cross-posted from: https://lemmy.ml/post/20406932

  • Quail4789@lemmy.ml
    ·
    2 months ago

    Am I too harsh in believing that if you claim to have E2EE but I can't verify a) your source code b) my client was built from that source code (i.e. reproducible builds) then you don't have E2EE? The whole point of encrypting my traffic on the client is I don't trust you. Why would I believe you aren't sending the encryption keys off to your server if I didn't trust you before?

    • jeffhykin@lemm.ee
      ·
      edit-2
      2 months ago

      I mean technically the client is verifiable if you use discord in a browser tab... and verify it every time you load the web page... 🙃