> malicious app author can 100% secure encrypt everything in wire and yet leak 100% of your data
Um, surely you understand the difference between piping random-looking bytes uselessly to whoever and having a readable copy of all data readily available to whoever hacks the system or applies for a sysadmin role? Or are you making the assumption that people use a closed-source client and the server can push malicious code?
> Even if the app source code is published as you don’t know if they backdoored it before they submitted to App Store.
Doesn't work if you have third parties also working with the system or forking the code to work with it. It gets noticed. Your concept of "e2ee can be 100% leaked anyway" only works if you don't know what code you're running. You need to trust the community in general to uncover issues you've overlooked (in the code or build process) but that's not the same as not having encryption at all. You can't audit the servers but you can audit the client code.
> You need to trust the community in general to uncover issues
My point is that this community could just be your friendly CIA operatives running the show with a veneer of open source. Also this “community” has no liability unlike the closed platform companies.
Um, surely you understand the difference between piping random-looking bytes uselessly to whoever and having a readable copy of all data readily available to whoever hacks the system or applies for a sysadmin role? Or are you making the assumption that people use a closed-source client and the server can push malicious code?
> Even if the app source code is published as you don’t know if they backdoored it before they submitted to App Store.
Doesn't work if you have third parties also working with the system or forking the code to work with it. It gets noticed. Your concept of "e2ee can be 100% leaked anyway" only works if you don't know what code you're running. You need to trust the community in general to uncover issues you've overlooked (in the code or build process) but that's not the same as not having encryption at all. You can't audit the servers but you can audit the client code.