Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> It's easy to validate that "grapheneos.org"

Is it? Why not graphene-os.org? Why not graphene.org? Why not grapheneos.com? Why not grapheneos.io? How do you validate it, really?

Also who REALLY controls that domain in the end? Someone with access to `.org` nameservers. Do you trust that person? What's their name?



>Also who REALLY controls that domain in the end? Someone with access to `.org` nameservers. Do you trust that person? What's their name?

Same way you trust/verify that you got Tor Browser from the right domain, and the organization behind it hasn't backdoored it (didn't the tor project recieve government funding?).


You plug it into Google and hope they got it right


Try putting Putty into Google.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: