Signed Pages

A browser extension to verify the authenticity of websites

This extension helps increasing the security of web apps, and bringing it to almost that of native apps, by verifying the page's resources were signed by the developer.

This extension therefore protects against a malicious (or hacked) server trying to steal your supposedly end-to-end encrypted data, or for example crypto-currency wallet.

Reviews

Discussion

Hunter
You need to become a Contributor to join the discussion - Find out how.
Ariel Assaraf
Ariel Assaraf@arielassaraf · Co-founder & CPO - Coralogix
Looks amazing! Good luck!
AbadesiHunter@abadesi · 👩🏽‍💻 Product Hunt | Hustle Crew | NTT
Hello @tomhacohen and welcome to Product Hunt, it is great to have you in the community. Please tell us more about this project, how did you get the idea? What was it like building it? Thanks
Tom Hacohen
Tom HacohenMaker@tomhacohen
@abadesi hey there. Thanks! I originally created this extension to improve the security of EteSync's (another project of mine) web app. One of the biggest issues with securing web applications is the fact that the app (JavaScript) is delivered to you every time you open the page. This means that a malicious (or compromised) web server could change the code to steal your supposedly client-side-only and secure data. This is obviously not good for a secure and end-to-end encrypted app, so I had to create this extension to solve it. This extension solves this by verifying the code really came from the developer. While this doesn't protect you from a malicious developer, it at least brings the security of the web app to a similar level to that of native apps, because it follows a similar model (developer signs, and signature is verified). It was a combination of fun and absolute hell to build this extension. :) When it comes to cryptographic signatures, even the smallest difference in content is enough to make the signature verification fail. This is a good thing, though unfortunately it doesn't work well with the small oddities between different browsers. In the end, I solved it by sanitising the HTML in a manner consistent across browsers, and got everything to work reliably.