Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
wonderingwanderer@sopuli.xyz 16 hours agoYou’re talking about E2E encryption as if it prevents side-channel attacks
That’s literally what E2E encryption does. In order to attack it from outside you would have to break the encryption itself, and modern encryption is so robust that it would require quantum computing to break, and that capability hasn’t been developed yet.
The only reason the other commenter’s words sound like spam to you is because you don’t understand it, which you plainly reveal when you say "(as long as there isn’t a backdoor in the published [audited] code)
RIotingPacifist@lemmy.world 16 hours ago
E2E encryption doesn’t prevent client side attacks, I misspoke when I called it a side channel attack, and ultimately Signal code is audited, so Signal is more secure, but people are mistaking a client-side exploit (sent from Meta’s servers to the WhatsApp client) with breaking E2E encryption of whatsapp, which is not what is described in the article.
wonderingwanderer@sopuli.xyz 16 hours ago
It sounds like you’re contradicting yourself now. You’re right, signal is more secure because its source code is open-source and auditable. So what’s the issue? It seems you’ve been arguing otherwise, and you’re just now coming around to it without admitting that you were wrong in the first place.
The client-side app is also open-source and auditable, and you can monitor outgoing traffic on your devise to see whether the signal app is sending data that it shouldn’t. It sounds like people have verified that it doesn’t do that, but if you don’t want to take their word for it then why don’t you see for yourself?
RIotingPacifist@lemmy.world 16 hours ago
I didn’t realize Signal now has reproducible builds (in my defense it didn’t when it launched)
This is mostly useless as the traffic signal is sending is encrypted, so you really have to just trust the code.
wonderingwanderer@sopuli.xyz 16 hours ago
If it’s sending 0.0kb of background data, then the client is not communicating clandestinely with the server.