Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
wischi@programming.dev 8 hours agoSignal could still (at least for a short period of time) read everything. Whisper System just has to push a Signal Update that no longer encrypts. It would probably be noticed pretty soon. And no not because of the source code. The source code is what they claim to ise to build the applications but they could easily apply patches before they build. You’d have to reverse engineer the compiled applications ro see if there is code that’s probably not in the source.
This kind of problem is typically way smaller in projects that actively encourage building the clients from source yourself - which Whister System/Signal does not.
SlippiHUD@lemmy.world 7 hours ago
Theres so many ways to check for that that don’t require decompiling the app.
You can straight compare the downloaded binary with a locally compiled binary to see if they match.
You can check the hash of app. Changing some lines of code and getting the same hash is so unlikely to be effectively impossible.
If for some reason Signal decided to do what you claim, it’d destroy thier credibility, be caught almost immediately, and only work once before the whole project gets forked, and would be true of any alternative.