Why not give the option to download the page and run the code from our owns computer/cellphone? With part of the site being downloaded from server but the critical part being stored locally.
The rational behind this:
- If everybody connect using secret seed on a website it's likely a good target (-> corrupt the code so that seeds are actually sent to attacker)
- If somehow the page get compromised there could be a lot of loss quickly
- Likewise, the solution I propose is vulnerable to false update, which can be mitigated by several means:
- The critical part of the code is merely storing the seed locally and transaction confirmation, so it's likely possible to design something that doesn't need further update, or very few. Which means for example release something good, stable, minimalist and modular enough so that anybody can integrate it.
- On smartphones/linux we can serve the code in secure ways (embedded in applications/packages GPG signed or so).
- Platforms should keeps the hard rule to always ensure backward compatibility, so users may not need to update all at the same time. This would widely reduce the impact of an attack as not every connection would be impacted.
I hope it makes sense to you, though I may miss something important as I'm by no means an expert in the field; So I wish to open the debate on this.
Somehow I feels that relying on online code to connect to wallets is a flawed design. At the end, it's again the same old idea about centralization being insecure by essence. Attacking one big target is generally less costly and more rewarding than a lot of little ones.