FriendlyDespot t1_j9xcpel wrote on February 25, 2023 at 6:08 AM

Reply to comment by hodor137 in Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption by ActivePersona

> I'm not sure how exactly Signal and these other messaging apps implement their encryption, but they could easily claim end to end encryption while offering governments a "back door" to decrypt and read everyone's messages.

You should have stopped at "I'm not sure how exactly Signal and these other messaging apps implement their encryption," because you go on to say something that's completely wrong. Signal can't decrypt anyone's messages. The devices that are talking to each other across Signal's infrastructure use local public and private keys that Signal as a company doesn't possess.

The most that Signal could do is make the Signal software take the cleartext messages after decryption and send them somewhere, but the Signal applications are open and auditable, and something like that would be discovered, and would mean the death of the company.

hodor137 t1_j9xdcqg wrote on February 25, 2023 at 6:16 AM

Or they could simply have the app upload your keys to their server.

But as others have pointed out, they open source their code so they can't do this without everyone finding out.

My point was really that the comment I was replying to was dumb - just because you have "encryption" doesn't mean no one will ever read your messages. The keys that can decrypt those encrypted messages must also be kept safe.

FriendlyDespot t1_j9xdldu wrote on February 25, 2023 at 6:18 AM

> Or they could simply have the app upload your keys to their server.

That wouldn't make much sense, because the keys are ephemeral, so you'd have to upload about as many keys as there'd be messages.