Comment by echoangle
1 year ago
Isn’t the whole point that this method is secure by design so even if they wanted, they couldn’t track you?
Or are you saying the method is designed to look secure but there’s an intentional weakness that makes tracking possible?
Definitely suggesting the method is secure, assuming the company does all the things they’ll say they do, which I also agree they’ll do. I’m just concerned the government can destroy this all, just by compelling them not to, and change a well intentioned method at any moment.
But what would the government compel them to do? If the method is secure, you don’t need to trust the server. And if they backdoor the open source client, people could notice it in an audit.
I think you’re right, perhaps I’ll do some more reading about it - It seems like it all relies on what the extension does, and if this extension is open source someone will notice as you said. Thanks for the clarity!
The method is secure until they change it. Their docs mention that generating a token is not anonymous, but using a token is. Considering they already know who generated it, it could be trivial for them (to change something server side where the validation occurs, if compelled) to link a particular search to a user.
2 replies →