Conversation
This Tweet is from a suspended account. Learn more
This Tweet is from a suspended account. Learn more
Even if something is open source, if it's running on a server you don't control there's no guarantee that the service you're talking to is running that same code as what you've read.
5
16
The whole point of the app is end-to-end encryption instead of trusting the server with the data.
1
12
That's the idea, but the problem is verification--there's a black box involved in the process. How do you know the mechanism inside the box produces end-to-end encryption and not merely apparently end-to-end encryption?
1
2
There is no black box involved in the process. The Signal app is open source. The whole point of the app is providing end-to-end encryption from client to client. You seem to be confusing end-to-end encryption with transport encryption. It doesn't mean what you seem to think.
This Tweet is from a suspended account. Learn more
They have posts on how they do contact discovery.
Messages, profiles and other data are encrypted end-to-end. That's what it means for it to be an end-to-end encrypted messenger.
The metadata needed to figure out where to send a message, etc. uses transport encryption, not E2E.
1
Show replies
It uses authenticated encryption with forward secrecy between instances of the app. It doesn't trust the server. Encrypting connections to the server is not end-to-end encryption. End-to-end means encrypting from one end (Signal app) to the other (Signal app), not to the server.
2
12
Show replies