☆ Yσɠƚԋσʂ ☆@lemmy.ml to Privacy@lemmy.mlEnglish · 9 months agoTelegram Hands U.S. Authorities Data on Thousands of Userswww.404media.coexternal-linkmessage-square122linkfedilinkarrow-up1109arrow-down11cross-posted to: world@lemmy.worldtechnology@beehaw.org
arrow-up1108arrow-down1external-linkTelegram Hands U.S. Authorities Data on Thousands of Userswww.404media.co☆ Yσɠƚԋσʂ ☆@lemmy.ml to Privacy@lemmy.mlEnglish · 9 months agomessage-square122linkfedilinkcross-posted to: world@lemmy.worldtechnology@beehaw.org
minus-squareKairos@lemmy.todaylinkfedilinkarrow-up2arrow-down5·9 months agoOkay. You tell me what the double ratchet is, since you’re so smart.
minus-squaredavel [he/him]@lemmy.mllinkfedilinkEnglisharrow-up7arrow-down2·9 months agoThe double ratchet algo is irrelevant if the app is doing something else altogether.
minus-squareKairos@lemmy.todaylinkfedilinkarrow-up2arrow-down5·9 months agoCompiling the app is irrelevant if I don’t read the source.
minus-square☆ Yσɠƚԋσʂ ☆@lemmy.mlOPlinkfedilinkarrow-up5arrow-down3·9 months agoThat’s nonsense, because many different people read the source and audit open source software. While it’s certainly possible to sneak malicious code in, the trust doesn’t depend on each single individual auditing it. It’s a collective effort.
minus-squarePup Biru@aussie.zonelinkfedilinkEnglisharrow-up1·9 months agookay, but reproducible builds solve the rest of that problem https://signal.org/blog/reproducible-android/
minus-square☆ Yσɠƚԋσʂ ☆@lemmy.mlOPlinkfedilinkarrow-up2·9 months agoYeah, now that they finally have reproducible builds, at least you can trust that the client is doing what it says it’s doing.
Okay. You tell me what the double ratchet is, since you’re so smart.
The double ratchet algo is irrelevant if the app is doing something else altogether.
Compiling the app is irrelevant if I don’t read the source.
That’s nonsense, because many different people read the source and audit open source software. While it’s certainly possible to sneak malicious code in, the trust doesn’t depend on each single individual auditing it. It’s a collective effort.
okay, but reproducible builds solve the rest of that problem
https://signal.org/blog/reproducible-android/
Yeah, now that they finally have reproducible builds, at least you can trust that the client is doing what it says it’s doing.