Privacy

3222 readers

94 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

Ategon@programming.dev

danielintempesta@programming.dev

GitHub - vpdotnet/vpnetd-sgx: Code for the VP.NET SGX enclave (github.com)

submitted 4 months ago by Blaze@piefed.zip to c/privacy@programming.dev

3 comments fedilink hide all child comments

VP.NET is built on a foundation of zero-knowledge privacy. By publishing our SGX enclave source code, we enable users to:

Verify our no-logging policy through code inspection
Confirm that servers cannot access user data or traffic patterns
Validate that the code running on our servers matches this public repository

top 3 comments

sorted by: hot top controversial new old

[–] refalo@programming.dev 3 points 4 months ago* (last edited 4 months ago) (1 children)

Verify our no-logging policy through code inspection

Couldn't a network appliance, iptables or a bpf program still be logging and we'd have no idea?

Validate that the code running on our servers matches this public repository

Yes but AFAIK it can't validate that the code you verified against is the same code actually powering your VPN session right now (could be a dummy box just used for validation), or that some other external hardware or superuser-level code isn't also listening in. Someone please correct me if I'm wrong.

[–] jet@hackertalks.com 3 points 4 months ago

Someone please correct me if I'm wrong.

You are 100% right. Also - SGX depends on explicit trust of Intel code signing, which is another externality that needs to be in the threat model.

[–] AntiBullyRanger@ani.social 0 points 4 months ago* (last edited 4 months ago)

Prerequisites
Linux
Docker
Go 1.21 or later
Intel SGX SDK and PSW
EGo (Edgeless Go) framework

Who are they trying to fool? Not one of these requirements are zero-knowledge or ACID enough to validate anything. Might as well give me an analog hourglass, I can validate it’s volume and weight @ ATM.