positive_intentions

joined 9 months ago
sorted by: new top controversial old
Roast the security of my app in c/[email protected]
[–] [email protected] 2 points 1 week ago

since the original post, i tried “military grade” in the wording and while i hope it triggered alerts for attention, i generally recieved feedback like yours where it isnt standardized and basically marketing words.

following the feedback ive now rephrased it some something like “industry grade”.

4
P2P E2EE Messaging (lemmy.ml)
 

https://github.com/positive-intentions/chat

A webapp for P2P E2EE messaging and file transfer. its a fairly unique approach to secure messaging.

the project isnt ready to replace any existing apps or services, but given the competative market for this kind of project, id like to push it out to get feedback.

i made an attempt to create documentation on the website, but otherwise feel free to reach out with questions about how it works.

Note: this project has NOT been audited. It, along with it's source code are provided for testing and demo purposes.

P2P E2EE Messaging in c/[email protected]
[–] [email protected] 2 points 3 weeks ago* (last edited 3 weeks ago)

group chat is still a work-in-progress, but it'll work in a way where asymmetric and symmetric encryption keys are generated in javascript using cryptography tools provided by the browser of your choice.

when a connection is established over webrtc (which mandates encryption anyway), the asymmetric keys are exchanged using the diffie-helman technique.

the keys are persisted into browser storage (indexedDB) so in a future reconnection, new keys dont need to be rgenerated. if you connect to a "known-peer", the keys can be used for a kind-of p2p authentication.

all the security here depends on the security of the connected devices involved. this approach is in contast to connecting to an api to authenticate and proxy encrypted messages.

for more info there may be related information/links here: https://positive-intentions.com/blog/security-privacy-authentication

P2P E2EE Messaging in c/[email protected]
[–] [email protected] 3 points 3 weeks ago (2 children)

That's right. It's using peerjs-server as the connection broker.

28
P2P E2EE Messaging (lemmy.ml)
 

https://github.com/positive-intentions/chat

A webapp for P2P E2EE messaging and file transfer. its a fairly unique approach to secure messaging.

the project isnt ready to replace any existing apps or services, but given the competative market for this kind of project, id like to push it out to get feedback.

i made an attempt to create documentation on the website, but otherwise feel free to reach out with questions about how it works.

Note: this project has NOT been audited. It, along with it's source code are provided for testing and demo purposes.

P2P E2EE messaging and file-transfer in c/[email protected]
[–] [email protected] 1 points 3 weeks ago

Thanks! That's great to hear.

P2P E2EE messaging and file-transfer in c/[email protected]
[–] [email protected] 2 points 3 weeks ago (1 children)

There's sometimes a bug where you have to have to exchange that ID both ways.

There a lot of docs to read through so just in case you overlooked it, I hope the video on this page helps: https://positive-intentions.com/docs/basics/peers

If that doesn't help, then it's something I need to fix. I am aware of a few issues with connecting to people when not on the same network. Webrtc should still work, so I chalk it up to some bug I should prioritize.

Id be interested to hear about the experience of trying to connect with the file app. I added some changes to make things work better, if that works I may have an idea of how to fix it for the chat app.

P2P E2EE messaging and file-transfer in c/[email protected]
[–] [email protected] 0 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

the google stuff is only for the website. the apps have their own subdomains and CSP headers that block foreign scripts.

(the direct links are found on the website footer under “links”)

the chat app is flexible in the ways it can be run as further described here: https://positive-intentions.com/blog/docker-ios-android-desktop. im trying things out with tauri and maybe some version hits the f-droid store at some point?

P2P E2EE messaging and file-transfer in c/[email protected]
[–] [email protected] 1 points 3 weeks ago (2 children)

thanks for your reply.

can i do both? the chat app is completely open source. thats the thing i wanted to get traction on, but it doesnt seem to be working. which is understandable with things like bugs and audits missing.

so for a new approach with "file" i'm creating an app that is simplified to being purely for file transfer. i hope this simplication can also lead to more stable functionality to hopefully get to a level where it can send 300gb over webrtc. id like to this approach to remain close source so that i can create something competative in the market for file-transfer.

P2P E2EE messaging and file-transfer in c/[email protected]
[–] [email protected] 0 points 3 weeks ago (5 children)

if youre asking for an audit, i expect you have an idea that they arent cheap. its simply beyond my means. the project is too complicated for pro-bono work.

the chat app (which contains file-transfer capabilities) is open source. id like to develop the p2p capabilities into a SaaS and so its logical to lean towards close-source for the "file" app.

P2P E2EE messaging and file-transfer in c/[email protected]
[–] [email protected] 1 points 3 weeks ago

thanks! im playing around with the website to make the landing page experience more appealing. the apps themselves, are running inside an iframe.

the google stuff is only for the website. the apps have their own subdomains and CSP headers that block foreign scripts.

(the direct links are found on the website footer under "links")

30
P2P E2EE messaging and file-transfer (positive-intentions.com)
 

https://positive-intentions.com/

A webapp for P2P E2EE messaging and file transfer. its a fairly unique approach to secure messaging.

the project isnt ready to replace any existing apps or services, but given the competative market for this kind of project, id like to push it out to get feedback.

i made an attempt to create documentation on the website, but otherwise feel free to reach out with questions about how it works.

3
Browser Based P2P File Transfer (lemmy.ml)
 

i created a browser-based tool for p2p file transfer where it doesnt use any backend for storage. instead, it relies on storage provided by the browser.

https://file.positive-intentions.com/

Selfhosted P2P File Transfer & Messaging PWA in c/[email protected]
[–] [email protected] 1 points 2 months ago

Thanks!

I'd like to add data encryption at rest, but thats still a work in progress. A previous post on the matter: https://lemmy.ml/post/22209501 .

I hope to improve the project over time. A roadmap of possible capabilities can be seen here: https://positive-intentions.com/blog/introducing-decentralized-chat#roadmap-the-future-of-secure-file-sharing

I'm motivated to work on the project because its interesting, but it seems this project is not sustainable open source and so I'm investigating options in how to go forward.

(The chat app repository will still remain open source. Making it close-source would undermine it's security claims.)

9
Webcomponents With ReactJS Syntax (lemmy.ml)
 

I'm creating a JavaScript UI framework for my own projects. It's a learning journey and I'd like to share my progress.

I've written some blog posts about my progress so far:

  1. Functional Web Components - https://positive-intentions.com/blog/dim-functional-webcomponents
  2. Functional Todo App - https://positive-intentions.com/blog/dim-todo-list
  3. Async State Management - https://positive-intentions.com/blog/async-state-management
  4. Bottom-up Browser Storage - https://positive-intentions.com/blog/bottom-up-storage

Note: The UI framework is far from finished. I want to share progress to see if there are any outstanding issues I'm overlooking.

Selfhosted P2P File Transfer & Messaging PWA in c/[email protected]
[–] [email protected] 1 points 2 months ago

the web version is intended to work on all platforms without compilation.

a html file-input is simple to add on a webpage. when selecting a file, its loaded into memory. at that point you can encrypt that file and sent it over webrtc... voila; p2p encrypted file transfer.

my approach to a mobile (ios/android) version is using capacitorjs/tauri... its basically a native wrapper with a webview.

Selfhosted P2P File Transfer & Messaging PWA in c/[email protected]
[–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (2 children)

P2p encrypted file sharing is sadly still an unsolved problem

thanks for your input, but can you explain what you mean by "unsolved problem"?... p2p encrypted file transfer is demonstrated in the app.

12
Selfhosted P2P File Transfer & Messaging PWA (lemmy.ml)
submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]
0 comments fedilink
 

App: https://chat.positive-intentions.com/

A p2p encrypted file transfer and messaging app. Here are some features below:

  • Open Source
  • Cross platform
    • PWA
    • iOS, Android, Desktop (self compile)
    • App store, Play store (coming soon)
    • Desktop
      • Windows, Macos, Linux (self compile)
      • run index.html on any modern browser
    • Decentralized
  • Secure
    • No cookies
    • P2P encrypted
    • No registration
    • No installing
  • Messaging
    • Group Messaging (coming soon)
    • Text Messaging
    • Multimedia Messaging
    • Screensharing (on desktop browsers)
    • Offline Messaging (in research phase)
    • File Transfer
    • Video Calls
  • Data Ownership
    • Self Hosting
    • GitHub pages Hosting
    • Local-Only storage

Check it out!

27
Selfhosted P2P File Transfer & Messaging PWA (lemmy.ml)
submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]
6 comments fedilink
 

App: https://chat.positive-intentions.com/

A p2p encrypted file transfer and messaging app. Here are some features below:

  • Open Source
  • Cross platform
    • PWA
    • iOS, Android, Desktop (self compile)
    • App store, Play store (coming soon)
    • Desktop
      • Windows, Macos, Linux (self compile)
      • run index.html on any modern browser
    • Decentralized
  • Secure
    • No cookies
    • P2P encrypted
    • No registration
    • No installing
  • Messaging
    • Group Messaging (coming soon)
    • Text Messaging
    • Multimedia Messaging
    • Screensharing (on desktop browsers)
    • Offline Messaging (in research phase)
    • File Transfer
    • Video Calls
  • Data Ownership
    • Self Hosting
    • GitHub pages Hosting
    • Local-Only storage

Check it out!

14
Selfhosted P2P File Transfer & Messaging PWA (lemmy.ml)
submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]
0 comments fedilink
 

App: https://chat.positive-intentions.com/

A p2p encrypted file transfer and messaging app. Here are some features below:

  • Open Source
  • Cross platform
    • PWA
    • iOS, Android, Desktop (self compile)
    • App store, Play store (coming soon)
    • Desktop
      • Windows, Macos, Linux (self compile)
      • run index.html on any modern browser
    • Decentralized
  • Secure
    • No cookies
    • P2P encrypted
    • No registration
    • No installing
  • Messaging
    • Group Messaging (coming soon)
    • Text Messaging
    • Multimedia Messaging
    • Screensharing (on desktop browsers)
    • Offline Messaging (in research phase)
    • File Transfer
    • Video Calls
  • Data Ownership
    • Self Hosting
    • GitHub pages Hosting
    • Local-Only storage

Check it out!

5
Selfhosted P2P File Transfer & Messaging PWA (lemmy.ml)
submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]
3 comments fedilink
 

App: https://chat.positive-intentions.com/

A p2p encrypted file transfer and messaging app. Here are some features below:

  • Open Source
  • Cross platform
    • PWA
    • iOS, Android, Desktop (self compile)
    • App store, Play store (coming soon)
    • Desktop
      • Windows, Macos, Linux (self compile)
      • run index.html on any modern browser
    • Decentralized
  • Secure
    • No cookies
    • P2P encrypted
    • No registration
    • No installing
  • Messaging
    • Group Messaging (coming soon)
    • Text Messaging
    • Multimedia Messaging
    • Screensharing (on desktop browsers)
    • Offline Messaging (in research phase)
    • File Transfer
    • Video Calls
  • Data Ownership
    • Self Hosting
    • GitHub pages Hosting
    • Local-Only storage

Check it out!

37
P2P Social Media (positive-intentions.com)
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/[email protected]
11 comments fedilink
2
Roast the security of my app (lemmy.ml)
submitted 7 months ago* (last edited 7 months ago) by [email protected] to c/[email protected]
4 comments fedilink
 

im aiming to make a chat app secure as theorhetically possible as a webapp. for transparency its open source. id like the experience to be as close to possible to a regular chat app. its important to note; there are limitation with p2p and webapps such that messages cant be sent if the peer isnt connected.

to keep this post brief, please take a look at the readme. it has all the information and links.

i dont think its ready to replace any app or service, but id love to get feedback on what you think would make it so you would use it more than once.

1
Roast the security of my app (lemmy.ml)
 

im aiming to make a chat app secure as theorhetically possible as a webapp. for transparency its open source. id like the user experience to be as close to possible to a regular chat app. its important to note; there are limitation with p2p and webapps such that messages cant be sent if the peer isnt connected.

to keep this post brief, please take a look at the readme. it has all the information and links.

i dont think its ready to replace any app or service, but id love to get feedback on what you think would make it so you would use it more than once.

view more: next ›