Web-based cryptography is always snake oil

Core argument: incoherent cryptosystems & web crypto

  • Central claim discussed: any cryptosystem is “incoherent” if the same entity both distributes the client and operates the service it’s supposed to protect against, especially with auto‑updates.
  • For web apps, server‑controlled JavaScript and service workers can be changed at any time, so the provider can silently remove or weaken encryption for specific users.
  • Several note this applies not only to web apps but also to proprietary “E2EE” messengers and mobile apps that auto‑update.

Trust, updates, and threat models

  • Many comments stress: you always have to trust whoever supplies your software; you cannot fully protect against them becoming malicious or coerced.
  • Auto‑updates (including time‑bombed clients) effectively give vendors remote code execution and the ability to selectively backdoor.
  • Others emphasize threat models: E2EE can still be valuable against third parties, mass data breaches, and insiders, even if it can’t defend against the vendor plus their government.

Value of E2EE vs TLS / “snake oil” claim

  • Critics of the article say calling web crypto “snake oil” is overstated and ignores real benefits:
    • Protects data at rest from DB leaks and casual/insider access.
    • Raises the bar vs simple read‑only database compromise.
  • Supporters counter that if the provider can silently ship a keylogger or plaintext uploader, claims like “we can’t read your messages” are at best conditional marketing.

Legal, business, and government angles

  • Some argue E2EE is also a legal strategy: shifting the burden by making compliance with wiretap orders “impossible” in practice.
  • Others see real engineering incentives (liability reduction, insider abuse prevention), though skeptics question whether they outweigh business incentives for surveillance or government cooperation.
  • Nation‑state threats are debated: some see US‑based E2EE as mainly vulnerable to US agencies; others say this is largely academic for typical users.

Mitigations and alternative designs

  • Suggested mitigations: open source, reproducible builds, anonymous distribution, content‑addressed storage, third‑party code attestation (e.g., WEBCAT‑style manifests, external code verification services), and protocols with multiple independent clients.
  • Several note that such practices are common in traditional software distributions but rare for web apps, making web‑based E2EE particularly fragile today.