What a brain-dead take. If your threshold for true safety is “literally no one can force you to decrypt it or affect the system in any way” then of course it’s insecure, and so is everything else unless everyone writes their own crypto implementation yourself locally.
“oh I compile my binaries from source so I’m safe”
Someone could compromise the source repo and have it serve a compromised version to your machine. I guarantee you aren’t reading the entirety of the open SSL source code before you compile it.
Anyone that takes this article seriously should read On Trusting Trust. It’s a very short essay that states the point much more eloquently than the post author that you eventually have to trust someone. Whether that’s Apple or Signal or some random maintainer of your crypto implementation library, you have to trust someone that it hasn’t been backdoored.
What a brain-dead take. If your threshold for true safety is “literally no one can force you to decrypt it or affect the system in any way” then of course it’s insecure, and so is everything else unless everyone writes their own crypto implementation yourself locally.
“oh I compile my binaries from source so I’m safe”
Someone could compromise the source repo and have it serve a compromised version to your machine. I guarantee you aren’t reading the entirety of the open SSL source code before you compile it.
Anyone that takes this article seriously should read On Trusting Trust. It’s a very short essay that states the point much more eloquently than the post author that you eventually have to trust someone. Whether that’s Apple or Signal or some random maintainer of your crypto implementation library, you have to trust someone that it hasn’t been backdoored.