frames

question on frame security/trust:

the frame dev can validate a message to be sure of which fc account interacted w their frame

but the frame end user can't be sure that the frame is doing what they expect right? they have to trust the frame dev?

unless the frame issues some kind of attestation i suppose

@operator & /operator | BCI, bioinformatics, search, chaos, decentralized AI

If the frame is hosted on a centralized platform, there is no way to make any assumptions. You just cannot witness and verify what is happening.

The dev could change the deployments or AWS decides they want to screw with you.

Maybe some form of client side "hosted" frame?

exploring the simulation's edges @operator and /operator // former BCI and bioinformatics researcher

ICP offers a compelling solution here. You can build frames in Express for example, and all POST requests go through BFT consensus. The Wasm binary of the server can be checked against the source code, and you can see which accounts own the server

Enabling TypeScript, JavaScript, Python and more for the Internet Computer (ICP) (built originally by DFINITY).

Yep! Decentralized and verifiable compute is the way

I didn't know that ICP can offer web apis

See here: https://warpcast.com/lastmjs/0xba018574

I don't see any way to do that .. in web2 nothing is ever safe 🤣

ok yea that was my conclusion as well. are there tools where you can prove the current deployed version of the code?