> 3. "Passive" global adversary attack: > > As long as the JS is what the owner claims it is (assuming it's code that has been peer reviewed enough according to your standards), it doesn't matter whether they confiscate the hard drive or just listen. Either they can break the encryption or they can't. We can only hope peer review didn't miss anything.
The other 2 active methods you've mentioned (pwning the host, and MITM) would work, of course. Maybe one day JS will introduce signed code :)
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.