> there is never any security since the code in the browser can simply be swapped with compromised code that diverts the plaintext somewhere.

This is not the case in the land of DICE-like key derivation; see TKey protocol for example. You can download and run an actual rv32 program on actual FPGA over WebUSB without having to worry about its provenance. If the program is modified, firmware will derive a completely different key.

▲

pareidolia a day ago | parent [-]

Zivver is a web application. The javascript that comes with the webpage can change at any time for any reason, as Zivver sees fit.

▲

tucnak a day ago | parent [-]

I'm simply pointing out that web standards allow for secure end-to-end communication, and more, in fact they happen to allow arbitrary cryptographic constructions—as long as the program itself never changes.

▲

pareidolia a day ago | parent [-]

But this requires special hardware right?

	▲	tucnak a day ago \| parent [-]
		Not necessarily. You can run TKey in qemu :-) etc. The hardware aspect is what makes it easy to use, with WebUSB and all. The derivation algorithm is key. And it takes program binary as parameter to Blake2 hash function.