← Back to context

Comment by evgen

6 years ago

The constant repetition of this ignorant claim is starting to be annoying. Think there is a client backdoor? Go find it. It is not like the binary is not available to you. It is not like there are not emulators in which you can step through the code. Please, show us the backdoor.

Server side tampering? Show us how it can be done. Create a server that can tamper with a patched client. Demonstrate your chops.

5 comments

evgen

Reply
hellcow  6 years ago

I see you're formerly from FB.

It's not up to us to reverse engineer a binary every update to guess if it's secure...

It's up to Facebook, which has time and again proven that it is absolutely not trustworthy, to open its code and make builds auditable, inspectable, and reproducible.

This is what ANY secure software does. That's the cost of entry. Imagine if OpenSSH were closed and its devs issued the same response you just did. "Just reverse engineer the binary and prove that it's not secure!"

Rediculous.

  • evgen  6 years ago

    Actually it _is_ up to you; put up or shut up is a fairly well-known principle. Find the backdoor and make yourself famous, or continue to whine and listen to everyone laugh.

    I left FB because it was getting too creepy and I would not trust 99% of FB dev with a single shred of my personal info, but the code is right there for you and people who actually have skills to disassemble and examine. They are under no obligation to do your work for you and the people who can actually do the work make good money so maybe you will learn a useful skill or two.

    • Dddd50000  6 years ago

      Random people are not in obiligation for Facebook to constantly reverse-engineer their binary code just because they do not want to publish their sources. This is not a criminal trial, but engineering. A mere doubt might be well enough to look for other solutions.

      All that money and effort is probably better spent in e. g. developing alternative communication systems.

    • olah_1  6 years ago

      There’s no obligation for Whatsapp to prove that there is no backdoor? Yeah I guess when a product is too big to fail, they’re not obligated to do anything. True.