hodor137 t1_j9xdcqg wrote

Or they could simply have the app upload your keys to their server.

But as others have pointed out, they open source their code so they can't do this without everyone finding out.

My point was really that the comment I was replying to was dumb - just because you have "encryption" doesn't mean no one will ever read your messages. The keys that can decrypt those encrypted messages must also be kept safe.


hodor137 t1_j9x0ilo wrote

Not true at all. Encryption that's not intended and actually implemented to be fully sender-to-receiver can easily be subverted and readable by 3rd parties. In the messaging/signal/Whatsapp context people refer to it as "end to end encryption" but that term doesn't really say anything.

I'm not sure how exactly Signal and these other messaging apps implement their encryption, but they could easily claim end to end encryption while offering governments a "back door" to decrypt and read everyone's messages. Signal is saying they won't do that.

I've never bothered to use Signal but you either have to trust their word, or they have to do a really good job proving to you that only the end users have control of their own private encryption keys. From everything I've heard, including this, they're great and trustworthy - but you still have to trust them.