- cross-posted to:
- privacy@lemmy.ml
- matrix@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
- matrix@lemmy.ml
Has anyone taken a good look at this from a privacy standpoint? I love this in concept, but not sure if it would be privacy conscience to share credentials for all of these different apps.
I was on the waitlist when it was a paid app and I had not pre-paid for access, and my opinions are based on that.
I would start by saying any privacy bonafides this application has are from it running on the Matrix protocol and using Matrix bridges.
I was on the waitlist for over a year. I was honestly initially very excited when my turn came, because this was after they changed their funding method, switching from “everyone pays” to “some users pay for additional features to be unlocked.”
I got a Zoom link sent to me for “onboarding.” This was because initially, setup was fairly complicated for some people, and folks needed to be walked through it.
The first notification that I would not have privacy and my communications with this company would be recorded was when I entered the Zoom chat room and was notified that Beeper would be recording the session.
At no point in the year before this had it been made clear that any communications with this company would be recorded. I logged off and wrote an email stating that this is why I did not join the onboarding process. I left for work shortly after and thought about it the rest of the day.
I would not receive a reply offering for a non-recorded zoom session until the next day. By that point, I had questions, and I asked that they answer some of these questions before I re-scheduled a new meeting.
The questions were all related to Eric Micigovsky and his previous entrepeneurship with Pebble watch. When he sold Pebble, he screwed the workers on the way out, in my opinion, and it did not give me hope that he would make sure to sell Beeper to a company with the same values as he laid out in creating the application. He was happy to sell his company when it became unprofitable before: what would prevent him from doing it again?
More importantly: If the company is sold, how is there any guarantee that the privacy policy would not change?
I never received a response to these questions at all. I declined to ever use the service, ever since. I figured if they didn’t think it was worth spending the time to answer such questions to me and lose me as a customer, they must not be very worried about the answers to such questions. Based on this, and the CEOs past history, I felt using the service was inadvisable.
Finally, in something that isn’t so much my opinion as much as a fact.
When it comes to using iMessage specifically, you need a macOS server or an iPhone (both need to be relatively new) to run the iMessage bridge from. Beeper runs a fleet of these, but to make this work, you have to turn off some extra security settings on your Apple ID, and you have to give Beeper your password just once. They claim it is never stored, logged, or cached. It’s quite possible that this is true, but it does mean you technically have your Apple ID logged in on a foreign machine you have no control over. What if this machine and all the other macOS servers got hacked to be part of a botnet? What if Apple bans all the Apple IDs involved for being part of a botnet? It leaves more questions I’m skeptical there are good answers for.
https://help.beeper.com/en_US/chat-networks/imessage
If they’re using Apple’s app-specific passwords feature then that’s workable but if it’s your master Apple ID password, no way.
This is good insight, thanks for that