Discord is rolling out end-to-end encryption,
Do you trust it?
Before you rush to say no,
It's designed and audited by the same auditors that SimpleX uses (Trail of Bits)
So do you trust Trail of Bits to say SimpleX is secure, but not design Discord's encryption?
You know I actually wrote Trail of Bits to ask on pricing to audit my own app (which isn't a messenger btw). They use Gmail, so I used PGP.
The guy at Trail of Bits apologized that he didn't have his PGP key anymore, since he never gets encrypted emails. Aren't you guys supposed to be receiving code to audit or emergency 0-day flaws? That's going naked over Gmail? So he directed me to a web browser app that had third party Google JavaScript and claimed it was end-to-end encrypted. This might be true, but he has no idea what that JavaScript was doing.
So without even looking at the details of Discord's new thing, I can tell you they don't give a rat's ass about privacy. All this is doing is trying to remove legal liability in a post Telegram-legal world. But we can remove legal liability for them, by not using Discord.
Source: https://discord.com/blog/meet-dave-e2ee-for-audio-video
Yeah, Discord is backdoored proprietary poopware, so I can't trust that at all.
"Discord spokesperson Kellyn Slone told TechCrunch that the company has “no further plans at this time” to roll out encryption in other areas, such as direct messages or group chats."
It's garbage.
What do you think of SimpleX?
SimpleX is good, they could improve by moving off government domains and allowing proving of who you are, through like PGP to prevent phising and doing business