[stormbrew]

Signal is not a "hosted website," which is more the context we're talking about here. But even on those services, yes, there are ways that the owners of the service could tap or impersonate you through exploiting their own key exchange service. You are trusting that they won't do that.

This might be less true for matrix, since you could in theory be using an open source client where you have somehow guaranteed it will alert you to an attempt to add an unwanted device key to your e2e chat, but on signal you're running a binary you didn't compile against a service you can't see.

I don't think you shouldn't trust them. But you are doing so to some extent.

[danielheath]

In the case of signal, they would have to forge the SGX enclave signature (by an intel held key) or release a client that didn’t validate that sig. Definitely possible but if I had an SGX bypass I’d want to use it on something known to be high value, and releasing a non-verifying client would at least be noticeable on android and desktop.

[viraptor]

You don't need to release a non-verifying client. Just one that generates a key which is known to the other side. What about existing clients? "Your identity in the database became corrupted and can't be recovered. Would you like to generate a new key and continue using the service?" or just release a version which is both verifying and lying to you about which key has been verified... or a low effort "hey, new phone, key changed".

[danielheath]

Sure. My point was more that - at least on android - you can compare decompiled binaries with the open source implementation, presumably making it reasonably likely that it’d be noticed and reported on.

[wizzwizz4]

Unless they decline to publish their source code for over a year, again. https://github.com/signalapp/Signal-Android/issues/11101

[stormbrew]

I think the latter (manipulating the client) is far more likely than the former, and I think it would also be pretty difficult to detect in practice. But the point is less "I think they will do this" than "there is still an element of trust here, even if it is a much harder hoop to jump through." I don't think any situation where signal does anything like this is likely.