All messages are end to end encrypted. Also you don’t need an Apple account and it connects directly to Apple servers.

  • will_a113@lemmy.ml
    link
    fedilink
    English
    arrow-up
    45
    ·
    1 year ago

    Their “how it works” blog article is worth a read - they’re using a blackbox reverse engineering of the protocol and re-implementing it natively in the app, so there are no man-in-the-middle servers. Impressive software engineering for sure.

      • will_a113@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Yup, the PyPush python-based proof-of-concept can run pretty much anywhere there’s python.

      • shoe@beehaw.org
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        I’m aware regular Beeper can be self-hosted, but Beeper Mini can too? Is there any more information on this or is that the “if you have the knowledge” part?

        • biscuitswalrus@aussie.zone
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          1 year ago

          The mini version doesn’t need hosting, it doesn’t have a proxy middle man. A 16yo kid reverse engineered the protocol and then got contracted by beeper to implement it as beeper mini. It’s a client directly connecting to apple like imessage native.

          Will it break? I’d argue if the cost of breaking it in engineer time is worth doing to Apple, yes. All they’d have to do is roll their own crypto and reverse engineering that might be impossible. Probably easier ways to break it but then maybe it turns into a cat and mouse game.

          Legally it’s hard to say if it’s OK too, the end user is likely fine, but the developer especially being contacted may not be since to reverse engineer it could be breaking terms of service or licensing clauses though I’m not really sure what kind of damages could be claimed. To reverse engineer they had to use the original on jailbroken iphones to go through the engineering discovery.

          Anyway the point is, it’s not going through beeper or anywhere other than Apple. So there’s no component to host. It’s different to beeper.

            • biscuitswalrus@aussie.zone
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              Hmm you could be right. Keeping old protocols running for legacy compatibility reasons could in this case keep the solution working for some time.

          • Bene7rddso@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            what kind of damages could be claimed.

            According to Apple users, the color of their bubble has a lot of value

        • will_a113@lemmy.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          I don’t know about the app itself, but the blog article links to the PyPush python-based proof-of-concept, which you can run pretty much anywhere.

    • Bri Guy
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      huh, interesting. so from a security perspective is there any other concern with this protocol? at least they’re not using a mac relay server like Nothing Chats was