I would strongly suggest waiting for a statement from the Shift team about the use of web wallets.
I believe that the user has the best intentions on sharing this, and do not intend to affirm or discredit
the user's trustworthiness, IT practices or competence.Of course anything one does has risks and one would not accomplish anything if one tried to mitigate all risks.
With a web wallet there is a longer chain of trust, involving much more than the person who sets
up the server. If you have more SHIFT or other crypton than you would want to loose, consider
carefully who you would like to trust. Keeping the chain short reduces the risks.
In addition to a person who sets up a web wallet server, the following and more need to be trusted
to have impeccable security practices.
- Hosting provider servers, storage, network, DNS
- Virtualization Platform (which may have a malicious VM, may be same )
- Certificate Authority
- OS and Utilities( Host and VM)
- All other software the
- Network
- ...
Then there is your end
- Your Computer's Tablet's Phones manufacturer, importer, retailer
- OS
- Web Browser
- Antivirus and all other software apps running on it.
- ...
