Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
just_another_person@lemmy.world 5 days agoThe clients (apps) enforce key symmetry for your own keys, server identity, and the exchanged with the other person part of a conversation. Constantly. There is no way to MITM that.
The clients are open source, and audited regularly, and yes, builds are binary reproduceable and fingerprinted on release.
That’s not to say someone can’t build a malicious copy that does dumb stuff and put it in your phone to replace the other copy, but the server would catch and reject it if it’s fingerprints don’t match the previously known good copy, or a public version.
Now you’re just coming up with weird things to justify the paranoia. None of this has anything to do with Signal itself, which is as secure as it gets.
pressanykeynow@lemmy.world 5 days ago
Didn’t I say that at the start of my questions? What’s your point?
If I understand you correctly, you mean that Signal app checks itself and sends the result to the server that can then deny access to it? Is that what Signal does and what makes it difficult to spoof this fingerprint?
I don’t think you answered any of my questions though since they weren’t about Signal.
I’m just asking questions about security I don’t know answers to, I’m not stating that’s how things are.
just_another_person@lemmy.world 5 days ago
I did answer your questions, but if I missed something, feel free to ask and I can clarify.