Privacy

2054 readers

207 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

Ategon@programming.dev

danielintempesta@programming.dev

Send Messages Privately. No Cloud. No Trace. (chat.positive-intentions.com)

submitted 2 days ago* (last edited 2 days ago) by xoron@programming.dev to c/privacy@programming.dev

13 comments fedilink hide all child comments

App: https://chat.positive-intentions.com/
Code: https://github.com/positive-intentions/chat
Mastodon: https://infosec.exchange/@xoron
Reddit: https://www.reddit.com/r/positive_intentions

How it works: https://positive-intentions.com/docs/projects/chat

TLDR: im working on a p2p messaging webapp. webapps are generally not considered secure because of the nature of serving satics over the internet. this is correct, but not a limitation of this project. (selfhosting options: https://positive-intentions.com/blog/docker-ios-android-desktop).

as a webapp, i can provide the app with zero-installation and no-registration. the storage is local-only from your browser/device. so “the cloud”, but the cloud storage capacity is made up of your devices. this allows for things like p2p authentication: https://positive-intentions.com/blog/security-privacy-authentication.

Future: im aiming to create the most secure messaging app out there... (more than signal, simplex, etc). i know i have a have a long way to go to get there. the UI is fairly ugly for the average user, but i think the mechanics are working as expected. i think javascript is underrated in what you can do with it. i actively investigting improving the encryption approach further to align to how the signal protocol works (currently using the classic diffie-helman key-exchange).

Support: i would like to keep this project open source, but open-source funding is not working for me. i dont want your donations because it isnt sustainable for a long-term project. i have so far only experienced grant-funding rejections. i have no idea what im doing in trying to get funding for this project, so any support/advice is appriciated. in recognition of the project in its current state not able to get funding... (sorry) i will have to go close-source (which id like to avoid because it undemines several cybersecurity claims id like to make.)

you are viewing a single comment's thread
view the rest of the comments

[–] IceFoxX@lemmy.world 2 points 2 days ago* (last edited 2 days ago) (1 children)

Tox Protocol and some messenger build for this. I don't want to say anything against your project. I just wanted to mention it.

[–] xoron@programming.dev 3 points 2 days ago* (last edited 2 days ago) (1 children)

Thanks for the tip. The future of the encryption is still under consideration. I'm not against the tox protocol... The signal protocol seems better regarded.

[–] IceFoxX@lemmy.world 1 points 2 days ago (1 children)

I remember when it was at the very beginning of development... Tor still seemed more confidential and not already infiltrated on a large scale, which made Tox sound even more attractive back then. Still, it's always something I mention.

[–] xoron@programming.dev 2 points 1 day ago* (last edited 1 day ago) (1 children)

Thanks. Can you tell me more about how a P2P system can get infiltrated. I'm fairly confident in my approach. I hope I'm not being too naive.

Users can always make mistakes/bad-choices and so I've tried to create some guidelines to follow.

https://github.com/positive-intentions/chat#security-and-privacy-recommendations

[–] IceFoxX@lemmy.world 2 points 1 day ago

By infiltrating, I was referring to Tor and not to P2P solutions. Or I also wanted to imply that you would have to pay attention to this with tox, for example. So that's a plus point for your approach.