We are excited to announce a significant advancement in the security of the Signal Protocol: the introduction of the Sparse Post Quantum Ratchet (SPQR). This new ratchet enhances the Signal Protocol’s resilience against future quantum computing threats while maintaining our existing security guar...
Of course I don’t have any concrete proof. If there was concrete proof we shouldn’t be having this conversion. My main issue is that it’s centralized and that’s a huge black box. People obsess with this “but it’s protocol open source” like headless chickens when that’s not the issue. Open source is like the step one when it comes to private and secure messaging. It just comes down to if you trust the devs and those doing the hosting. When it’s central all of that thrust rests on that one group and their hosting service not fucking you over even if they can or can not read the encrypted messages themselves. I’m not concerned signal keeping people’s dickpicks private here in that that even whatsapp is as good as any.
I see I made the mistake of coming to an obvious fangirl meeting to have an serious discussion about security merits.
Those two don’t go together, bud.
Ok so let’s talk about “ex-Meta” Brian Acton walking away from nearly a billion dollars due to his moral stance on private communication. Or Meredith Whittaker’s determination to pioneer a tech business model other than surveillance capitalism.
You’re absolutely right that it comes down to trusting the devs, which is why WhatsApp is a nonstarter even though it uses Signal’s E2EE. Europe’s chat control proposal doesn’t need to break E2EE, it just needs to demand that the messaging client app scans all content locally before encrypting and has a way to tattle. Meta could also be scanning everything you type into WhatsApp and feeding it into a local AI advertising interests summarizer or whatever else, and still claim E2EE. The open source client is far more important than an open source server when there’s proper E2EE.