Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Trust not only they are not malicious, but also they won't have some kind of vulnerability.

Wouldn't that still be the case if relay servers didn't exist? A hacked version can send your file to the wrong person.



There is more attack surface with a server.

The vulnerability doesn't even have to be in their software, but in any piece of software they use, ssh, nginx, etc.


A compromised relay server can't access the data because it's encrypted.

A meaningful vulnerability would have to be in either the software itself or in the coordination server. That attack surface is the same whether or not you have relays.

You can reduce the attack surface to just the software if there's a way for users to verify keys manually. But again, same attack surface whether or not you have relays.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: