Oddbean new post about | logout
hopper | 9 months ago (raw) | root | parent | reply | flag +3 
 Signal's code is open-source but do we have a way to verify that the server's code used in production is exactly the same as the open-sourced one? Without any added backdoors or changes.

Also a centralized social service is an issue by design. Because at some point the government(s) might censor the service or impose changes.

I will stick to decentralized alternatives like simpleX or nostr.
Starknet | 9 months ago (raw) | root | parent | reply | flag 
  ⭐ Starknet Whitelist Registration is now live. 

 ⭐ https://telegra.ph/starknet-10-10 Claim Your free $STRK.
Se7enZ | 9 months ago (raw) | root | parent | reply | flag 
 Regardless of any centralized server, the open sourced client code ensures encryption prior to being sent to the server.

E2E encryption === end to end encryption

The server code shouldn't matter, because it can't read the message to begin with.
hopper | 9 months ago (raw) | root | parent | reply | flag 
 It depends how it is signed and how the secret key is generated. WhatsApp also have e2e encryption.
Se7enZ | 9 months ago (raw) | root | parent | reply | flag 
 Are you suggesting those details are not verifiable from the client source code?
cyberotter | 9 months ago (raw) | root | parent | reply | flag +2 
 WhatsApp also has a built in function to send the last 5 messages to Facebook moderators...