Replying to Avatar Yonle

> PWA in my opinion will be the most insecure one so far.

>

> It doesn't matter how long the developer can maintain for the app or the domain itself. The moment the domain gets expired (which could be anytime), The same PWA app just stops working like it used to be.

>

> It doesn't matter when it was hosted at vercel or github pages where it could live for quite long because the moment the owner of the domain changes, It could go either dead or ended up being malicious.

>

> Doesn't matter the fact that the key has been stored in encrypted string. Since the update of an PWA app can be pushed at anytime without user's knowledge, It can be compromised by the owner at anyway.

--- Yonle, not a long ago.
Avatar
captjack 🏴‍☠️✨💜 1w ago

DNS - domain like services are ALWAYS KYC - vulnerable to outage

Reply to this note

Please Login to reply.

Discussion

No replies yet.