[Gigachad]

How do we audit that the TPM chip is secure? What happened when a bug in the silicone is found later?

[sanxiyn]

We assume it is, just like we assume CPU works as advertised. In other words, TPM is part of TCB.

[Gigachad]

So what is the point? I already assume the code on their server is not malicious by using it. What extra trust does an untrusted TPM chip give me?

[kfreds]

System Transparency reduces your trust assumptions on us. As a VPN provider we are in an immense position of power over you. We aim to reduce your trust assumptions on us to a few things that we would need to explicitly lie about in order to betray you.

As an example, let's say that we offered any of our users to at any time during the year show up at our office and inspect our VPN hardware, without warning us beforehand. In that situation, if we wanted to betray your trust and privacy, we would need to put in a lot more effort than if we said "We have secure servers. Trust us on that. No you can't see them.". Does that make sense?

[gravypod]

> In that situation, if we wanted to betray your trust and privacy, we would need to put in a lot more effort than if we said "We have secure servers. Trust us on that. No you can't see them.". Does that make sense?

Have you ever thought about doing something like that with some big youtube personalities? Maybe have them hire some pen testers, randomly show up to one of your datacenters, and post recordings of what is done and attacks that could be possible. Since your software is open pen testers could prepare some things to try to attack days in advanced. I'd love to see something like this with Level1Techs or something.

[nopcode]

> big youtube personalities

You mean the same people that are being "sponsored" by VPN providers for years? Why would we want to trust youtubers of all people?

[sanxiyn]

It reduces TCB. TPM is smaller than entire server.