Comment

Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption

<- View Parent

just_another_person@lemmy.world ⁨3⁩ ⁨months⁩ ago

Signal

source

Sort:hotnew top

RIotingPacifist@lemmy.world ⁨3⁩ ⁨months⁩ ago
You’re just replacing trust in Meta with trust in Signal without understanding why Meta is vulnerable to this.

Is Signal more trustworthy, probably, is Signal safe from the attack described, absolutely not.

source
- axx@slrpnk.net ⁨3⁩ ⁨months⁩ ago
  Theoretically, you can check the code actually running on the Signal servers is the code they publish under a free and open source licence, using the hardware-based TEE attestations the servers will return
  
  Someone more knowledgeable than me may have managed to do so, I haven’t.
  
  source
- felbane@lemmy.world ⁨3⁩ ⁨months⁩ ago
  Tell me you don’t understand how Signal’s E2E mechanism works without telling me you don’t understand how Signal’s E2E mechanism works.
  
  source
  - RIotingPacifist@lemmy.world ⁨3⁩ ⁨months⁩ ago
    Tell me you don’t understand what E2E encryption is without telling me you don’t understand that the limits of E2E encryption.
    
    source
- just_another_person@lemmy.world ⁨3⁩ ⁨months⁩ ago
  See every other comment in this thread describing in great detail why you are wrong, but that you fundamentally DO NOT UNDERSTAND how any of this works whatsoever.
  
  source
  - RIotingPacifist@lemmy.world ⁨3⁩ ⁨months⁩ ago
    You fundamentally DO NOT UNDERSTAND how security works, go play with your algorithms and stop spamming my replies.
    
    source
    in_my_honest_opinion@piefed.social ⁨3⁩ ⁨months⁩ ago
    Um, security is based largely on emcryption algorithms.
    
    source
    -> View More Comments
- anon_8675309@lemmy.world ⁨3⁩ ⁨months⁩ ago
  This is key and I don’t think Signal shies away from this. You MUST trust the code you’re running. We know there are unofficial Signal builds. You must trust them. Why? Because think of it this way. You’re running a build of Signal, you type a messages. In code that text you type then gets run through Signal’s encryption. If you’re running a non-trustworthy build, they have access to the clear text before encryption, obviously. They can encrypt it twice, once with their key and once with yours, send it to a server, decrypt theirs and send yours on to it’s destination. (for example, there’s more ways than this).
  
  source
  - pressanykeynow@lemmy.world ⁨3⁩ ⁨months⁩ ago
    The code can be okay but it’s delivery method(aka Google), the OS(aka Google) or the hardware can be compromised.
    
    source