All of that can be publicly audited. When we talk about “trust” we’re referring to what happens server side, which we have to assume can never be publicly audited. The importance of e2e encryption is that what ever happens server side doesn’t matter. There’s a massive gulch between trusting a binary you’re able to inspect and trusting one you can’t.
What you said is valid though, if you want/need privacy, you need to put in effort, but you also have to assume there’s someone smarter than you who will be able to outsmart your own audit. The absolute best you can hope for is that at least the binary is publicly reviewable and that they’re not smarter than every pair of eyes who reviews it. That’s basically the backbone of open source security.
All of that can be publicly audited. When we talk about “trust” we’re referring to what happens server side, which we have to assume can never be publicly audited. The importance of e2e encryption is that what ever happens server side doesn’t matter. There’s a massive gulch between trusting a binary you’re able to inspect and trusting one you can’t.
What you said is valid though, if you want/need privacy, you need to put in effort, but you also have to assume there’s someone smarter than you who will be able to outsmart your own audit. The absolute best you can hope for is that at least the binary is publicly reviewable and that they’re not smarter than every pair of eyes who reviews it. That’s basically the backbone of open source security.