[Shekelphile]

> Beeper Mini does not MITM messages - it's a reverse engineering of how iMessage works, and runs entirely on-device, without putting messages thru Beeper's servers. It talks directly to Apple and pretends to be an iPhone.

It doesn't matter. It's closed source and not easily audited - they could easily just be doing a naive solution and piping every message back to themselves after it's decrypted by the client.

[sneak]

iMessage is also closed source, and iOS (as documented by Apple) backdoors the encryption in iMessage by including the cross-device “Messages in iCloud” endpoint iMessage sync keys in the non-e2ee iCloud Backup (as documented plainly in Apple’s own HT202303).

This means Apple can read the iCloud Backup contents, and Apple has the Messages in iCloud device endpoint keys, and Apple can decrypt the iMessages sent to or from the device in realtime.

iMessage is, in practical terms, not really e2ee.

It’s not fair to level these sorts of potential/speculative security concerns at Beeper Mini when iMessage’s first-party implementation has way worse problems that are actually documented.

[Shekelphile]

> It’s not fair to level these sorts of potential/speculative security concerns at Beeper Mini when iMessage’s first-party implementation has way worse problems that are actually documented.

Apple has a proven track record of not handing over all your messages to russian and chinese intelligence, something that beeper is almost certainly doing (as their business model revolves entirely around MITMing your email and chat)

You sound like a fifth columnist.