• Nihilist
    link
    fedilink
    -12
    edit-2
    2 months ago

    Oh it’s open source? where’s the serverside repositories then

    • Possibly linux
      link
      fedilink
      English
      12 months ago

      If it is running on the server you have no way of verifying the code or the execution environment.

      Theoretically you should now be able to self host proton

        • @[email protected]
          link
          fedilink
          1
          edit-2
          2 months ago

          There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core ‘root’ of trust in the platform has to reside.[10] If not implemented correctly, it presents a security risk to overall platform integrity and protected data

          https://en.m.wikipedia.org/wiki/Trusted_Computing

          Literally all TPM’s are proprietary. It’s basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).

          We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don’t need to trust the server, like end to end encryption.

          Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.

              • @[email protected]
                link
                fedilink
                1
                edit-2
                2 months ago

                The whole idea is to be able to build a secure, distributed cloud. The whole network depends on secure enclaves.

                • @[email protected]
                  link
                  fedilink
                  12 months ago

                  I cannot find anything related to that in their documentation, their about page, or their whitepaper.

                  They talk a lot about decentralized computing, but any form of secure enclave or code verification isn’t mentioned.

                  Compare that to this project, which is similar, but incomplete. However, quilibrium uses it’s own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.