Hacker News new | ask | show | jobs
by xtian 2266 days ago
So you’re saying there should be a three-level consumer standard where the third level excludes any possible consumer product? Please don’t pretend that Apple and Zoom’s approaches are equivalent here. There is a substantial difference that deserves to be acknowledged. Anyone whose threat model includes Apple subverting their own security architecture shouldn’t be using any communication platforms.
1 comments
upofadown 2266 days ago
There is nothing wrong with allowing a consumer to verify that they are talking to who they think they are talking to. Is Signal a consumer product?

Zoom specifically states that they do not have access to session keys. Apple doesn't even make such a statement.

link
xtian 2266 days ago
What prevents Signal from MITMing their app?
link
upofadown 2266 days ago
The way everyone else does it. The user can verify the key fingerprint. Signal calls it the safety number.
link
xtian 2265 days ago
Why couldn’t they just change the client code to exfiltrate the user’s data?
link