On 11/13/2017 03:11 PM, Nadim Kobeissi wrote:
On Nov 13, 2017, at 3:09 PM, Ximin Luo <infini...@pwned.gg> wrote:
Nadim Kobeissi:
Hello everyone,
Skype was recently rewritten entirely. It is now based on Electron. This new
Skype has been rolled on all desktop platforms worldwide.
When Cryptocat and Signal switched to Electron, the security of Electron itself
became somewhat more important (more-so when Signal switched, since, as
everyone knows, Cryptocat is used exclusively by myself, my poodle and exactly
one random person on Twitter.)
But now that Skype has switched too, Electron is a much bigger deal: busting
Electron = busting Skype, and getting a bunch of comparatively less important
apps (including Signal, Cryptocat) for free.
Guides exist that outline best-practice guidelines for writing Electron apps
[0,1]. However, as of today and to the best of my knowledge, no real study
exists in order to correctly understand the security that Electron can offer
all these messaging apps we’ve used it to build.
This is unsustainable.
I agree but I don't think any criticism is going to stick at this point. Best
to just ignore it and watch it burn in 10 years, like Windows XP programs and
IE 5 websites back in the day. Make something else better?
Please, let’s cut off this possibility from the start. The whole point of this
proposal is not to wait a decade and then have to sell an alternative to Skype
and company. They’re all already on Electron. The Electron team is receptive to
feedback and regularly fix security issues. The framework is established.
Watching anything burn is not an option. Realistic and productive mindset only,
please.
Another option is to turn your back to the snakeoil security (so you
won't have to watch it burn).
_______________________________________________
Messaging mailing list
Messaging@moderncrypto.org
https://moderncrypto.org/mailman/listinfo/messaging