Hacker News new | past | comments | ask | show | jobs | submit login

The server side is still proprietary. They could have just given "dummied" source code to "independent researchers".

Chances are ALWAYS against regular people.




> The server side is still proprietary

Open sourcing it would make no difference. Signal's server is open source, yet the sources are always released late. For a whole year, Signal was running a totally different server code than the one they had made public, they even injected some crypto stuff and not a single person knew what the server was running.

This is the nature of servers. Backend is always unverifiable, even if it's got the latest code available to the public. The only thing open source backend is useful for is self-hosting, not verification.


If it's encryoted E2E, then you don't need to inspect the server side to verify that. And the client is FOSS, anyone can inspect it. (It is my understanding that group chats are not encrypted; I have not cared to verify that one way or the other, but I could.)


How would that make any difference if the traffic is end to end encrypted, though?

Maybe they do something with the metadata, but so can every other messaging service.

This paranoia that everything is linked to Russia is just nuts.


Right. If you speak Russian and actually look at what is happening in Telegram, you'd know better. If I was a dissident there and my adversary would be SVR/GRU, I surely wouldn't call it paranoia.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: