-
-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chrome Apps to be deprecated #871
Comments
Maybe relevant: https://developer.mozilla.org/en-US/Add-ons/WebExtensions
|
Yeah. Either an extension or an electron app seem to be the alternatives: http://electron.atom.io |
An extension seems to make a lot of sense Signal desktop if going to stay connected to a browser (instead of going to a standalone app). Since a few things are going to have to be rewritten anyway, lets try to add support for Firefox. See #871 (comment) |
It'd be nice to see some designs for how signal would look as an extension before diving into it. I'm happy to help with this effort. |
Why don't you want to try electron app? It's very much like browser app, but wrapped with different platforms apis, so you can build menus, bind to keyboard events etc. But eventually you get standalone app and not the browser extension which is a bit annoying. Look at the slack app or atom editor! |
Electron bundles the Chromium engine. This makes things inefficient if you were already using the Signal Chrome App with Google Chrome or Chromium since you will have to download a separate program that will bundle Chromium again. That's why I would prefer a Chrome extension instead (this would also make porting to Firefox or Edge potentially easier as well). Just my two cents. |
Well, it's true that electron's app bundle not a very tiny thing. It will add couple of dozens mbs to your app. But still, it will be app. |
This. I really don't understand why ppl are trying to build an application using web technology in the first place. Yes, there are advantages because most of the resources are available offline. But this wouldn't be a problem with WebExtensions, cmiiw
You don't need to, WebExtension are designed to be cross-browser :) |
WebExtensions doesn't even provide all the interfaces needed to implement Signal since it goes beyond what would be considered an 'extension', so that unfortunately cannot happen. |
I so much more prefer a dedicated app. Not everyone uses Chrome and some of my users actively forced closed Chrome (on OS X) when they saw it was open (they use Safari) thereby killing Signal... Maybe Electron isn't the answer long term, but I do like it as a short term fix |
I would also much prefer an Electron (or however implemented standalone app). |
IMHO, web extension is inconvenient, because of the fact that the extension running within the browser window.
Moreover the changes that will need to be made are minor (I thought about an independent updater for example, any other ideas?). I already build NW.js version of Signal Desktop (with this guide), with only one change I had to do in scss file, and it's working great. Edit: Now I noticed, after closing the Signal NW.js app and reopen, the app has been reset and you need to reconfigure it, But I think it's easy to solve. And other minor bugs. |
Maybe I am out of the loop, but why isn't it possible to build a proper webapp in the first place? Those who want a browser extension would be happy and for those, who want a desktop app, a framework like electron could be used. |
One thing that I read on the mailing list that the developers consider important is the update process.
All that are non-trivial things to solve if you need to do them yourself which they apparently want to avoid if possible. |
Mind you, we didn't have any input from the main committer @liliakai in here yet |
Judging from other responses in other tickets, discussion should probably happen at https://whispersystems.discoursehosting.net/t/google-to-retire-chrome-apps-what-will-be-with-signal-desktop/469 See also https://lists.riseup.net/www/arc/whispersystems/2016-08/msg00023.html |
I absolutely agree. In fact, the Chromium page even suggests migrating Chrome apps to web apps.. This would make the most sense to me since a big goal of using Chrome apps / app store distribution method is to ensure that users have a safe and secure method of distribution. It also makes it far more accessible than just packaging via Electron. I think the WhatsApp Web version is probably a good template to learn from: https://web.whatsapp.com/ |
It's not making any kind of sense if you want a secure, private and open source encrypted messaging application, to run it from remote server. |
Since I haven't seen it proposed here already, I personally believe a good direction to take would be a Progressive Web App. This seems to also be the direction Google is taking to replace their Chrome Apps, and while it would work alright "immediately", it would get better over time, with more integrations arriving in the browsers. Edit: While I realise most current "native" integrations of PWAs are meant for mobile, Chrome Beta currently supports installation and I've heard Microsoft is working on integrating them into their store experience (link) |
@Bitim I don't think they are saying that the application is going to be run from the server. With modern web app capabilities, the entire application could run in the client (and possibly even communicate via a p2p protocol such as WebRTC). I personally think that another solution (at least during migration) could be to use Electron Chrome. It's wraps most of the Chrome App APIs so that migration from a current Chrome App is incredibly simple. Thoughts? |
@Drm2 even if the code running locally from your own browser (that is, in fact, not so safe), the problem is that you download the application's code from remote server automatically every time. If this remote server hacked and the attacker add malicious code to the application, your browser will download this code automatically, run it and can compromise you data. That's what WhatsApp do. |
@Bitim I definitely see your point. If progressive web apps gained full desktop support, it wouldn't be much of an issue. I guess the only great solutions are to use something like Electron Chrome (to make migration easy) or to build a native desktop app. |
@Bitim I fully agree that security is of utmost importance for this app. And while I would like to point out that with code served over tls at least users could be sure they are getting the code from the correct source, I agree that code should not update without the users consent. Luckily, no "full desktop support" for progressive web apps is needed to provide this. Service Workers allow indefinite caching of source code on the client, with update prompts displayed, so users can opt in to version changes.
|
Seems like even without indefinite caching, if the website delivers signed code, a browser extension that automatically verifies the signatures, version #, etc would solve many of the issues raised in this thread. |
Would much prefer an Electron app. |
@smichel17 I think requiring an extension for the code delivery creates a security vs ubiquity situation. And I think that's not the space Signal tries to operate in. And then you're also just shifting the problem to how to securely deliver that extension. Manual signature verification? Likewise @ryanleesipes Electron doesn't seem to do that great a job at being unilaterally secure and straightforward with delivery either, for example from the auto updater section:
Ideally this is something that gets fixed in web standards. |
@peacememories there are at least two major differences from the app/play store model though. And I think especially in areas like cryptocurrencies with cold vs hot wallets, this difference has been quite obvious. In a store, the app is:
Compared to a TLS resource from a webserver, which is:
Am I missing some capabilities here that allow you to do this in a browser? |
Here is a recent article talking about the possible migration from Chrome to Firefox : http://mckay.pub/2016-11-18-webextensions/ |
Hi everyone! This is a great thread and raises some great use cases that we over at Chromium haven't considered too closely before. We definitely have a very explicit goal to make the open web as useful and safe as Chrome Apps, so it would be great to leverage this use case to extend the web so that Signal can safely exist there. So if any of you are up for it, I'd highly encourage you to think about what the web platform would need to make this possible, because we can (and do!) extend the web platform all the time. In short, if we can't implement Signal securely as a web app, then the web is broken, and we should fix it. In particular, on Chromium, I work on the Open Web Platform Security Team, where we work on exactly the types of features that we're discussing here (and our friends over at Mozilla have a very similar team as well). If you're interested in making suggestions or starting discussions, emailing security-dev@chromium.org or blink-dev@chromium.org are fantastic places to start. Some specific places that we've been working on ideas that might be relevant here include:
What other features are needed to bring web parity for Signal? What can user agents do to make the web better for security-sensitive apps like Signal? Personally, WhatsApp is much more useful to me because of https://web.whatsapp.com, but I understand that it opens security issues that Signal is trying to avoid, so I'd love to try to fix these issues. As a side note, I would argue that the distributor case mentioned above as a difference between the web and apps isn't very compelling and shouldn't be considered a security boundary for what you're concerned about. It wouldn't be hard to sneak a minor piece of code past either Apple or Google in your app that subtly leaks client keys, for example. And even if this is caught eventually, you'd still be sad if it ever reached any client. In general, I believe it is a large mistake for developers to rely on the app review process as strong security boundary. P.S. I'm actually on paternity leave right now, so my apologies if I take a while to respond to anything. |
How about using the phone itself as a server? Similar to https://web.whatsapp.com/ but completely without the public server. |
Hosting the webchat on the phone is not a good idea, as it would...
|
@nils-werner not to mention the absolutely huge amount of complexity that would introduce. |
@metromoxie glad to see you're on top of it as well! I didn't mean to imply that a 3rd party app review held any security benefit preventing malicious code. What I meant to suggest was that having a store greatly reduces spoofing methods. After all, in a sense you could say that Google / Apple play a role similar to a certificate authority. The thoroughness of authentication varies, but you're a lot less likely to end up with the wrong content as opposed to using self-signed certificates or straight up public keys. Also you are provided with much more information to see if the app you're about to install will be the one you intended to install. Something you will find in a store, but not find doing a web search:
And the scrutiny bit was more about the platform itself rather than the app review. For example if Google finds a major security flaw in their Play store, major tech news channels would pick this up the same day Google sends out a notification. Anyway, $5 wrench attack methods aside. Here are some things that I believe are missing in an HTTPS delivered application, that are noteworthy for new web standards. Not claiming to be an expert though, so hopefully other participants will pitch in on this.
Some issues that I don't expect to see resolved using standards or browsers alone:
|
Interesting read here. I just recently switched to Signal and scratched my head around the possibility of having a dedicated Electron/NW.js/YouNameIt build/installer to run it on a Desktop. I've been using WhatsApp and Telegram b4 and must say (leaving security, tech stack etc aside now) that the dedicated app approach works much much better for personal use-case instead of running web.whatsapp.com with being forced to have my phone on/WA running etc. Of course this kinda ignores the discussion of moving to an extension for now. I guess that's mainly due to the lack of experience I have in using but also writing WebExtensions so far. So while I do appreciate the nicely layed out arguments by @Beanow above I don't consider 3rd party store distribution an increase security tech-wise but more from a clear user communication/distribution standpoint (he refers to it as $5 wrench approaches). So I wonder how we could reduce this in a move to a WebExtension. Another experience I'd like to share is comparing the Telegram Desktop vs. Hangouts experience. Not from a security but more from a user experience perspective. I might be a bit too picky but f.e. I get annoyed by the Chrome style notifications in Hangouts compared to the Telegram ones that integrate neatly with the OS, which also gives me a clear, distinct way of changing the prefs/settings for these etc instead of starting to dive deep in the Chrome settings etc. Taking this as an example (although definitely not an important one) I think it might be interesting to have a more layed out comparison of what feature sets would be possible with a WebExtension approach compared to an Electron one etc. Not having too much insight into the WebExtension API so far I wonder what @rodneyrod meant when he stated that the WebExtension API doesn't offer the feature set necessary for Signal. Either way, I'd be happy to support, help and investigate on this matter. |
As a Linux user, I would say the Electron apps do a much better job of integrating with the Linux desktop than Chrome Extensions. I know most of this discussion has been about the security behind each decision, but it might be a good idea to consider user experience of using the app (although it probably won't be the first priority, it is still important). |
I'm also voting for electron. It's adding some overhead but with much more native "feeling". It gives native notifications, menu bar support and separate application (UIApplication) on mac (so you can switch using cmd+tab from any app instead of switching to chrome and cmd+`). |
Hi, as a user I think that a simple web app, with the crypto code running locally, would make more sense. It could be used by anyone with just a browser, without even needing to install something else, which is one of the reasons services like Facebook are so successful. Of course I understand that there are security problems to overcome, but I find the web app more future-proof. |
You are comparing apples to oranges. Social media is not meant to be a native desktop application (it does not even feel right). An IM app on the other hand is meant to be native. A browser version could be a plus, but a native app is definitely a must-have. |
I don't follow - did you perhaps mean to say that it is meant to be in the browser? In any case, the above statement as well as this one:
are both opinions presented as facts. IM apps aren't "meant" to be anything in particular. It's up to the creators and designers of the software to figure out what their product "should" be. |
@strugee Yeah, haha. I made a mistake (and corrected my comment accordingly). In regards to my thoughts about social media not supposed to be a native desktop application, I base it on facts. Although I did not do research, it is obvious that sites such as MySpace, Twitter and Facebook would have never been a success if every person had to download a piece of software. |
Of course, and Signal is no exception. IM is a key feature of social networks, so we can't really dissociate the two. Signal will never be widely used if it's not accessible through the Web. I know nobody who would even consider a messaging service that asks him to install a desktop app to use it on a computer. |
My friend, you need a SIM card... And remember that I did not exclude web. |
Is that really the use case though? Correct me if I'm wrong, but a vast majority of people that use Signal use the smartphone app (I mean, it uses a phone number as an identifier). The desktop app isn't really a users first time using Signal, it is more a supplemental piece of software. Also understand that some people feel differently, for example: my personal preference is for a local app instead of a website. That is just my opinion and there isn't exactly any merit behind it. |
@ag-n as I said, and @rkoesters, @urbaniak and others confirmed, a native desktop app is preferred, but if time permits, we could have both. I do not however think that that is realistic. It just requires too many resources (i.e. time, knowledge, etc.). I wonder though, what about ChromeOS? And how many people (would) use ChromeOS? |
I understand the lack of resources and the technical difficulty, it's just a solution that I would prefer, and that would (I think) make it easier for most people to switch to Signal.
I don't think it's popular enough to dedicate resources to it ; a Windows/Mac/Linux app would be way more useful. Maybe later, if the market changes. |
Thanks everyone, but we try not to use GitHub for discussion. I think we have all the information we need in this issue, if you'd like to continue discussion please see the online forums. Thanks! |
See http://blog.chromium.org/2016/08/from-chrome-apps-to-web.html
The text was updated successfully, but these errors were encountered: