zlacker

[return to "Signal Server code on GitHub is up to date again"]
1. red_tr+G1[view] [source] 2021-04-07 15:08:20
>>domano+(OP)
Is there any mechanism to validate that the code running on Signal's servers is the same as on Github?
◧◩
2. monoca+J2[view] [source] 2021-04-07 15:13:45
>>red_tr+G1
That's basically the same problem as DRM, so no, you can't verify that someone is running only code you want them to run against data you gave them, on hardware they own.
◧◩◪
3. lxgr+yx[view] [source] 2021-04-07 17:28:50
>>monoca+J2
Yet DRM does exist. (Yes, these schemes usually end up getting broken at some point, but so does other software.)

The problem is more generally called trusted computing, with Intel SGX being an implementation (albeit one with a pretty bad track record).

[go to top]