why
Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
lavander@lemmy.dbzer0.com 1 day ago
Call me old fashioned but I really think that for real E2EE the vendor of the encryption and the vendor of the infrastructure should be two different entities.
For example PGP/GPG on <any mail provider>… great! Proton? Not great
Jabber/XMMP with e2ee encryption great! WhatsApp/Telegram/signal… less so (sure I take signal over the other two every day… but it’s enough to compromise a single entity for accessing the data)
TractorDuffy@lemmy.world 1 day ago
escapeVelocity@lemmy.ca 1 day ago
Not much people use clients anymore.
lavander@lemmy.dbzer0.com 1 day ago
Yeah and I think it’s a pity. It’s the byproduct of “app culture” everything has to be easy. One button, plug and play…
Unfortunately like many things in life “saving” (time and effort n this case) has a cost
phtheven@lemmy.world 1 day ago
Okay Oldschool, but doesn’t open source encryption audited by a third party solve this problem? Signal protocol for example? Also proton, I’m guessing, but I’m too lazy to check
BoJackHorseman@lemmy.world 1 day ago
Cynical me would say they don’t have to use the code they put up in GitHub in production.
phtheven@lemmy.world 1 day ago
By this logic, can we trust any open source software, even if they claim to use some third party encryption? They could say they’re using a super secure encryption, even show it implemented in their open source code base, then just put the other, secret evil backdoor code base in production? Is there a way for any open source project to prove that the code in their open source repo is the code in production?
BoJackHorseman@lemmy.world 1 day ago
If you can self host it, yes. Like matrix
BlueKey@fedia.io 1 day ago
This is called reproducible builds. With this all builds of a version will be binary-identical. So you can build from the repo and the compare it with the appstore binary and see if the owner was honest.
kinther@lemmy.world 1 day ago
Yep
lavander@lemmy.dbzer0.com 1 day ago
Unfortunately even the best intentioned and best audited project can be compromised. So that is not a guarantee (sure, much better than closed source but that is a given)
You may be forced by a rubber hose attack (or legal one) to insert vulnerabilities in your code… and you have the traffic… a single point to attack… signal/proton/etc
Is it possible with two different vendors? Sure it is but it is way more complicated
Quexotic@infosec.pub 1 day ago
That’s a really good point. All we’d need is for signal devs to be compromised in some way and the next update ends security for signal.