how do you verify that it works the way they say it works
Open source -> you look at the code
a source code repository on github does not have any guarantees that they are distributing the software built from exactly that source code.
but even worse, almost all such apps are closed source. and you have no chance to verify what runs on the server in either case.
how do you make yourself heard when it doesn’t
In proper domcratic counties that is what law is for.
is this “law” thing you mentioned able to make your thoughts appear telepathically in the minds of millions of others, without a channel like the internet?
are you going to post to facebook with your discovery and hope millions will see it and agree with you?
or are you going to grab a big board and a megaphone and go to the town square about the problem?
this is probably the more effective way, but you’ll be called obnoxious, especially by those who have no idea about the tech they use
you won’t be able to use that to verify the integrity of the system when the worry is that its creators are dishonest. you may be able to verify that something has happened (e.g. a successful attestation), but you won’t be able to tell if the attestation was actually executed for your device and the app in question, or it was proxied to another device the devs run to fake attestations.
The additional problem with that is straight up discrimination. We’re replacing a predatory system with another discriminatory system. It is essentially another path that leads to the same thing. Fighting fascism with fascism.
problems with that:
so far the only answer I am aware of for these questions is “you don’t”
Open source -> you look at the code
In proper domcratic counties that is what law is for.
What I want to say with this: it is technically possible to make it proper. There is a interest not to do it properly.
a source code repository on github does not have any guarantees that they are distributing the software built from exactly that source code.
but even worse, almost all such apps are closed source. and you have no chance to verify what runs on the server in either case.
is this “law” thing you mentioned able to make your thoughts appear telepathically in the minds of millions of others, without a channel like the internet?
are you going to post to facebook with your discovery and hope millions will see it and agree with you?
or are you going to grab a big board and a megaphone and go to the town square about the problem?
this is probably the more effective way, but you’ll be called obnoxious, especially by those who have no idea about the tech they use
Public key cryptography and signatures are common technologies nowadays.
you won’t be able to use that to verify the integrity of the system when the worry is that its creators are dishonest. you may be able to verify that something has happened (e.g. a successful attestation), but you won’t be able to tell if the attestation was actually executed for your device and the app in question, or it was proxied to another device the devs run to fake attestations.
The additional problem with that is straight up discrimination. We’re replacing a predatory system with another discriminatory system. It is essentially another path that leads to the same thing. Fighting fascism with fascism.