On 11/13/2017 03:11 PM, Nadim Kobeissi wrote:

On Nov 13, 2017, at 3:09 PM, Ximin Luo <infini...@pwned.gg> wrote:

Nadim Kobeissi:
Hello everyone,

Skype was recently rewritten entirely. It is now based on Electron. This new 
Skype has been rolled on all desktop platforms worldwide.

When Cryptocat and Signal switched to Electron, the security of Electron itself 
became somewhat more important (more-so when Signal switched, since, as 
everyone knows, Cryptocat is used exclusively by myself, my poodle and exactly 
one random person on Twitter.)

But now that Skype has switched too, Electron is a much bigger deal: busting 
Electron = busting Skype, and getting a bunch of comparatively less important 
apps (including Signal, Cryptocat) for free.

Guides exist that outline best-practice guidelines for writing Electron apps 
[0,1]. However, as of today and to the best of my knowledge, no real study 
exists in order to correctly understand the security that Electron can offer 
all these messaging apps we’ve used it to build.

This is unsustainable.


I agree but I don't think any criticism is going to stick at this point. Best 
to just ignore it and watch it burn in 10 years, like Windows XP programs and 
IE 5 websites back in the day. Make something else better?

Please, let’s cut off this possibility from the start. The whole point of this 
proposal is not to wait a decade and then have to sell an alternative to Skype 
and company. They’re all already on Electron. The Electron team is receptive to 
feedback and regularly fix security issues. The framework is established.

Watching anything burn is not an option. Realistic and productive mindset only, 
please.


Another option is to turn your back to the snakeoil security (so you won't have to watch it burn).

_______________________________________________
Messaging mailing list
Messaging@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/messaging

Reply via email to