from xoron@programming.dev to privacy@lemmy.ml on 11 Oct 17:49
https://programming.dev/post/38910303
IMPORTANT NOTE - READ FIRST:
This is still a work-in-progress and a close-source project (This is what a honeypot would look like). To view the open source MVP version see here. NONE of my projects have been audited or reviewed. I provide them for testing and demo purposes only. NOT to replace your current messaging app (or any other app you use).
BE RESPONSIBLE WHEN USING UNAUDITED SOFTWARE… DO NOT USE FOR SENSITIVE PURPOSES.
Now that I’ve hit you over the head with caution…
Want to send encrypted WebRTC messages and video calls with no downloads, no sign-ups and no tracking?
This prototype uses WebRTC to establish an encrypted browser-to-browser connection. Everything is ephemeral and cleared when you refresh the page - true zerodata privacy!
Check out the pre-release demo here.
- Website: positive-intentions.com
- Mastodon: infosec.exchange/@xoron
threaded - newest
Can they shut you down?
It’s a webapp hosted on AWS S3. That can be shut down along with the domain. I’d like to improve the functionality I have for the cacheing, so that it doesn’t need to fetch the statics from online if it already previously fetched them.
The open source version has a mirror hosted on GitHub pages. You can fork it and run it yourself there for free: positive-intentions.com/…/docker-ios-android-desk…
This still relies on servers to prepare the connection (you need the web server for the page but also I see it tries to connect to wss://0.peerjs.com), even if later the WebRTC communication is peer to peer.
There are ways around using a central server to establish a p2p connection. It isn’t well explained or demonstrated, but the concept seems to work here: github.com/positive-intentions/chat/issues/6 … I’d like to explore this more with exchanging the required data over QR codes or NFC.
Simplex is a great approach for p2p communication. I can easily recommend it over what I have done so far. At the very least, it’s gone through things like a professional security audits and seem to keep a high standard in their practices.
How is it better than Jami? Genuinely asking.
Just to be clear, my app is not better than jami (or any other app)… because its unreviewed close-source code.
The key distinction in my approach is that it’s a webapp-first approach. You can avoid registration and installation, which is a feature other apps don’t provide.