[teacup50]

Most of these services fail to clarify whether they are web-based and rely on so-called "secure" javascript crypto: eg, where their servers are sending the ephemeral JavaScript code that they claim -- but can not under any circumstances guarantee should they be compromised -- will not send your private keys to the server.

Compare this to signed, native applications produced by third-parties who do not run the service in question, where code signing guarantees that the code distributed to you was validated by a responsible building party, and the signing key is not accessible from compromised front-end web servers.

[BrokenPipe]

Our FAQ https://greenaddress.it/faq

we have a chrome app non minified and open source on github. That client is local and no JS can be injected as it connects via ws.

Furthermore it verifies data against the electrum network and provides nLocktime transaction unlocking your funds.

[teacup50]

1) Chrome apps can be silently updated; it's a huge security hole in Chrome's distribution model, as it removes all human oversight from the process of software distribution.

2) You control the distribution keys for the silently updating Chrome app, and your signing key, which means all you need is the end-user's signing key to empty people's wallets -- which you (or any adversary that compromises you!) can get by pushing a Chrome app update.

3) Unless you are actually pushing users to use externally downloaded, NON-AUTOUPDATING, code signed applications by default, you're making users insecure by default. An open source client on GitHub doesn't do anyone any good if your default is to strip away crypto-currency's security. This is no different than Microsoft's previous policy of shipping insecure services enabled by default.

Essentially, this boils down to "trust us" -- you control the infrastructure that protects one half of the signing keys, and you already have access to the other half.

It'd make a helluva lot more sense if a locally installed client was maintained by a trusted third-party, and it was the default user mode.

Cloud-focused web people are undermining the promise of bitcoin by simply not understanding why the cloud is so dangerous, whether we're talking about user data (creating a vast treasure trove for the government), or money.

[BrokenPipe]

1)The chrome app can be run from the GitHub repo as far as I know.

We are also trying to sponsor an Electrum plugin and our android app will soon work similar to the Chrome app (at the moment it uses appcache and it doesn't do the independent blockchain data verification via the electrum network.)

We are also working with hardware wallet manufacturers.

2) see (1)

3) We will update our website information to make the user aware but please keep in mind that 2FA (soon with transaction details) means malware has limited capacity. Also keep in mind that an attacker would have to attack both our service and our signing key at the store which are not in the same place and are kept encrypted when not used.