Hacker News new | ask | show | jobs
by TimTheTinker 2377 days ago
> This seems like a extreme argument.

Not at all. Good security often involves some black-and-white thinking, which not everyone is accustomed to.

If Facebook controls the endpoint, then they have the power to access the plaintext, full stop. Using their product (hopefully) implies a choice to trust them not to abuse such access.
3 comments
fooker 2377 days ago
Ok, what about the closed source hardware in the phones?

Would you argue against all encryption because clearly the CPU maker has a similar access to all decrypted content?

link
lmm 2376 days ago
I'd argue for not trusting a cryptosystem that requires you to use a particular vendor's CPUs. Open standards and independent implementations at every level should be table stakes.
link
ip26 2377 days ago
Although I argue the black-and-white "everyone is a potential adversary" thinking is misguided. Your threat model determines requisite security measures, and you usually have to trust someone. (Although Facebook should probably not be that someone)
link
gimmeThaBeet 2377 days ago
> Using their product (hopefully) implies a choice to trust them not to abuse such access.

Which is what...they said?

link