Say they introduce a bug, that deletes every file on your machine.

Not even that unlikely, for example consider the well known `rm -rf $STEAMROOT/*` bug in Steam some years ago

No, they don't have access to the Wireguard keys and everything is point-to-point. They'd have to push a backdoored software update to gain access (and this is a threat with any vendor product).

IIUC Tailscale controls key distribution, so you'd still have to trust them. However, it might still be possible to eliminate that need for trust by verifying peer connections out of band.

Yeap, I think the Xbox 360 was the first (or one of the first) to implement this protection back in 2005 - https://www.youtube.com/watch?v=uxjpmc8ZIxM

Wii and PS3 too :)

No, unless combined with WebUSB trickery, and such an attack has been possible in the past. However, browsers currently implement blocklists of HIDs and other USB types from working with WebUSB.

Python has had named arguments for a long time (since v1.4), which is arguably more widespread than PHP or Swift.

None of your cited examples are "secure," they're the very definition of "security by obscurity," which is to say insecure.

https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle

If anyone is interested in Electron application security, I wrote a guide that explains the methodology behind some of the choices the author here has taken and even goes a bit further in a variety of areas: https://know.bishopfox.com/research/reasonably-secure-electr...

(author)

Thank you, I will read up on this!

I've used nsshell to great effect on multiple projects, highly recommend it (but an encrypted option would be great rook). I've also written a more heavy handed asymmetrically encrypted DNS C2 https://github.com/BishopFox/sliver

Always hack with a safety shell!

The conference did _not_ accept the talk, they paid the conference so that they could give the talk.

Which they accepted, no?

They don't vet the paid presentations.

Really? Wow.