Beaker: Question: How is phishing prevented?

Created on 8 Nov 2018 · 2Comments · Source: beakerbrowser/beaker

I see a very strong risk with Beaker, and that is that phishing pages could be easily distributed. both of regular pages, but also dat:// pages.

How is that prevented? If someone "forks" a popular page/app, and creates a malicious version of it, how do you do to avoid falling victim of it?

discussion

Source

sebastiannielsen

👍1

Most helpful comment

@da2x is right, though we don't plan to use DNSSEC to solve it.

We're going to create a phishing and malware protection in the form of a Web of Trust. It's basically the same premise as what Chrome does with its warnings, except that it's decentralized. We're also going to use that mechanism for identity, search, and positive security ratings (e.g. "this app is audited and safe"). Specs and mocks will be posted soon for this.

pfrazee on 8 Nov 2018

👍6

All 2 comments

Most alternative browsers don't have phishing and malware protection, and Beaker is no exception. Other browsers solve this by blacklisting URLs and periodically update these blacklist. There is nothing blocking any pages or content from loading in Beaker and there is no blacklist service yet. You can expect this to change when the peer-to-peer web gains some momentum, however.

Your question is really about identify on the web, however. You can map a domain to a Dat archive (e.g. dat://beakerbrowser.com) and thereby assert some kind of identity. The domain would have to be setup with DNSSEC and the local DNS resolver would have to validate the signature for this identify assertion to hold any value, though. Beaker would also find a way to communicate this to the end user.