Why is there no signal web client?
I’ve read about E2EE (end to end encryption) of Signal in web clients on a Signal Community discussion forum, and wonder why they say that the browser is insecure for E2EE and native apps are secure.
I think the security issues for clients are the same. It can be harder in various systems based on their security policies, but all of the clients are prone to various attack surfaces like MITM, viruses and rats and other malware. And something more important they emphasise is the delivery for javascript files, but doesn’t that use HTTPS? I guess if anyone could break the HTTPS security they can do anything more dangerous than what we think about.
We want to develop some chat service like Signal with a web client, but this article confused us. Should we ship a web client or not?
Yes, HTTPS is used. The thread doesn't say that the web app will be completely insecure, instead it says
This effectively reduces the security of your end-to-end encrypted communication to that of your SSL connection to the server Which means that anyone who can control the SSL connection to the server can now intercept and eavesdrop on your e2ee communications. So who exactly can control the SSL connection?
Well, if a (possibly state-level) attacker controls/compromises a CA, they could issue a fraudulent certificate for the Signal web client server and attempt to MitM the SSL connection (this threat is limited, but not eliminated, by the use of certificate transparency.) As @multithr3at3d pointed out, TLS inspection proxies at workplaces are a much more likely form of MiTM and could cause problems if your employer was interested in compromising your private conversation. However, in such a case, the employer owns the machine and would probably just install a keylogger on it, so you would have bigger problems.
However, the larger problem here is that the SSL connection, as well as the content being served, is controlled by the Signal server. This means that if the server is compromised or goes rogue (which can easily be achieved by a government serving Signal a subpoena or the like), then it can easily modify the javascript files served to the client in a way that allows them to intercept the communications. This effectively defeats the point of end-to-end encryption, which is that nobody other than the sender and the recipient should be able to read the contents of the communication, since the server now has the power to compromise the communications at will.
This threat is amplified by the fact that such malicious modification of the code served can be done in a targeted manner. The server can ensure that only a specific user/client is served the modified malicious code. This significantly reduces the chances of the modifications being detected and exposed.
Actually we want to develop some chat service like Signal with a web-client, but this article made us confused about whether we should ship a web-client or not. Can anybody please explain it? This depends on your threat-model (or rather the threat-model of the intended audience of your chat service). Will those people just be using it for chatting with friends or communicating with colleagues? Or will it be used by whistle blowers trying to coordinate the disclosure of classified information with journalists? You will have to consider whether the risk outweighs the benefits and decide for yourself whether or not to ship a web client. If it's the former, then having a web client will not be a very big issue. This is closer to the use-case of WhatsApp and WhatsApp does have a web client. If it's the latter, then you had best follow Signal and stick to using desktop clients and apps which can be signed and their integrity verified.