Or they could just store the data locally on the user’s device and not transmit it back to a central server, such that the company never even has possession of the data nor any way to retrieve it? Like I get it would require a major rewrite if they weren’t already doing this, but at least they’d be keeping their users safe while also having no way for authorities to gain any data.
True, unless it’s open source and maybe self hosted.
Edit: Nevermind, I’m right, I have no confidence in my own intelligence lol. If the key is on the phone and the phone stores the encrypted data to the server, that’ll be secure
Not necessarily. If you trust the code running on your device then there is no backdoor they could install on a server that would break e2ee. They would have to backdoor the client where the keys are.
As they should. I hope they burn all data and figure out a way to function going forwards without storing any data
Or they could just store the data locally on the user’s device and not transmit it back to a central server, such that the company never even has possession of the data nor any way to retrieve it? Like I get it would require a major rewrite if they weren’t already doing this, but at least they’d be keeping their users safe while also having no way for authorities to gain any data.
If the police search your phone then that would not protect you.
Probably a form of e2ee
That requires that you trust the app vendor not to have some sort of back door, no?
True, unless it’s open source and maybe self hosted.
Edit: Nevermind, I’m right, I have no confidence in my own intelligence lol. If the key is on the phone and the phone stores the encrypted data to the server, that’ll be secure
Not necessarily. If you trust the code running on your device then there is no backdoor they could install on a server that would break e2ee. They would have to backdoor the client where the keys are.