|
|
|
|
|
|
by arp242
833 days ago
|
|
|
You can do E2E encryption without all of these requirements. It's basically just TOFU some key when someone messages you. You can do 3rd-party implementation for other E2E messengers: Telegram, Signal (even though they don't like it), and of course XMPP (with extension). I need to read a bit more carefully through the (limited) technical documentation they have; but all of this seems highly excessive. I'm not a distrustful or cynical person by nature, but I find it hard to avoid the impression that they intentionally made it as hard as possible. I don't know what "the green bubble experience" means(?) |
|
|
Many people don't actually ever verify their contacts' keys, but rather just rely on the platform provider to have done phone number verification correctly. In that sense, the security model is bit better than TOFU in practice.
> I'm not a distrustful or cynical person by nature, but I find it hard to avoid the impression that they intentionally made it as hard as possible.
There I fully agree. If anyone could find a way, it's the company running the largest messaging infrastructure in the world.