as I see it, the problem in your statement is that while you mention you’re pro-FOSS, you got overexcited by the claims of an unknown entity over technologies that you like and at the same time you have no source. Just promises. They could even be a startup that has just put all the buzzwords there while in fact on their code they don’t do anything of that and they just use a centralized server with symetric encryption and have the symmetric key stored in the code. The app will look like it works till proven that it is not. As long as they don’t want to publish their code, you getting overexcited (at least for me), is pointless.
There was an example with a startup that was doing something similar to that, not in that magnitude with a stored key, but something equally bullshit until they were exposed. Quite early in their journey. Cannot remember the name right now but there was a good analysis by a researcher. If I remember it, I will add it.
as I see it, the problem in your statement is that while you mention you’re pro-FOSS, you got overexcited by the claims of an unknown entity over technologies that you like and at the same time you have no source. Just promises. They could even be a startup that has just put all the buzzwords there while in fact on their code they don’t do anything of that and they just use a centralized server with symetric encryption and have the symmetric key stored in the code. The app will look like it works till proven that it is not. As long as they don’t want to publish their code, you getting overexcited (at least for me), is pointless.
There was an example with a startup that was doing something similar to that, not in that magnitude with a stored key, but something equally bullshit until they were exposed. Quite early in their journey. Cannot remember the name right now but there was a good analysis by a researcher. If I remember it, I will add it.