That’s unfortunate. Can you try clearing all site data and doing a page reload?
I’m trying to work on a better experience in a separate project here: https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=story
Thanks.
It’s possible to have it entirely static and broker webrtc connections client-side, but I haven’t figured out a user experience that would make it “work”.
P2P using peerjs (webrtc). Think of it like a gui for peerjs-server.
The docs for it can be seen here: https://positive-intentions.com/docs/projects/chat
I think it should have the links for more information.
The android app is poorly maintained I would stick to the website based version which I actively work on. I’m using tauri to wrap the webapp. I’m no java developer, that’s all tauri boilerplate.
Ultimately this is intended to be a general purpose messaging app. But it isn’t as good as any of the app you’ve suggested. I sharing it because it demonstrates a fairly unique browser based architecture. Aiming for secure client-side cryptography.
Unlike other solutions, as a webapp users can get started without installing or registering.
it certainly gives more control over your own data, but (if you know what youre doing) from a cybersec perspective, it can help to reduce the “attack surface”. the current direction is to allow users the flexibility from a version provided from me hosted on aws s3 or host it yourself from open source code. additionally, you can host your own peerjs-server as used for brokering connections… by default it connects to the public instance of peerjs-server (so its easier for users to get startedt).
im aiming for flexibility in “getting started” from ready-to-go to selfhosting. it all depends on if a user knows what theyre doing.
For testing and demo purposes only. NOT to replace any other app you use.
Session, Signal, Simplex and countless more apps are better for privacy and security. I can only hope to get to that level on my project.
Selhosting and a vpn are optional depending on your use case; the app works with niether to help users try it out and get started. Like all secure messaging apps, its better to selfhost given the option.
I’ve put effort into how the app is working, but ultimately i dont think its appropiate for me to suggest this code is ready for your sensitive data when it hasnt been reviewed or audited.
group chat is still a work-in-progress, but it’ll work in a way where asymmetric and symmetric encryption keys are generated in javascript using cryptography tools provided by the browser of your choice.
when a connection is established over webrtc (which mandates encryption anyway), the asymmetric keys are exchanged using the diffie-helman technique.
the keys are persisted into browser storage (indexedDB) so in a future reconnection, new keys dont need to be rgenerated. if you connect to a “known-peer”, the keys can be used for a kind-of p2p authentication.
all the security here depends on the security of the connected devices involved. this approach is in contast to connecting to an api to authenticate and proxy encrypted messages.
for more info there may be related information/links here: https://positive-intentions.com/blog/security-privacy-authentication
That’s right. It’s using peerjs-server as the connection broker.
thanks! yeah i agree it could do with more attention on the UX.
Thanks!
I’d like to add data encryption at rest, but thats still a work in progress. A previous post on the matter: https://lemmy.ml/post/22209501 .
I hope to improve the project over time. A roadmap of possible capabilities can be seen here: https://positive-intentions.com/blog/introducing-decentralized-chat#roadmap-the-future-of-secure-file-sharing
I’m motivated to work on the project because its interesting, but it seems this project is not sustainable open source and so I’m investigating options in how to go forward.
(The chat app repository will still remain open source. Making it close-source would undermine it’s security claims.)
the web version is intended to work on all platforms without compilation.
a html file-input is simple to add on a webpage. when selecting a file, its loaded into memory. at that point you can encrypt that file and sent it over webrtc… voila; p2p encrypted file transfer.
my approach to a mobile (ios/android) version is using capacitorjs/tauri… its basically a native wrapper with a webview.
P2p encrypted file sharing is sadly still an unsolved problem
thanks for your input, but can you explain what you mean by “unsolved problem”?.. p2p encrypted file transfer is demonstrated in the app.
its browser based. it uses webrtc to create p2p connections between browsers. concepts like authentication takes the form of using cryptography capabilities of a typical browser. the storage of data from messages to encryption keys are stored in indexedDB as provided by the browser of your choice. there is an emphesis on client-side browser-based capabilities in all parts of the app.
matrix is a good peer reviewed and generally reccommended solution. this project isnt intended to replace any existing solution. there are many other similar projects out there, but i notice there arent many presented as webapps. this is my attempt.
My app is different because the auth is handled between peers. So it could only every be people you shared your ID with. Security is important for me on this project. Its more important than the app being popular. https://www.reddit.com/r/CyberSecurityAdvice/comments/1ev5kqn/is_this_a_secure_messaging_app/
People should not connect to strangers on this app because of the potential risks of IP exposure… But between people you trust or between your own devices, it should work as expected for testing.
As for allowing links with expiration, you basically have that already with what looks like the login/logout functionality. There is no actual registration, it’s just a UI for creating and deleting crypto random ID profiles.
Lemmy and the fediverse is a good idea. The federation makes it so I can see Lemmy posts on mastodon. Etc… id like to draw a parallel in my app with the chat-view and the inteagram-view
I don’t think this kind of app could be an alternative to instagram because of it only being P2P with only people you know.
The app is using webRTC which exposes IP addresses, so you wouldn’t want something like a global feed on this.
Immich sounds interesting. I’d like to make time to check it out.
P2P allows for a fairly unexplored infrastructure for content moderation. In this app, the feed of images would only be from people you connect to. For people to connect to you, you have to share a crypto random id.
As a webapp you can clear the site data by logging out. Basically, people cannot randomly connect to you and share things you don’t like.
I won’t be adding anything like a global feed. Only content that you shared or received.
This doesn’t remove the risk of people sending you things you don’t like so I’m all ears for an approach to that. I didn’t make much progress on the following. If there are any hard features you think would help, let me know. I’d like to make some time to create a “block contact” but it’ll take time and consideration to do it properly (so I don’t expect it soon). Things like logging out and being able to backup your profile might be enough, but not as user-friendly as it could be.
Thanks. I’ve com across it before. You can find the corresponding security audit online.
Ive tried to address those concerns and I try to give details about it here: https://lemmy.ml/post/18497337
thanks for the reply! im actively looking for a way to compare it to simplex chat. i hope you can offer some advice.
here is a prev post about it. i think signal is a good app and works similarly to mine in many ways. but mine is distinct in that its provided as a PWA. the goal is specifically to create a secure chat app on a browser. simple provides all other offerings and perhaps came across feedback like i did that javascript is inherently insecure (to which, this app is my disagreement).
my app works similarly to how to derscribe simplex to work. in my app what you see as a “pod” is basically a chat room. the app doesnt have the group-chat functionality working as expected, but its a work in progress. the following is an attempt to explain how it works. it will work in a way that a room has an id to which users can send messages p2p. this is how it works for regular chat. it works with a slight different that the messages are stored on a blockchain structure. it isnt related to cryptocurrencies or anything. just blockchain as a dastructure. this becomes useful for group chat because it could allow for offlike messaging by something like user A, B and C have a group chat. C goes offline while A and B continue to chat. then A goes offline and C comes online to talk to B. when C connects to B for the second time, the messages from A will be shared and resolved via the blockchain functionality. i make an attempt to explain the benefit of the blockchain structure here. it isnt something i can advocate as an approach. its more something i was trying out and it seems to work better than i thought.
id like to hear more about your approach to distributed moderation. i was trying to investigate something like this and couldnt settle on an approach that would be useful. it would be great to hear your ideas if you want to share.
thanks! i have been making improvements, but i still notice a few connection issues i need to fix. im glad its working for you now.
i’ll definately be improving the “new chat” flow to align to whatsapp. ive already made a start.