Conversation
This Tweet is from a suspended account. Learn more
This Tweet is from a suspended account. Learn more
Even if something is open source, if it's running on a server you don't control there's no guarantee that the service you're talking to is running that same code as what you've read.
5
16
The whole point of the app is end-to-end encryption instead of trusting the server with the data.
1
12
That's the idea, but the problem is verification--there's a black box involved in the process. How do you know the mechanism inside the box produces end-to-end encryption and not merely apparently end-to-end encryption?
1
2
There is no black box involved in the process. The Signal app is open source. The whole point of the app is providing end-to-end encryption from client to client. You seem to be confusing end-to-end encryption with transport encryption. It doesn't mean what you seem to think.
2
10
This Tweet is from a suspended account. Learn more
They have posts on how they do contact discovery.
Messages, profiles and other data are encrypted end-to-end. That's what it means for it to be an end-to-end encrypted messenger.
The metadata needed to figure out where to send a message, etc. uses transport encryption, not E2E.
It works the same way for Matrix, Wire and other end-to-end encrypted messengers. Signal gives you private communications. It doesn't give you anonymity without taking further steps to accomplish that. You also don't need to give it access to your contacts to use the app.