RIotingPacifist

People should understand the limits of E2E encryption.

I'd rather be unhinged than wrong.

No encryption is largely based on encryption algorithms, security is much broader than that.

It's a lot easier to ship 1 app with a backdoor than reconstruct messages by scanning memory.

Can you label rules, that would be a better approach IMO.

Not familiar enough with UFW but could you parse the output and store the rules number as a variable if this is all one long running script?

Sure but it by necessity sends some encrypted data to the server, Wireshark isn't going to tell you if that's just your message or your message and additional information.

Does WhatsApp make it visible when you add a new trusted device? Does Signal?

But yeah Meta have full control of the client and it isn't audited so they could do it a lot of ways.

UK is requiring age verification on VPNs too

Nobody is saying signal is just as bad, simply that it's not invulnerable to this kind of attack, even with reproducible builds, especially as we don't know how the attack works.

When is the last time you checked the linked-devices tab in signal?

I didn't realize Signal now has reproducible builds (in my defense it didn't when it launched)

and you can monitor outgoing traffic on your devise to see whether the signal app is sending data that it shouldn’t.

This is mostly useless as the traffic signal is sending is encrypted, so you really have to just trust the code.

creating a backdoor to access plaintext messages is still very difficult if the app is well audited

Well audited is key, this attack likely works by doing something like adding Meta to the list of trusted devices, then hiding itself from the list (either because of code in the client or because it the meta device is only added for a moment), so the backdoor wouldn't be send_all_messages_to_hq(), it would be in the code to list trusted devices, either explicitly hiding some devices or some sort of refresh timer that's known so you can avoid being there when the UI is updated).

Or it works through the some other mechanism that still preserves E2E encryption.

The centralized server is only important because it sends you the message to get around the encryption (either adding a new client to your list of trusted clients or in some other way getting your client to send your messages to Meta).

If we trust the keys are possessed only by the generating device, then how does the encrypted message become compromised?

Because the client is capable of adding the backdoor, it isn't comprosing the encryption. When you add a desktop client to your Signal account it doesn't break E2E encryption either but your messages are visible in more places. That (or something like it) is what is being described, Meta aren't decrypting your messages as they go through their E2E network, they are tapping them client side.