On Wed, Nov 19, 2014 at 09:18:10AM +0000, Cathal (Phone) wrote:
Eh, easier than than. Keys generated end to end by the book, then code in the closed source spyware app justs lifts them and posts to FB.
Open protocols in closed apps are meaningless.
Not meaningless, although of course open source would be preferable from a trustability standpoint. I've got the executable code for the proprietary WhatsApp apk installed on my phone, and can reverse engineer it if I so choose. (I'm running CM11 so extracting the APKs is fairly straightforward.) I also have automatic app updates turned off, so I know when the code is supposed to change. Of course it would be Best (TM) if everyone could use a completely free operating system and had complete freedom to inspect all the code we depend on. But given the world we live in, 600M users with access to E2E encrypted messaging is better than 600M users without such access. -andy