>If you want me to trust your system, show me the complete source code
Sounds like you set yourself up to never trust anything.
I mean, do you fly on airplanes without having inspected the flight code? Or do you put your money in a bank without having inspected the accounting code?
I don't think it's necessary for everyone to fully review the complete source code themselves. But having it available for applications at a serious enough scale, would allow the community at large to proof the vendor's claims about secure encryption. And at Facebook scale I would be satisfied that I'd hear about it if the encryption turned out to be a lie.
Airlines and banks do have to have to prove compliance with formal standards via audit to operate. These audits often require revealing some code to regulators under NDA. So our trust in them stands on sturdy ground compared to the offerings from the big tech companies.
I don't need to see the code for it to fail my audit though:
- Phone number attached to real identity is required
Even if you did, how would you know that the airline or bank is running a binary generated from that code? Would you also need to check the compiler? How do you know which compiler was used?
These examples do not work. If a plane fails, everyone would know it immediately. If money disappears from my account, at least I would know it immediately. The problem with privacy is that if it's broken, I wouldn't know it. So we have to spend all our life in blind trust, and it's insufferable
Sounds like you set yourself up to never trust anything.
I mean, do you fly on airplanes without having inspected the flight code? Or do you put your money in a bank without having inspected the accounting code?