|
|
|
|
|
|
by jstanley
3167 days ago
|
|
|
> Namely that the trust model is no different from temporarily handing the encryption keys to the server. True in this case, but not necessarily true. IPFS[0] allows you to ensure that the content you're receiving is correct (if you run a local gateway, which you should), because the URL is basically a content hash. Therefore if you know the code is secure in the first place, you can always visit the same URL and know that you're getting "safe" code that doesn't exfiltrate the keys or plaintext. This then presents the same trust model as running code locally, except you don't need to install anything: you just visit the correct URL, and the code is running, with all the same trust as it would have if you downloaded it and kept it safe from modification. [0] https://ipfs.io/ |
|
|