Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
tech.lgbt is one of the many independent Mastodon servers you can use to participate in the fediverse.
We welcome all marginalized identities. This Mastodon instance is generally for folks who are LGBTQIA+ and Allies with an interest in tech work, academics, or technology in general.

Administered by:

Server stats:

2.8K
active users

tech.lgbt: AboutStatusProfiles directoryPrivacy policyTerms of service

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-alpha.4+glitch

@S1m @IzzyOnDroid @unifiedpush No one but Google can verify nothing is hidden in there as it's encrypted.

You'd have to audit the code that generates it as well as all the inputs and then verify you get an exact match, since you cannot look at the data from the block itself: it's a completely opaque encrypted binary blob (which means it's not exactly FOSS either).

But you can't currently do that since it's not even reproducible: issuetracker.google.com/issues

At IzzyOnDroid, our scans try to flag what we can: gist.github.com/obfusk/a993b1b

But there are plenty of places to hide something; e.g. F-Droid would not catch this at all since they only flag a handful of specific blocks instead of anything unexpected: github.com/obfusk/sigblock-cod

issuetracker.google.comGoogle Issue Tracker
Jan 05, 2025, 10:31 PM·Quiet public
0boosts·1favorite
Explore
About