Comment by dancemethis
6 years ago
Signal really tries hard to not be trustworthy.
The way they defend WhatsApp is heart-breaking. It's cute to see them saying there is no backdoor when it can't be proven to be the case, since it's all proprietary. They can't show the server side wasn't tampered with. Same with Skype.
The constant repetition of this ignorant claim is starting to be annoying. Think there is a client backdoor? Go find it. It is not like the binary is not available to you. It is not like there are not emulators in which you can step through the code. Please, show us the backdoor.
Server side tampering? Show us how it can be done. Create a server that can tamper with a patched client. Demonstrate your chops.
I see you're formerly from FB.
It's not up to us to reverse engineer a binary every update to guess if it's secure...
It's up to Facebook, which has time and again proven that it is absolutely not trustworthy, to open its code and make builds auditable, inspectable, and reproducible.
This is what ANY secure software does. That's the cost of entry. Imagine if OpenSSH were closed and its devs issued the same response you just did. "Just reverse engineer the binary and prove that it's not secure!"
Rediculous.
Actually it _is_ up to you; put up or shut up is a fairly well-known principle. Find the backdoor and make yourself famous, or continue to whine and listen to everyone laugh.
I left FB because it was getting too creepy and I would not trust 99% of FB dev with a single shred of my personal info, but the code is right there for you and people who actually have skills to disassemble and examine. They are under no obligation to do your work for you and the people who can actually do the work make good money so maybe you will learn a useful skill or two.
2 replies →
That is not how security works.