This is a valid question. An electron implementation of blindmixer has been created for a number of purposes, with the most notable one of them being: heightened security and privacy.
When you load the blindmixer wallet in your browser, you assume that blindmixer.com belongs to "us", the "original" blindmixer developers. However, through malice, error, or other circumstances, it can happen that either the domain name, or the wallet script is corrupted and or harmful. In that case, your browser will still load the "script": (read: wallet), as long as the checksum is correct, which can cause a loss of funds.
Using the electron wallet, you yourself specify the version of the wallet you'd like to use, and subsequently both the URL and the checksum. An attacker can in no way modify the code in such a way that the checksum is still valid, and thus, as long as the script was originally untempered with, cannot affect you.
An example of such an attack whereby the electron user is protected, and the web user is not is a domain hijacking. The web user will automatically load the new wallet file, whereas the electron user will attempt to load the originally specified script (with the original checksum), or nothing at all.
Additional privacy is attained because of the wallet's harded-coded policy of routing traffic through tor and tor alone. If access to tor is restricted in your country, you might not be able to use the wallet.
There are two ways you can get the keys to verify the wallet signatures. Either import them manually for which they can be found here. 1CE3 A7D2 4275 2B94 70F6 585F 9123 3C86 5A2C AC09
Or you can also import the key using the fingerprint using the following command:
gpg --keyserver hpk://keyserver.ubuntu.com --recv-keys 1CE3A7D242752B9470F6585F91233C865A2CAC09After that you can calculate the hash of the redistributable yourself and compare it against our signed hashes which can be found here
You might be wondering: how do I know I am loading the real wallet file? We will periodically update the latest version url to appear right below. However, as we have just explained, domain hijackings can happen at random. Therefore, it might be possible that the url linked below is also malicious. Please always verify the integrity before updating!
Make sure to verify that the fingerprint matches the one on github. If you're in doubt, contact our support!
The current version URL is as following:
For which the signature is as following:
As explained, the signature should verify with the key belonging to the fingerprint linked above.