Software Alternatives, Accelerators & Startups
Table of contents
  1. Social Mentions
  2. Comments

Signed Pages

A browser extension to verify the authenticity of websites

Signed Pages Reviews and details

Screenshots and images

  • Signed Pages Landing page
    Landing page //
    2022-11-05

Badges

Promote Signed Pages. You can add any of these badges on your website.

SaaSHub badge
Show embed code
SaaSHub badge
Show embed code

Videos

We don't have any videos for Signed Pages yet.

Social recommendations and mentions

We have tracked the following product recommendations or mentions on various public social media platforms and blogs. They can help you see what people think about Signed Pages and what they use it for.
  • E2EE on the web: is the web that bad?
    There is "Signed Pages" by the debeloper of EteSync. It is a browser extension, that checks webapps based on signatures in the html file. The addon then warns the user if the signature is not correct or - if I remember correctly - the source changed. This allows you to be sure what webapp code was delivered. But it seems like it did not really get used outside of his own projects. - Source: Hacker News / 5 months ago
  • Cloudflare and CDNs - call for community opinions
    EteSync has implemented something called Signed Pages, this might be worth looking closer at. This uses PGP keys which is preloaded into the browser; but I suspect that will be a barrier too high for most non-tech users. Source: about 1 year ago
  • Truly safe?
    There are also projects like signed web pages which can also help increasing the trust level to some degree. But that requires that you can download the source code and regenerate the verification hash locally - or have other trusted methods to verify the hash value hasn't been modified as well. The current concept is reasonably sane, but it requires too much from users currently to make it widely used. Source: about 2 years ago
  • Security experts declare all Proton apps secure after security audit
    > The server can at any time start serving malicious payloads True, and I call this threat model "Beware Each and Every Fetch" (BEEF) in contrast to the more common TOFU model (although if you trust a desktop app to auto-update itself then these two models might not be all that different). In any case, I think you're being a little quick to dismiss the idea of server-hosted applications. It's true that browsers... - Source: Hacker News / over 2 years ago
  • ProtonMail Is Inherently Insecure, Your Emails Are Likely Compromised
    Something like a browser extension for this does already exist, fortunately: https://github.com/tasn/webext-signed-pages. - Source: Hacker News / over 2 years ago
  • "Were you able to subpoena ProtonMail?"
    In regards to untrusted webapp, yes, that is a reasonable attack vector. That said, I've heard from ProtonMail they have been considering to implement Signed Pages to help mitigate (at least some of the) issues with this attack vector. Source: over 2 years ago
  • Proton’s priorities
    Which is why it is important to get proper E2E encryption on e-mail, where the source is open source and can be audited. And then that there are verify mechanisms to verify that the source code has not been manipulated. For web services there are signed-pages which is quite interesting. Source: almost 3 years ago
  • ProtonMail: Important clarifications regarding arrest of climate activist
    The browser add-on that comes closest is Signed Page[0], and in theory it could provide TOFU level security by requiring the user to opt in to new versions. For unclear reasons, though, the devs seem to be against implementing that.[1] Any system for protecting against backdoors assumes that someone is auditing the code to check for user-specific code paths, so the only extra layer of security to add is some sort... - Source: Hacker News / almost 3 years ago
  • Show HN: We built an end-to-end encrypted alternative to Google Photos
    There are a couple of other ways to mitigate the problem for web applications. If you're willing to install a browser extension, then it might make more sense to use the Signed Pages extension[0] which applies PGP signature checking to web pages. The other solution is to use Secure Bookmarks[1], which combine SRI integrity hashes with Data URIs to ensure that a fixed bundle of JavaScript is running in the page.... - Source: Hacker News / almost 3 years ago
  • Show HN: We built an end-to-end encrypted alternative to Google Photos
    Since passwords aren't transmitted in plaintext, this vulnerability would only affect the web client (and only if its code wasn't authenticated). The solution is something similar to the Signed Pages extension by the developer of EteSync: https://github.com/tasn/webext-signed-pages Alternatively, the entire web client can be packaged as a web extension, which is what Mega is doing:... - Source: Hacker News / almost 3 years ago
  • The new ProtonMail has passed its independent security audit
    Deploying via IPFS might work indeed, but you're then either reliant on a gateway or have to run IPFS yourself locally. I know that Brave now supports IPFS, but for most people a more lightweight solution would be to install the Signed Pages extension for Chrome or Firefox.[0] I'm not sure if you actually need a trustworthy backend, or rather, if the frontend is encrypting its state before sending it to the... - Source: Hacker News / about 3 years ago
  • NortonLifeLock Unveils Norton Crypto
    EteSync (an end-to-end encrypted contacts and calendar syncing service) developed a browser extension called Signed Pages to validate the integrity of its web app. This mechanism also works for any other website that implements it. https://github.com/tasn/webext-signed-pages The main HTML page is PGP-signed by the developer, and all of the resources embedded in the page are validated by the browser using the... - Source: Hacker News / about 3 years ago

Do you know an article comparing Signed Pages to other products?
Suggest a link to a post with product alternatives.

Suggest an article

Signed Pages discussion

Log in or Post with

This is an informative page about Signed Pages. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.