[tytso]

This is described as "like Chrome Secure Shell", but the major difference is that with the Chrome Secure Shell application, the ssh client runs in the browser, so it's actually secure; where as Shellvault is an architected (by design) man-in-the-middle attack.

Advice: if you can use Chrome Secure Shell, you should do so.

[angerson]

Our goal is to provide a useful service for anyone who wants to be able to log in from anywhere, which does unfortunately mean we're stuck as a potential MitM. We wrote a lot of documentation about how to mitigate the security issues [1], but ultimately we encourage anyone with security on the mind to use their own SSH client.

[1]: https://www.shellvault.io/documentation/security-best-practi...