Comment by bmicraft

Comment by bmicraft 5 days ago

> With it turned on, keys are on your device, Apple doesn't have them and can't use them and it covers all the main stuff - photos, messages, notes, etc.

Or so they say. Has that actually been proven?

NobodyNada 5 days ago

It's impossible to prove a negative, like "Apple doesn't have a backdoor". One can prove the existence of a backdoor by reverse-engineering suspicious code or network traffic, but not the nonexistence without poring over every byte of machine code, and quite a lot of the hardware too.

This is not unique to Apple, it's impossible to prove any system is free of a backdoor, including Linux distributions (see: the xz backdoor, or "Reflections on trusting trust"), unless you hand-crafted your whole smartphone from raw silicon.

Reply View 0 replies

gruez 5 days ago

You can raise that gripe with even something like signal. Sure, it's open source, but when was the last time someone reproducibility built it?

Reply View 5 replies

tga_d 5 days ago

People reproducibly build Signal all the time. There's a bug right now that makes the play store version differ from the one you get by downloading off their website/build from source, but you can examine the differences to see they're minor.

Reply View | 4 replies
- gruez 5 days ago
  
  >People reproducibly build Signal all the time
  source? Is there a site that tracks this, or only shows up when someone raises an issue on github?
  
  Reply View | 3 replies
  
  tga_d 5 days ago
  
  Pick a decently up-to-date fork of Signal on GitHub and look at its Actions. You can also just do it yourself if you'd like, the process is effectively just doing a build in a docker container and comparing the result.
  https://github.com/signalapp/Signal-Android/blob/main/reprod...
  
  Reply View | 2 replies