What do you want advice about?
A lot of us privacy folks struggle to get our friends and family to use privacy-preserving instant messaging apps (like Signal) to contact us. One of the main problems I see is that most people have already many messaging apps (Messenger, Whatsapp, iMessage, Telegram, etc.) and they don’t want to install another one just to contact 1 person.
The solution to this specific problem is to propose that they install Beeper, instead of telling them to install Signal. The selling point is that they no longer have to install 5 chat apps on their phones. Beeper will allow them to communicate with their contacts on Messenger, Whatsapp, Telegram and contact me on Signal. It seems to me like a good middle ground when I struggle to have them install Signal.
What have you considered or looked at already?
I’ve seen Beeper already being discussed in this forum. The focus was that according to its privacy policy, a lot of data is being collected. However, it seems unclear if they’re sharing it with third parties.
I’d like to discuss this solution in the context that the current situation is that these people already have apps like Messenger and Whatsapp installed on their devices, which is IMO worse than having only Beeper installed (privacy-wise but also when considering convenience).
In brief, tell us about your privacy threat model?
I’m basically a regular person. Not a public figure. I want to protect my private data from tech companies. Let’s call it the normie threat-model. Nothing special.
Yeah, I suppose it’s worth suggesting. Sort of depends on who the people are, younger people will generally be more au fait with installing another app, but an older person, even if it makes their life easier, may prefer things as they are now, because they’re comfortable with it and know how to use it.
these people already have apps like Messenger and Whatsapp installed on their devices, which is IMO worse than having only Beeper installed (privacy-wise but also when considering convenience).
On the convenience front I fully agree, as far as privacy, I guess it depends on data the apps collect versus message content.
For example, if I have Beeper installed, Telegram can’t collect stuff like geolocation off my phone but I am still sending messages through Telegram’s servers, so no matter which app I use, that data is still being collected if that makes sense. I suppose it is better in principle, but I don’t know in detail what Beeper collects.
I had a similar issue and the way I mitigated it was keeping an Instagram account open, just accessing it through browser, and telling people I will check for new messages once a week or so, but advising them that any urgent contact should be done through Signal. Close friends and family opted to install it, others didn’t, and so far this has worked out very well for me. I understand this may not suit you, this is just my experience.
What is the business model and who is the developer?
Is it open source or audited?
Does it undermine the security model or e2ee of Signal (or Whatsapp or iMessage)?
Maybe I’m just highlighting my ignorance of the technical side of things, but if Signal is end to end encrypted, how can another app send messages via signal without compromising the security model.
Could be better but could be worse,
Your data is now visible to twice as many 3rd parties (telegram and beeper), As you mentioned it might limit the device data that (e.g.) Telegram can see, but a lot of that is optional anyways (there is no reason you need to give Telegram the GPS permission for example). So I think a lot of this comes down to the trustworthiness and the motivations of the company behind the app. I don’t know anything about the app or its developers so I don’t have an opinion on that.
One thing to note with relays like Beeper is that you will be sacrificing end-to-end encryption, even while communicating over services (like Signal, iMessage, Whatsapp) that offer it.
This isn’t their fault, these networks don’t expose APIs with end-to-end-encryption. So Beeper’s servers need to access to your messages in plain text, so they can encrypt and relay it to the destination service in a protocol they understand: Beeper FAQ
Now the great thing about Beeper is that they offer a self hosted variant, so you can work around this drawback: GitHub - beeper/self-host, but if you are not open to self hosting, and are planning to use Beeper as a relay primarily over e2ee services, you should evaluate the risks of breaking e2ee.