Hacker News new | past | comments | ask | show | jobs | submit login

One of the points of the E2E security model used here is so that you don't have to trust Cisco.



There's a distinction between trusting a company not to look at your data when you hand it to them in plaintext, (Skype) and trusting them to have completely flawless, bugfree code that the NSA hasn't backdoored. (Dual_EC_DRBG)


Only if the enryption is done properly. Is that an open source project? Did someone you trust security review this?


You still have to trust that the encryption is indeed E2E as they claim, no?

I mean, whatsapp claims it has E2E encryption, but I've never checked...


https://whispersystems.org/blog/whatsapp-complete/

I'm not sure what parts you can verify, but I'm willing to trust the word of those at Whisper. Perhaps I'm naive but they seem to genuinely care about improving privacy for others.


This comment also shows that privacy is always based on trust. Trusting Cisco, Google, Microsoft, OpenSSL devs, Whisper Systems, whatever. You can decide who's more sympathetic, moxie, Zuckerberg, Nadella..


That was exactly the point I was trying to make when I responded to someone saying "well, with E2E encryption you don't have to trust them". Yes you do.


You still have to use the software you're running, and sounds like you are running Cisco's software.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: