Mist deprecated - Electron too insecure

Mist, the web3 browser developed by the Ethereum foundation, is being retired. The blog post outlining their decision is critical of Electron.
“Electron is a great framework for webapps on the desktop, built for apps that used their own trusted javascript files. But when you are building a browser, you are, by definition, running random code from unknown people all around the world. This is tricky. Also, for most of our history together, electron was not updated frequently and even when it was, it was still running several versions behind chromium, which meant that often the latest version of Mist was running an engine several months out of date. Google tends to publish vulnerabilities it found after six months of releasing a fix, and at that point we were still stuck with the one-hundred-day exploit open”

SAFE browser (Peruse) is also Electron based, right? Similar issues?
@joshuef @bochaco

SAFE browser (Peruse) is also Electron based, right?

Yes

Similar issues?

Yes and no.

Similar issues in that it’s built using electron, so we face the same security issues they did/electron apps do.

Couple things:

So electron have upped the speed of their release cycle, aiming for once a quarter. This does help with the lagging bugs and six month exposure of any chrome bugs that they talk.

I also find that they dislike electron for being being chromium based to be somewhat disingenuous. They go on to laud Brave, which is a chromium fork now (as opposed to electron… which is built on chromium)… That seems inconsistent…

My understanding of the Brave switch was more about limitations in electron APIs than out and out security concerns (they wanted an easy way to have chrome extensions enabled and electron does not want that).

Now, that said. We certainly face the same security issues as the Mist folks. Electron is not perfect by any means. But I’d say as an app development platform it is sufficient. In allowing us to get a browser going across platforms and iterate quickly. It is great.

It’s worth noting that, while electron’s security surface may potentially be large. We do not have the same security surface in SAFE Browser as another clearnet browser.

We’re not enabling HTTP/S requests in the SAFE Browser. It’s locked down to SAFE. So while you still do this in the browser

the potential attack surface is much less. They don’t talk about what the critical bug was exactly in that blog post. But I’d wager it involved some clearnet traffic. Websites in SAFE cannot communicate out of the browser in the same way as on the clearnet.

On SAFE, as we don’t have the traditional server paradigm, all content is read only, unless you are storing data (which you also control).

It’s this shift that offers much more security than electron or any app platform could potentially offer IMO.

Sooo. While electron may not be perfect, it is suitable for us (my opinion) for now. We will have to keep striving to ensure our own code and choices are secure and that we make secure / sensible choices.

In the future things may well be different. Mozilla has proven to be open to including decentralised protocols in the platform, for example. (And I have to agree, relying on browser nouse of established / well funded companies where you can, clearly makes sense). So down the line, it could be that there’s many more options for accessing the network, other browsers / extensions etc. And that’s an important part of the blog post too. They deprecated the browser when there were other options able to work with their network.

edit - I see the Muon repository is deprecated now and you mentioned it’s a straight up chromium fork now, so my comments about Muon below not relevant.

I found another blog post related to this from Dec 2017, so they’ve definitely been struggling with this for some time. The post was disclosing a vulnerability allowing malicious sites to steal private keys from the browser. Brave is also mentioned in that post. Sounds like Brave forked Electron so that they could follow the security updates more closely. Maybe if the compatibility is largely in tact it may be possible to use Brave’s Muon in place of Electron? Not sure why Mist didn’t go that route, because it sounds like they were considering it.