|
· Föderation EN Fr 28.02.2025 15:03:04 @mntn @adalanerd developer infiltration is a concern and we have social practises around it. Likely dependency poisoning is a more immediate risk (a threat to all messengers and stacks!). Typically we know the maintainers, or are comaintainers ourselves, of our key rust dependencies. All critical paths have been security audited, including networking and TLS, @rpgp ... And we get scrutiny from many experts and researchers. There can still be bugdoors but therr are a lot of cats around :) |
|
Föderation EN Fr 28.02.2025 15:27:54 |
|
Föderation EN Fr 28.02.2025 15:28:42 @adalanerd @delta @rpgp It’s open source… any such change to the code would be immediately obvious |
|
Föderation EN Fr 28.02.2025 15:49:31 @mntn @adalanerd @rpgp We are of course opposed to client-side-scanning. Without a clear legal proposal on how they want to force developers to implement it, it's impossible to tell how to resist it. Let's see if it ever comes. |
|
Föderation EN Fr 28.02.2025 16:38:18 @delta But if Android ever comes up with an actual built-in, system-wide scanning feature, it would be another story. And maybe forked versions could get rid of it but that'd obviously compromise the privacy for most users and therefore affect trust in whatever encryption. |
|
Föderation EN Fr 28.02.2025 18:13:58 @adalanerd @mntn @rpgp there indeed is a valid concern that android itself gets compromised. We try to support degoogled phones and also non-android developments like @deltatouch and one can also just run delta on a desktop without any mobile, and move your client side profile data in the form of a tar file between all these devices. An ncurses terminal client also exists btw. |
