webext-signed-pages

A browser extension to verify the authenticity (PGP signature) of web pages (by tasn)

Webext-signed-pages Alternatives

Similar projects and alternatives to webext-signed-pages

  1. awesome-selfhosted

    A list of Free Software network services and web applications which can be hosted on your own servers

  2. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  3. PhotoPrism

    AI-Powered Photos App for the Decentralized Web 🌈💎✨

  4. Tutanota makes encryption easy

    Tuta is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.

  5. CryptPad

    Collaborative office suite, end-to-end encrypted and open-source.

  6. ProtonMail Web Client

    Monorepo hosting the proton web clients

  7. web-client

    Cryptee's web client source code for all platforms.

  8. photos-app

    Discontinued ➡️ Moved to https://github.com/ente-io/ente

  9. proton-mail

    Discontinued React web application to manage ProtonMail

  10. ios-mail

    Secure email that protects your privacy

  11. webclient

    Discontinued Angular webclient (with Linux, macOS and Windows desktop clients) for CTemplar's encrypted email service. (by CTemplar)

  12. photos-desktop

    📦 Binary releases of the Ente Photos desktop app

  13. pacman-bintrans

    Experimental pacman integration for Reproducible Builds and Binary Transparency (with sigstore/rekor)

  14. termpair

    View and control terminals from your browser with end-to-end encryption 🔒

  15. mailvelope

    Browser extension for OpenPGP encryption with Webmail

  16. cyph

    Cryptographically secure messaging and social networking service.

  17. frame

    23 webext-signed-pages VS frame

    System-wide Web3 for macOS, Windows and Linux

  18. web-extension

    mega.nz browser extensions

  19. leCrypt-web-extension

    leCrypt is a decentralised password manager which is cross-platform, free and secure.

  20. meta-code-verify

    Code Verify is an open source web browser extension that confirms that your Facebook, Messenger, Instagram, and WhatsApp Web code hasn’t been tampered with or altered, and that the Web experience you’re getting is the same as everyone else’s.

  21. AWSPics

    An AWS CloudFormation stack to run a serverless password-protected photo gallery

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better webext-signed-pages alternative or higher similarity.

webext-signed-pages discussion

Log in or Post with

webext-signed-pages reviews and mentions

Posts with mentions or reviews of webext-signed-pages. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-02-19.
  • E2EE on the web: is the web that bad?
    2 projects | news.ycombinator.com | 19 Feb 2024
    There is "Signed Pages" by the debeloper of EteSync. It is a browser extension, that checks webapps based on signatures in the html file. The addon then warns the user if the signature is not correct or - if I remember correctly - the source changed. This allows you to be sure what webapp code was delivered. But it seems like it did not really get used outside of his own projects. https://github.com/tasn/webext-signed-pages
  • Cloudflare and CDNs - call for community opinions
    2 projects | /r/ProtonMail | 25 May 2023
    EteSync has implemented something called Signed Pages, this might be worth looking closer at. This uses PGP keys which is preloaded into the browser; but I suspect that will be a barrier too high for most non-tech users.
  • Is there any tool to verify client-side website code you get served is the same as the open source version?
    1 project | /r/PrivacyGuides | 17 Dec 2022
    4 projects | /r/privacy | 14 Dec 2022
  • Truly safe?
    1 project | /r/ProtonMail | 30 Jun 2022
    There are also projects like signed web pages which can also help increasing the trust level to some degree. But that requires that you can download the source code and regenerate the verification hash locally - or have other trusted methods to verify the hash value hasn't been modified as well. The current concept is reasonably sane, but it requires too much from users currently to make it widely used.
  • A browser that verifies Javascript
    1 project | /r/ProtonMail | 5 Jun 2022
  • Security experts declare all Proton apps secure after security audit
    2 projects | news.ycombinator.com | 18 Apr 2022
    > The server can at any time start serving malicious payloads

    True, and I call this threat model "Beware Each and Every Fetch" (BEEF) in contrast to the more common TOFU model (although if you trust a desktop app to auto-update itself then these two models might not be all that different).

    In any case, I think you're being a little quick to dismiss the idea of server-hosted applications. It's true that browsers don't natively have a nice way of pinning specific versions of a web app, but there is the clever hack of SecureBookmarks[0] (if you're prepared to sacrifice the UX), or, more realistically, you can pin the web app version using some sort of browser extension.

    Examples of the latter include the Signed Pages extension[1], and Code Verify[2], which is the result of a collaboration between Meta and Cloudflare (for securing the WhatsApp Web code, currently, but should eventually support other sites like Proton's too). Of course, it would be much better if this capability was natively included in browsers themselves, but hopefully adoption of this technology will pressure browsers and standards bodies to take ownership of this.

    [0] https://coins.github.io/secure-bookmark/

    [1] https://github.com/tasn/webext-signed-pages

    [2] https://github.com/facebookincubator/meta-code-verify

  • ProtonMail Is Inherently Insecure, Your Emails Are Likely Compromised
    4 projects | news.ycombinator.com | 15 Feb 2022
    Something like a browser extension for this does already exist, fortunately:

    https://github.com/tasn/webext-signed-pages

  • "Were you able to subpoena ProtonMail?"
    1 project | /r/ProtonMail | 20 Jan 2022
    In regards to untrusted webapp, yes, that is a reasonable attack vector. That said, I've heard from ProtonMail they have been considering to implement Signed Pages to help mitigate (at least some of the) issues with this attack vector.
  • Proton’s priorities
    1 project | /r/ProtonMail | 5 Oct 2021
    Which is why it is important to get proper E2E encryption on e-mail, where the source is open source and can be audited. And then that there are verify mechanisms to verify that the source code has not been manipulated. For web services there are signed-pages which is quite interesting.
  • A note from our sponsor - SaaSHub
    www.saashub.com | 18 Jan 2025
    SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic webext-signed-pages repo stats
16
190
0.0
about 2 years ago

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com

Did you know that JavaScript is
the 3rd most popular programming language
based on number of references?