They implemented end-to-end crypto in this web client as well. Since it's JS served on each request, it's vulnerable to compromise on the server side. I also don't know how key material is securely provisioned to your browser by scanning the QR code.
That being said, they are in a good position to roll out a Chrome extension or plug-in that can keep the crypto implementation on the browser. That would be a nice solution.
12 comments
[ 2.6 ms ] story [ 38.7 ms ] threadUpdate: emoji support :)
"Unfortunately for now, we will not be able to provide web client to our iOS users due to Apple platform limitations."
That being said, they are in a good position to roll out a Chrome extension or plug-in that can keep the crypto implementation on the browser. That would be a nice solution.
I am trying to se what AJAX calls are being made but cant see noen. Whats the secret to this!