• onlinepersona@programming.dev
    link
    fedilink
    English
    arrow-up
    9
    ·
    9 months ago

    the only closed source part is their client.

    Which is exactly what I’m referring to. Plus, they can say they run a matrix server, but if your frontend is closed source, there’s no way I trust that they actually do run a fully opensource backend. Wouldn’t surprise me one bit to hear/read that they have closed source components in the backend too. Big nope from me.

    Anti Commercial AI thingy

    CC BY-NC-SA 4.0

    • Derin@lemmy.beru.co
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      9 months ago

      You can use any Matrix client with Beeper, you don’t have to use theirs.

      Regardless, there’s nothing stopping you from recreating the same stack using the available tools.

      What makes their service unique are the bridges. Download their sources, compile them, and then pair them with any server client combo you want.

      If you insist on using their stack, you can still use an OSS client. They chose not to make their client open source as it is, by design, for their service only.

      They’re trying to run a business aimed at people who don’t care about open source, and want the same closed source experience they get from their other chat apps but with inter connectivity between third party services.

      If you want the latter without any closed source code, you can just go and do that. They’ve released all the important parts.

      Edit: Here’s a guide to self hosting beeper.

      • shrugal@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        8 months ago

        What is this “closed source experience” you are talking about? How would making the client open source hinder that in any way, especially when their stated goal is to earn money with premium features instead of the app itself?!

        Imo being open source is a VERY big deal for an e2e encrypted chat client! I don’t really care whether most of their stack is open if the app I’m actually using to type and encrypt my messages is not. This makes the whole thing look like a trick, pretending to be open when key parts are not.

        • jarfil@beehaw.org
          link
          fedilink
          arrow-up
          3
          ·
          8 months ago

          What is this “closed source experience”

          I can answer that: it’s the “I don’t care about security as long as I can send memes and inappropriate messages to most people” experience.

          From the looks of it, it’s as secure as having WhatsApp/Signal/Telegram/ProtonMail doing “E2EE” through each app’s servers, and never knowing whether the client did the encryption right, or if it sent the keys to the server for messages to get intercepted… well, except you do know that the bridges are decrypting all messages anyway.

          • shrugal@lemm.ee
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            I can answer that: it’s the “I don’t care about security as long as I can send memes and inappropriate messages to most people” experience.

            Closed source doesn’t help with that though, you don’t have to care about privacy in open source.

            except you do know that the bridges are decrypting all messages anyway

            They are working on on-device bridges that preserve e2ee, but making the client closed source kind of defeats the purpose here.

            • jarfil@beehaw.org
              link
              fedilink
              arrow-up
              1
              ·
              8 months ago

              Closed source helps with the second part, the connecting with a majority of people using the same closed source platform (then different people use different platforms, which is where we are now… but the DMA might solve that).

              On-device bridges could be nice if they included that in the OpenSource part.

              • shrugal@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                8 months ago

                the connecting with a majority of people using the same closed source platform

                The platform is open, including the part that connects to other closed source platforms. It’s just Matrix and open source bridges after all. And making the client app closed souce doesn’t help with any of that.

                I’m sorry if I’m a bit pedantic about this, but it seems like you’re describing an upside to closed source software that’s just not there.

                • jarfil@beehaw.org
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  8 months ago

                  Too pedantic 😉

                  I was trying to explain that people on closed source platforms, right now, get:

                  • Good network effect
                  • Simple configuration
                  • Enough security theatre to keep them happy
                  • Different extra features

                  That’s the experience I understand Beeper is trying to compete with… and make money in the process.

                  Closing the client, could help them differentiate above the competition by better integrating into their own infrastructure, still keeping a simple configuration, and charging for it, while people who buy into the security theatre, woldn’t notice a difference in that respect. Expanding to selling some user metadata, or sniffing the bridges, would be an extra.

                  • shrugal@lemm.ee
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    edit-2
                    8 months ago

                    Nothing about what you just wrote has anything to do with closed source software though. You could just as well say that closed source helps them predict the future or draw shinier unicorns. It doesn’t!

                    Maybe you mean tightly coupled, stripped-down, preconfigured or vertically integrated, but you can do that just as well with open source software. No one is forcing them to make a general purpose chat app or offer the ability to choose a different server. It’s just a matter of being able to see, verify and modify the code.

                    differentiate above the competition […] charging for it

                    This is the only thing that comes close imo. But they stated specifically that they don’t want to make money with the chat app itself, so it doesn’t really work as a justification. They could easily offer server-side premium features or create a closed source premium-only version or extension, it’s no reason to make the base app closed source.

                    security theatre

                    They don’t have to do that, and they don’t afaik. Matrix itself can do proper e2ee just fine, and Beeper is pretty open about the fact that bridges hosted by them have to break e2ee to translate between platforms. They’d only need theater if their closed source app actually has some bad code in it, which is kind of my point.

                    Expanding to selling some user metadata, or sniffing the bridges, would be an extra

                    Again: Their Matrix server and bridges are open source right now, and it wouldn’t stop them from doing what you’re describing.

                    Too pedantic 😉

                    I just can’t help it. 😜

        • Derin@lemmy.beru.co
          link
          fedilink
          arrow-up
          2
          ·
          8 months ago

          Just use any open source client. You can literally do that.

          And if you don’t trust the company - for any reason - use their code to deploy your own backend.

          • shrugal@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            8 months ago

            That’s not the point. An app doesn’t become good because you can just not use it.

            • Derin@lemmy.beru.co
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              8 months ago

              I disagree. Beeper’s client is meaningless, it’s the service being offered that has value.

              If you don’t mind trusting a third party service with your Matrix instance + bridge hosting, use Beeper.

              If you’re into OSS and owning your own tech stack, self host the whole thing.

              At no point do you have to use their client for any reason.

              • shrugal@lemm.ee
                link
                fedilink
                arrow-up
                3
                ·
                edit-2
                8 months ago

                The thing is, we are talking about the Beeper service here. Yes Matrix is good, yes Beeper bridges are good, but a closed source Beeper app is bad. That’s what the criticism is about, and it doesn’t help if you deflect that by arguing about all the other things they are doing or that no one is forced to install it.

                • Derin@lemmy.beru.co
                  link
                  fedilink
                  arrow-up
                  4
                  ·
                  8 months ago

                  Fair point, if you’re just against the fact that they wrote a closed source client.

                  It’s frustrating that closed source software exists, but in this context I’m (personally) okay with it as it funds the development of free software.

                  • shrugal@lemm.ee
                    link
                    fedilink
                    arrow-up
                    3
                    ·
                    edit-2
                    8 months ago

                    You’re definitely right that people are a bit too doom-and-gloom about it, Beeper did do a lot of good over the last few years!

                    But I also find it a bit odd that they talk so much about the importance of open source in messaging, and then release a closed source client without at least adressing the topic. Add the fact that they’ve been aquired by another company on the same day, and it starts to smell like another instance of openwashing.

                    Idk, we’ll have to see how it plays out I guess.

    • flashgnash@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      Given it’s all entirely self host able if you use a different client I’m not sure how they could be

      Unless there’s some binary blobs hidden in the repo but you’d think someone would have pointed that out by now