|
|
|
|
|
|
by jtheory
4388 days ago
|
|
|
Quite right. If they were compelled -- e.g., "insert this backdoor or we'll imprison you" -- they might trivially serve up a tweaked version of their JavaScript to the one user the NSA was interested in. And it wouldn't take a complicated tweak at all to sneak the real password (or some sufficient version of it) back to the server, after which point certainly "even us" can read & listen in to all of that user's conversations. |
|
|