this post was submitted on 17 Aug 2025
4 points (83.3% liked)

Privacy

3231 readers
84 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
4
GitHub - vpdotnet/vpnetd-sgx: Code for the VP.NET SGX enclave (github.com)
submitted 4 months ago by Blaze@piefed.zip to c/privacy@programming.dev
3 comments fedilink hide all child comments
 

VP.NET is built on a foundation of zero-knowledge privacy. By publishing our SGX enclave source code, we enable users to:

  • Verify our no-logging policy through code inspection
  • Confirm that servers cannot access user data or traffic patterns
  • Validate that the code running on our servers matches this public repository
you are viewing a single comment's thread
view the rest of the comments
[โ€“] refalo@programming.dev 3 points 4 months ago* (last edited 4 months ago) (1 children)

Verify our no-logging policy through code inspection

Couldn't a network appliance, iptables or a bpf program still be logging and we'd have no idea?

Validate that the code running on our servers matches this public repository

Yes but AFAIK it can't validate that the code you verified against is the same code actually powering your VPN session right now (could be a dummy box just used for validation), or that some other external hardware or superuser-level code isn't also listening in. Someone please correct me if I'm wrong.

[โ€“] jet@hackertalks.com 3 points 4 months ago

Someone please correct me if I'm wrong.

You are 100% right. Also - SGX depends on explicit trust of Intel code signing, which is another externality that needs to be in the threat model.