Highest Rated Comments


lazzurs21 karma

Have you considered open sourcing the rest of your stack?

It seems you’ve just uploaded the mobile apps to GitHub or am I mis-reading this?

For something so critical to my life and safety I really do want to read the source code.

lazzurs8 karma

You could be forced to put a back door in to send you the keys and then provide those to someone sending you a request. I don’t think warrant canaries help with that as the request can also include secrecy.

lazzurs5 karma

100%. It’s spiders all the way down. On platforms like iOS you have no control. Even using Linux on x86 hardware you then have to worry about management engines on CPUs betraying you. There’s almost no ability to resist state level actors which is what makes warrant canaries so amusing and why I like the pragmatic position Dashlane takes on this.

If you are having to resist state level actors maybe using something more secure like your memory or paper in a vault is the right solution. For everyone else a password manager that’s open and transparent about how it works is likely the best thing you can do.

lazzurs3 karma

Thanks for the full answer and thanks for posting the source you have. I will be excited to see the rest of the stack being open sourced. Would be interesting to see self hosting options at that point for the data.