this post was submitted on 25 Sep 2024
818 points (99.6% liked)
Privacy
32142 readers
1186 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Oh it's open source? where's the serverside repositories then
The title specifies that it's the apps that are open source.
If it is running on the server you have no way of verifying the code or the execution environment.
Theoretically you should now be able to self host proton
TC says otherwise
And I call there bluff
Its not a bluff, its cryptography lol
Except you don't control the hardware. If the execution environment is untrusted everything goes out the window
Thats literally what TC solves
Not really as you still need trust
Nope. That's why we have cryptography. Read about TC
https://en.m.wikipedia.org/wiki/Trusted_Computing
Literally all TPM's are proprietary. It's basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).
We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don't need to trust the server, like end to end encryption.
Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.
Not all TC is proprietary
https://www.golem.network/
I read through the docs. I'm not sure how this enables trusted computing.
The whole idea is to be able to build a secure, distributed cloud. The whole network depends on secure enclaves.
I cannot find anything related to that in their documentation, their about page, or their whitepaper.
They talk a lot about decentralized computing, but any form of secure enclave or code verification isn't mentioned.
Compare that to this project, which is similar, but incomplete. However, quilibrium uses it's own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.