[messaging] Electron and Desktop Secure Messaging

Ximin Luo infinity0 at pwned.gg
Mon Nov 13 06:09:00 PST 2017

Nadim Kobeissi:
> Hello everyone,
> Skype was recently rewritten entirely. It is now based on Electron. This new Skype has been rolled on all desktop platforms worldwide.
> When Cryptocat and Signal switched to Electron, the security of Electron itself became somewhat more important (more-so when Signal switched, since, as everyone knows, Cryptocat is used exclusively by myself, my poodle and exactly one random person on Twitter.)
> But now that Skype has switched too, Electron is a much bigger deal: busting Electron = busting Skype, and getting a bunch of comparatively less important apps (including Signal, Cryptocat) for free.
> Guides exist that outline best-practice guidelines for writing Electron apps [0,1]. However, as of today and to the best of my knowledge, no real study exists in order to correctly understand the security that Electron can offer all these messaging apps we’ve used it to build.
> This is unsustainable.

I agree but I don't think any criticism is going to stick at this point. Best to just ignore it and watch it burn in 10 years, like Windows XP programs and IE 5 websites back in the day. Make something else better?


GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE

More information about the Messaging mailing list