this post was submitted on 25 Sep 2024
838 points (99.6% liked)

Privacy

32159 readers
251 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] possiblylinux127@lemmy.zip 1 points 2 months ago (1 children)

If it is running on the server you have no way of verifying the code or the execution environment.

Theoretically you should now be able to self host proton

[–] delirious_owl@discuss.online 1 points 2 months ago (2 children)
[–] possiblylinux127@lemmy.zip 1 points 2 months ago (1 children)
[–] delirious_owl@discuss.online 1 points 2 months ago (1 children)

Its not a bluff, its cryptography lol

[–] possiblylinux127@lemmy.zip 1 points 2 months ago (1 children)

Except you don't control the hardware. If the execution environment is untrusted everything goes out the window

[–] delirious_owl@discuss.online 1 points 2 months ago (1 children)

Thats literally what TC solves

[–] possiblylinux127@lemmy.zip 1 points 2 months ago (1 children)

Not really as you still need trust

[–] delirious_owl@discuss.online 1 points 2 months ago

Nope. That's why we have cryptography. Read about TC

[–] moonpiedumplings@programming.dev 1 points 2 months ago* (last edited 2 months ago) (1 children)

There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core 'root' of trust in the platform has to reside.[10] If not implemented correctly, it presents a security risk to overall platform integrity and protected data

https://en.m.wikipedia.org/wiki/Trusted_Computing

Literally all TPM's are proprietary. It's basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).

We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don't need to trust the server, like end to end encryption.

Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.

[–] delirious_owl@discuss.online 1 points 2 months ago (1 children)
[–] moonpiedumplings@programming.dev 1 points 2 months ago (1 children)

I read through the docs. I'm not sure how this enables trusted computing.

[–] delirious_owl@discuss.online 1 points 2 months ago* (last edited 2 months ago) (1 children)

The whole idea is to be able to build a secure, distributed cloud. The whole network depends on secure enclaves.

[–] moonpiedumplings@programming.dev 1 points 2 months ago

I cannot find anything related to that in their documentation, their about page, or their whitepaper.

They talk a lot about decentralized computing, but any form of secure enclave or code verification isn't mentioned.

Compare that to this project, which is similar, but incomplete. However, quilibrium uses it's own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.