3 comments

[ 4.8 ms ] story [ 17.9 ms ] thread
The responsible way would be to report these issues to the author first before posting them publicly.
(comment deleted)
Interesting enough, though it's a little dickish to post this before giving the author a chance to fix the most important issues.

I also disagree with this point:

> Thus it's not end-to-end encryption; at best, it's trust-on-first-use

E2EE means little more than that the server can't see the contents of the messages while the clients can. This may not be a very common or secure method of E2EE, but it's still E2EE.