Trusting Software/Hardware

The problem isn't the _user's_ trust in the software....

Wouldn't it be nice to have software you didn't have to trust?

If you don't personally write the software stack on your devices, at some point you have to trust a third party.

If we can't trust independent audits of code and hardware, what can we trust?

I anticipated this reply which is why I added the qualifier "anywhere but on your own device." Unless you intend to manufacture your own device from scratch, at some point you have to place your trust somewhere. See "reflections on trusting trust":https://web

There are always components you cannot fully trust . Ken Thompson's reflections on trusting trust [1] comes to mindTrust depends on threat model, if your threat model includes such actors/potential attack vectors then you should worry, ultimately you are depending on someone code for any reasonable abstractions (even ignoring chip level comprises)[1] <a href="https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf" re

Do you personally review every bit of code that runs on your device? No? Then you're trusting someone else who claims it's secure. No different than trusting Apple/Google.

Can you trust your computer? by Richard Stallmanhttps://www.gnu.org/philosophy/can-you-trust.en.html

Why would you ever trust Hardware and or proprietary Soft/Firmware.

I understand but I read the statement differently. It's a description of their security model simply. Sure they could be lying like any other company, so a certain amount of trust is required.Unless you read and compiled the code yourself and run it locally, some level of trust is always required.