA might solve that).
On-device bridges could be nice if they included that in the OpenSource part.
the connecting with a majority of people using the same closed source platform
The platform is open, including the part that connects to other closed source platforms. It’s just Matrix and open source bridges after all. And making the client app closed souce doesn’t help with any of that.
I’m sorry if I’m a bit pedantic about this, but it seems like you’re describing an upside to closed source software that’s just not there.
I was trying to explain that people on closed source platforms, right now, get:
Good network effect
Simple configuration
Enough security theatre to keep them happy
Different extra features
That’s the experience I understand Beeper is trying to compete with… and make money in the process.
Closing the client, could help them differentiate above the competition by better integrating into their own infrastructure, still keeping a simple configuration, and charging for it, while people who buy into the security theatre, woldn’t notice a difference in that respect. Expanding to selling some user metadata, or sniffing the bridges, would be an extra.
Nothing about what you just wrote has anything to do with closed source software though. You could just as well say that closed source helps them predict the future or draw shinier unicorns. It doesn’t!
Maybe you mean tightly coupled, stripped-down, preconfigured or vertically integrated, but you can do that just as well with open source software. No one is forcing them to make a general purpose chat app or offer the ability to choose a different server. It’s just a matter of being able to see, verify and modify the code.
differentiate above the competition […] charging for it
This is the only thing that comes close imo. But they stated specifically that they don’t want to make money with the chat app itself, so it doesn’t really work as a justification. They could easily offer server-side premium features or create a closed source premium-only version or extension, it’s no reason to make the base app closed source.
security theatre
They don’t have to do that, and they don’t afaik. Matrix itself can do proper e2ee just fine, and Beeper is pretty open about the fact that bridges hosted by them have to break e2ee to translate between platforms. They’d only need theater if their closed source app actually has some bad code in it, which is kind of my point.
Expanding to selling some user metadata, or sniffing the bridges, would be an extra
Again: Their Matrix server and bridges are open source right now, and it wouldn’t stop them from doing what you’re describing.
There is, they just don’t publicise it. Actually one of my favourite features of the service tbf. Just load up a web page and all my messages are there, regardless of where they came from.
Alright, I got to ask. Having one app for all these services sounds great. I remember some drama around it though, don’t recall the details. So what am I missing, is this actually good news?
Its not open source but neither are most of the apps it connects to.
Add comment