[lvh]

That's all fine but not responsive to my point. GP post said "but what if whatsapp silently hamstrings e2e overnight" -- my point is: what if my XMPP client/server does?

EDIT: I previously said "turns off E2E", which I didn't say in my original referred-to post, and that's more misleading than "hamstrings", which is how the actual attack works.

[vader1]

The difference of course being that WhatsApp is closed source, and they can push any kind of change without anyone noticing.

If the client is open source, you can verify exactly what it does. Compile the app yourself or download it from F-Droid and you can be sure that the binary you get matches those sources.

Sure you can argue this all the way down to "Trusting Trust", but that doesn't really make sense when comparing two apps/ecosystems that operate in the same real world's constraints.

[lvh]

As I've mentioned elsewhere: you do not need the source code to verify what something does, that's not generally how you'd audit this. Audits may be source-assisted, but you'd still bang at it from the actual binary. If you're more comfortable reading source and compiling from scratch then fine, do that: but we should not pretend that Conversations on the Play Store is generally more trustworthy than anything else because the source code is publicly available.

The random update bit is real! But also real for Conversations or whatever, and more real for small developers less likely to have their opsec in check. For the vast vast majority of people in this fashion WhatsApp is identical to Conversations and Signal.

[vader1]

I didn't say that Conversations from the Play Store is significantly more trustworthy in this regard than WhatsApp from the Play Store. I said that an app - such as Conversations - that you can build from source or download from F-Droid is more trustworthy than the Play Store version.

WhatsApp is a proprietary app and as such it's only available on the Play Store. Conversations is open source so you can download it from the Play Store, or from F-Droid, or compile it from source. So if you care, you can be significantly more sure that your version of Conversations "does what it says" than you can be of WhatsApp.

[seba_dos1]

If your server does, your client will notice. If your client does, the other party's client will notice.

[lvh]

Neither server nor peer will notice if you perform the serious attack: exfiltrate the plaintexts or key material and keep the OMEMO/Signal dance around as kabuki theater :-)

[Boulth]

For paranoid users there is also an option of running their own servers and clients (both Prosody and Conversations are open source). XMPP at least provides that option and if you choose it you can still communicate with the rest of the ecosystem.

No such luck for Whatsapp and Signal. And although they may be fair now I think putting all eggs in one company's basket is a bad idea in general (see e.g.: Google).