this post was submitted on 28 Jun 2024
39 points (88.2% liked)

Selfhosted

40439 readers
821 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
39
Encrypted P2P Chat (chat.positive-intentions.com)
submitted 5 months ago by xoron to c/selfhosted
 

chat.positive-intentions.com

https://github.com/positive-intentions/chat

I'm excited to share with you an instant messaging application I've been working on that might interest you. This is a chat app designed to work within your browser, with a focus on browser-based security and decentralization.

What makes this app unique is that it doesn't rely on messaging servers to function. Instead, it works based on your browser's javascript capabilities, so even low-end devices should work.

Here are some features of the app:

  • Encrypted messaging: Your messages are encrypted, making them more secure.
  • File sharing: Easily share files using WebRTC technology and QR codes.
  • Voice and video calls: Connect with others through voice and video calls.
  • Shared virtual space: Explore a shared mixed-reality space.
  • Image board: Browse and share images in a scrollable format.

Your security is a top priority. Here's how the app keeps you safe:

  • Decentralized authentication: No central server is required for login, making it harder for anyone to gain unauthorized access.
  • Unique IDs: Your ID is cryptographically random, adding an extra layer of security.
  • End-to-end encryption: Your messages are encrypted from your device to the recipient's device, ensuring only you and the recipient can read them.
  • Local data storage: Your data is stored only on your device, not on any external servers.
  • Self-hostable: You have the option to host the app on your own server if you prefer.

The app is still in the early stages and I'm exploring what's possible with this technology. I'd love to hear your feedback on the idea and the current state of the app. If you have any feature requests or ideas, I'm all ears in the comments below!

Looking forward to hearing your thoughts!

The live app

About the app

Docs

you are viewing a single comment's thread
view the rest of the comments
[–] xoron 2 points 5 months ago* (last edited 5 months ago)

thanks for the feedback!

the app is a work in progress and full of bugs and issues. as a side project i can only set aside so much time to do things. the app as you see it is something im approaching with a "release often" approach. this will highlight thing like you are doing for me to prioritize. the profile loading from file is something i havent taken a look at in a while so thanks for that! i will take a look when i can make time for it :)

the cryptography in the app can be a whole separate discussion. but to be brief, the crypto signature input is something the app uses to generate a cryptographically random value... basically whatever you draw (e.g. "a smiley face") gets converted to a base64 string... then this is passed through a sha-256 hashing function. the idea is that even if you try, you could never draw the "exact" same smiley that would be pixel perfect and result in the same hash. the app also appends this to the cryptographically random value generated from the browsers built-in functions. so that crypto-signature is actually entirely redundent but could address concerns about the device/browser cryptography functions being compromized.

for the QR, i tried to make it a resolution that would be reasonable to view from another phone... to see the data that is being squashed into the QR codes for offline, you can take a look at the details around here. https://github.com/positive-intentions/chat/issues/6 ... there is an offline demo described there where instead of QR code it shows the data as plain text (this will include things like IP so you shouldnt be pasting this publicly anywhere... these details generated only exist on your device in memory)