group chat is still a work-in-progress, but it’ll work in a way where asymmetric and symmetric encryption keys are generated in javascript using cryptography tools provided by the browser of your choice.

when a connection is established over webrtc (which mandates encryption anyway), the asymmetric keys are exchanged using the diffie-helman technique.

the keys are persisted into browser storage (indexedDB) so in a future reconnection, new keys dont need to be rgenerated. if you connect to a “known-peer”, the keys can be used for a kind-of p2p authentication.

all the security here depends on the security of the connected devices involved. this approach is in contast to connecting to an api to authenticate and proxy encrypted messages.

for more info there may be related information/links here: https://positive-intentions.com/blog/security-privacy-authentication

That’s right. It’s using peerjs-server as the connection broker.

Thanks! That’s great to hear.

There’s sometimes a bug where you have to have to exchange that ID both ways.

There a lot of docs to read through so just in case you overlooked it, I hope the video on this page helps: https://positive-intentions.com/docs/basics/peers

If that doesn’t help, then it’s something I need to fix. I am aware of a few issues with connecting to people when not on the same network. Webrtc should still work, so I chalk it up to some bug I should prioritize.

Id be interested to hear about the experience of trying to connect with the file app. I added some changes to make things work better, if that works I may have an idea of how to fix it for the chat app.

the google stuff is only for the website. the apps have their own subdomains and CSP headers that block foreign scripts.

• https://file.positive-intentions.com/
• https://chat.positive-intentions.com/

(the direct links are found on the website footer under “links”)

the chat app is flexible in the ways it can be run as further described here: https://positive-intentions.com/blog/docker-ios-android-desktop. im trying things out with tauri and maybe some version hits the f-droid store at some point?

thanks! im playing around with the website to make the landing page experience more appealing. the apps themselves, are running inside an iframe.

the google stuff is only for the website. the apps have their own subdomains and CSP headers that block foreign scripts.

• https://file.positive-intentions.com/
• https://chat.positive-intentions.com/

(the direct links are found on the website footer under “links”)

thanks! yeah i agree it could do with more attention on the UX.

Thanks!

I’d like to add data encryption at rest, but thats still a work in progress. A previous post on the matter: https://lemmy.ml/post/22209501 .

I hope to improve the project over time. A roadmap of possible capabilities can be seen here: https://positive-intentions.com/blog/introducing-decentralized-chat#roadmap-the-future-of-secure-file-sharing

I’m motivated to work on the project because its interesting, but it seems this project is not sustainable open source and so I’m investigating options in how to go forward.

(The chat app repository will still remain open source. Making it close-source would undermine it’s security claims.)

the web version is intended to work on all platforms without compilation.

a html file-input is simple to add on a webpage. when selecting a file, its loaded into memory. at that point you can encrypt that file and sent it over webrtc… voila; p2p encrypted file transfer.

my approach to a mobile (ios/android) version is using capacitorjs/tauri… its basically a native wrapper with a webview.

P2p encrypted file sharing is sadly still an unsolved problem

thanks for your input, but can you explain what you mean by “unsolved problem”?.. p2p encrypted file transfer is demonstrated in the app.

its browser based. it uses webrtc to create p2p connections between browsers. concepts like authentication takes the form of using cryptography capabilities of a typical browser. the storage of data from messages to encryption keys are stored in indexedDB as provided by the browser of your choice. there is an emphesis on client-side browser-based capabilities in all parts of the app.

matrix is a good peer reviewed and generally reccommended solution. this project isnt intended to replace any existing solution. there are many other similar projects out there, but i notice there arent many presented as webapps. this is my attempt.