Comment on A fresh install of Signal takes up 410MB, blowing both Firefox and Chromium out of the water
JoeyJoeJoeJr@lemmy.ml 5 months agoUsing an E2E chat app in your browser necessarily makes the keys and decrypted messages available to your browser. They would have the ability to read messages, impersonate users, alter messages, etc. It would defeat the purpose of a secure messaging platform.
alyth@lemmy.world 5 months ago
I don’t get it. Who is “they”? Why can’t you fetch the encrypted message from the server and then decrypt it client side?
JoeyJoeJoeJr@lemmy.ml 5 months ago
“They” is the browser/browser maker. The browser, acting as the client, would have access to the keys and data. The browser maker could do whatever they want with it.
To be clear, I’m not saying they would, only that it defeats the purpose of an E2E chat, where your goal to to minimize/eliminate the possibility of snooping.
Socsa@sh.itjust.works 5 months ago
You realize that your kernel which loads keys into memory can also access all this right? So can anything which shares memory space on the platform.
Natanael@slrpnk.net 5 months ago
The bigger risk is browser exploits, not just who develops it. There’s more attack surface and more ways to exfiltrate data
mexicancartel@lemmy.dbzer0.com 5 months ago
I think the encrypted messages are not saved in the server. You probably have to backup from phone and restore it on pc. “They” is the other programs running on browser