111 sats \ 4 replies \ @TonyGiorgio 24 Jun \ on: Opinion: PWAs and Bitcoin are a toxic marriage devs
A lot of your assumptions here are actually incorrect and you should spend more time researching PWAs before spreading FUD. I'm not going to waste my time disputing all these. Enjoy.
write
preview
106 sats \ 0 replies \ @Fabs 24 Jun
Psst, Tony, hè Tony, Tony! I'd be very keen on hearing what you have to say in regards to the above post in detail, please do!
reply
29 sats \ 0 replies \ @conduition OP 24 Jun
I would very much appreciate if you could elaborate?
reply
0 sats \ 1 reply \ @0228fbcd1c 25 Jun
Would appreciate more elaboration here from Tony. i think we all have something to learn
FWIW i know that mutiny uses LDK rust with bindings compiled into wasm and deployed as pwa so thats actually alot of code running 'natively' on WASM. this includes alot of their security/wallet-signing code. (which is also i think why theres this setup phase at the start of the wallet - CMIIW) you're definitely not sending the seed up to the server to sign a message or running arbitrary signing code sent from the server
I'm not sure of all the guarantees but i think they are releasing the code open source and LDK is also open source so people can actually check?
i think some of the PWA critques here still stands but as always things arent extremely good or bad
reply
0 sats \ 0 replies \ @conduition OP 25 Jun
Naturally no sane wallet dev should be sending the seed to the server. But if the wallet's code, whether distributed as WASM, JS, PHP, or anything else is served over HTTPS, then the user's seed can also be compromised by the server if it simply serves the client malicious code.
Also, whether the code is open source or not has zero bearing on the code actually served to clients' browsers.
reply