Our great sponsors
-
wormhole-crypto
Streaming encryption for Wormhole.app, based on Encrypted Content-Encoding for HTTP (RFC 8188)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
wormhole-gui
Discontinued Cross-platform application for easy encrypted file, folder, and text sharing between devices. [Moved to: https://github.com/Jacalz/rymdport]
-
wormhole-william-mobile
End-to-end encrypted file transfer for Android and iOS. A Magic Wormhole Mobile client.
> the other uses client-server cryptography pretending to be end-to-end
This is misleading and false. Wormhole.app uses end-to-end encryption. It's factually incorrect to imply otherwise.
To address the larger point – auditing a web app is indeed challenging with current web technologies. In the past, I experimented with a technique using App Cache to permanently cache a web app on first use [1]. Later, that technique was expanded into hyperboot [2] to give users the benefits of explicit, immutable versioning with control over upgrades using the html-version-spec while preserving the simplicity of passing around a URL.
With the impending removal of AppCache from most browsers, the web is currently missing a way to "pin" a site to a specific version and only update it with user consent. Service Workers come close but they mandate a 24 hour maximum cache time before refetching from the server.
We'd love to offer the usability benefits of web apps – you can give someone a URL and they can immediately load the app – with the security of installed apps – doesn't change without warning – once web standards catch up. This is something that I care deeply about.
In the meantime, use magic-wormhole if you prefer a locally-installed command line tool and you're sending files to someone who understands the command line. Use Wormhole.app if you want usable end-to-end encryption, similar to what Firefox Send used to provide.
[1]: https://github.com/feross/infinite-app-cache
[2]: https://github.com/substack/hyperboot
> the other uses client-server cryptography pretending to be end-to-end
This is misleading and false. Wormhole.app uses end-to-end encryption. It's factually incorrect to imply otherwise.
To address the larger point – auditing a web app is indeed challenging with current web technologies. In the past, I experimented with a technique using App Cache to permanently cache a web app on first use [1]. Later, that technique was expanded into hyperboot [2] to give users the benefits of explicit, immutable versioning with control over upgrades using the html-version-spec while preserving the simplicity of passing around a URL.
With the impending removal of AppCache from most browsers, the web is currently missing a way to "pin" a site to a specific version and only update it with user consent. Service Workers come close but they mandate a 24 hour maximum cache time before refetching from the server.
We'd love to offer the usability benefits of web apps – you can give someone a URL and they can immediately load the app – with the security of installed apps – doesn't change without warning – once web standards catch up. This is something that I care deeply about.
In the meantime, use magic-wormhole if you prefer a locally-installed command line tool and you're sending files to someone who understands the command line. Use Wormhole.app if you want usable end-to-end encryption, similar to what Firefox Send used to provide.
[1]: https://github.com/feross/infinite-app-cache
[2]: https://github.com/substack/hyperboot
Related posts
- wormhole-gui: Cross-platform graphical user interface for easy encrypted sharing of files, folders, and text between devices.
- What are your "need to have apps" on Fedora? Top5 / Top10?
- ⟳ 2 apps added, 7 updated at apt.izzysoft.de
- Initial work packaging Fyne apps as Flatpaks on Linux
- I HATE NITRO I HATE NITRO