More great news from the world of communication, but yet again I'm wondering how we can trust the encryption to really be end-to-end without access to the code. Are the messages still traveling through Vibers servers? Is there any way to know?
"I'm wondering how we can trust the encryption"
You can't.
Not unless the company employees security experts, has a significant bug bounty program (with significant rewards), is open to a degree about their securit architecture, and is popular enough for white hats to actively seek out bugs.
This isn't about trusting that the company isn't try to dupe you. It's about trusting that the company can implement security properly, and that enough "good" people will find security flaws before the "bad" guys do.
As for the good people vs. bad people argument, it should be noted that the good people have a harder job than the bad people. For the bad people to do their job, they only have to find one exploit, whereas the good people have to find most/all of them to have made the system secure. That's why employing people to work on security matters (whether through a bug bounty program or through direct employment), a company that values security shouldn't rely on unpaid volunteers alone.
How much do you think a WhatsApp passive decryption bug would be worth? They don't seem to have a bug bounty, I wonder how much something would go for on the black market.
