beem docs

English

Deutsch
Français
Italiano

English

Deutsch
Français
Italiano

Appearance

beemNet: Your trusted gateway to the Internet

When you're connected to the internet through beemNet, your data traffic is actively monitored to protect you from online threats such as phishing, malware, and other cyber dangers. This protection adapts based on the type of traffic and the security settings configured by your beem administrator. There are three types of network traffic that beem distinguishes for this purpose. To help explain how this works, imagine your internet traffic is like receiving letters in the mail.

Your trusted gateway to the Internet

In some cases, no analysis is needed. This applies to traffic that Swisscom already knows is safe—like phone calls, Swisscom blue TV, or streaming services such as Spotify, Netflix, or YouTube. In our letter example, this is like receiving a letter from someone you trust. We don’t open or inspect it—we simply deliver it to you.

Understanding Basic Traffic Monitoring with SPI

In other cases, a basic level of analysis is applied. This is known as Stateful Packet Inspection (SPI). Think of it like examining the outside of a letter: we check the sender, the recipient, and the type of envelope. If anything looks suspicious, the letter is blocked and not delivered. In internet terms, this means the beem app inspects elements such as website addresses, protocols, and certificates. If a website is known to be harmful, like a phishing website, access is automatically blocked to protect the user.

WARNING

Many mobile apps, especially those used for banking, payments, and similar services, employ advanced security measures such as certificate pinning to protect your data. This ensures that even if someone attempts to intercept the connection, they won’t be able to decrypt or read the information. beem fully respects these protections, which is why only basic-level analysis (SPI) is applied in such cases. As a result, your security and privacy in these scenarios primarily depend on the app provider. Many of the most trusted apps in Switzerland—such as Twint, SBB, and various mobile banking apps—fall into this category and use strong security practices to keep your data safe.

Understanding Advanced Traffic Monitoring with DPI

For even stronger protection, Deep Packet Inspection (DPI) is used to perform a more detailed analysis of network traffic. In this case, it’s like opening the letter to examine its contents. If the contents are harmful—such as a virus or malware—the letter is blocked. But if everything is safe, the contents are resealed and securely delivered to you. For example, if you receive an email with an attachment, the beem app will scan it. If it’s safe, you can open it. If it’s dangerous, it will be blocked before it ever reaches your device.

Deep Packet Inspection (DPI) relies on a trusted Root Certificate Authority (CA) certificate installed on the device where the beem app is running. This certificate allows encrypted traffic—such as HTTPS websites or mobile app data—to be securely inspected. Without this certificate, encrypted data cannot be inspected, and users may encounter trust or certificate errors. With the certificate in place, beemNet can safely analyse traffic without disrupting normal browsing or app usage.

By default (unless specified otherwise by the beem administrator), the beem app automatically installs a certificate called “Swisscom beemNet Root CA.” This certificate is issued and signed directly by Swisscom, ensuring secure and trusted communication.

WARNING

The beem app cannot function properly without a trusted Root Certificate Authority (CA). If the Root CA certificate is deleted by the user or its trust is revoked, the beem app will automatically reinstall it at the next available opportunity.

  • Windows: The certificate is silently reinstalled by a background task without any user intervention.
  • macOS: The certificate is reinstalled during the next reconnection to beemNet. macOS will prompt for authentication, and successful authentication confirms the installation. If the user doesn’t confirm, the beem app will display a permanent toast message and will block connection to beemNet until the user explicitly confirms trusts in the certificate.
  • iOS & Android: The next time the app is opened, onboarding screens will guide the user through reinstalling the certificate or renewing trust. The app will remain in this state, and connecting to beemNet will be disabled, until the certificate is successfully reinstalled and trusted.

TIP

Swisscom takes your privacy seriously. All analysis is performed automatically by machines, and it happens entirely within Switzerland. No one—not Swisscom employees, partners, or even your company’s beem administrators—can see the contents of your data.

The settings configured by your beem administrator determine whether to employ basic (SPI) or detailed analysis (DPI), and under what circumstances. Thanks to this smart and privacy-respecting analysis, along with the way beemNet anonymizes your identity online, users are well protected against many internet threats.