zlacker

>>dsr12+(OP)
Really weird that nobody in the thread is pointing out that this is basically a website that says "give me your photos, specifically from protests, which have details that you want to keep private".

It doesn't matter that it theoretically all happen in the browser. You can serve different versions to different IPs etc. Every heuristic in me would be screaming don't use that if I would have a need for such tool.

>>comboy+iO
It's a static site running on GitHub pages, over HTTPS, directly out of a linked repo so you can examine the source code. I literally could not imagine a more transparent way to serve this application.

The only way an attack vector is possible here is if you think GitHub themselves would maliciously inject an altered version of the code in the repo, and even then you'd be able to see the code and network requests in your developer tools.

>>dmart+j71
> I literally could not imagine a more transparent way to serve this application.

Just distribute the code for local execution? Sure, it's less accessable for the target audience, but it is more transparent.

But what else is new? Most users are willing to sacrifice privacy and security for convenience. That's how we got into this whole mess.

>>CivBas+S91
Hmm 1. This is local execution 2. What's so secure about a downloaded executable run directly from the OS? It could send information to a remote server just (or more) easily, and less transparently

>>lyjack+2m1
> What's so secure about a downloaded executable run directly from the OS?

I did not suggest distributing an executable. I suggested distributing code, so that the user could audit it before execution.

I did not realize this tool executed all of its logic in the client when I made that post. It is rare to find websites with plainly-written, unobfuscated, uncompressed, vanilla Javascript that don't rely on any server-side processing.