Comment on Is This The Most Secure Messaging App?
just_another_person@lemmy.world 2 months ago
One of the bigger things that makes something “secure” is going to be a chain of trust, whereas you are using a third-party library. That’s one difference, but as you’ve already mentioned, a larger security model and protocol with solid functional tests and regular auditing is probably going to be safer than something like this.
xoron@lemmy.world 2 months ago
How can I describe the chain of trust in a self hosted system? I’m sure auditing will help inspire confidence but this isn’t something I can do for the app. Open sourcing is the next best thing to open it up to public review.
just_another_person@lemmy.world 2 months ago
A third-party library breaks chain of trust was my point. If you don’t have control over the code being used, you can’t certify it to be absolutely safe. This is something fairly essential when trying to prove your software to be secure. See the ‘xz’ fiasco from earlier this year.
xoron@lemmy.world 2 months ago
The frontend and the peerjs-server are open source and selfhostable independently. This should address any third party concerns. Perhaps the app can only be considered secure if it’s self hosted?
just_another_person@lemmy.world 2 months ago
Well, I guess it depends on your audience. I’m not saying don’t put it out there. I was just giving you the answers you were asking for in your original post by comparison. Put it out on GitHub, listen to issues filed, address concerns, and just work with it. If you think it really sets itself apart and is useful in some way, there’s absolutely no reason to not put it out.