We’re rolling out end-to-end encryption for voice and video calls! We’d like to share why we’re bringing E2EE A/V to Discord, share our design and implementation goals, and provide a high-level technical overview of how it works.
Am I too harsh in believing that if you claim to have E2EE but I can’t verify a) your source code b) my client was built from that source code (i.e. reproducible builds) then you don’t have E2EE? The whole point of encrypting my traffic on the client is I don’t trust you. Why would I believe you aren’t sending the encryption keys off to your server if I didn’t trust you before?
No. If there’s no way to verify anything then all we have to go on is their word.
The word of a company generally isn’t worth a whole lot. Same with Telegram.
Which is how we know their self-rolled encryption is shit.
There’s a reason why Telegram CEO can be arrested when Signal’s can’t. Because Telegram has information they can give but refuse to whereas Signal give everything they’ve got, which is basically nothing.
Am I too harsh in believing that if you claim to have E2EE but I can’t verify a) your source code b) my client was built from that source code (i.e. reproducible builds) then you don’t have E2EE? The whole point of encrypting my traffic on the client is I don’t trust you. Why would I believe you aren’t sending the encryption keys off to your server if I didn’t trust you before?
I mean technically the client is verifiable if you use discord in a browser tab… and verify it every time you load the web page… 🙃
You said it better than me. 🤣🤣
No. If there’s no way to verify anything then all we have to go on is their word.
The word of a company generally isn’t worth a whole lot. Same with Telegram.
The clients are source available for telegram though
Which is how we know their self-rolled encryption is shit.
There’s a reason why Telegram CEO can be arrested when Signal’s can’t. Because Telegram has information they can give but refuse to whereas Signal give everything they’ve got, which is basically nothing.
They just mean you now really have to pay to get private data. 🤣