This isn't a foolproof tactic, however, as code can always be changed the moment the auditors leave the building. Of course, we can place even more confidence in a program that's been audited by a reputable third-party. Only if a program can be freely examined to ensure it does what it is supposed to (and only what it is supposed to) can we place a reasonable amount of confidence in it. Open-source code is the only guarantee we have against this kind of nefarious behavior. This is what's known as end-to-end-encryption (E2EE).īut even if you're using E2EE, how do you know that your encryption software isn't up to something untoward – like secretly sending your encryption keys to its developers, or creating a backdoor in its encryption? Anyone serious about their digital security should look into encrypting their own data, rather than relying on a third-party to do it for them.
0 Comments
Leave a Reply. |