No, I don't have any good ideas. Just hoping someone else does, or that I'm missing something.
replyI think it's in the hands of browser vendors.
The agent review a la socket.dev probably doesn't address all the gaps. I think you're already doing about as much as you reasonably can.
Thanks. The question has made me wonder about the value of some sort of real time verification service.
replyIf it's possible to isolate that part of the code, and essentially freeze it for long periods. At least people would know it wasn't being tweaked under them all the time.
replyThat is my half of a bad idea.