• EngineerGaming@feddit.nl
    link
    fedilink
    arrow-up
    3
    ·
    9 days ago

    I doubt any FOSS restriction is doable at all. As for the supply chain - xz showed this is indeed possible… But no one can guarantee that every encrypted client would be able to get such a well-hidden backdoor, and that it will stay undiscovered, and that it wouldn’t be invalidated with an update… But yeah, the only way this can be combatted is having more eyes on such software.

    • 𝕸𝖔𝖘𝖘@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      9 days ago

      I agree with you. I just don’t think “they” will take that fact and just sit with it. I think “they” will do everything they can to get multiple backdoors in there (and I use the term ‘backdoor’ loosely to mean anything that can programmatically circumvent the encryption). There are more of them, in terms of power and funding, than there are of us. They will eventually succeed, if only for short times each interval. That’s why I wrote that the solution is a chat revolution. I don’t know what that will look like, but we need something they can’t successfully attack.

      Edit: autocorrect