zlacker

[return to "Signal app downloads spike as US protesters seek message encryption"]
1. aeroph+Z4[view] [source] 2020-06-05 02:52:17
>>pera+(OP)
Honest question for those in the know: If I wanted to run my own personal “analysis” to verify the security of Signal, where would I start? Is it even possible? Just curious if there was a way to “know” rather than “trust”.
◧◩
2. raspyb+d5[view] [source] 2020-06-05 02:53:44
>>aeroph+Z4
Learn cryptography to a high level then read the source code?
◧◩◪
3. drdrey+J5[view] [source] 2020-06-05 02:58:51
>>raspyb+d5
How do you know that the binary you run actually corresponds to the source code you read?

EDIT: and would you then also review every commit to make sure nothing bad gets introduced? No, at some point you have to place trust in the vendor, the developers, independent audits, etc.

◧◩◪◨
4. shawnz+C6[view] [source] 2020-06-05 03:05:55
>>drdrey+J5
How do you know the compiler actually compiles the source code to the binary you expect without injecting backdoors? How do you know that the hardware actually follows the instructions in the binary as they are specified?

How do you know you're not living in a computer simulation in which the operators can access your data without any backdoors whatsoever?

◧◩◪◨⬒
5. drdrey+6c[view] [source] 2020-06-05 04:10:42
>>shawnz+C6
That's my point, you can't establish trust by checking everything yourself. So you delegate to other things as an approximation. In this case, Signal seems to be reputable, have competent developers and afaik no history of leaks or malevolence so I would rely on that rather than a half-assed source code review.
[go to top]