My point is to make a comment on social media and get responses to see what other people think.
All I'm getting at is that any company that distributes code to you and tells you they can't see your data is lying. They just don't want to access your data right now.
I would suggest people understand this and position themselves accordingly security-wise.
If that means not using signal because its not secure enough then ok.
If that means continuing to use signal with the understanding that it's only secure until signal decides they want your data(or a gov forces them to), then ok
Splitting management of an app and service is the exact solution. If signal can't control when to push updates to your phone then they can't control when they want to break encryption.
In your compromised browser example we understand that browsers have an interest in imementing HTTPS correctly and treat them accordingly. That's part of the reason the market is dominated by 2 engines that do their development as much in the public as possible
All I'm getting at is that any company that distributes code to you and tells you they can't see your data is lying. They just don't want to access your data right now.
I would suggest people understand this and position themselves accordingly security-wise.
If that means not using signal because its not secure enough then ok.
If that means continuing to use signal with the understanding that it's only secure until signal decides they want your data(or a gov forces them to), then ok
Splitting management of an app and service is the exact solution. If signal can't control when to push updates to your phone then they can't control when they want to break encryption.
In your compromised browser example we understand that browsers have an interest in imementing HTTPS correctly and treat them accordingly. That's part of the reason the market is dominated by 2 engines that do their development as much in the public as possible