Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
frigid
on Jan 5, 2021
|
parent
|
context
|
favorite
| on:
Telegram publishes users' locations online
Out of curiosity, how can end-to-end encryption be verified when both the clients and the servers are closed-source?
Hnrobert42
on Jan 5, 2021
[–]
How can you know it’s not E2EE? The absence of evidence is not the evidence of absence, or something like that.
I agree that closed source is harder to verify, but that’s not the same as insecure.
anoncake
on Jan 6, 2021
|
parent
[–]
If you can't verify your messages are E2EE, you have to trust the vendor. But if you trust the vendor, you don't need E2EE to begin with.
Hnrobert42
on Jan 6, 2021
|
root
|
parent
[–]
There are other threat actors than the vendor looking to compromise the confidentiality of your message.
anoncake
on Jan 6, 2021
|
root
|
parent
[–]
Those actors don't have the vendor's encryption keys.
Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
