Comment on Signal Protocol and Post-Quantum Ratchets
Passerby6497@lemmy.world 2 days agoTl;Dr - you have nothing other than baseless suspicion of an open source protocol that’s been reviewed by tons of security people and is widely considered secure by people who actually know what they’re talking about
Korkki@lemmy.ml 2 days ago
Of course I don’t have any concrete proof. If there was concrete proof we shouldn’t be having this conversion. My main issue is that it’s centralized and that’s a huge black box. People obsess with this “but it’s protocol open source” like headless chickens when that’s not the issue. Open source is like the step one when it comes to private and secure messaging. It just comes down to if you trust the devs and those doing the hosting. When it’s central all of that thrust rests on that one group and their hosting service not fucking you over even if they can or can not read the encrypted messages themselves. I’m not concerned signal keeping people’s dickpicks private here in that that even whatsapp is as good as any.
I see I made the mistake of coming to an obvious fangirl meeting to have an serious discussion about security merits.
trailee@sh.itjust.works 1 day ago
Those two don’t go together, bud.
Ok so let’s talk about Brian Acton walking away from nearly a billion dollars due to his moral stance on private communication. Or Meredith Whittaker’s determination to pioneer a tech business model other than surveillance capitalism.
You’re absolutely right that it comes down to trusting the devs, which is why WhatsApp is a nonstarter even though it uses Signal’s E2EE. Europe’a chat control proposal doesn’t need to break E2EE, it just needs to demand that the messaging client app scans all content locally before encrypting and has a way to tattle. Meta could also be scanning everything you type into WhatsApp and feeding it into a local AI advertising interests summarizer or whatever else, and still claim E2EE. The open source client is far more important than an open source server when there’s proper E2EE.