Comment by EGreg
1 year ago
The reproducible build of Telegram lets you evaluate the code doing end-to-end encryption. Once you satisfy yourself it's doing this kind of encryption without implementation-level backdoors, then you don't need to worry about servers reading it (except for #5 above).
I didn't claim it encrypted "group chats". I said "things". If you want me to be specific, the "things" are individual 1-1 end-to-end encrypted chats.
Reproducible builds are not required to evaluate the encryption algorithm used in Telegram.
Software auditors use deployed binaries as a matter of course.
They’d do so even if reproducible builds are on offer because the code and the binary aren’t promised to be the same even with reproducible builds and validating that they are can be more problematic than the normal case of auditing binaries.
Can you show me any audits of Telegram binaries or similar software?
https://www.sciencedirect.com/science/article/abs/pii/S26662...