> Apple makes commitments about encryption and security
Those commitments are only as strong as the recipient's control of their Apple ID credentials. It should be up to them whether they want to entrust a third-party (whether Beeper, or someone with an actual Apple device) with their messages.
But they don't need Beeper to make that decision. They can just as well leak screenshots of the conversation, backup their phone to iCloud (which breaks E2E unless Advanced Data Protection is enabled) or a compromised computer, or just leak their Apple ID credentials which would allow any attacker to take over their iMessage account (using a real device) and download their backups, or run an outdated iOS version with known vulnerabilities or jailbreak and install a malicious tweak.
I don't see how Beeper makes that any worse - I've listed a myriad of ways a user can choose to compromise the security of any iMessages sent to them. These ways have been known for decades and Apple hasn't done anything (they could lock-out outdated and jailbreakable iOS versions).
Those are exceptions. Being able to take a screenshot simply isn't in any way comparable to silently transiting every single message through a service, with unknown management and unaudited security, with < 50 employees, and that doesn't even appear to employ a single security engineer per my skim of their linkedin page.
Being careless with your Apple ID credentials, having malware on your outdated iOS device or the computer you sync your iPhone to (note: they can sync wirelessly and in the background now, so it doesn't have to be an explicit action) can result in the same outcome - your messages silently going to an attacker.
Either way, it should be up to the user to decide what they want to do with their messages and how much security they attach to them. After all, even in case of a fully bulletproof solution that would even prevent screenshots, the user is still free to read their messages out loud in a public place or in reach of a recording device.
Also, again, Beeper Mini (different from Beeper Cloud, which is not E2E compatible) operates entirely on-device - no message data transits through Beeper's infrastructure. There's an optional cloud component to enable real-time push notifications but even in that case I believe their server merely relays data and doesn't have the decryption keys.
> Either way, it should be up to the user to decide what they want to do with their messages and how much security they attach to them.
So you agree, it's wildly unethical to use Beeper because it doesn't give all the users in the convo the right to choose the security of their messages.
It's only as unethical as someone not running the latest iOS version, not having a strong passcode on their device and a strong Apple ID password and observing proper security practices on their main computer to ensure it isn't compromised either.
Whether you consider that unethical is up to you. Most people don't know or care and everything works out anyway.
Those commitments are only as strong as the recipient's control of their Apple ID credentials. It should be up to them whether they want to entrust a third-party (whether Beeper, or someone with an actual Apple device) with their messages.