Web-Based Key Management
A common way of distributing key management software and wallets is by embedding them in web pages. The user can simply navigate to a web page hosting a javascript application that allows them to generate a wallet, view their balances, get addresses, and/or sign transactions. To protect against potential malware, the user can download the page and use it offline on an air-gapped computer.
We decide against using web-based key management for several reasons.
- Phishing - Due to the nature of hypertext, it is easier to direct someone to a fake web page than a fake app.
- Browser Privacy - Many popular browser extensions have permission to read and alter every web page a user visits. When a user chooses to trust a web wallet, they are also choosing to trust every extension provider they are using with the security of their funds. Even if the keys are not present on the web page, a malicious extension could alter addresses, showing the user a receiving address that belongs to the attacker.
- Complexity - To protect against malware, a web wallet should only be used on a dedicated single-purpose air-gapped computer. Due to the complexity of setting up an air-gapped system, many users will fail to do so, putting their funds at risk.