chat.positive-intentions.com

https://github.com/positive-intentions/chat

I’m excited to share with you an instant messaging application I’ve been working on that might interest you. This is a chat app designed to work within your browser, with a focus on browser-based security and decentralization.

What makes this app unique is that it doesn’t rely on messaging servers to function. Instead, it works based on your browser’s javascript capabilities, so even low-end devices should work.

Here are some features of the app:

  • Encrypted messaging: Your messages are encrypted, making them more secure.
  • File sharing: Easily share files using WebRTC technology and QR codes.
  • Voice and video calls: Connect with others through voice and video calls.
  • Shared virtual space: Explore a shared mixed-reality space.
  • Image board: Browse and share images in a scrollable format.

Your security is a top priority. Here’s how the app keeps you safe:

  • Decentralized authentication: No central server is required for login, making it harder for anyone to gain unauthorized access.
  • Unique IDs: Your ID is cryptographically random, adding an extra layer of security.
  • End-to-end encryption: Your messages are encrypted from your device to the recipient’s device, ensuring only you and the recipient can read them.
  • Local data storage: Your data is stored only on your device, not on any external servers.
  • Self-hostable: You have the option to host the app on your own server if you prefer.

The app is still in the early stages and I’m exploring what’s possible with this technology. I’d love to hear your feedback on the idea and the current state of the app. If you have any feature requests or ideas, I’m all ears in the comments below!

Looking forward to hearing your thoughts!

The live app

About the app

Docs

  • @wildbus8979@sh.itjust.works
    link
    fedilink
    11
    edit-2
    6 months ago

    Where is the crypto documented? I’m immediately dubious of messengers that do not provide LENGTHY documentation about the crypto. Did you roll your own? Are you using libraries? Which ones? Etc… It’s not s good start to see that you have the self signed certs hard-coded in the repo…

    • @positive_intentions@lemmy.mlOP
      link
      fedilink
      English
      36 months ago

      An understandable view. Not sure what you mean by lengthy, but I can confirm my app is not well documented. If the MDN docs count, its a fairly thin wrapper around the functionality provided by the browser of your choice.

      https://github.com/positive-intentions/cryptography/blob/staging/src/stories/components/Cryptography.tsx

      I’m using webpack 5 module federation to import that file at runtime. Perhaps over-engineered, but it’s so I can keep the crypto functionality maintained separately. That repo is in need of more attention for things like unit tests, but the crypto implementation there is pretty basic.

      • @wildbus8979@sh.itjust.works
        link
        fedilink
        56 months ago

        This doesn’t really explain how the whole protocol works. Are the keys exchanged for example? Are they rotated? If so when and how? From a quick glance at this bit of code this is just RSA? So no forward secrecy?

        • @positive_intentions@lemmy.mlOP
          link
          fedilink
          English
          36 months ago

          The app is a active work in progress. I try to make this clear in my post. Any “protocol” being used, is subject to change as I make improvements.

          You raise some good points about rotating keys and forward secrecy. These are things I will be including, but the app is far from finished.

          Maybe this helps a bit (I know it’s not what you want, but it’s the best I got at the moment without diving into the code): https://positive-intentions.com/docs/research/authentication/