The server stills closed but seems there're people saying the server-side is not...

sukilot · on June 3, 2020

Why (!)?

Of course servers are untrusted. If you think you need to see the server source then any trust you have is mistaken.

Same as with HTTPS. If you think you need to trust the MITM, you've already lost

eddieoz · on June 3, 2020

I think you don't need to trust the server just if you can audit the frontend and assure it does not share any sensitive information with the server-side. If they apply the concept of data minimisation, decentralisation and distribution properly, there are fewer risks involved.

But, if the server manages sensitive information, yes. It is preferable to audit the server code to understand how they handle the lifecycle of the information.

"If you think you need to see the server source then any trust you have is mistaken."

Sorry but I don't agree. I trust in systems I can verify. Trust without verifying is not trust, it is faith.

jrochkind1 · on June 3, 2020

OK, but that doesn't help you when they shut down the server, which I think is what this thread was about? That zoom purchased it as an aquihire to have staff work on zoom, and isn't committed to the platform.

eddieoz · on June 3, 2020

Agreed, but a server turned off has lower risks to leak information. And I think also they bought the expertise of the team to improve zoom, more than getting the solution per se. It will take some months to have this question answered (about what will really happen to keybase)

jrochkind1 · on June 3, 2020

Clearly, a product which has been discontinued has less of a chance of violating your privacy, that's true.... I think there are a couple different non-intersecting conversations going on here...

eddieoz · on June 4, 2020

But was it discontinued?

I was looking into their terms (https://keybase.io/docs/terms) and they should notify before it. And seems my account is up over there.