[espes]

You can choose to enable e2e on Messenger

[SlowRobotAhead]

Because the key, nonce, result, and keyshare or Diffie-Hellman exchange are all done inside of messenger... why would anyone believe this is legit?

It might be, IDK, but if it’s all inside their system, how could you audit that?

[heynk]

Couldn't you sort of test this by enabling E2E, sending a link that was previously blocked, and seeing if it is still blocked? That would at least show some sign if it's all a sham or not.

[jacquesm]

That would guarantee absolutely nothing.

[0xffff2]

If the link was still blocked it would guarantee that Facebook is still eavesdropping.

[SlowRobotAhead]

Other guy was right. Think about this easy scenario

  If (E2E_ENABLED) {

  SkipCrawler();  

  SkipContentChecks();  

}

[BubRoss]

Again, it isn't to prove the encryption works, it is only a test that could prove that it doesn't work.

[heynk]

Yes, totally understood. I am just thinking in line with a different response that this could be an easy way to prove if they’re still snooping - not a guarantee that they aren’t.

[cmroanirgo]

Agreed. There is nothing stopping the sender's app from parsing and reporting URLs in any and all content before e2e occurs... Even to FB servers

[wskinner]

This argument applies to any messenger app that claims e2e encryption. You could build signal from source. But how much do you trust your compiler?

[gbear605]

I trust my compiler more than Facebook

[braythwayt]

For any value of “compiler.”

[Avamander]

Can you actually use Signal built from source with official servers? Anyways, we have open-source chat platforms that have been audited by independent third parties, on one side, and closed-source mergacorporations' unaudited chat software on the other. Point being, why would you argue for using the bigger "evil"?