If HighSide were to offer a web app (like Slack, Microsoft Teams and others) and HighSide's servers were compromised by hackers, the attacker could easily substitute code stored on our server with malicious code and compromise all user accounts, messages & files. 

Worse still, it can be difficult to detect this type of security breach and the intruders could theoretically snoop on user accounts for an extended period of time until being discovered. 

It currently takes companies like Slack and others an average of 229 days to detect a security breach - that is 229 days an attacker could be accessing your data within a web app without your knowledge, and without even the knowledge of your service provider! [1]

Does your provider suggest it's not possible for their servers to be hacked or for malicious code to be injected into their web apps? 

You can think of it this way: it is unlikely that these companies are better positioned to protect their servers from security breaches than the U.S. Military, the FBI and Fortune 500 companies with near limitless resources to spend on cyber defense, all of whom routinely fall victim to these types of attacks. [2]

The second reason HighSide is only available as a native client is that in order for end-to-end encryption to be used properly, your software must store your decryption keys in a place where they cannot be accessed by any other user or any server (including our own servers here at HighSide). Such a feature is not truly available in web browsers.

While HighSide intentionally doesn't have a web app, we do have support for using your same HighSide address across multiple computers and devices so you can have easy access to HighSide at home, at work and on the go. 

 

[1] Root9B, Services 2017

[2] Motherboard, Lorenzo Franceschi-B, "FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years," 2016