pitninja

I assume you’re not using iMessage anyway then because Apple’s Messages stack isn’t open source. If you’re not using iMessage anyway, it shouldn’t matter to you what Beeper Mini is doing. This app isn’t for the ultra paranoid. Neither is Google’s RCS in Google Messages. This is where Signal and Matrix would be better choices. If you are using iMessage on an Apple device, you’re choosing to trust Apple despite their app being closed source and you’re not choosing to trust Beeper, which is fine and I don’t judge you at all for that stance. But at that point, your qualms aren’t simply about Beeper Mini being closed source, the implication is that you don’t trust Beeper as a company and/or its developers which, again, is a valid stance even if it’s one I don’t share.

But I am personally pretty sure I can trust Beeper and Apple enough with my relatively meaningless conversations.

By that logic, there’s nothing guaranteeing iMessage on iPhones is secure or private either because it’s closed source. If you don’t want to trust Beeper mini, you’ll be free to run their iMessage bridge on your own Matrix stack when they open source it at some point, which they’re promising to do (and you still won’t know that Apple isn’t scraping your messages on the iOS side). When I decide to trust a company, it’s because I look at what they’re transparently communicating to their end users. Every indication is that they are trying to get out of the middle of handling encrypted messages. Their first move to make this happen was allowing people to self host their own Beeper bridges (which you can still do with Beeper Cloud if you prefer and you will know that your messages are always encrypted within the Beeper infrastructure). They aren’t going to release the source for their client ever because that’s the only way they make any money.

I stopped paying for YouTube the moment Google killed Google Play Music and forced YouTube Music on me. Now Google gets no money from me and Apple does because they still offer a true music library service.

I was able to get video streaming with audio working on Discord using pipewire, but it was a massive pain in the ass and somewhat unreliable. I don’t have a lot of experience with Jitsi, but I trust others’ recommendation there

Calibre is a fantastic and underrated tool.

Presence tracking allows users to see the state (e.g online/offline) of other local and remote users.

Disadvantages include (this list is probably not exhaustive):

• Presence is disabled (as this uses a fair amount of resources)
• It has a tendency to be overloaded occasionally because so many people use it
• You have to play by their rules (not a problem for most users, but it bears mentioning)

You could also join other Matrix servers, especially ones that cater to a particular interest of yours.

If you go with self hosting, running a decent personal Matrix server that is capable of joining large channels like Matrix HQ is likely going to cost you money and/or time.

Personally, I think it’d be nice if you could self-host just the bridge instances and connect them with beeper yourself, so that the part that isn’t e2e encrypted is running on software you can validate and hardware you control.

I 100% agree this would be a great solution. That’s what I thought this page was going to be at first until I kept reading and realized it’s just a config guide for the Matrix Ansible setup. I wish they didn’t say “self host Beeper” on that page at all because self hosting Matrix has absolutely nothing to do with the Beeper service other than their devs built the bridges that they’re showing you how to set up with Matrix.

It’s almost not even fair to say they’re merely contributing back to the upstream bridges. Most of the bridges would not exist at all without the Beeper developers.

It’s also kind of funny that the section of their website you quoted still has language that implies you have to pay for Beeper when it’s been free for months at this point. The primary reason to self host Matrix at this point is for privacy and complete control. And self hosting Matrix is only free if you use existing hardware and I would recommend a cloud instance for most people.

Beeper’s server set up is actually a lot more complicated than just standard Synapse at this point. When they say you can “self host Beeper” that’s really not accurate at this point at all. All of their 3rd party chat bridges are dynamically spun up on a per user basis with hungryserv and those servers operate in parallel with a synapse server for Matrix interoperability all behind a roomserv server. Here’s a presentation that one of their lead developers created regarding their new architecture.

Afaik, that isn’t in effect yet, but will become a major factor next year.

As long as they didn’t staple the wire or something.

E2EE only exists up to the bridge, not the whole way to your client

I just want to clarify that most bridges can be set up to have E2EE between the Matrix client and the bridge (regardless of whether the bridge supports encrypted chats on the bridged service because not all do, e.g. Facebook), but it is true that the bridge itself has to decrypt and translate between Matrix and the 3rd party chat service, so as you mentioned trusting who hosts bridges or doing it yourself is really important.

It is a server config option. Lemmy.ml uses a banned word list, while other instances don’t. The words are still there and visible from instances that don’t censor.

Let’s Encrypt is one of the best things to ever happen to the Internet. It used to be a pain in the ass and take days to get certificates for domains and set them up on a server and now you can buy a domain and deploy a functional and secure website within 15 minutes. Lowering the barrier to entry for https was a game changer. I appreciate their clear communication about their timeline for changing their signing chain. If anyone is still using an 8 year old Android phone, it’s probably time for an upgrade anyway

You can run headless or do what the person I was responding to recommended and put it behind an authenticated portal, but that’s not really going to stop other instances and clients from accessing the same resources that op is hoping to limit access to except in the most basic case of people casually browsing op’s Lemmy instance through op’s own lemmy-ui.

Edit, but to be clear, what I was responding to and my response didn’t directly address op’s specific concern (which I kind of misunderstood myself before just now rereading) that outside/guest users shouldn’t be able to search for communities from other instances and I think it’s a fair concern because just searching for a community from another instance brings in posts and could be a vector for spam/abuse.

Wouldn’t this do basically nothing to prevent a 3rd party client from browsing your instance without authentication? I don’t know that there’s much that can really be done about this because you need open APIs for other instances to be able to access the content of your instance in order to make federation possible. That said, it’s an important consideration that anybody running a single person instance should consider. If you run a single person instance, people can learn a lot about you just by seeing which communities are available on your instance. The only way to obfuscate your actual interests is to have a dummy account subscribe to all the top communities on the biggest instances. (Which, honestly, this isn’t a bad strategy to employ anyway if you’re wanting a fresh All feed).

This is an interesting position to take, but one I’m not fully convinced I agree with even though I look at what Meta is doing with Threads and freely acknowledge I have no idea what their future monetization strategy is by linking to ActivityPub.

If people can interact with Threads users and posts in the Fediverse and not see any ads that Threads will undoubtedly display, what incentive is there to be on Threads proper? I don’t believe people are that enamored with recommendation algorithms, but maybe I’m way off base there. So, the only other potential strategy that makes sense to me is a form of partially limited access to content on Threads. Meta would probably want people to see what’s going on over in Threads even if they can’t fully participate somehow. There could be some Apple-like blue bubble/green bubble bullshit (probably not literally, but something akin to that strategy). There’s also undoubtedly going to be some form of inherent social pressure where people who’d left Facebook/Twitter to get away from Meta/Musk/corporate interests are forced to consider why they’re still cutting themselves off from friends/family who they could be interacting with on Threads through the Fediverse. Whether this pressure is positive or negative will be a matter of perspective, but it will influence some people to re-engage, which is a value that is hard to quantify. Regardless, Threads is going to divide the Fediverse into 2 distinct camps, those willing to federate and those unwilling. Servers willing to federate are going to be more bound by Meta’s rules and are going to be inundated by Thread’s content to the point they lose their individual identity and, arguably, their relevance. And those that don’t trust Meta at all, even on neutral ground, are potentially going to tend to draw the more paranoid, antisocial, and fringe crowds and have strange subcultures.

An app for browsing Reddit…

They did answer your question. Based off what they told you, one can reasonably assume Sync for Lemmy will be to Lemmy as Sync for Reddit was to Reddit…