NSkelsey
commented
8 years ago I have been thinking a bit about this and it only really provides security for the client loading the web page.
The javascript can do nothing to assert facts about the environment it is running in, but a TLS protected session can at least be sure that the Globaleaks javascript it has downloaded and executed is an official release.
Imagine if we had a list that mapped the compiled GL client scripts.js file (or even better all JS used in the application):
v2.60.144 cadc8edcc5bfd30e8905a03763c920d913dd9dd0
v2.60.143 4782adafd32115e2d6ae2c131b2f6e06ac8116f
v2.59.142 c232f44b829b62f41cb83efd53103aa9709aa5be
.
.
.
v2.1.0 bcddf97f615555f9ab6779c6b0aaf7a7c64d508eThen anytime we wanted to check an installation, just loading the JS and checking the hash would tell you the version of the javascript (or if it was custom or modified).
This ticket is to evaluate the feasibility / usefulness and integration of the Subresource integrity experimental feature (available in latests Firefox and Chrome, next major TorBrowser release) from the various GlobaLeaks loader (standard + integrated mode) https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity .
The application lifecycle must be considered for that use cases.
The usefulness for security in the globaleaks use cases should be analyzed and documented (maybe it's just not useful?).