this post was submitted on 25 Sep 2024
839 points (99.6% liked)

Privacy

32424 readers
290 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] moonpiedumplings 1 points 2 months ago* (last edited 2 months ago) (1 children)

There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core 'root' of trust in the platform has to reside.[10] If not implemented correctly, it presents a security risk to overall platform integrity and protected data

https://en.m.wikipedia.org/wiki/Trusted_Computing

Literally all TPM's are proprietary. It's basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).

We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don't need to trust the server, like end to end encryption.

Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.

[–] [email protected] 1 points 2 months ago (1 children)
[–] moonpiedumplings 1 points 2 months ago (1 children)

I read through the docs. I'm not sure how this enables trusted computing.

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (1 children)

The whole idea is to be able to build a secure, distributed cloud. The whole network depends on secure enclaves.

[–] moonpiedumplings 1 points 2 months ago

I cannot find anything related to that in their documentation, their about page, or their whitepaper.

They talk a lot about decentralized computing, but any form of secure enclave or code verification isn't mentioned.

Compare that to this project, which is similar, but incomplete. However, quilibrium uses it's own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.