[amazingman]

Beeper's app is the MiTM. I already have to trust Apple not to abuse their privileged position re: e2e iMessage. Now I have to trust Beeper, Apple, and Apple has to continuously trust/verify Beeper. Privacy and interop are fundamentally in opposition here, and I find Beeper's PR approach regarding this to be misleading at best.

[Nextgrid]

Beeper is as much of an MITM as your e-mail client is one, or your FTP client, or your SSH client, or your browser. Should those also be frowned upon? After all, they both implement a cryptographic protocol and have access to the plaintext.

You also don't have to trust Beeper because you are not obliged to use it. You are welcome to not use it (and buy an Apple device) or even fall back to SMS.

The recipient can themselves decide what level of security they want and whether they trust Beeper (but they don't need Beeper to compromise their security - they can just as well post screenshots of your E2E-encrypted messages with them, make a backup on a compromised computer or leak their Apple/iCloud credentials).

[amazingman]

Email isn't end to end encrypted. FTP and SSH are client-server protocols whereas iMessage is client-server(s)-client.

Do you actually believe these things you're claiming, or are you arguing for the sake of contrarianism?

[Nextgrid]

> Email isn't end to end encrypted

E-mail can be end-to-end encrypted; you can use PGP (of which there are multiple implementations, all compatible) or some other custom cryptographic protocol. Having multiple compatible implementations does in no way prevent it from being secure.

> FTP and SSH are client-server protocols whereas iMessage is client-server(s)-client.

I don't understand how iMessage and FTP are different? Both have a server which mediates communication between different clients. The FTP server accepts & persists files which other clients then see and can download. The iMessage server does something similar but with messages.

> Do you actually believe these things you're claiming

Yes? I believe every person should have the right to choose which software they use to interact with services, whether it's first-party, third-party, or their own creation. I don't know nor care which browser you're using to read & reply to my comments and shouldn't have a say it in in any case - whatever happens on your machine is your own business only.

I don't understand what is so extreme about my position? It's like arguing that being able to open & create Microsoft Office files in anything but a Microsoft-approved version is heresy.

[amazingman]

>E-mail can be end-to-end encrypted; you can use PGP

SMS can be end-to-end encrypted; you can use PGP.

>I don't understand how iMessage and FTP are different?

If I get a new iPhone and set it up without restoring it from a backup and I have NOT opted into "Messages in iCloud" (I personally have not), then my entire iMessage history is unavailable to me on my new iPhone.

>I believe every person should have the right to choose which software they use to interact with services

Then you also believe that forgoing E2E encryption is an acceptable tradeoff for exercising that freedom.

>I don't understand what is so extreme about my position?

It's not that your position is extreme, it's that you don't seem to understand the consequences of that position.

[Nextgrid]

> If I get a new iPhone and set it up without restoring it from a backup and I have NOT opted into "Messages in iCloud" (I personally have not), then my entire iMessage history is unavailable to me on my new iPhone.

Ok, the difference between an FTP server and the iMessage server is that iMessage only buffers the messages for a few hours (until delivered) where as FTP server would persist it for longer. That's completely irrelevant in this case though - both operate as a temporary storage space to which multiple clients owned by different parties connect to, and I still don't understand why it should be acceptable to connect a third-party client to one but not the other?

> Then you also believe that forgoing E2E encryption is an acceptable tradeoff for exercising that freedom.

If there was some technical reason why E2E wasn't possible then sure, but there's none - as both GnuPG, browsers, SSH clients, XMPP, and Beeper all demonstrate, a third-party client can just as well implement an E2E protocol, and the only reason we can't have that with iMessage is because it would compromise Apple's vendor lock-in.

> it's that you don't seem to understand the consequences of that position

Which are? I still don't understand how Beeper being out there affects me negatively as an Apple user? Even if we assume Beeper actually had some security vulnerabilities and was literally sending message contents in plain unencrypted form over an untrusted network, it still wouldn't be any worse than texting those people via SMS, which is unencrypted by design?