The thing is, to suit the model you have in mind, which is roughly, “entry knows who you are, exit knows what you do”, requires you to be dishonest about just who controls the client app and what they could do.
If this didn’t matter, the Privacy Pass RFCs would have 2 parties (issuer+origin) instead of 3 that they do (issuer+attester+origin). Tor would be 2 hops instead of 3. And Carl himself is more honest about it than you are.
True. This is why all client side source code will be released and reproducible builds offered on platforms that support it.
If you don’t know what code you’re running, yeah you’re screwed either way.
Also, is the assumption that the end-user can “detect” tampered clients … ? It is patently observable from known universes that end-users get owned all the time by 3rd parties doing undetectable stuff to installed apps (like Chrome, WhatsApp).
Even if we assume the end-user is more in control of the client they install, a custom first-party client entirely defeats the rationale of “the first hop only knows who you are”, unless you absolutely trust the first party to do the right thing. Which, if you do so, you might as well trust the privacy-respecting VPN providers to individually do the right thing and chain them + use a client you trust, that doesn’t have to come from any of the said providers in your chain.
btw, there’s no such thing as “undetectable” changes to server side. The providers, if they so choose, could deploy remotely attestable code. Signal does this? In fact, in my conversation with the Mullvad co-founder, they seemed to agree to that much.
I am concerned about National Security Letters and similar concepts. Technologies like reproducible builds, transparency logs, and remote attestation can help there
kfreds, Mullvad co-founder, in response to Clarification on the Swedish Covert Surveillance Act
Seems like, the implementers of these apps and services themselves are more honest about the shortcomings than folks who have preset notion of what sells for usable security (aka could be setup “easily”). Would be funny if folks would scream “argument from authority” and dismiss the makers themselves. They don’t “understand”…