| > The whole point of end-to-end encryption is that you don't have to trust the people running the service you use. Well then I guess it's pointless because it doesn't accomplish that. (The actual point, FYI, is that you don't have to trust all of: them, their hosting providers, your ISP, the ISPs between, the government, and their mom.) > it is very much possible for you to know about it "Possible" != "done" > analyzing network traffic How are you gonna do that? Surely if they wanted to sniff it would still just look like any other encrypted data > gives the community a good chance at catching malicious updates Sure, when the same application is used by everyone, which is not true in either the Mastodon world or the new Bluesky-small-instances world |