this post was submitted on 29 Nov 2023
127 points (97.7% liked)
Technology
59209 readers
4221 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Well let's give some counter examples in the softwares I mentioned :
WhatsApp closed : Owned by Facebook. Well Facebook had multiple data leaks, privacy violations and nothing substantial was done about it. Definitely not trustable (also zero days are getting sold on the black market for WhatsApp (https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/ ).
Telegram closed : not end to end encrypted. Russian app. Not trustable.
Signal open : well this one is e to e encrypted. Open source, maybe could be trusted. Seems to have passed some security audits (https://community.signalusers.org/t/overview-of-third-party-security-audits/13243), tho it's based in the US and uses servers, maybe the US may have super computers capable of decrypting such communications. However is signal has switched their encryption to quantum computer resistance it may be too hard even for a state actor. However they also "debunked"/ignored zero-day reports which were not reported through their own tool, and by asking the US for confirmation. I am not sure if the US can be trusted to give confirmation about the existance or not of vulnerabilities when they are very likely to use them (https://thehackernews.com/2023/10/signal-debunks-zero-day-vulnerability.html?m=1).
Olvid open (servers closed) : is French, e to e, and backed up by an encryption PhD. And why not use a local messaging app witch also is very secure and open source.
Notice how closed source is untrusted here. The economic activity of the tool changes how trustable it is. Military équipement has a huge and strict budget, it has to be secure.
Communication apps are user first. So they do what they can get away with, and that is very true for Facebook.
I had no idea o l v i d was open source, since you mentioned it I googled and I found their repo, it's not mentioned on the English web page
https://github.com/olvid-io/olvid-android
AGPLv3 .. nice
Client only source, just like telegram, no server side source.