Would you trust Elon's #Twitter with your direct messages, phone, or video calls, even when he claims end-to-end encryption is in place?
Well the whole point of end-to-end encryption is that we don't have to answer that question.
So one funny thing about this question is that #cryptography is legitimately difficult to do correctly, with plenty of room for mistakes.
So part of the story is that even if you think #musk
is a terribly dishonest person, while some other developer is a completely honest one, the trickiness of implementation means that you still can't trust the honest one. The intention becomes something of a side note because it's just that easy to screw it up.
So I don't care who implements it. I really don't go for that sort of drama. The product needs to sink or swim on its own, to be shown to be solid regardless of any kind of ad hominem attack on its author.
I don't care who writes it; I'm going to gauge my trust on what independent experts in the field say once they have analyzed it.
But again, the whole point of #E2E encryption is not having to trust the developer.
@volkris there are layers of trust, and in this case it starts with (at least) “do you trust musk as a manager to employ competent engineers and to not micromanage them in order to ship the product faster”?
(also do read something about the current twitter implementation of e2e encryption, matthew garrett error an interesting blog about it.)
That's aside, encryption is at least somewhat like writing tests - any encryption is better than no encryption.
Here's the blogpost for the lazy among us btw: https://mjg59.dreamwidth.org/66791.html
Reading this, the implementation strikes me as "simple, yet just as exploitable as necessary if law enforcement comes knocking". Which probably is fine enough for most people.
@volkris @glitch @mawhrin That any encryption is better than no encryption.