As soon as you’re building something written in, say, Javascript, then any semblance of assurance goes out of the window.
JS is an easy target. What about C or C++? You could audit the code but have you also audited your compiler? What if you used Visual Studio?
Code is an easy target. Can you trust the auditors themselves and in the absence of that, your own ability to detect a vulnerability?
The only bulletproof solution is to not use software.
That said, most of us are not as important or recognisable as we believe we are. The layperson won’t have a good reason to isolate their computer and install an airlock between their aluminium-lined office and the rest of their house.
This is just an updated version of the story about the US government scanning your emails for keywords after 9/11. They don’t even need to actually do it, they just need to say they do and most people will monitor their communications.
As soon as you’re building something written in, say, Javascript, then any semblance of assurance goes out of the window.
JS is an easy target. What about C or C++? You could audit the code but have you also audited your compiler? What if you used Visual Studio?
Code is an easy target. Can you trust the auditors themselves and in the absence of that, your own ability to detect a vulnerability?
The only bulletproof solution is to not use software.
That said, most of us are not as important or recognisable as we believe we are. The layperson won’t have a good reason to isolate their computer and install an airlock between their aluminium-lined office and the rest of their house.
This is just an updated version of the story about the US government scanning your emails for keywords after 9/11. They don’t even need to actually do it, they just need to say they do and most people will monitor their communications.