[nobadco]

Hey, it is painfully obvious that you have a high school level understanding of the crypto at play here. That's really OK, crypto is hard.

You'll want to look into how real cryptographically secure open source comms apps do end to end encryption. Properly implemented, the server can be fully hostile and never recover messages.

Then you'll need to go remove every claim of e2e or cryptographic security from darkchat. Thank you for your time.

[alanfriedman]

My point was that if the server providing client code is compromised, it can serve malicious code to said client. This isn’t a cryptographic claim, just a point about how all web-based applications work.

Also while I appreciate the feedback, this comment struck me as more hostile than helpful, so I’d suggest having a look at HN comment guidelines for future reference.