EN

Help

What is encryption?

Encryption transforms information into a format that only someone with the correct key can decode. It’s used to ensure that your data and communications remain confidential.

What is end-to-end encryption?

End-to-end encryption ensures that data is encrypted before leaving your device and remains unreadable until it reaches the intended recipient device. No one outside the conversation can access the message content.

Who can read my messages?

Because end-to-end encryption is used, only the people involved in the chat can access the messages. No one at Beam-or any outside organization-can read them. However, if you lose your recovery key, you’ll also lose access to your own messages.

Are all of my messages encrypted?

Yes, messages are encrypted in rooms. Beam does not allow communication with encryption disabled.

What does it mean to verify a device in BEAM?

Device verification is not required when you login from somewhere else from your laptop or even just from another browser on the same laptop. After you login on a new device, you can use your cryptographic identity to demonstrate that the new login genuinely belongs to you. You can do this by scanning the provided QR code on the web-based BEAM.

What is a recovery key?

When you initially configure recovery, a unique recovery key of 48-character sequence is generated. An example of a recovery key can be found here: HvWC 7xv9 kq59 89mn X4xK Cede 7SyV TTT4 89wv hp8r U8qe fguT.

This key grants access to your identity and message keys, and can be employed to validate your new devices to retrieve message history and utilize your identity for sending messages.

The recovery key is the only method to restore your message history in case you logged out of the Beam Application on all devices.

How to store your recovery key?

Your recovery key is a very personal key, which gives access to the content of your messages. Safe the key at a safe location. Valuable options could be via a password manager or on a piece of paper stored in a secure physical location (e.g. a personal safe).

What do you do when you lose your recovery key and are signed out of the Beam Application on all devices?

You are not able to recover any message history and you’ll need to reconfirm your verification with other users again.

How to (re)create your recovery key?

  • Open the Beam Application

  • Click on your avatar in the upper left corner

  • Choose ‘Encryption’

  • Click ‘Set up Recovery’

What does “key storage is out of sync” mean?

The BEAM web and mobile app monitor the health of your cryptographic identity by checking that all the keys that establish your identity are present in the device. This is necessary to discover potential problems as early as possible, and to ensure that your messages can be correctly decrypted and encrypted.

When it is detected that one or more keys are missing, you are notified that “key storage is out of sync” and asked to enter your recovery key, in order to retrieve the missing identity keys.

What is a device?

Simply put, a device is your laptop, phone, tablet or desktop that you login to your account from or create your account from.

What is cryptographic identity?

In end-to-end encrypted messaging, cryptographic identity is the foundation for ensuring that when Alice is sending a message to Bob:

  • Only Bob can decrypt the message
  • Bob can cryptographically verify that the message is from Alice.

In practice, the user’s cryptographic identity is established as a cryptographic key pair that is generated locally within the laptop or phone of the user when they first log in to their account. However, a regular user normally does not see their identity anywhere on the screen, nor do they have a need to see it.

What is user(identity) verification?

If Bob wants to make sure that he is (still) messaging with Alice, he has to remember Alice’s cryptographic identity. Similarly, Alice has to remember Bob’s identity.

User (identity) verification: Alice and Bob explicitly validate that they have both received the correct identity for each other. This is accomplished by comparing a set of emojis shared via some other channel, for example in a live video conference or by meeting in person.

For more sensitive use cases, user (identity) verification offers additional protection against advanced man-in-the-middle attacks, wherein an attacker was actively interfering with Alice and Bob’s communication from the start of their correspondence, replacing their identities with the attacker’s and preventing them from ever observing each other’s identities. User verification prevents this kind of advanced attack.

Why do I see an identity reset alert for one of my contacts?

Beam notifies you whenever a contact’s identity has been reset, allowing you to verify your communication’s privacy and guard against potential man-in-the-middle attacks.

The most common cause is a contact resetting their identity themselves, often due to losing all devices. However, whenever an identity reset occurs, it may also indicate an attempted eavesdropping attempt. When a suspicious identity reset occurs, it is adviced to verify the situation with the contact using another channel, for example via email/phone or by meeting in person.

What should I do if I receive an identity reset alert?

It’s advisable to confirm with your contact whether they intentionally reset their identity. You could do this in person or using an alternative means such as email or other messaging app.

If the identity reset is for a previously verified contact, we strongly recommend to re-verify as soon as possible. Note that in this case, messaging with the contact is also blocked. If you can’t immediately re-verify, it is possible to withdraw the verification to continue messaging with the person.

If you haven’t previously verified the contact’s identity, the new identity is accepted and saved automatically, meaning no additional action is required by you. We will notify you if any further resets to your contact’s identity occur in the future.