Oddbean new post about | logout
 Discord is rolling out end-to-end encryption,

Do you trust it?

Before you rush to say no,
It's designed and audited by the same auditors that SimpleX uses (Trail of Bits)

So do you trust Trail of Bits to say SimpleX is secure, but not design Discord's encryption?

You know I actually wrote Trail of Bits to ask on pricing to audit my own app (which isn't a messenger btw).  They use Gmail, so I used PGP.

The guy at Trail of Bits apologized that he didn't have his PGP key anymore, since he never gets encrypted emails.  Aren't you guys supposed to be receiving code to audit or emergency 0-day flaws?  That's going naked over Gmail?  So he directed me to a web browser app that had third party Google JavaScript and claimed it was end-to-end encrypted.  This might be true, but he has no idea what that JavaScript was doing.

So without even looking at the details of Discord's new thing, I can tell you they don't give a rat's ass about privacy.  All this is doing is trying to remove legal liability in a post Telegram-legal world.  But we can remove legal liability for them, by not using Discord.

Source: https://discord.com/blog/meet-dave-e2ee-for-audio-video