undefined | Better HN

0 pointsechoangle1y ago0 comments

But what would the government compel them to do? If the method is secure, you don’t need to trust the server. And if they backdoor the open source client, people could notice it in an audit.

0 comments

mortar1y ago

I think you’re right, perhaps I’ll do some more reading about it - It seems like it all relies on what the extension does, and if this extension is open source someone will notice as you said. Thanks for the clarity!

mortar1y ago

The method is secure until they change it. Their docs mention that generating a token is not anonymous, but using a token is. Considering they already know who generated it, it could be trivial for them (to change something server side where the validation occurs, if compelled) to link a particular search to a user.

echoangleOP1y ago

You don’t get the token itself from the server though, you get something so you can make your own token for which the server doesn’t know who created it. So they can do whatever they like on the server, they can’t identify you.

mortar1y ago

Indeed, thanks for clearing that up!

j / k navigate · click thread line to collapse

0 comments

mortar1y ago

echoangleOP1y ago

mortar1y ago

Indeed, thanks for clearing that up!

j / k navigate · click thread line to collapse