Comment by nicce
2 years ago
> Without that it's just a slightly more private WhatsApp.
They are not even comparable. WhatsApp does not encrypt metadata at all, which is the most interesting information you can leak.
2 years ago
> Without that it's just a slightly more private WhatsApp.
They are not even comparable. WhatsApp does not encrypt metadata at all, which is the most interesting information you can leak.
Also WhatsApp is closed-source, so you can only take their word for whether the E2E is really E2E -- and it's owned by Facebook.
There’s really nothing stopping someone from publishing an instrumented / modded binary to a mobile App Store unless there’s a user-verifiable build chain, even if it is open-source. Even if the backend IS e2ee, the UI can be extended to keylog / etc. The App Store provider can be in on it too.
DNS can be filtered to provide some degree of control and traffic inspection, but there’s always DNS over HTTPS, tunneling, and so on and so forth.
I’d be surprised if Signal was doing it, since getting caught at it would totally destroy their reputation, but I’d honestly be surprised if WhatsApp didn’t have at least a backdoor for it.
For Signal, open source since 2016
https://signal.org/blog/reproducible-android/
Unless you espcially meant by ”App Store”, by Apples App store, it is Apple to blame in that case because it is not possible due to the encryption of app binaries.
2 replies →
Why wouldn’t you trust Zuck’s word? He seems like an honourable
Neither does Signal, or any mainstream secure messenger. For that you’d have to look at MIT’s Vuvuzela/Alpenhorn.
Based on what?
Look at the source code.