[feb]

The README is a bit optimistic about it the security model. Like the parent said the room UUID is a very critical asset and should be handled as a critical secret. Sadly, users may not know that.

In addition, the README says one can audit the full code and the assets used. For example, it suggests to audit the gh-pages branch for the static assets. But when hosting with github, that branch could change at any time and deliver non-audited content. Powerful attackers like government could do it easily, and less powerful ones too.

[dspillett]

> should be handled as a critical secret. Sadly, users may not know that.

Or find it inconvenient at some point and think "it doesn't matter that much, does it?"...

As is often the case, the human is the weakest link in the security chain.

[jckahn]

> For example, it suggests to audit the gh-pages branch for the static assets. But when hosting with github, that branch could change at any time and deliver non-audited content. Powerful attackers like government could do it easily, and less powerful ones too.

That's a great point. There's nothing stopping folks from producing their own builds and self-hosting Chitchatter though, so that seems like a reasonably easy problem to solve.