The only way I would believe proof of deletion is if my data was submitted, end to end encrypted, to a key only held in memory of a quorum of remotely attestable secure enclaves deterministically built from publicly available code that I can easily confirm has no means to export keys to the control of any individual.
This is not only possible, I designed and open sourced a lot of tooling to do it and a few companies are doing this today. Shameless plug: My company (https://distrust.co) provides consulting for orgs that want to be ahead of the pack to retrofit their existing infrastructure to support these types of assurances.
Now we just need to require verifiable deletion techniques like this in order to get a standardized privacy certification browsers can verify and alert users to along the lines of the TLS green lock.
We built something similar using secure e enclaves at Tinfoil for verifiably private AI! Unless there is proof of no data access / retention we cannot trust what happens to our data (see recent openAI court ordered retention)
I think the biggest missing bit in Tinfoil is lack of full source bootstrapped deterministic builds. That is an absolute requirement to ensure no single member of the supply chain, such as a single Debian maintainer or a Tinfoil release engineer cannot tamper with the image.
Also there is the issue that the debian and ubuntu packages you rely on can change from one day to the next etc.
I went down that road for over a year, building a whole package.json style hash locking system on top of apt only to abandon it realizing no existing Linux distribution was up to the task from a trust and security perspective. Even a lot of the packages Debian claims are reproducible, like rust, are actually just built from unverifiable binary blobs from the internet. It was a sad realization that the reproducibility of all existing distros has some huge asterisks.
So my team and I at Distrust started StageX to be the first container native Linux distribution and the first that trusts no single human or system, now at the heart of enclaves at Mysten Labs, Turnkey, etc. Totally FOSS though donations or support contracts are always welcome.
Took a look at your image generation setup and it could certainly be ported to stagex to have a completely verifiable, deterministic, and tamper evident supply chain.
do you provide datacenter attestation primitives (e.g. Intel DCAP (only newer chips), ARM CCA-SSE(still being built), or AMD trust zone verifications or whatever they're called)?
software attestable enclaves are one thing. hardware attestable ones are quite another.
We implemented Nitro attestation first while I was at Turnkey for QuorumOS as that is an AWS stack however IMO TPM2 is the way to go today for the most universal support now that the big 3 cloud providers all offer endorsement key APIs. You could then support CPU-unique attestations where possible on top provided you have an out of band source of truth for expected CPU certificates.
One of our projects at Distrust is to handle all of the above in a universal library/spec we are working on called Bootproof, which will ship with EnclaveOS for broad hardware/software attestation support out of the box via a tiny rust daemon and client.
This is not only possible, I designed and open sourced a lot of tooling to do it and a few companies are doing this today. Shameless plug: My company (https://distrust.co) provides consulting for orgs that want to be ahead of the pack to retrofit their existing infrastructure to support these types of assurances.
Now we just need to require verifiable deletion techniques like this in order to get a standardized privacy certification browsers can verify and alert users to along the lines of the TLS green lock.
I give it 20 years.