- The hashes (stored in a .bowerhashes file in the CW repo) allow us to freeze/checkpoint the dependencies that counterwallet builds with.
- A restrictive Content Security Policy (CSP) in place prevents malicious JS code (for instance) from running and shipping things like passphrases off to external sites, as well XSS issues, injection attacks, and other potential attack vectors.
- Moreover, the cw servers themselves have numerous security measures to prevent and detect unauthorized access and changes.
However, none of this prevents the authorized site owner him/herself from modifying these files in a malicious manner, in a way that complies with the CSP (or disabling the CSP).
Unfortunately, the above is currently the best way to be sure AFAIK. What would be best is for someone to write a tool that anyone could run that would pull and compare the source files between one cw server (e.g. counterwallet.io) and other (e.g. counterwallet.coindaddy.io). The tool could also check the returned HTTP headers to ensure the CSP header is present, as well as the other security-related headers we use. It could run periodically, and possibly alert if there were differences detected. Running through tor or some proxy network would also be a benefit, to avoid the chance that a sophisticated malicious site owner would serve “clean” files to the (known) IP of the checking host, while serving “dirty” files to everyone else.
There should be tools out there that can probably do this already, but they would just have to be configured for the task.