Replying to Avatar ₿ruce Høpper

Signal's code is open-source but do we have a way to verify that the server's code used in production is exactly the same as the open-sourced one? Without any added backdoors or changes.

Also a centralized social service is an issue by design. Because at some point the government(s) might censor the service or impose changes.

I will stick to decentralized alternatives like simpleX or nostr.
Avatar
Se7enZ 1y ago

Regardless of any centralized server, the open sourced client code ensures encryption prior to being sent to the server.

E2E encryption === end to end encryption

The server code shouldn't matter, because it can't read the message to begin with.

Reply to this note

Please Login to reply.

Discussion

Avatar
₿ruce Høpper 1y ago

It depends how it is signed and how the secret key is generated. WhatsApp also have e2e encryption.

Avatar
Se7enZ 1y ago

Are you suggesting those details are not verifiable from the client source code?