|
|
|
|
|
|
by derefr
2561 days ago
|
|
|
Or, y’know, they might serve everyone else client-side code, but serve one particular user server-side code. (Sort of like the hypothetical NSA Windows Update attack.) This is why most crypto web-apps have a browser-extension form; you can check in your browser extension list to verify which version of the extension you have, and so know that it’s safe if someone you trust has already audited that version. |
|
|
If it's a specific browser extension or a web page that you can run after you've cut the internet doesn't really make a difference. Note that vanity-eth.tk points out that you don't have to trust them and how to ensure that the private key stays private. But that needs some knowledge and that's certainly not for everybody.