Hacker News new | ask | show | jobs
by swiley 1850 days ago
This is something people are just not talking about for some reason.

WhatsApp/signal style apps cannot be secure to this sort of attack. You would think now that a public mass attack has been successfully carried out (encrochat) people would get it. I don't know if it's submarine marketing or what but people think the current situation is just fine.
1 comments
kryogen1c 1850 days ago
> WhatsApp/signal style apps cannot be secure to this sort of attack.

isnt this not true?

e2e keys are not known to signal server like they are on whatsapp. also there are no serverside signal backups.

link
joshuaissac 1850 days ago
> e2e keys are not known to signal server like they are on whatsapp. also there are no serverside signal backups.

E2E keys are not known to WhatsApp's servers, and there are no server-side WhatsApp backups, either.

link
swiley 1850 days ago
Your contacts weren't known to the WhatsApp server, now they are. There's no reason the next automatic update for signal can't contain code to send your keys to the server, and it wouldn't be the first centralized E2EE app to do that.
link