Mozilla's Firefox Security Team introduces Web Application Integrity, Consistency and Transparency (WAICT), a new web platform proposal that cryptographically binds client-side JavaScript to a publicly auditable manifest. This addresses a fundamental trust gap in browser-based apps like encrypted messengers, where a malicious server could silently serve modified code. WAICT requires sites to opt in, after which browsers reject any unlogged code, making attacks observable and attributable. An early prototype is available in Firefox Nightly, developed in collaboration with Cloudflare, Freedom of the Press Foundation, and Meta. Specifications are being developed openly and early feedback is welcome.
Sort: