This is an article written by telegram’s founder and CEO Pavel Durov in 2019 on “Why whatsapp will never be secure”. Your thoughts?

  • ReversalHatchery@beehaw.org
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    11 months ago

    They tell whatever they want until their claims can be validated with the source code. If we take it for granted that they use an original, unmodified version of the signal protocol programming libraries, there are still multiple questions:

    • how often do they update the version they use
    • what are they doing with the messages after local decryption (receiving), and before encryption (sending)
    • how are they storing the secret keys used for encryption, and what exactly are they doing with it in the code

    Any of these questions could reveal problems that would invalidate any security that is added by using the signal protocol. Like if they use an outdated version of the programming library that has a known vulnerability, if they analyze the messages in their plain data form, or on the UI, or the keypresses as you type them, or if they are mishandling your encryption keys by sending them or a part of them to wherever