https://github.com/positive-intentions/chat
I’m excited to share with you an instant messaging application I’ve been working on that might interest you. This is a chat app designed to work within your browser, with a focus on browser-based security and decentralization.
What makes this app unique is that it doesn’t rely on messaging servers to function. Instead, it works based on your browser’s javascript capabilities, so even low-end devices should work.
Here are some features of the app:
- Encrypted messaging: Your messages are encrypted, making them more secure.
- File sharing: Easily share files using WebRTC technology and QR codes.
- Voice and video calls: Connect with others through voice and video calls.
- Shared virtual space: Explore a shared mixed-reality space.
- Image board: Browse and share images in a scrollable format.
Your security is a top priority. Here’s how the app keeps you safe:
- Decentralized authentication: No central server is required for login, making it harder for anyone to gain unauthorized access.
- Unique IDs: Your ID is cryptographically random, adding an extra layer of security.
- End-to-end encryption: Your messages are encrypted from your device to the recipient’s device, ensuring only you and the recipient can read them.
- Local data storage: Your data is stored only on your device, not on any external servers.
- Self-hostable: You have the option to host the app on your own server if you prefer.
The app is still in the early stages and I’m exploring what’s possible with this technology. I’d love to hear your feedback on the idea and the current state of the app. If you have any feature requests or ideas, I’m all ears in the comments below!
Looking forward to hearing your thoughts!
Matrix is a good implementation and I like how it works. Mine is a work in progress and far from finished. It isn’t ready to replace any app or service. The key detail about my app is that it’s browser based. This has its own limitations with what a webapp can do. I think it makes for a different approach to decentralized chat.
I remember trying Retroshare… no offline message is the biggest obstacle.
Is there a channel/group to start on?
I’m not sure about what you’re asking. Maybe it’s about getting started? https://youtu.be/KKpu2rXvqfM?si=iWyTv9PzSpcAnsmr
Oh, ok, that was practically it. I just went in to test it yesterday, but had nobody to test with, hence the question about a channel/group. But after this video and a night of sleep, my brain finally caught up. This is not geared towards that, but rather exclusively p2p.
I’m sorry for my dumb question. And thank you again for clarifying.
- What does “authentication” mean if there’s no server?
- How do browsers behind NAT connect to each other?
- How does it verify that the other chat partner is who they say they are?
- Why use this and not Simplex?
For NAT, there is apparently a way to traverse NAT. I haven’t tried it tho, but the dude has a lot of research on the topic (NAT traversal), so if that didn’t work, maybe others will
What does “authentication” mean if there’s no server? - the app uses browser based cryptography functions as described here: https://github.com/positive-intentions/cryptography/blob/staging/src/stories/components/Cryptography.tsx … basically asymmetric and symmetric keys are generated between peers on the initial connection and stored on device (indexedDB). maybe this helps: https://positive-intentions.com/docs/research/authentication/
How do browsers behind NAT connect to each other? - the app is using peerjs and so it also uses the peerjs-server as a connection broker. im investigating things like exchanging webrtc connection data offline with things like qr-codes.
How does it verify that the other chat partner is who they say they are? - the asymmetric keys exchanged after the initial connections. i cant drive home a point more clearly. the first connection should be secure, the peerID is cryptographically random, but i have to defer the responsibility of exchanging this ID to a peer they trust. https://positive-intentions.com/docs/basics/getting-started#security-reminders
Why use this and not Simplex? - this app is a work in progress and not ready to replace anything.
this is a side project and im unable set anything aside for having security professionals take a look. its important to note, i am not a cryptography expert… i just know enough to create the app. i try to make this clear in all of my posts that it is for testing purposes only because it could be irresponsible to advertise this this fully working. while the security attempt is genuine. to fix various issues throught the app, i expect there will be breaking changes.
further more about security assessment; while the app is open source, i found that its too complicated for a security assessment without a budget. this is going to be addressed in a ground up implementation of the p2p framework. https://github.com/positive-intentions/p2p … this will eventually replace what is being used in the app and will make it easier to inspect how it works.
What makes this app unique is that it doesn’t rely on messaging servers to function.
Okay, well, that sounds like a drawback to me?
