|
|
|
|
|
|
by Ajedi32
1487 days ago
|
|
|
Targeted attacks can be made impossible to conceal using binary transparency[1] (similar to how certificate transparency makes malicious certificates impossible to conceal on the web). Unless the product is open source though with reproducible builds even that level of transparency would only get you so far. It's pretty easy to conceal a backdoor in a black box binary, especially if nobody's looking for it. The gold standard right now is to allow third party clients. When the service provider doesn't control the client, E2E encryption can be very a powerful defense indeed. [1]: https://developers.google.com/android/binary_transparency |
|
|
Allowing users to build the client from source is good--no doubt about that. But encouraging use of third party clients undermines the trust model of verified developer certificates on Mac and Windows.
Ultimately, you need to trust whoever built and packaged the client. You need to know exactly who that is, and that their reputation depends on the security of the software you're about to run.