1521 points by erohead 817 days ago | 874 comments on HN
| Mild positive
Contested
Landing Page · v3.7· 2026-02-28 10:35:04 0
Summary Privacy & Digital Communication Advocates
Beeper's landing page actively advocates for communication privacy and digital equality through product design and messaging. The site prominently features on-device encryption architecture (UDHR Article 12: privacy) and free cross-platform access (Articles 1, 3), positioning privacy protection as structural rather than compliance-driven. While framed as product marketing rather than explicit human rights advocacy, the content demonstrates sustained commitment to privacy-preserving architecture and non-discriminatory access.
Very interesting. I was under the impression that Apple used hardware keys to validate iMessage accounts. But it seems that this is able to talk directly to Apple without and Apple hardware? In the post it just says that you need to send and receive a SMS to register.
Really happy to see that original customers are getting this included as well. I was worried that this was a ploy to say "we know we said you all would be grandfathered in, but that was for _Beeper Cloud_, our old legacy one. This new one is a monthly charge". Thanks for being great, @erohead
I'm on the fence about using this. I don't want to switch all my conversations over to iMessage and then have Apple figure out how to ban this. That kind of feels like a recipe for lost messages.
OK, took a while to figure out what it is, as I barely know anyone using iphone.
Though it's not for me, BUT if they deliver this:
> Over time, we will be adding all networks that Beeper supports into Beeper Mini, including SMS/RCS, WhatsApp, Messenger, Signal, Telegram, Instagram, Twitter, Slack, Discord, Google Chat and Linkedin. We'll also bring Beeper Mini to desktop and iOS.
I'm interested, even if it's paid. I'd love to have most of those apps gone and use a cleaner one.
I already had a significant respect for Beeper (Cloud) as a technical product. The backend being Matrix with open source bridges was a great choice.
This write up adds so much more to that respect. It would have been easy to botch this, it would have been easy to do a worse implementation that would have caused problems for users whether they cared or not, but Beeper seemingly took the time to get right.
Great job! Just from taking a quick look at this, what you have here is much bigger than iMessage itself.
This could literally allow things like Universal Clipboard to work on Linux and Windows - by using the method presented here to access the iCloud Keychain and generating Continuity keys and placing them there - then the iPhone will broadcast its clipboard data encrypted with those keys via BLE. If I understand all of this correctly.
It seems that at least the push notification registration part uses a "leaked/extracted" FairPlay private key [1]. As far as I understand, FairPlay certificates/keys should be unique to each iDevice. Couldn't Apple trivially ban all subscriptions originating from this fake device? The comment says you know how to generate more; does Beeper Mini generate one for each install? Why would Apple believe those certificates are authentic?
This downloads from GitHub and ’executes’ specific code points in what looks like a proprietary Apple binary, ‘IMDAppleServices’. Where was that binary sourced? Could you provide more context for what is performed at the hard-coded call-in addresses in your code? Does this relate to how you’re presenting a unique device identifier to the network? Do all clients share one identifier, or is it generated per Apple ID? Have any Apple IDs been locked out of iMessage during your development and testing?
This seems like it won't last, but it's AWESOME and I really hope you survive Apple's inevitable attempts to kill this. A universal chat application would be amazing, and will maybe help bring attention to the value of standards and interoperability (hopefully by governments/regulators).
Beeper is a really cool idea by some cool people (people behind the Pebble smartwatch) but I've resisted using it for fear of bans. I don't want my Slack/Discord/Instagram/AppleId/etc to get banned for using something not allowed under the terms of service. How are people who use Beeper dealing with this? Are you just using dummy/test accounts that you don't care about or are you just rolling the dice.
I would like to live in a world where I could use Beeper without worry but I don't feel like we currently live in that world. Am I wrong?
Dang, I support your efforts but I just don't have any incentive to pay for a texting app. Normal texting and WhatsApp and discord and Instagram and tiktok messages etc etc are all free. So I just don't really have a reason to subscribe to this.
"We don’t allow apps that interfere with, disrupt, damage, or access in an unauthorized manner the user’s device, other devices or computers, servers, networks, application programming interfaces (APIs), or services, including but not limited to other apps on the device, any Google service, or an authorized carrier’s network."
From what I understand your app connects to APNS without permission from Apple.
I have personally had my Google Play Developer account banned for making an app that connected to a 3rd party service
> many people always ask ‘what do you think Apple is going to do about this?’ To be honest, I am shocked that everyone is so shocked by the sheer existence of a 3rd party iMessage client.
These are two completely different concepts?
I’m aware third-party clients have existed for eons.
First they require email and personal info. Then they tell you it's a monthly subscription. Felt like a terrible onboarding experience and a bit of a dark pattern.
I think this might be launching at an opportune time. The EU is already trying to force them to open up the App Store and iMessage has a target on its back. A cease and desist about this won’t look great in the inevitable antitrust hearings…
If it does manage to do a good job imitating what an actual iPhone would do though - is there any way Apple even could shut it down without breaking iMessage on old iPhones or forcing people to update?
Seems like the local implementation may be durable, but the system for backend polling (BPN) they built appears to ping Apple servers server side. I imagine that creates a block of homogeneous traffic for Apple to spot.
Besides being allegedly hard to shut down without breaking iPhones, there's also this statement given to Ars Technica:
> Migicovsky had a few different answers. The broadest one, regarding the tech behind the app, is that reverse-engineering for interoperability is legal—a fair use exemption to the Digital Millennium Copyright Act's restrictions against circumventing encryption or other protections. The app also goes out of its way to avoid trademarks like iMessage, referring instead to "blue bubbles" and the like, and the rest might be considered nominative fair use.
I also enjoyed The Goal and found it helpful for my manufacturing business, although I'm having trouble understanding how it connects to this blog post.
Happy Beeper customer and original poster here to tell you: Beeper Cloud is already out there and works really well! It's also free, though you'll have to get through the waitlist somehow. It doesn't perfectly replace every app just yet but it covers the most important functionality extremely well. And it's available on mobile as well as desktop devices.
I would have also made that assumption, but I have to admit I'm not surprised it doesn't. IIRC, iMessage was introduced with iOS 5, which supported iPhone 3GS. The secure enclave didn't show up until iPhone 5S which shipped with iOS 7.
In the related pypush repo it mentions something about hardware serial numbers used in rate-limiting, etc. So I guess they do something?
But yes, I was expecting it to be based on some kind of hardware root of trust certificate system that comes from deep within the hardware and secure enclaves!
I am not the developer but I also looked at that binary to help the project at some point.
It's taken straight from OS X 10.8 (more precisely from an Update Combo on their download portal). It's calling NACInit, NACKeyEstablishment and NACSign functions from it (which have no entry points but with reverse engineering the offsets have been figured out). They are themselves relying on OS X system functions to get device information. The Python code is using Unicorn to emulate it and patch the calls to those functions to stubs returning pre computed values from a Mac machine (stored in a data.plist file). All clients are using the same machine identifier. IIRC, nobody did get its account locked but if the Apple ID has not been used at all it might fail (it depends on the donor device that generated data.plist, if it's a hackintosh for example it will likely not work).
Snazzy Labs did an overview video [1] about this implementation. According to them, reusing a specific hardware token is such s common practice that Apple would need to "redesign their entire authentication and delivery strategy" to mitigate this problem.
I guess we'll see how this statement holds up in the coming weeks/months.
I saw an article on the topic where the reporter spoke with Beeper's CEO, Eric Migicovsky. He seems to believe that blocking Beeper might cause problems for legitimate Apple user's.
Obviously that outcome is something he wants, but I still think its interesting.
Ive tried the legacy version to consolidate Signal, Whatsapp, etc and you can't send/receive calls, only messages. It's very much still a work in progress
One of my companies lives from this kind of things so it would last if someone could fund it. More food for thought: "Reflecting on 16 Years of Work on Adversarial Interoperability" (now, more than 20...) [1]
I’ve been using Beeper as my main chat client for multiple years and haven’t had any issues with account blocks or bans on any of their supported platforms. I have Discord, Signal, WhatsApp, iMessage, and LinkedIn connected. There are technical issues at times but they are well communicated and usually resolved pretty quickly.
Privacy is explicitly and prominently positioned as core value. 'Secure chats' section states 'ensuring maximum privacy' with architectural detail. Privacy framed as product advantage and user right protection.
FW Ratio: 63%
Observable Facts
'Secure chats' is prominent second section on landing page.
Direct quote: 'messages go straight from your device to the network, ensuring maximum privacy.'
Privacy Policy explicitly linked in footer.
Company describes itself: 'standalone app with no affiliation or endorsement from Apple, Google, Meta, or any other chat platform we support.'
Footer includes 'System status' and 'Security' links, signaling security-first culture.
Inferences
Architectural design ensures privacy is built-in, not added compliance layer.
Positioning as independent from major platforms removes conflicts of interest that typically undermine privacy.
'Secure chats' is second major content section. Explicitly states 'Beeper supports on-device connections for most chat apps. That means messages go straight from your device to the network, ensuring maximum privacy.' Security and privacy are positioned as core values.
FW Ratio: 57%
Observable Facts
Second major heading: 'Secure chats'.
Text states: 'Beeper supports on-device connections for most chat apps. That means messages go straight from your device to the network, ensuring maximum privacy.'
Privacy Policy linked in footer.
Company positioned as 'standalone app with no affiliation or endorsement from Apple, Google, Meta, or any other chat platform,' removing incentives to compromise privacy.
Inferences
On-device encryption is architectural, not a compliance feature added later.
Independence from major platforms removes corporate pressure to surveil users for ad targeting.
Explicit privacy claims are supported by architecture description, not just marketing language.
Explicitly states 'Beeper is free to use, with optional paid subscription,' positioning cost-free access as default. Multi-platform support mentioned as feature.
FW Ratio: 60%
Observable Facts
Headline: 'Download for free — One inbox for all your chats.'
Text states: 'Beeper is free to use, with optional paid subscription.'
App available on 'macOS (Apple silicon and Intel), iOS (iPhone and iPad), Android, Windows, and Linux.'
Inferences
Free-first model removes economic barriers, supporting dignity through equal access.
Multi-OS support ensures users aren't excluded by hardware economics or ecosystem lock-in.
Multi-device support mentioned: 'Read and reply to your messages across multiple devices.' Enables mobility and connectivity while traveling or changing locations.
FW Ratio: 60%
Observable Facts
Section titled 'Multiple devices': 'Read and reply to your messages across multiple devices.'
Text states: 'Your messages sync seamlessly' across platforms.
Available on macOS, iOS, Android, Windows, Linux, ChromeOS, iPad—enabling access from any location.
Inferences
Multi-device architecture enables users to maintain communication while traveling.
Cross-platform availability reduces locational constraints on communication access.
'Power users (like those managing multiple brand accounts) get more done with a unified, pro-grade interface' implies support for professional work and livelihood.
FW Ratio: 50%
Observable Facts
Text references: 'helping power users (like those managing multiple brand accounts) get more done with a unified, pro-grade interface.'
Inferences
Professional communication tools support economic livelihood and work efficiency.
Support for WhatsApp, Instagram, Telegram, Google Messages, Signal, Slack, Discord, LinkedIn, X, Messenger, and Google Chat enables expression across diverse platforms.
build 1ad9551+j7zs · deployed 2026-03-02 09:09 UTC · evaluated 2026-03-02 11:31:12 UTC
Support HN HRCB
Each evaluation uses real API credits. HN HRCB runs on donations — no ads, no paywalls.
If you find it useful, please consider helping keep it running.