PS: Most users are not power users, and won't download the extension and manually check signatures.
As mentioned in the writeup, there's a beautiful way you can protect even non-power-users. Because the extension downloads and verifies the webapp HTML, CSS and JS every time it runs, the web app is constantly being validated.
As long as you have a critical mass of power users who installed the extension, an adversary cannot tamper with the web application without immediately being noticed.
A strong adversary could still commandeer the server and serve tampered JS to a specific IP without being detected. Users who are specially targeted by such an adversary must either install the extension, use Tor, or both.
My goal is to make Scramble usable by a wide range of people. For a nontechnical user, it's just as easy as using Gmail--and at a minimum, they get the advantage that Scramble servers never store plaintext.
A user with stronger requirements can do more, and can get stronger security guarantees.
> As mentioned in the writeup, there's a beautiful way you can protect even non-power-users. Because the extension downloads and verifies the webapp HTML, CSS and JS every time it runs, the web app is constantly being validated.
Imagine the following. An Attacker manages to hijack your server. They fingerprint[1] the browsers of each user and only send malicious JS to certain users that dont use your extension. No one will ever know, that they have been compromised.
WAT. This is a PGP application that works as long as a specific user isn't targeted. PGP did better than that in 1995: keep your key safe, and if the NSA has a 50 foot poster of your head shot hanging in the lobby of Fort Meade, they still can't decrypt the message.
When you build and promote a system like this, you are assuming a responsibility on behalf of your users. You should take that responsibility more seriously.
Great is the enemy of good. Especially when great is not even possible to achieve (wide public adoption of PGP).
EDIT: And you seem to be saying that this is actively bad, which I think is just jumping the gun without identifying any actual issues. Having it be only partially secure until you install a browser extension and then having it properly secure most certainly falls into 'good' and not 'bad' or 'great'.
This is also a PGP application that most people can benefit from immediately (compared to using Hotmail), and one that can be used by even the most targeted users if their environment is set up correctly once the extension is out.
Usually, when people claim to have refuted our crappy old article on Javascript crypto, they have some misguided but at least potentially falsifiable argument for having accomplished that; for instance, "there are browsers with secure RNGs now".
You don't even have that. From what I can tell, you have literally no argument at all; instead, you "agree" with the article while drawing exactly the opposite conclusion that the article draws, then point out again and again how much users don't want to install things, as if that changed the security of this system at all.
My argument is this: "This is also a PGP application that most people can benefit from immediately (compared to using Hotmail), and one that can be used by even the most targeted users if their environment is set up correctly once the extension is out."
Scramble performed encryption on the server, then my argument is false. But the design of Scramble's protocol is such that the security of the application depends only on securing the client code, which I argue can be done, for those who set up their environment correctly.
That's the point. If you have to "setup the environment correctly" you should implement a native client. GPG is secure because it transfers data...not code. That's actually the webs biggest problem...you can't trust code given to you by some stranger. If you transfer data you can verify that it hasn't been modified in transit. Its really impossible to verify that code given to you performs the way that you think it will.
As mentioned in the writeup, there's a beautiful way you can protect even non-power-users. Because the extension downloads and verifies the webapp HTML, CSS and JS every time it runs, the web app is constantly being validated.
As long as you have a critical mass of power users who installed the extension, an adversary cannot tamper with the web application without immediately being noticed.
A strong adversary could still commandeer the server and serve tampered JS to a specific IP without being detected. Users who are specially targeted by such an adversary must either install the extension, use Tor, or both.
My goal is to make Scramble usable by a wide range of people. For a nontechnical user, it's just as easy as using Gmail--and at a minimum, they get the advantage that Scramble servers never store plaintext.
A user with stronger requirements can do more, and can get stronger security guarantees.