Yep
Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
BoJackHorseman@lemmy.world 1 day agoCynical me would say they don’t have to use the code they put up in GitHub in production.
kinther@lemmy.world 1 day ago
Comment on Lawsuit Alleges That WhatsApp Has No End-to-End Encryption
BoJackHorseman@lemmy.world 1 day agoCynical me would say they don’t have to use the code they put up in GitHub in production.
Yep
phtheven@lemmy.world 1 day ago
By this logic, can we trust any open source software, even if they claim to use some third party encryption? They could say they’re using a super secure encryption, even show it implemented in their open source code base, then just put the other, secret evil backdoor code base in production? Is there a way for any open source project to prove that the code in their open source repo is the code in production?
BoJackHorseman@lemmy.world 1 day ago
If you can self host it, yes. Like matrix
squidie@feddit.org 1 day ago
But only if you self-host right? Otherwise who ever hosts the matrix instance can tinker with it.
BoJackHorseman@lemmy.world 1 day ago
Correct.
BlueKey@fedia.io 1 day ago
This is called reproducible builds. With this all builds of a version will be binary-identical. So you can build from the repo and the compare it with the appstore binary and see if the owner was honest.
phtheven@lemmy.world 20 hours ago
I found this:
github.com/signalapp/Signal-Desktop/…/README.md
Looks like they’re working on reproducibility, at least in the desktop app. That’s a little disappointing but i guess I’m happy they’re working on it.
phtheven@lemmy.world 20 hours ago
Neat! And can this been done with signal or proton?
BlueKey@fedia.io 9 hours ago
Signal: https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds/README.md
Proton: didn't find anything (but I just did a quick lookup)