the only e2e I can trust is the one I set it myself. - eviltoast

use GPG and PGP

  • XpeeN@sopuli.xyz
    link
    fedilink
    arrow-up
    29
    ·
    edit-2
    1 year ago

    Says they don’t trust 3rd party e2ee, refuse to elaborate further, leaves.

  • Deestan@beehaw.org
    link
    fedilink
    arrow-up
    19
    arrow-down
    1
    ·
    1 year ago

    It shouldn’t be allowed to call it E2E otherwise. If a third party is involved in the communication, it’s just a middleman attack that pinky promise to not read your messages.

    • ruination@discuss.tchncs.de
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      That depends for me. Is it open source? If so, check the source code, you can see for yourself whether that third party is doing anything shady? Anything closed source like WhatsApp, however, and I 100% agree with you.

      • alcasa@lemmy.sdf.org
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Open source is not sufficient, you also need to be sure that the version you install is the version you inspected. In Appstore or Playstore for mobile this is not straightforward. Hell, even linux packages sometimes contain tons of maintainer patches that are not upstreamed

      • maxmoon@lemmy.ml
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        The first time I saw the message “Your messages are now encrypted” on WhatsApp my reaction was “Yes, but it’s worthless if you keep a copy of the key”.

        If the end user isn’t able to create the key by themselves, it’s most likely useless.

        Imagine you rent a flat and the owner is Facebook, who keeps a copy of the key and let everyone in who pays some money.