• BestBouclettes@jlai.lu
      link
      fedilink
      English
      arrow-up
      22
      ·
      11 months ago

      If you don’t have the only copy of the key, it’s not encrypted. Wish more people understood that…

    • foggy@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      11 months ago

      End to end and also end to authority encryption.

      No bad guys will see your activity!

    • DreadPotato@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      10
      ·
      11 months ago

      It’s encrypted in your phone, and in the receiver’s phone => both ends are encrypted => end-to-end encryption…They conveniently don’t say what’s happening between the ends though.

      • echo64@lemmy.world
        link
        fedilink
        English
        arrow-up
        27
        arrow-down
        1
        ·
        11 months ago

        They actually do. They have a whitepaper, and it’s just the signal protocol as expected.

        End to end is good, apps using it is good. The snark about apps using well known open protocols isn’t needed.

        Talk about what the app is going to be doing with your data that isn’t transmitted, you can be snarky about that. But being like this about the use of the signal protocol isn’t helpful.

        • DreadPotato@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          4
          ·
          11 months ago

          Relax I was merely making a joke on meta’s excessive data hoarding, not a thoughtful comment on the actual implementation.

  • LWD@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    11 months ago

    For those who use the browser-based version of Instagram, WhatsApp, or Facebook, Meta released earlier this year a browser extension called Code Verify that checks if the JavaScript libraries used by the services are up-to-date and have not been modified.

    This is actually a very good thing. Remember that big kerfuffle a couple years ago about how ProtonMail (or any website) could serve malicious JavaScript to a single person, making it relatively easy to steal their data without being caught?

    This would, in theory, prevent that.