|
|
|
|
|
|
by LinuxBender
2055 days ago
|
|
|
If the software is controlled, updated by someone other than you, then for sure they can back-door it. Proper E2E requires that you do something out-of-band from the software that it can't decode regardless of what the developers add. That is of course high friction and only a small number of people do this. For low friction E2E, there has to be some level of trust that a company won't back-door the software. Some people believe in solving this trust issue with legal agreements, but I dont ascribe to that. Governments can still force changes, provide immunity and use gag orders. There are also canaries, but I don't buy into that either, nor do corporate lawyers I have talked to, as well as other lawyers. [1] [1] - https://web.archive.org/web/20141027143819/https://github.co... |
|
|