this post was submitted on 25 Sep 2024
837 points (99.6% liked)

Privacy

32120 readers
933 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] possiblylinux127@lemmy.zip 1 points 1 month ago (1 children)

If it is running on the server you have no way of verifying the code or the execution environment.

Theoretically you should now be able to self host proton

[–] delirious_owl@discuss.online 1 points 1 month ago (2 children)
[–] possiblylinux127@lemmy.zip 1 points 1 month ago (1 children)
[–] delirious_owl@discuss.online 1 points 1 month ago (1 children)

Its not a bluff, its cryptography lol

[–] possiblylinux127@lemmy.zip 1 points 1 month ago (1 children)

Except you don't control the hardware. If the execution environment is untrusted everything goes out the window

[–] delirious_owl@discuss.online 1 points 1 month ago (1 children)

Thats literally what TC solves

[–] possiblylinux127@lemmy.zip 1 points 1 month ago (1 children)

Not really as you still need trust

[–] delirious_owl@discuss.online 1 points 1 month ago

Nope. That's why we have cryptography. Read about TC

[–] moonpiedumplings@programming.dev 1 points 1 month ago* (last edited 1 month ago) (1 children)

There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core 'root' of trust in the platform has to reside.[10] If not implemented correctly, it presents a security risk to overall platform integrity and protected data

https://en.m.wikipedia.org/wiki/Trusted_Computing

Literally all TPM's are proprietary. It's basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).

We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don't need to trust the server, like end to end encryption.

Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.

[–] delirious_owl@discuss.online 1 points 1 month ago (1 children)
[–] moonpiedumplings@programming.dev 1 points 1 month ago (1 children)

I read through the docs. I'm not sure how this enables trusted computing.

[–] delirious_owl@discuss.online 1 points 1 month ago* (last edited 1 month ago) (1 children)

The whole idea is to be able to build a secure, distributed cloud. The whole network depends on secure enclaves.

I cannot find anything related to that in their documentation, their about page, or their whitepaper.

They talk a lot about decentralized computing, but any form of secure enclave or code verification isn't mentioned.

Compare that to this project, which is similar, but incomplete. However, quilibrium uses it's own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.