Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Whoah. Hang on there. Crypto specialists aren't the people lobbying loudly for PGP-encrypted email in 2017. They're the ones who made the world's most popular messaging application double-ratchet deniably encrypted by default without the userbase even noticing.


I'm sorry, I undermined my own point in pursuit of a witty syllogism and I don't want to give the wrong impression that the crypto in apps like Signal (which I prefer) is somehow second-rate.


Wait: which one is that?


Singal, nee TextSecure, I'd assume.

Edit: Crap, I mean WhatsApp, which _uses_ Signal's protocol now.


Does WhatsApp have reproducible builds yet? Do we know that the app isn't storing the keys somewhere else?


> Does WhatsApp have reproducible builds yet?

WhatsApp isn't even open source, so no, it doesn't have reproducible builds. (Signal is open source and does have reproducible builds).

> Do we know that the app isn't storing the keys somewhere else?

No, but WhatsApp is still strictly better than either email or SMS. Even if you don't trust Facebook, that still only leaves three parties that can compromise the integrity of messages (you, the recipient, and Facebook), as opposed to the uncountable number of parties that can passively observe email or SMS in transit.


Gotchya. Re-reading Thomas's comment, one of that set at any rate.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: