1) Chrome apps can be silently updated; it's a huge security hole in Chrome's distribution model, as it removes all human oversight from the process of software distribution.
2) You control the distribution keys for the silently updating Chrome app, and your signing key, which means all you need is the end-user's signing key to empty people's wallets -- which you (or any adversary that compromises you!) can get by pushing a Chrome app update.
3) Unless you are actually pushing users to use externally downloaded, NON-AUTOUPDATING, code signed applications by default, you're making users insecure by default. An open source client on GitHub doesn't do anyone any good if your default is to strip away crypto-currency's security. This is no different than Microsoft's previous policy of shipping insecure services enabled by default.
Essentially, this boils down to "trust us" -- you control the infrastructure that protects one half of the signing keys, and you already have access to the other half.
It'd make a helluva lot more sense if a locally installed client was maintained by a trusted third-party, and it was the default user mode.
Cloud-focused web people are undermining the promise of bitcoin by simply not understanding why the cloud is so dangerous, whether we're talking about user data (creating a vast treasure trove for the government), or money.
1)The chrome app can be run from the GitHub repo as far as I know.
We are also trying to sponsor an Electrum plugin and our android app will soon work similar to the Chrome app (at the moment it uses appcache and it doesn't do the independent blockchain data verification via the electrum network.)
We are also working with hardware wallet manufacturers.
2) see (1)
3) We will update our website information to make the user aware but please keep in mind that 2FA (soon with transaction details) means malware has limited capacity. Also keep in mind that an attacker would have to attack both our service and our signing key at the store which are not in the same place and are kept encrypted when not used.
2) You control the distribution keys for the silently updating Chrome app, and your signing key, which means all you need is the end-user's signing key to empty people's wallets -- which you (or any adversary that compromises you!) can get by pushing a Chrome app update.
3) Unless you are actually pushing users to use externally downloaded, NON-AUTOUPDATING, code signed applications by default, you're making users insecure by default. An open source client on GitHub doesn't do anyone any good if your default is to strip away crypto-currency's security. This is no different than Microsoft's previous policy of shipping insecure services enabled by default.
Essentially, this boils down to "trust us" -- you control the infrastructure that protects one half of the signing keys, and you already have access to the other half.
It'd make a helluva lot more sense if a locally installed client was maintained by a trusted third-party, and it was the default user mode.
Cloud-focused web people are undermining the promise of bitcoin by simply not understanding why the cloud is so dangerous, whether we're talking about user data (creating a vast treasure trove for the government), or money.