P2P Framework by positive_intentions in c/opensource@lemmy.ml
[-] positive_intentions@lemmy.ml 1 points 1 week ago

Thanks. I've come across tox before. It's a good implementation. The aim of my project is not to compete, but more to demonstrate a different approach to P2P technology.

A key detail in mine is that it's made to work in a typical web browser. While things like chat functionality can be demonstrated in our app. The app is capable to do things like shared xr spaces and shared filesystems... Unfortunately those features are still in need of refinement before they become appealing to users, but it works for a proof-of-concept.

14
P2P Framework (lemmy.ml)
submitted 1 week ago by positive_intentions@lemmy.ml to c/opensource@lemmy.ml
3 comments fedilink

p2p.positive-intentions.com

github.com/positive-intentions/p2p

a thin wrapper around peerjs with some functionalities for "intuitive" p2p communication.

this is a lighweight version of what is being used in our chat app. it will be developed with the aim to replace what is being used.

this is early development on this and it's missing all the bells-and-whistles seen in the chat app. It's an unstable experimental work-in-progress. it may contain bugs and/or incomplete features. provided for demo and educational purposes only.

Decentralized Encrypted P2P Chat by positive_intentions in c/selfhost@lemmy.ml
[-] positive_intentions@lemmy.ml 2 points 2 weeks ago* (last edited 2 weeks ago)

yeah. i find its difficult to gain traction from security professionals on this project as an individual. because from the onset it is pointed out that im not a cybersecurity professional (which is true).

when looking a security guidelines from things like OWASP i already notice that there are things like having every PR reviewed and other hoops i have to jump through to make the app secure as defined in those guidelines. i also notice there arent any guidelines for p2p apps and if i proceed with my own interpretation, it would undemine the guide. here is a question on reddit on the matter: https://www.reddit.com/r/CyberSecurityAdvice/comments/1cfywjj/security_guidelines_for_p2p_apps/

Decentralized Encrypted P2P Chat by positive_intentions in c/selfhost@lemmy.ml
[-] positive_intentions@lemmy.ml 3 points 2 weeks ago* (last edited 2 weeks ago)

your caution is well placed. this app is not ready to replace any existing app or service. it is only provided for demo and testing.

the feedback ive recieved from security professionals is that the project is too complicated to review without a budget (which is understandable). so i think updating the docs is something i will do when i have the protocol and algorithm better defined. (note: i am already planning on breaking changes, but havent found the time to do them.)

Decentralized Encrypted P2P Chat by positive_intentions in c/privacy@lemmy.ml
[-] positive_intentions@lemmy.ml 3 points 2 weeks ago

if "trust" in the static files from a url is a concern, (which is very reasonable), you can easily host your own instance.

i think it fits squarely as a "P2P app". over a hotspot, you can practically send messages offline. im not sure what other qualifiers are needed.

i dont think its ready to be compared to other tools yet. but i would be aiming to make it comparable to something like signal... but it'll take a while to get there.

6
Decentralized Encrypted P2P Chat (chat.positive-intentions.com)
submitted 2 weeks ago by positive_intentions@lemmy.ml to c/selfhost@lemmy.ml
13 comments fedilink

Id like to introduce you to a decentralized chat app that works purely in the browser. Breaking away from traditional solutions that require registration and installation.

A decentralized infrastructure has many unique challenges and this is a unique approach. Ive taken previsous feedback and made updates. Its important to note, it is still a work-in-progress and provided for testing/review/feedback purposes. it would be great if you can tell me what you think.

Some of the features of the app include:

  • Free
  • Decentralised
  • No cookies
  • P2P encrypted
  • No registration
  • No installing
  • Group messaging
  • Text messaging
  • Multimedia messaging
  • Offline messaging (LAN/hotspot)
  • File transfer
  • Video calls
  • Data-ownership
  • Selfhosted (optional)
  • Screensharing (on desktop browsers)
  • OS notifications (where supported)

With no registration or installation required, its easy to get started.

20
Decentralized Encrypted P2P Chat (chat.positive-intentions.com)
submitted 2 weeks ago* (last edited 2 weeks ago) by positive_intentions@lemmy.ml to c/privacy@lemmy.ml
3 comments fedilink

Id like to introduce you to a decentralized chat app that works purely in the browser. Breaking away from traditional solutions that require registration and installation.

A decentralized infrastructure has many unique challenges and this is a unique approach. Ive taken previsous feedback and made updates. Its important to note, it is still a work-in-progress and provided for testing/review/feedback purposes. it would be great if you can tell me what you think.

Some of the features of the app include:

  • Free
  • Decentralised
  • No cookies
  • P2P encrypted
  • No registration
  • No installing
  • Group messaging
  • Text messaging
  • Multimedia messaging
  • Offline messaging (LAN/hotspot)
  • File transfer
  • Video calls
  • Data-ownership
  • Selfhosted (optional)
  • Screensharing (on desktop browsers)
  • OS notifications (where supported)

With no registration or installation required, its easy to get started.

FOSS File Transfer Program? by positive_intentions in c/opensource@lemmy.ml
[-] positive_intentions@lemmy.ml 2 points 2 weeks ago* (last edited 2 weeks ago)

https://github.com/positive-intentions/chat

It uses webrtc for P2P connections.

Decentralized Encrypted P2P Chat by positive_intentions in c/opensource@lemmy.ml
[-] positive_intentions@lemmy.ml 2 points 2 weeks ago

Thanks. It's been mentioned before and I'd like to take a look at it when I can make the time.

Decentralized Encrypted P2P Chat by positive_intentions in c/opensource@lemmy.ml
[-] positive_intentions@lemmy.ml 2 points 2 weeks ago

The project it's in its early stages. There isn't anything as formal as a protocol yet. That is also why there isn't good documentation about it... The best I have for your question is:

https://positive-intentions.com/docs/research/authentication

Decentralized Encrypted P2P Chat by positive_intentions in c/opensource@lemmy.ml
[-] positive_intentions@lemmy.ml 2 points 2 weeks ago

There is a lot to be fixed throughout but file transfer and video calls should be working if you try out the live app.

Decentralized Encrypted P2P Chat by positive_intentions in c/opensource@lemmy.ml
[-] positive_intentions@lemmy.ml 3 points 2 weeks ago

The app is a active work in progress. I try to make this clear in my post. Any "protocol" being used, is subject to change as I make improvements.

You raise some good points about rotating keys and forward secrecy. These are things I will be including, but the app is far from finished.

Maybe this helps a bit (I know it's not what you want, but it's the best I got at the moment without diving into the code): https://positive-intentions.com/docs/research/authentication/

Decentralized Encrypted P2P Chat by positive_intentions in c/opensource@lemmy.ml
[-] positive_intentions@lemmy.ml 5 points 2 weeks ago

It's similar to matrix in many ways. The key difference is with mine it's is purely browser based. Unlike traditional solutions like matrix where you have a (self)hosted server, mine does not require things like registration or installation.

Decentralized Encrypted P2P Chat by positive_intentions in c/opensource@lemmy.ml
[-] positive_intentions@lemmy.ml 2 points 2 weeks ago

I'm using peerjs-server. I'm also investigating other ways to achieve peer discovery which itself could be quite a discussion.

Decentralized Encrypted P2P Chat by positive_intentions in c/opensource@lemmy.ml
[-] positive_intentions@lemmy.ml 3 points 2 weeks ago

An understandable view. Not sure what you mean by lengthy, but I can confirm my app is not well documented. If the MDN docs count, its a fairly thin wrapper around the functionality provided by the browser of your choice.

https://github.com/positive-intentions/cryptography/blob/staging/src/stories/components/Cryptography.tsx

I'm using webpack 5 module federation to import that file at runtime. Perhaps over-engineered, but it's so I can keep the crypto functionality maintained separately. That repo is in need of more attention for things like unit tests, but the crypto implementation there is pretty basic.

50
Decentralized Encrypted P2P Chat (chat.positive-intentions.com)
submitted 2 weeks ago* (last edited 2 weeks ago) by positive_intentions@lemmy.ml to c/opensource@lemmy.ml
26 comments fedilink

chat.positive-intentions.com

https://github.com/positive-intentions/chat

I'm excited to share with you an instant messaging application I've been working on that might interest you. This is a chat app designed to work within your browser, with a focus on browser-based security and decentralization.

What makes this app unique is that it doesn't rely on messaging servers to function. Instead, it works based on your browser's javascript capabilities, so even low-end devices should work.

Here are some features of the app:

  • Encrypted messaging: Your messages are encrypted, making them more secure.
  • File sharing: Easily share files using WebRTC technology and QR codes.
  • Voice and video calls: Connect with others through voice and video calls.
  • Shared virtual space: Explore a shared mixed-reality space.
  • Image board: Browse and share images in a scrollable format.

Your security is a top priority. Here's how the app keeps you safe:

  • Decentralized authentication: No central server is required for login, making it harder for anyone to gain unauthorized access.
  • Unique IDs: Your ID is cryptographically random, adding an extra layer of security.
  • End-to-end encryption: Your messages are encrypted from your device to the recipient's device, ensuring only you and the recipient can read them.
  • Local data storage: Your data is stored only on your device, not on any external servers.
  • Self-hostable: You have the option to host the app on your own server if you prefer.

The app is still in the early stages and I'm exploring what's possible with this technology. I'd love to hear your feedback on the idea and the current state of the app. If you have any feature requests or ideas, I'm all ears in the comments below!

Looking forward to hearing your thoughts!

The live app

About the app

Docs

view more: next ›

positive_intentions

joined 2 weeks ago