This is a chat app so, by definition, security requires trusting at least one other person. Also, I think experience shows that secrets can often be least trusted to those who have some interest in/use for them, with the secret owner often being the least trustworthy of all. So I'd say that if you trust yourself you're already probably trusting one of the weakest links in whatever chain of trust you would have.
But seriously, pretty much every secure system requires trust, and the more it relies on technology, the more trust is required. You need to trust there are no backdoors or holes in a long chain of hardware and software that no one person can possibly verify, and if they hypothetically could, they could only hypothetically do so with the help of verification software that they could not themselves verify, at least not without dedicating a lifetime to that goal. Trustless security does not exist, and attempting to achieve it by adding more technological layers and more complexity reduces rather than enhanced security. We should make it easy for us to choose whom to trust, not work on a futile attempt to take trust out of the system.
> Trustless security does not exist, and attempting to achieve it by adding more technological layers and more complexity reduces rather than enhanced security.
How so? If you can minimize trust to the point where you have to trust someone to only properly design federated or peer-to-peer open protocol and trust that others will participate and oversee the process it's one thing, as there is no control or power to go around. Open and secure enough implementations from other parties can emerge with more parties verifying them and a possibility to switch in case someone does something sneaky. But if you also have to trust the same organization with implementation, infrastructure, distribution, there is not much security to talk about. There is no way to even verify claims that the thing they open sourced is the same thing they compile and distribute. And so much centralized power makes the organization a lucrative target for state actors with no realistic possibility to defend.
The more centralized trust you have the less secure system can be. It's like an upper bound on security.
I understand your argument, but it cannot be shown to be more valid than the complete opposite: the less centralized a system is, the more complex it is in terms of protocols, and you need to trust many more people to design it correctly than you would need to trust to operate a centralized system. In fact, it could be argued that beyond some complexity level, an unbreakable design is virtually impossible, even in principle.
Your argument about an appealing target could also be used to show the exact opposite: decentralized systems are much harder to upgrade, and so they become attractive targets which you need to break much less frequently (especially considering that the internet backbone itself is pretty centralized), and so it makes even very expensive cracking more affordable. The argument about open-source applies pretty much equally to the centralized and decentralized case.
> the less centralized a system is, the more complex it is in terms of protocols, and you need to trust many more people to design it correctly
I disagree with that. The more centralized system is, the less trust boundaries it has and more vulnerable and insecure it is, because penetrating one trust boundary gives access to everything. Security always requires additional complexity. And decentralization forces you to take that complexity seriously for once, something you neglect, not simplify, in centralized insecure designs. Forcing you to deal with just trust explicitly and systematically leads to much more secure designs.
Other than that decentralized systems are exactly the same as centralized, just with more players and choices and incentives not to break anyone's trust. The only problem is all that embrace, extend crap large corporations always attempt to pull off and recentralize everything.
I like Linus' argument, if you don't work with a web of trust then you're doing it wrong. In the context of mobile secure messaging the web of trust includes: I'm trusting every hardware component on my phone, I'm trusting Apple, I'm trusting the iOS code, I'm trusting the TLS protocol, etc.
Well, you seem like a potential user for my secure messenger. It is a one-person Faraday cage in a pitch black room in my basement. Dont forget to bring a gun as failsafe.
This is a chat app so, by definition, security requires trusting at least one other person. Also, I think experience shows that secrets can often be least trusted to those who have some interest in/use for them, with the secret owner often being the least trustworthy of all. So I'd say that if you trust yourself you're already probably trusting one of the weakest links in whatever chain of trust you would have.
But seriously, pretty much every secure system requires trust, and the more it relies on technology, the more trust is required. You need to trust there are no backdoors or holes in a long chain of hardware and software that no one person can possibly verify, and if they hypothetically could, they could only hypothetically do so with the help of verification software that they could not themselves verify, at least not without dedicating a lifetime to that goal. Trustless security does not exist, and attempting to achieve it by adding more technological layers and more complexity reduces rather than enhanced security. We should make it easy for us to choose whom to trust, not work on a futile attempt to take trust out of the system.