undefined | Better HN

0 pointslrvick2y ago0 comments

Beeper at least has source code for the bridges, which you can have some hope is the same code that they run and that they don't get court orders to look at the messages.

If they ever chose to implement remote attestation for bridges, and you chose to use an open source matrix client to control your local keys, there is at least a potential path for you to prove they can't look at messages so you don't have to trust them.

You also have the option to self host bridges and take your ball and go home at any time, given that Matrix is an open protocol. Minimal lock-in.

Texts.com by contrast is completely proprietary as far as I can tell, with no path to self host, so it is strictly worse than Beeper in every way in terms of transparency.

0 comments

batuhanicoz2y ago

Our code isn't open source but when you are using Texts, you are self-hosting it. It runs completely on your device!

lrvickOP2y ago

So you tell user devices to run any code of your choosing, and no one but you is allowed to look at that code. Presumably you do not use reproducible builds, because almost no one does, so the choice of which code runs on user devices likely comes down to a single system administrator or release engineer.

A court order or someone holding a rubber hose could instruct that release engineer to ship tweaked code to any number of devices that sets "42" as the random seed for private keys, allowing anyone with that knowledge to decrypt all messages in transit covertly.

It would be in the best interest of your shareholders to lie if this was ever to happen.

Without the code being open source, everyone should assume this is the case.

Messengers are a massive target, and a target of that size on one person is certain to be exploited.

One of core areas of my research is supply chain attacks, and you have no hope of providing strong defense against them without open source reproducible builds.

batuhanicoz2y ago

I agree that open source is very important — it’s one of the core values here at Automattic, where we have a long track record of open sourcing our products and vast majority of what we make is already open source.

Texts connects directly to the platform, from your device, without using any Texts servers having any access to your messages (even in encrypted form) and without breaking the E2EE the platform provides (for platforms that support that), similar to Beeper’s new Signal integration.

A major benefit of this is you can verify what requests are made and what responses are received. You can also use Texts, not upgrade, and would run the same WhatsApp code for example until you upgrade. Same can’t be said for WhatsApp Web for example. It might also be easier to compromise the platform themselves for a government entity, if that’s our threat factor.

It should go without saying we take user privacy and security very seriously, and have restrictions around who can build, sign and distribute our binaries.

1 more reply

j / k navigate · click thread line to collapse

0 pointslrvick2y ago0 comments

Beeper at least has source code for the bridges, which you can have some hope is the same code that they run and that they don't get court orders to look at the messages.

You also have the option to self host bridges and take your ball and go home at any time, given that Matrix is an open protocol. Minimal lock-in.

Texts.com by contrast is completely proprietary as far as I can tell, with no path to self host, so it is strictly worse than Beeper in every way in terms of transparency.

0 comments

batuhanicoz2y ago

Our code isn't open source but when you are using Texts, you are self-hosting it. It runs completely on your device!

lrvickOP2y ago

It would be in the best interest of your shareholders to lie if this was ever to happen.

Without the code being open source, everyone should assume this is the case.

Messengers are a massive target, and a target of that size on one person is certain to be exploited.

One of core areas of my research is supply chain attacks, and you have no hope of providing strong defense against them without open source reproducible builds.

batuhanicoz2y ago

It should go without saying we take user privacy and security very seriously, and have restrictions around who can build, sign and distribute our binaries.

1 more reply

j / k navigate · click thread line to collapse