top | item 46280284 (no title) GranPC | 2 months ago They use remote attestation based on SGX. So, assuming SGX can be trusted, yes. See https://signal.org/blog/private-contact-discovery/ discuss order hn newest dathinab|2 months ago and assuming you have a practical way to- verify the attestation- make sure it means the code they have published is the attested code- make sure the published code does what it should- and catch any divergence to this *fast enough* to not cause much damage....it's without question better then doing nothingbut it's fundamentally not a perfect solutionbut it's very unclear if there even is a perfect solution, I would guess due to the characteristics of phone numbers there isn't a perfect solution mjg59|2 months ago Well, no - as long as someone you trust is able to do that verification, that's good enough.
dathinab|2 months ago and assuming you have a practical way to- verify the attestation- make sure it means the code they have published is the attested code- make sure the published code does what it should- and catch any divergence to this *fast enough* to not cause much damage....it's without question better then doing nothingbut it's fundamentally not a perfect solutionbut it's very unclear if there even is a perfect solution, I would guess due to the characteristics of phone numbers there isn't a perfect solution mjg59|2 months ago Well, no - as long as someone you trust is able to do that verification, that's good enough.
mjg59|2 months ago Well, no - as long as someone you trust is able to do that verification, that's good enough.
dathinab|2 months ago
- verify the attestation
- make sure it means the code they have published is the attested code
- make sure the published code does what it should
- and catch any divergence to this *fast enough* to not cause much damage
....
it's without question better then doing nothing
but it's fundamentally not a perfect solution
but it's very unclear if there even is a perfect solution, I would guess due to the characteristics of phone numbers there isn't a perfect solution
mjg59|2 months ago