Encryption backdoors must never be allowed. To prove that Tuta is [#free](https://fedia.io/tag/free) from any [#backdoor](https://fedia.io/tag/backdoor), the entire client code is published as [#opens

Tuta@mastodon.social · 1 year ago

Encryption backdoors must never be allowed. To prove that Tuta is [#free](https://fedia.io/tag/free) from any [#backdoor](https://fedia.io/tag/backdoor), the entire client code is published as [#opens

F. Maury ⏚@infosec.exchange · 1 year ago

@[email protected]
Web clients cannot be verified since they can be altered by the server sending the code to the browser. Standard protocols such as IMAP allow using ANY open source client, including those that are already well audited. Not just yours. From my PoV, you are doing it wrong.

Sassinake! - ⊃∪∩⪽@mastodon.social · 1 year ago

@[email protected]

also, police reserve the right to inspect your butthole any time you talk back to them.

Tuta@mastodon.social · 1 year ago

@[email protected] This is precisely why end-to-end encryption must be used for confidential data. We explain the court ruling in detail here:

actionman38Productions@mastodon.social · 1 year ago

@[email protected] Hhhhhhhh!

Squirrel@social.bau-ha.us · 1 year ago

@[email protected] Publishing something as Open Source does not prove that it’s not backdoored, unless users cannot verify that the deployed software matches the published code. You need reproducible builds and independent distribution channels.