You probably have used https://identity.ic0.app/ to log into various applications (the NNS UI, OpenChat etc.) before, and if you do that, you are trusting this service to take good care of your credentials. Furthermore, you might want to check that the Internet Identity is really not tracking you. So you want to know: Is this really running the code we claim it to run? Of course the following applies to other canisters as well, but I’ll stick to the Internet Identity in this case.
I’ll walk you through the steps of verifying that.
I wanted to post this here directly, but somehow the forum website didn’t like the post (maybe some XSS protection filter got triggered?), so I put it on my blog:
https://www.joachim-breitner.de/blog/779-Verifying_the_code_of_the_Internet_Identity_service
It has since also been published on the official DFINITY medium blog: