wording

privacyguides · Nov 25, 2024 · aa4d388 · aa4d388
1 parent 89f2c1d
commit aa4d388
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/blog/posts/pwa-vs-iwa.md b/blog/posts/pwa-vs-iwa.md
@@ -17,7 +17,7 @@ The concept of a [Progressive Web App](https://developer.mozilla.org/en-US/docs/
 
 ## Current Web-Based Apps
 
-Attempts at similar things have been made before, notably the infamous [Electron](https://www.electronjs.org) allows developers to easily create cross-platform apps by essentially bundling an entire chromium browser in with the app. This approach has its [drawbacks](https://usa.kaspersky.com/blog/electron-framework-security-issues/28952/?srsltid=AfmBOor_UcYY-84soHz5K2ULTmhlX44-DsIfJp_StotBrusD63MweSGO), though. Browsers have huge attack surface so it's important to keep them updated, but many Electron apps ship outdated versions, leaving those apps vulnerable. Each app will have its own version of chromium with its own attack surface, adding up to a performance and security nightmare. PWAs use the browser that you already have installed, so as long as you keep it updated all your apps will have all the latest security fixes.
+Attempts at similar things have been made before, notably the infamous [Electron](https://www.electronjs.org) allows developers to easily create cross-platform apps by essentially bundling an entire chromium browser in with the app. This approach has its [drawbacks](https://usa.kaspersky.com/blog/electron-framework-security-issues/28952/?srsltid=AfmBOor_UcYY-84soHz5K2ULTmhlX44-DsIfJp_StotBrusD63MweSGO), though. Browsers have huge attack surface so it's important to keep them updated, but many Electron apps ship outdated versions, leaving those apps vulnerable. Each app will have its own version of chromium with its own attack surface, adding up to a performance and security nightmare. In contrast, PWAs use the browser that you already have installed, so as long as you keep it updated all your apps will have all the latest security fixes.
 
 So why isn't every Electron app shipping as a PWA? The answer is an age old problem with web content: the fact that you have to trust the server fully. You make an HTML GET request and you're served the content, but if the server is compromised, you'll be served a compromised website. You also need to rely on the security of DNS name resolution and the [certificate authority](https://www.digicert.com/blog/what-is-a-certificate-authority) system. This is a huge problem for security-sensitive applications like messengers. An attacker that gains access to their server even just temporarily, could distribute compromised clients to millions of people, potentially breaking E2EE or any other number of malicious actions.