128
the only e2e I can trust is the one I set it myself.
(beehaw.org)
use GPG and PGP
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 19 Aug 2023
128 points (96.4% liked)
Memes
45193 readers
1996 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
That depends for me. Is it open source? If so, check the source code, you can see for yourself whether that third party is doing anything shady? Anything closed source like WhatsApp, however, and I 100% agree with you.
Open source is not sufficient, you also need to be sure that the version you install is the version you inspected. In Appstore or Playstore for mobile this is not straightforward. Hell, even linux packages sometimes contain tons of maintainer patches that are not upstreamed
True, that's part of the reason I switched to Gentoo
The first time I saw the message "Your messages are now encrypted" on WhatsApp my reaction was "Yes, but it's worthless if you keep a copy of the key".
If the end user isn't able to create the key by themselves, it's most likely useless.
Imagine you rent a flat and the owner is Facebook, who keeps a copy of the key and let everyone in who pays some money.