Submitted by [deleted] t3_125wf75 in explainlikeimfive
pseudopad t1_je72wwo wrote
Reply to comment by throwaway_lmkg in ELI5: When a third party app says they offer "end to end encryption," what does that mean? by [deleted]
If you want a free and true e2e messaging app, Signal is pretty alright. It's also open source, so it can be audited by anyone with the time and skill to do so.
E_Snap t1_je7k3de wrote
You’d have to audit whatever specific instance of compiler or interpreter they use to run it, too. Remember, Ken Thompson was able to hide an undetectable back door in UNIX by modifying a compiler to add the back door to the kernel whenever it was compiling it, and then modifying the compiler to add the back-door-adding code to the compiler code whenever it found it was compiling itself. Bam, no trace of malware in the source, all the checksums work out, and the only way you’d ever find out is by compiling a clean version of the compiler source with a clean version of the compiler and then starting your audit.
Viewing a single comment thread. View all comments