[teacup50]

> The browser code is distributed as an extension, which does not have the properties you describe.

Actually, browser extensions have the exact same properties except for being code signed. That's not enough: http://arstechnica.com/security/2014/01/malware-vendors-buy-...

> I don't think CryptoCat has been distributed as a traditional web app for at least a year (probably more).

That they ever shipped in-browser crypto demonstrates that they shouldn't be shipping crypto.

[pilif]

Malicious people buying extensions and then malwareing it is as likely or not as malicious people buying the vendor of whatever tool you are using on the desktop once its auto-updating feature is good enough (that would actually be slightly worse, because in the case if the extension you at least get to read what's actually executed).

What you are saying is that you don't trust any kind of application to do crypto unless you have previously audited it. That's a reasonable stance to take but it's irrelevant whether you distrust a third-party browser extension or a third-party native app.

The main argument against crypto in JS extensions is that getting crypto correct in regards to timing based side-channel attacks is very hard to impossible.

But if you are dealing with a specific browser in an extension context, this might be somewhat mitigated which would bring us back to the trust issue, which, again, IMHO is not dependent on the platform you use

[teacup50]

> ... once its auto-updating feature is good enough ...

This is why it's a very bad idea to implement silent automatic updates, and why they're the wrong thing to copy from the web.