Hacker News new | past | comments | ask | show | jobs | submit login

The article says they are not stored. That's what I'm questioning.

"user messages are stored only on their devices, not on Signal’s servers or anywhere else."




Sure, like I said, it's a information theoretic argument. Imagine if Signal used a One Time Pad instead of AES, this might make it easier to see what's going on if you have some idea about the One Time Pad.

Suppose I promise you that qMsVOrgWDZTo0Fet9xLhIQ is the base 64 encoded, 16 byte encrypted message I just sent, but I used OTP. Do you in some sense "have" a copy of my message ? No. That is completely useless without the key, it could have literally been any message, without the key there's no difference.


Thanks for the explanation! That helps.


I think it is fair to interpret that as: Signal is not storing messages on their servers, also Signal is not storing them on someone else's servers.

Whether or not a 3rd party, outside Signal's knowledge and/or control, is storing messages is entirely out of their control.


The whole point of e2ee is that you don't have to care about that!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: