Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You have to trust their clients, since they are not open source. I agree with that.

Still this project in particular seems nice. Why couldn't Signal deploy a similar thing, for instance?



Because it's a very marginal improvement. It's Facebook verifying that Facebook's other server is providing you the right key; I'm not holding my breath for Signal to start doing the same. I'd honestly hope they'd instead focus on usernames, message editing, markdown, or any of the other features it's still missing compared to Wire or Element. (In Signal's defense, it's the most stable of the three so that's why I've got my family using Signal, but I wish for Wire's, or even better, Telegram's feature set on a daily basis.)


> It's Facebook verifying that Facebook's other server is providing you the right key

Again, no :-). The third-party audit record is there such that... well... a third-party server can do that verification.

For WhatsApp it may be marginal because the client is proprietary (hence you can't audit it and verify that it actually uses the feature), but the Signal client is open source. So you could actually see that your Signal client checks the keys using third-party servers. That's something, I think.


> well... a third-party server can do that verification.

Sure, but your phone isn't asking said third party what the results of their verification are. It's asking Facebook.

It can get hacked. It can lie. If you're looking to protect from a malicious server by protecting the key exchange better, you don't achieve that goal by asking the same party for the same information again via a different protocol and hope it answers differently. It increases attack cost because now the attacker has to fool both systems, but idk by how much honesty. The main cost will be getting into their infrastructure undetected in the first place. Sending discrepant responses to differing IP addresses seems relatively easy beyond that point.


Right.

> It increases attack cost because now the attacker has to fool both systems, but idk by how much honesty.

That's a fair question, but it may be better than you think, right? At least it seems pretty easy to increase that cost later on if they want to (e.g. securing their audit server or by having the clients check third-party servers). The technology is here now.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: