GreyBeard

Signal does hold the public keys for every user. But having the public key doesn’t let you decrypt anything. You need the private key to decrypt data encrypted with the public key. So in a chat example, if you and I exchange public keys, I can encrypt the message using your public key, but only you can decrypt it, using your private key.

Signal does run the key exchange, which means they could hand a user the wrong public key, a public key which they have the private key for, instead of the other person’s. That is a threat model for this type of communications, however, signal users can see the key thumbprints of their fellow chat participants and verify them manually. And once a chat has begun, any changes to that key alerts all parties in the chat so they know a change has happened. The new key wont have access to any previous or pending messages, only new ones after the change took place.

In the case of signal, it is provable that it cannot. They do not hold the keys to decrypt. The closest risk is the server injecting a new public key into the conversation, which the Signal app will warn about.

The server can’t decrypt it if it doesn’t have the keys to do so. It can be proven that private keys never leave the local device. It can also be proven that the proper public keys are being provided, and that the local device alerts on public key changes with a partner are announced.

Of course, nobody as part of the linked article did any of that verification, but still, a server doesn’t need to be trusted to be functional.

Nobody in this thread suggested not getting the vaccine. Entire problem is that we are dropping below herd immunity thresholds and that means worse outcomes for the vaccinated and unvaccinatable alike.

Roku started as a streaming media box. You paid them money, they gave you a box that could play Netflix and Youtube. It was a simple transaction. Unfortunately, at some point they decided to start selling/giving their OS to TV manufacturers. This was actually nice at the start. You got a smart TV who’s “Smarts” were designed by competent people. A revolution at the time. But the drive to drop prices lower and lower meant that there was no margin on the TV, which means Roku had to investigate other ways of making their revenue, AKA Ads and selling data.

Of course, the stand alone box probably would have went that way anyways, but at least with selling a dedicated box, there is a clear financial benefit without the need to get invasive.

Same on Android.