• Monologue@lemmy.zip
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    can you really verify they use e2ee? it’s not like you can look at the source code of their client or servers, all you can do is take their word for it and there have been companies lying about having e2ee before.

    plus metadata collection, sure they might not able to collect what you send but who and when you send your messages are probably collected.

    • MxM111@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      But these questions are true for any app. The only one which was verified is iMessage, because of that FBI case.

      • Monologue@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        not really, you can check the source code for signal’s client and server. same goes for matrix except you can even host your own matrix server. that is the difference of open source.

          • Monologue@lemmy.zip
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            no but i trust third party security audits and the freedom to do that. for my threat model this is fine.

            it is not a matter of if i did it or not, it is a matter of if i could do that.

            • MxM111@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              There is no way for you to check if they add something to or remove from the code before they compile it and put it into store from which you download to your phone. You have to trust company regardless.

              • Monologue@lemmy.zip
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                you are missing the point, with an open source project you can choose to trust but with a close source project you have to.

                it does not matter which i choose in the end as it only effects me.

                • MxM111@kbin.social
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  I do miss your point. In both cases I have to trust that company is not maliciously lying and doing something. If anything, the bigger the company the higher likelihood that if something malicious is going on it becomes known through whistleblowers.

                  • Monologue@lemmy.zip
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    1 year ago

                    you don’t have to trust a company as you are free to compile the app yourself, that is just what i choose to do.

                    that being said i don’t think this conversation is leading anywhere and wasting both of our time, therefore i won’t be replying anymore, happy fediversing.