wormhole-william-mobile VS hyperboot

I made the android† port of Wormhole William[1] specifically to help transfer some encryption keys that I didn't want to ever live unencrypted on a server in the cloud.

[1]: https://github.com/psanford/wormhole-william-mobile

†: There's also a working iOS port but its not released on the App Store because of how hostile Apple makes that process to open source developers.

That is totally fair. I will say that I got quite a lot of value from being able to see how tailscale-android works when building my own gioui app[0]. I suspect that being able to see the same thing for a modern iOS app would be useful to some small set of developers, even if they couldn't produce a fully working tailscale binary on their own dev machines.

It really does feel like Apple just doesn't care that their app policies are hostile to developers because they have such a strong monopoly on mobile app distribution.

[0]: https://github.com/psanford/wormhole-william-mobile

Wormhole William (version 8): End-to-end encrypted file transfer for Android. An Android Magic Wormhole client

TLDR at the bottom.

It seems the answer is Brian Warner's magic-wormhole. You're gonna see lots of file transfer sites with wormhole in their name, but if you want security you should use the original one, which is BW's m-w.

It is implemented in Python [1], so it's hard to install.

So someone made a Go version of it [2] that has binaries for windows, Mac, Linux, BSD etc. But it's command line so maybe not suitable for lay people.

So another person made a GUI for it that also has binaries for all OS [3].

Also there is an android app [4]. Someone needs to implement an iOS one.

[1] https://github.com/magic-wormhole/magic-wormhole/

[2] https://github.com/psanford/wormhole-william/

[3] https://github.com/Jacalz/wormhole-gui/

[4] https://github.com/psanford/wormhole-william-mobile/

TLDR: ask them to install [5] and [6].

[5] https://github.com/Jacalz/wormhole-gui/releases/

(click on 'Assets' under 'Latest release' and download the zip or tar.gz for your OS)

[6] https://play.google.com/store/apps/details?id=io.sanford.wor...

Try it, it's usage is cute and really feels like magic.

> the other uses client-server cryptography pretending to be end-to-end

This is misleading and false. Wormhole.app uses end-to-end encryption. It's factually incorrect to imply otherwise.

To address the larger point – auditing a web app is indeed challenging with current web technologies. In the past, I experimented with a technique using App Cache to permanently cache a web app on first use [1]. Later, that technique was expanded into hyperboot [2] to give users the benefits of explicit, immutable versioning with control over upgrades using the html-version-spec while preserving the simplicity of passing around a URL.

With the impending removal of AppCache from most browsers, the web is currently missing a way to "pin" a site to a specific version and only update it with user consent. Service Workers come close but they mandate a 24 hour maximum cache time before refetching from the server.

We'd love to offer the usability benefits of web apps – you can give someone a URL and they can immediately load the app – with the security of installed apps – doesn't change without warning – once web standards catch up. This is something that I care deeply about.

In the meantime, use magic-wormhole if you prefer a locally-installed command line tool and you're sending files to someone who understands the command line. Use Wormhole.app if you want usable end-to-end encryption, similar to what Firefox Send used to provide.

[1]: https://github.com/feross/infinite-app-cache

[2]: https://github.com/substack/hyperboot