Discord is rolling out end-to-end encryption,
Do you trust it?
Before you rush to say no,
It's designed and audited by the same auditors that SimpleX uses (Trail of Bits)
So do you trust Trail of Bits to say SimpleX is secure, but not design Discord's encryption?
You know I actually wrote Trail of Bits to ask on pricing to audit my own app (which isn't a messenger btw). They use Gmail, so I used PGP.
The guy at Trail of Bits apologized that he didn't have his PGP key anymore, since he never gets encrypted emails. Aren't you guys supposed to be receiving code to audit or emergency 0-day flaws? That's going naked over Gmail? So he directed me to a web browser app that had third party Google JavaScript and claimed it was end-to-end encrypted. This might be true, but he has no idea what that JavaScript was doing.
So without even looking at the details of Discord's new thing, I can tell you they don't give a rat's ass about privacy. All this is doing is trying to remove legal liability in a post Telegram-legal world. But we can remove legal liability for them, by not using Discord.
Source: https://discord.com/blog/meet-dave-e2ee-for-audio-video
SimplifiedPrivacy.com
npub14s…jt5d6
2024-09-18 15:09:57
Author Public Key
npub14slk4lshtylkrqg9z0dvng09gn58h88frvnax7uga3v0h25szj4qzjt5d6Published at
2024-09-18 15:09:57Event JSON
{
"id": "5ff8c7be1835a7034eccfc6010cd339e8c0b6d92fe1d03f5a4ec8d8afa8bdf07",
"pubkey": "ac3f6afe17593f61810513dac9a1e544e87b9ce91b27d37b88ec58fbaa9014aa",
"created_at": 1726672197,
"kind": 1,
"tags": [],
"content": "Discord is rolling out end-to-end encryption,\n\nDo you trust it?\n\nBefore you rush to say no,\nIt's designed and audited by the same auditors that SimpleX uses (Trail of Bits)\n\nSo do you trust Trail of Bits to say SimpleX is secure, but not design Discord's encryption?\n\nYou know I actually wrote Trail of Bits to ask on pricing to audit my own app (which isn't a messenger btw). They use Gmail, so I used PGP.\n\nThe guy at Trail of Bits apologized that he didn't have his PGP key anymore, since he never gets encrypted emails. Aren't you guys supposed to be receiving code to audit or emergency 0-day flaws? That's going naked over Gmail? So he directed me to a web browser app that had third party Google JavaScript and claimed it was end-to-end encrypted. This might be true, but he has no idea what that JavaScript was doing.\n\nSo without even looking at the details of Discord's new thing, I can tell you they don't give a rat's ass about privacy. All this is doing is trying to remove legal liability in a post Telegram-legal world. But we can remove legal liability for them, by not using Discord.\n\nSource: https://discord.com/blog/meet-dave-e2ee-for-audio-video",
"sig": "ad547991962571d4d3bbb8bf8e18bc9c48432b952805ab20f6a3299a4733965421a9945e14e95a66a8c0d57ab541b0db62ba1dbf0620264dcf7328fc91fe0253"
}