search

vexl-it / vexl

Vexl app
https://vexl.it
GNU General Public License v3.0
60 stars 13 forks source link

Vexl Canary #485

Open leomira opened 11 months ago

leomira commented 11 months ago

Let's implement a Vexl Canary.

I would do it the same way as Trezor does.

https://trezor.io/transparency/canary.txt

prusnak commented 11 months ago

Now thinking about this more, I think the correct approach is not to have a canary, but to just reiterate that our servers do not contain any personal info in unencrypted state so it does not really matter.

HostFat commented 5 months ago

What data do you have? With the data that you have, is it possible to know that a phone number (an user) has contacted another phone number (another user), even if the messages are encrypted? Which data are only on the phone? Which data are sent to your server in encrypted and clear way? I think that what it is written on the website it isn't specified and clear enough.

leomira commented 5 months ago

It is not possible to find out which numbers (users) connected with whom. Nor if they posted an offer, reacted to one, or had a trade going on.

For more information, I recommend checking the code.