zlacker

[return to "Signal Server code on GitHub is up to date again"]
1. red_tr+G1[view] [source] 2021-04-07 15:08:20
>>domano+(OP)
Is there any mechanism to validate that the code running on Signal's servers is the same as on Github?
◧◩
2. danpal+N2[view] [source] 2021-04-07 15:14:01
>>red_tr+G1
I think the argument would be that with end-to-end encryption this is unnecessary, which is good because it's impossible.

There's a counter-argument that there is still useful metadata a server can glean from its users, but it's certainly minimised with a good protocol... like the Signal protocol.

◧◩◪
3. cortes+2w[view] [source] 2021-04-07 17:22:27
>>danpal+N2
Wait, how would end-to-end encryption help this problem at all? I agree that it is impossible (currently), but not sure how E2E helps anything?

E2E encryption only helps you verify WHO you are connecting to, not what they are doing with your connection once it is established.

[go to top]