Remix.run Logo
figassis 4 days ago

The author is basically saying if you participate in any part of the encryption process, you're deceiving users in saying things are e2e encrypted.

Isn't this conflating encryption with trust? Of course whoever claims to encrypt your data needs to be trustworthy, and whether they actually are is another matter, but If my app allows you to generate a client side key, export it and use it to encrypt data client side and we only get the encrypted data, that is verifiably valid encryption.

I could be malicious and also send a copy of your actual plaintext to the server as well, but that is trivial to check (unless I'm being targeted and I am the only user that gets the malicious code, still, I can check). It's a risky proposition for an organization with vested interest in being seen as pro privacy.

But I get it, different conversation if the government coerces you, and the outcome depends on your bank account and ability to handle pressure.

p-e-w 4 days ago | parent [-]

> Isn't this conflating encryption with trust?

Absolutely, and the claim is somewhere between nonsense and pedantry bordering on nonsense.

The exact same thing is true for, say, Signal. The provider delivers the client, and they aggressively block non-official clients from participating. So the “ends” in end-to-end are ultimately controlled by Signal. But as long as you trust the Signal company not to insert a backdoor into your client, it’s still true that the company can’t read your texts.

sneak 3 days ago | parent | next [-]

Signal does not aggressively block non-official clients. I constantly use a modified version of Signal Desktop containing a small set of my own patches, and it always works fine. Also, while autoupdate is on by default for the Signal client (and it includes a time bomb expiration to attempt to "force" you to upgrade regularly (removing this is one of my patches)), you are free to turn it off and remove their ability to modify the code on your own system.

p-e-w 3 days ago | parent [-]

This doesn’t work on iOS, where you can’t selectively disable automatic updates for a single app.

sneak 3 days ago | parent [-]

I have all iOS automatic app updates disabled.

Groxx 3 days ago | parent | prev [-]

Molly has been running just fine as a project for quite a few years at this point. Signal doesn't block them. I think it's fair to say they are fairly strongly opposed to them (for somewhat defensible reasons), but no, they've been fairly nice in allowing other clients.