|
|
|
|
|
|
by palata
1327 days ago
|
|
|
You mix up concepts. The client app is responsible for e2ee, you don't have to care about the server. So you can actually audit the client code and make sure it is e2ee, which you cannot do with WhatsApp. In other words, for e2ee you must trust WhatsApp, not Signal. I presume that for the outdated code, you think about the server code. That's different and would imply metadata, not message content. Signal is e2ee, and you don't have to trust them for that. |
|
|
Only if both sides are using clients that are self-compiled, independently-compiled (and audited), deterministic/reproducible or third-party.
The problem is that the network and the app are the same people, and worse than that; they send binaries and expect you to trust them.
I know lip service is paid to reproducibility but afaik the instructions for doing that are 404ing.
I just get a greasy feeling from the lock-in, the heavy marketing, the fact that everyone refuses to speak critically of them unless it’s about anonymous usernames.
A truly good secure client would have worked on any network, it wouldn’t rely on transporting your data over their servers, it would be a protocol that was open to third parties to implement, it would also be reproducible or independently compiled by trusted third parties (like OS maintainers, who already audit a lot of the code that gets built and signed).