Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
RIotingPacifist@lemmy.world 15 hours agoE2E encryption doesn’t prevent client side attacks, I misspoke when I called it a side channel attack, and ultimately Signal code is audited, so Signal is more secure, but people are mistaking a client-side exploit (sent from Meta’s servers to the WhatsApp client) with breaking E2E encryption of whatsapp, which is not what is described in the article.
wonderingwanderer@sopuli.xyz 15 hours ago
It sounds like you’re contradicting yourself now. You’re right, signal is more secure because its source code is open-source and auditable. So what’s the issue? It seems you’ve been arguing otherwise, and you’re just now coming around to it without admitting that you were wrong in the first place.
The client-side app is also open-source and auditable, and you can monitor outgoing traffic on your devise to see whether the signal app is sending data that it shouldn’t. It sounds like people have verified that it doesn’t do that, but if you don’t want to take their word for it then why don’t you see for yourself?
RIotingPacifist@lemmy.world 14 hours ago
I didn’t realize Signal now has reproducible builds (in my defense it didn’t when it launched)
This is mostly useless as the traffic signal is sending is encrypted, so you really have to just trust the code.
wonderingwanderer@sopuli.xyz 14 hours ago
If it’s sending 0.0kb of background data, then the client is not communicating clandestinely with the server.
RIotingPacifist@lemmy.world 14 hours ago
Sure but it by necessity sends some encrypted data to the server, Wireshark isn’t going to tell you if that’s just your message or your message and additional information.