While I agree that @fluffypony's concerns about the security of web wallets are valid, the examples he cites as security threats apply to the distribution of desktop wallets as well. Attacks such as BGP rerouting, domain squatting, and the potential for a malicious Cloudflare worker can compromise any online service, not just web wallets.

Also I called it FUD because at the end of the day he IS disparaging the app, irrespective of the reason stemming from its architectural decisions. Read “@MutinyWallet is a terrible idea and NOBODY should use it!” and “It is literally impossible to secure a web wallet attack surface”. It is said in a matter of fact way and under the assumption that a sizable amount of users are vulnerable to having their funds stolen in the ways he describes.

Despite this fact, the my monero website still provides a way to not just access, but create new web wallets as grubles has pointed out in one of the replies (https://twitter.com/notgrubles/status/1680912592733192192). If it was such a big issue for @fluffypony, I’d imagine due diligence could be done rectifying his own work by trying to force users to withdraw or at the very least prevent new wallets from being made.

Furthermore, there’s an air of presumption that the creators of the Mutiny wallet don’t know the risks and aren’t actively trying to mitigate it. As @benthecarmen says “he's not wrong that there are risks, but the alternative is praying to daddy apple and google for permission” (https://twitter.com/benthecarman/status/1680631437085626369) seemingly indicating a prior understanding that there are tradeoffs with this approach.

Another comment highlights that the app is a PWA, which should limit some of the attack surfaces described (like having to constantly worry about the correct js bundles being received from the server). There’s a tiny concession by @fluffypony (https://twitter.com/fluffypony/status/1680936318820294657), but only after he seemed to hand wave any security concessions on a previous comment (https://twitter.com/fluffypony/status/1680764906667220992).

Anyway this is probably my last comment on the matter. Users will inevitably continue to use and test Mutiny Wallet, exploring its security and efficiency firsthand. Rather than dismissing the project altogether, I just wish @fluffypony would highlight specific vulnerabilities and suggest potential solutions. The sentiment, "If I couldn't protect a significant amount of my Monero users from web wallet theft enough to justify its on-going development, no one can!" seems dismissive and unhelpful.