undefined | Better HN

0 points_heimdall1y ago0 comments

No not at all, its a universal risk since you have to trust the UI.

I should have been more clear there. Its interesting to me that I often see concerns over whether Facebook has encryption backdoors when the UI can do all the work.

0 comments

lxgr1y ago

That's arguably still a backdoor, no?

At least I'd call an instant messenger that which claims to provide end-to-end encryption between conversation participants and then surreptitiously inserts itself as another participant.

However, something very active like that would be much easier to detect and prove than a "true" cryptographic backdoor that could possibly be explained away as an oversight in design or auditing.

_heimdallOP1y ago

Yeah I think that would fall into the backdoor category. My point was mainly that concerns over E2E encryption usually stop at the level of encryption and transmission.

If one really doesn't trust that Facebook isn't honest about how messages are encrypted and who has access to decrypt them, they also shouldn't use an app made by the same company that by design must have access to the decrypted text.

j / k navigate · click thread line to collapse