this post was submitted on 05 Dec 2023
39 points (82.0% liked)

Technology

34894 readers
833 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

All messages are end to end encrypted. Also you don't need an Apple account and it connects directly to Apple servers.

you are viewing a single comment's thread
view the rest of the comments
[–] will_a113@lemmy.ml 45 points 11 months ago (3 children)

Their "how it works" blog article is worth a read - they're using a blackbox reverse engineering of the protocol and re-implementing it natively in the app, so there are no man-in-the-middle servers. Impressive software engineering for sure.

[–] Apollo2323@lemmy.dbzer0.com 13 points 11 months ago (2 children)

For sure very interesting! And its open source and you can run it in your computer if you have the knowledge.

[–] will_a113@lemmy.ml 5 points 11 months ago

Yup, the PyPush python-based proof-of-concept can run pretty much anywhere there's python.

[–] minishoemaze@beehaw.org 0 points 11 months ago (3 children)

I'm aware regular Beeper can be self-hosted, but Beeper Mini can too? Is there any more information on this or is that the "if you have the knowledge" part?

[–] biscuitswalrus@aussie.zone 5 points 11 months ago* (last edited 11 months ago) (2 children)

The mini version doesn't need hosting, it doesn't have a proxy middle man. A 16yo kid reverse engineered the protocol and then got contracted by beeper to implement it as beeper mini. It's a client directly connecting to apple like imessage native.

Will it break? I'd argue if the cost of breaking it in engineer time is worth doing to Apple, yes. All they'd have to do is roll their own crypto and reverse engineering that might be impossible. Probably easier ways to break it but then maybe it turns into a cat and mouse game.

Legally it's hard to say if it's OK too, the end user is likely fine, but the developer especially being contacted may not be since to reverse engineer it could be breaking terms of service or licensing clauses though I'm not really sure what kind of damages could be claimed. To reverse engineer they had to use the original on jailbroken iphones to go through the engineering discovery.

Anyway the point is, it's not going through beeper or anywhere other than Apple. So there's no component to host. It's different to beeper.

[–] LinuxSBC@lemm.ee 3 points 11 months ago (1 children)

The problem is that breaking it will also break a lot of Apple devices.

[–] biscuitswalrus@aussie.zone 2 points 11 months ago

Hmm you could be right. Keeping old protocols running for legacy compatibility reasons could in this case keep the solution working for some time.

[–] Bene7rddso@feddit.de 1 points 11 months ago

what kind of damages could be claimed.

According to Apple users, the color of their bubble has a lot of value

[–] will_a113@lemmy.ml 4 points 11 months ago

I don't know about the app itself, but the blog article links to the PyPush python-based proof-of-concept, which you can run pretty much anywhere.

[–] brihuang95@sopuli.xyz 6 points 11 months ago (1 children)

huh, interesting. so from a security perspective is there any other concern with this protocol? at least they're not using a mac relay server like Nothing Chats was

[–] skullgiver@popplesburger.hilciferous.nl 16 points 11 months ago* (last edited 11 months ago) (2 children)

[This comment has been deleted by an automated system]

[–] LinuxSBC@lemm.ee 4 points 11 months ago

The app itself is closed-source, but they use PyPush, which also has a blog post explaining how it works.

[–] Apollo2323@lemmy.dbzer0.com 3 points 11 months ago (1 children)

You can ask more questions on Reddit!

If you have any questions, I'm hosting an ask-me-anything on reddit.com/r/beeper - feel free to ask any questions you have for us there (after reading our blog posts first to see if it's already been answered!)

[–] QuarterSwede@lemmy.world 17 points 11 months ago

Heads up: People on Lemmy typically hate Reddit. That’s why we’re here and not there.