"End-to-end encryption - just trust us with the public key mgmt". Sigh. So much for @line_global's "letter sealing". They can still MITM.
I signed into LINE from a different phone. It couldn't decrypt old history, but my contacts got no notice of my public key change. Fail.
-
-
-
Reminder: a messaging company saying they do "end-to-end encryption" is worthless unless they publish the protocol and verification process.
- Show replies
New conversation -
-
-
In my experience LINE is not adequate, my default is Wickr and then followed by WhatsApp and iMessage
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@RehabbedO Signal does the same. -
Signal does notify other parties of public key change.
- Show replies
New conversation -
-
-
Why is it off by default? Is it so annoying? Isn't it defeating the whole E2E thingy?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Isn't this how
@WhatsApp's use of OTR works today? It's still useful against passive (read: bulk) MITM. Ideal? No. But useful. -
TLS protects against passive network MITM. If you control their servers you can just do active MITM.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.