[palata]

> It is technically impossible for a large platform to implement E2EE without having a way to target one person to bypass it.

You'd have to explain what you mean here. If you mean that it's impossible to have encryption that is resistant to someone putting a gun on your face and asking for the password, then... well duh.

[Bender]

If someone or something else is managing keys for you, even the javascript in your client, then it can be altered by the server just for you. It's really just that simple. If you are creating and managing key trusts outside of the application then they can not tamper with them or add their own keys.

[palata]

I still don't understand what you are saying. You claim that Signal is not E2EE. Please explain.

Signal is an open source mobile app that I can audit and compile myself. How is it "obviously not E2EE"?

[Bender]

Open source chat and open source AI just mean that the code you are looking at does not have an obvious back door. That has no bearing on run-time use and monkey-patching. As for Signal not being E2EE I already explained. I don't play the contrarian game so you will have to do your own research.

[palata]

> As for Signal not being E2EE I already explained.

Either you have not, or it was wrong. It's not clear because there were a bunch of mixed up things (JavaScript has nothing to do with Signal, so I assume you were talking about the Proton web pages, and I would agree there).

> I don't play the contrarian game so you will have to do your own research.

That's not how it works: you say Signal is not E2EE, you prove it. I am convinced that it is, so from my point of view, you don't understand how it works. The only way I can help you understand is if you explain what you believe is wrong there. Google won't tell me that.