Security of Electron Based Apps: Launcher, SAFE Beaker & third party


#1

Continuing the discussion from The future of SAFE Launcher:

In the above topic I raised a question about the suitability of Electron for a privacy critical application such as SAFE Launcher (under heading Don’t Be Evil).

My interest in the question was prompted by a discussion with Alexander Hanff a well known privacy advocate who was unwilling to consider using Signal Desktop because it is built using Electron and consequently uses the Chromium codebase (from Google). I don’t know if others share this concern, so I raised the point to get opinions and have a discussion. I think it should be outside the other thread, even though at this stage it is potentially crucial to that discussion, because this is a topic in its own right.

To start I have nothing to go on so I have only read one article so far, which lead me to the official guide (link below). Clearly there are issues related to the architecture, some of which are more relevant to SAFE Beaker than Launcher, but it would be wise for us to go through them and satisfy ourselves as to the risks for different applications, including Launcher, Beaker, and third party. But since we are the security and privacy network, particularly for Launcher and Beaker Browser.

Regarding Launcher my initial concerns were related to use of the Google codebase, although I was not personally concerned about this - my respect for Alexander made me want to raise the issue here for consideration. My reading leads me to wonder if there aren’t otherv security issues introduced by this approach, so I suggest we don’t restrict ourselves to considering only the involvement of Google in the project.

Regarding SAFE Beaker I’m now more concerned (!), having read in the guide that the biggest security problems arise from building applications that run other people’s code: i.e.web browsers, which is why Brave forked electron, though no doubt Paul Frazee is also aware of this and may well have his own solution. So maybe I’m just being a scared newbie :slight_smile:

Anyway, here’s the official Electron Security Guide for anyone interested in digging into this further.

http://electron.atom.io/docs/tutorial/security/

I also found the following article a useful intro and think it is good background even though some of the issues it highlights have now been addressed (though not all).


#2

Thanks for bringing this to a wider audience, Mark!

I didn’t want to say anything back when the browsers were being proposed, as both competing proposals were based on beaker browser forks (which means electron), but I agree with your suspicion regrading chromium and the electron ecosystem. After all Google did “accidentally” install a binary extension on all Chromium browser that was constantly recording everything that was being said. Not the most trustworthy of all partners to work with.

I’d much rather have a Mozilla/Firefox/Gecko-based browser instead. However, the development efforts to make this happen are much higher than those for a chromium based system at the moment – I just which Servo the experimental rust-web-rendering-engine was producton ready yet, then I’d have done a counter proposal. But then, reading the latest firefox announcements regarding project quantum we might actually be closer to that than you’d think. And if this comes true and bigger part of firefox do become more rust and more multiprocessed, maybe there is a chance for us providing a safe-firefox-fork some time next year.

Which would also help us a lot on the whole browsing-on-mobile-problem: we can’t bundle electron to browse on mobile. So beaker is a dead-end for that…


#3