[dane-pgp]

> Can I trust a instance of paaster not hosted by me?

> No. Anyone could modify the functionality of paaster to expose your secret key to the server. We recommend using a instance you host or trust.

That's refreshingly honest, but I hope that some day a technology like WhatsApp / Cloudflare's recently released "Code Verify" extension helps to solve this.

https://inside.com/campaigns/inside-dev-2022-03-11-31674/sec...

[derefr]

AFAICT you could permanently trust a webapp loaded from an IPFS-scheme URI (as e.g. Brave can do), after it’s been audited once.

[fastball]

But then if you're using an IPFS gateway instead of hosting your own instance then the gateway could serve you different content, no?

[fwtf]

Since you request data by a hash, and your software should verify the downloaded data has the same hash, no.

[stavros]

If you're using a gateway, you have to trust the gateway.

[arlort]

You could probably have a pretty light wrapper around the gateway which verifies the hash.

It wouldn't be as easy as simply using a gateway but still much easier than hosting/implementing an IPFS node locally

[stavros]

Well, to use the node locally you just run a binary, it's not like there's much to it.

[jimsi]

I think that providing API to be used by standalone clients is far more better approach