Desktop Client Electron Security Concerns

Is there awareness that Electron is inherently risky due to the use of a Google Chromium instance, no matter its age?

The reason is that Chromium is built with some unknown binaries from Google and uses unidentified Google web services. You can find more information in the ungoogled-chromium project.

If you want to keep using Electron despite these issues, there should be at least a clear warning for the users. Not many seem to be aware of it while Delta Chat is advertised as secure and privacy-friendly, so without a warning this can lead to bad surprises.

Edit:
As pointed out in another thread, Node.js uses Google Chrome’s Javascript engine V8. So there’s an additional risk of Google’s influence on the backend side as well.

@Simon mentioned in that post that alternative desktop clients are planned, but I feel that in the meantime users should be informed about the risks with the current implementation.

1 Like