Paedar

One thing I've always wondered about password managers, but also about remotely running software (aka servers) in general is how the web of trust is properly formed. Some software is open source (I'll have to admit i don't know if Dashlane is), but even then the question rises how can I, the customer, confirm that what you say you're running on your servers is what you say you're running on your servers?

As a software developer myself this interests me professionally, but as a user of tools like password managers it probably interests me even more.

Very interesting material! I can't say I've read through it completely, but scanning through it, I'm missing one specific thing: how do I, the user/customer/external entity confirm that what is explained in the White paper and patents is actually how the server side part of the application functions, without side effects?