On 1/24/21, David Barrett <dbarrett@expensify.com> wrote:
Hi all, I'm the CEO a company called Expensify, developing a new open source chat application at https://Expensify.cash. I was pretty prolific on the p2p-hackers mailing list back in the day, but this is my first post to Cypherpunk, so... hi!
Punk's comment on javascript has merit. It's hard to secure javascript. It's gotten easier, but it's still designed for the web, where everything you do is handed to you by a stranger.
Re Signal and Javascript, Signal offers its code in a signed binary, and offers the source to that binary for anybody to build and check. I'm not aware that javascript has a way to provide cryptographic signatures of its code, but I've been out of the loop for a while. Basically a number of the design choices around signal demonstrate trust. Some do not. But more than most projects out there.