1) where are keypairs generated and how are them transmitted to the server?
2) Whole architecture and implementation of #kbfs. Whatever it really encrypts all the things it should encrypt and how it communicates with server.
@thinkprivacy @batalanto @privacytools
Speaking of "IP leaks and server usage statistics".
Any client-server program has the possibility to do it, even #mastodon.
With foss server we can prove that _this_ server does not collect usage statistics but we'll newer prove that this particular hosting uses this particular code.
That's why any security model considers the server untrusted.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.