[liberationtech] Standalone JS apps vs. browser extensions, which is better?

Francisco Ruiz ruiz at iit.edu
Mon Aug 26 15:57:50 PDT 2013 

Steve Weis wrote:

>If delivered as a regular Javascript web app, then Francisco, anyone
>at Site 44, or anyone at Dropbox can steal PassLok keys and messages
>anytime they want.

You're absolutely right. I don't feel good about this. But what if I set up
my own server? I can do it here at the university. Otherwise, is there a
https shared served that one can trust?



On Mon, Aug 26, 2013 at 2:34 PM, Steve Weis <steveweis at gmail.com> wrote:

> If delivered as a regular Javascript web app, then Francisco, anyone
> at Site 44, or anyone at Dropbox can steal PassLok keys and messages
> anytime they want.
>
> I do not think it's realistic to expect every single user to "look at
> the code before [they] execute it" for every single page load. As
> already discussed, Francisco's method of hashing the Javascript code
> doesn't work across different browsers and encodings. Even if it
> worked, users would need a client-side tool to verify it, which means
> it is no longer browser-based.
>
> On Mon, Aug 26, 2013 at 11:44 AM, Francisco Ruiz <ruiz at iit.edu> wrote:
> >
> > So, I'm inclining toward keeping PassLok as a securely delivered, but
> strictly self-contained web app. At least this way you can look at the code
> before you execute it.
> --
> Liberationtech is a public list whose archives are searchable on Google.
> Violations of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>



-- 
Francisco Ruiz
Associate Professor
MMAE department
Illinois Institute of Technology

PL13lok=WsH3zTgZn8V3hnIqjdbfPus+5YF5n+LBRPuH9USMMp8izPv+hsLoZKv+jaCFMapJFfiA11Q9yJU1K1Wo0TbjXK/=PL13lok

get the PassLok privacy app at: http://passlok.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130826/10b7c809/attachment.html>

More information about the liberationtech mailing list