Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have not been following the end-to-end encryption discussion in a while so please excuse my ignorance in asking...

How does the 'rubber hose' threat apply to Matrix? So long as you are in control of your home server (or at least use a home server you trust) I am not sure who your advisary would pressure.



They could force them to add a backdoor in the Element build uploaded to the app store so they can use that backdoor to attack specific users. This is why we need reproducible builds and code which automatically check for discrepancies.


FWIW, the current version of element (X) is published as a reproducible build on f-droid. https://f-droid.org/en/packages/io.element.android.x/


The attack on xz illustrates that even if the code is open source and the build is reproducible, well-designed attacks can still be executed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: