can you really verify they use e2ee? it’s not like you can look at the source code of their client or servers, all you can do is take their word for it and there have been companies lying about having e2ee before.
plus metadata collection, sure they might not able to collect what you send but who and when you send your messages are probably collected.
not really, you can check the source code for signal’s client and server. same goes for matrix except you can even host your own matrix server. that is the difference of open source.
There is no way for you to check if they add something to or remove from the code before they compile it and put it into store from which you download to your phone. You have to trust company regardless.
I do miss your point. In both cases I have to trust that company is not maliciously lying and doing something. If anything, the bigger the company the higher likelihood that if something malicious is going on it becomes known through whistleblowers.
you don’t have to trust a company as you are free to compile the app yourself, that is just what i choose to do.
that being said i don’t think this conversation is leading anywhere and wasting both of our time, therefore i won’t be replying anymore, happy fediversing.
can you really verify they use e2ee? it’s not like you can look at the source code of their client or servers, all you can do is take their word for it and there have been companies lying about having e2ee before.
plus metadata collection, sure they might not able to collect what you send but who and when you send your messages are probably collected.
But these questions are true for any app. The only one which was verified is iMessage, because of that FBI case.
not really, you can check the source code for signal’s client and server. same goes for matrix except you can even host your own matrix server. that is the difference of open source.
Are you compiling and installing compiled version yourself onto your phone?
no but i trust third party security audits and the freedom to do that. for my threat model this is fine.
it is not a matter of if i did it or not, it is a matter of if i could do that.
There is no way for you to check if they add something to or remove from the code before they compile it and put it into store from which you download to your phone. You have to trust company regardless.
you are missing the point, with an open source project you can choose to trust but with a close source project you have to.
it does not matter which i choose in the end as it only effects me.
I do miss your point. In both cases I have to trust that company is not maliciously lying and doing something. If anything, the bigger the company the higher likelihood that if something malicious is going on it becomes known through whistleblowers.
you don’t have to trust a company as you are free to compile the app yourself, that is just what i choose to do.
that being said i don’t think this conversation is leading anywhere and wasting both of our time, therefore i won’t be replying anymore, happy fediversing.