Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)P

positive_intentions

@ positive_intentions @lemmy.ml

Posts
25
Comments
83
Joined
2 yr. ago

  • P2P Encrypted File Sharing

    Jump

  • if i do a good job, it would have comparable features.

    the key distinction between mine and other apps like syncthing, is that its provided as a zero-installation, zero-registration webapp.

    so its basically ready to use at any point on any device that has a browser.

  • P2P Encrypted File Sharing.

    Jump

  • there isnt any UI for this yet, but id like to make it so users can input their own TURN/STUN servers as described in the peerjs docs: https://peerjs.com/docs/#peer-options-config

    id like to work towards making it so that the frontend and backend are independently selfhostable to suit thier networking config.

  • jeremyckahn/chitchatter: Secure peer-to-peer chat that is serverless, decentralized, and ephemeral

    Jump

  • hey. im working on something similar with more features and more robust cryptography.

    its still a work-in-progress, but its available for testing if youd like to try it out.

    https://github.com/positive-intentions/chat

  • Roast the security of my app

    Jump

  • since the original post, i tried “military grade” in the wording and while i hope it triggered alerts for attention, i generally recieved feedback like yours where it isnt standardized and basically marketing words.

    following the feedback ive now rephrased it some something like “industry grade”.

  • P2P E2EE Messaging

    Jump

  • group chat is still a work-in-progress, but it'll work in a way where asymmetric and symmetric encryption keys are generated in javascript using cryptography tools provided by the browser of your choice.

    when a connection is established over webrtc (which mandates encryption anyway), the asymmetric keys are exchanged using the diffie-helman technique.

    the keys are persisted into browser storage (indexedDB) so in a future reconnection, new keys dont need to be rgenerated. if you connect to a "known-peer", the keys can be used for a kind-of p2p authentication.

    all the security here depends on the security of the connected devices involved. this approach is in contast to connecting to an api to authenticate and proxy encrypted messages.

    for more info there may be related information/links here: https://positive-intentions.com/blog/security-privacy-authentication

  • P2P E2EE Messaging

    Jump

  • That's right. It's using peerjs-server as the connection broker.

  • P2P E2EE messaging and file-transfer

    Jump

  • Thanks! That's great to hear.

  • P2P E2EE messaging and file-transfer

    Jump

  • There's sometimes a bug where you have to have to exchange that ID both ways.

    There a lot of docs to read through so just in case you overlooked it, I hope the video on this page helps: https://positive-intentions.com/docs/basics/peers

    If that doesn't help, then it's something I need to fix. I am aware of a few issues with connecting to people when not on the same network. Webrtc should still work, so I chalk it up to some bug I should prioritize.

    Id be interested to hear about the experience of trying to connect with the file app. I added some changes to make things work better, if that works I may have an idea of how to fix it for the chat app.

  • P2P E2EE messaging and file-transfer

    Jump

  • P2P E2EE messaging and file-transfer

    Jump

  • thanks! im playing around with the website to make the landing page experience more appealing. the apps themselves, are running inside an iframe.

    the google stuff is only for the website. the apps have their own subdomains and CSP headers that block foreign scripts.

    (the direct links are found on the website footer under "links")

  • Selfhosted P2P File Transfer & Messaging PWA

    Jump

  • thanks! yeah i agree it could do with more attention on the UX.

  • Selfhosted P2P File Transfer & Messaging PWA

    Jump

  • Thanks!

    I'd like to add data encryption at rest, but thats still a work in progress. A previous post on the matter: https://lemmy.ml/post/22209501 .

    I hope to improve the project over time. A roadmap of possible capabilities can be seen here: https://positive-intentions.com/blog/introducing-decentralized-chat#roadmap-the-future-of-secure-file-sharing

    I'm motivated to work on the project because its interesting, but it seems this project is not sustainable open source and so I'm investigating options in how to go forward.

    (The chat app repository will still remain open source. Making it close-source would undermine it's security claims.)

  • Selfhosted P2P File Transfer & Messaging PWA

    Jump

  • the web version is intended to work on all platforms without compilation.

    a html file-input is simple to add on a webpage. when selecting a file, its loaded into memory. at that point you can encrypt that file and sent it over webrtc... voila; p2p encrypted file transfer.

    my approach to a mobile (ios/android) version is using capacitorjs/tauri... its basically a native wrapper with a webview.

  • Selfhosted P2P File Transfer & Messaging PWA

    Jump

  • P2p encrypted file sharing is sadly still an unsolved problem

    thanks for your input, but can you explain what you mean by "unsolved problem"?... p2p encrypted file transfer is demonstrated in the app.

  • Selfhosted P2P File Transfer & Messaging PWA

    Jump

  • its browser based. it uses webrtc to create p2p connections between browsers. concepts like authentication takes the form of using cryptography capabilities of a typical browser. the storage of data from messages to encryption keys are stored in indexedDB as provided by the browser of your choice. there is an emphesis on client-side browser-based capabilities in all parts of the app.

    matrix is a good peer reviewed and generally reccommended solution. this project isnt intended to replace any existing solution. there are many other similar projects out there, but i notice there arent many presented as webapps. this is my attempt.

  • P2P Social Media

    Jump

  • My app is different because the auth is handled between peers. So it could only every be people you shared your ID with. Security is important for me on this project. Its more important than the app being popular. https://www.reddit.com/r/CyberSecurityAdvice/comments/1ev5kqn/is_this_a_secure_messaging_app/

    People should not connect to strangers on this app because of the potential risks of IP exposure... But between people you trust or between your own devices, it should work as expected for testing.

    As for allowing links with expiration, you basically have that already with what looks like the login/logout functionality. There is no actual registration, it's just a UI for creating and deleting crypto random ID profiles.

    Lemmy and the fediverse is a good idea. The federation makes it so I can see Lemmy posts on mastodon. Etc... id like to draw a parallel in my app with the chat-view and the inteagram-view

  • P2P Social Media

    Jump

  • I don't think this kind of app could be an alternative to instagram because of it only being P2P with only people you know.

    The app is using webRTC which exposes IP addresses, so you wouldn't want something like a global feed on this.

    Immich sounds interesting. I'd like to make time to check it out.

  • P2P Social Media

    Jump

  • P2P Social Media

    Jump

  • P2P allows for a fairly unexplored infrastructure for content moderation. In this app, the feed of images would only be from people you connect to. For people to connect to you, you have to share a crypto random id.

    As a webapp you can clear the site data by logging out. Basically, people cannot randomly connect to you and share things you don't like.

    I won't be adding anything like a global feed. Only content that you shared or received.

    This doesn't remove the risk of people sending you things you don't like so I'm all ears for an approach to that. I didn't make much progress on the following. If there are any hard features you think would help, let me know. I'd like to make some time to create a "block contact" but it'll take time and consideration to do it properly (so I don't expect it soon). Things like logging out and being able to backup your profile might be enough, but not as user-friendly as it could be.

    https://www.reddit.com/r/darknetplan/comments/16qw24o/on_my_decentralized_chat_app_i_want_some_kind_of/

  • Open Source @lemmy.ml
    positive_intentions @lemmy.ml

    P2P Messaging and State Management: Todo List Demo.

    github.com /positive-intentions/p2p
  • Open Source @lemmy.ml
    positive_intentions @lemmy.ml

    P2P Framework

  • Self Hosted - Self-hosting your services. @lemmy.ml
    positive_intentions @lemmy.ml

    Decentralized Encrypted P2P Chat

    chat.positive-intentions.com
  • Privacy @lemmy.ml
    positive_intentions @lemmy.ml

    Decentralized Encrypted P2P Chat

    chat.positive-intentions.com
  • Open Source @lemmy.ml
    positive_intentions @lemmy.ml

    Decentralized Encrypted P2P Chat

    chat.positive-intentions.com