Comment on Under Meredith Whittaker, Signal Is Out to Prove Surveillance Capitalism Wrong
01189998819991197253@infosec.pub 3 weeks agoHaving web logon would mean they would need to hold the decryption key in some form (or have a weak decryption key, your credentials), so, while convenient, I think it would degrade security and possibly privacy. Unless you mean to receive new messages, the way the desktop app works?
Laborer3652@reddthat.com 3 weeks ago
Not if they used WebAssembly to do all the decryption locally.
01189998819991197253@infosec.pub 3 weeks ago
I can’t tell if you’re joking haha
sugar_in_your_tea@sh.itjust.works 3 weeks ago
Why would they be joking? There’s really not a big difference between how their mobile and desktop apps work and what’s possible in the web. It can fetch the keys from my computer or my phone just like their other apps work, and store the keys and whatnot encrypted in temporary local storage, just like on the phone. WebAssembly could allow them to share the code and retain similar performance.
I honestly don’t see an issue here. If they need help, I’d be happy to lend a hand.
Laborer3652@reddthat.com 2 weeks ago
Why? C++ does wasm and I’m pretty sure the signal client is already written in C++. It definitely wouldn’t be something that could be pulled off quickly, but the ability to securely run code like this is kind of the whole point of wasm as I understand it, no?