Self-hosting on a hosting provider… it’s not my hardware, but maybe some trust.
OpenSource with non-reproducible builds, even self-hosted at home, little trust.
Local bridges, OpenSource, with reproducible builds, and a 3rd party audit, most trust.
All software can have bugs, and we’ve seen what cases like xz-util can bring, so I would rather have no decrypting bridges at all, particularly for sensitive information… but for random private chats, “mostly trusted” sounds like enough.
Public conversations (like this one) are fine going through random bridges, but I feel like bridging with E2EE networks, is subverting user expectations.
Somewhat. It’s kind of a gradation:
All software can have bugs, and we’ve seen what cases like xz-util can bring, so I would rather have no decrypting bridges at all, particularly for sensitive information… but for random private chats, “mostly trusted” sounds like enough.
Public conversations (like this one) are fine going through random bridges, but I feel like bridging with E2EE networks, is subverting user expectations.