Privacy

3142 readers

218 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

Ategon@programming.dev

danielintempesta@programming.dev

-2

P2P WhatsApp Clone (infosec.pub)

submitted 4 weeks ago* (last edited 4 weeks ago) by xoron@programming.dev to c/privacy@programming.dev

10 comments fedilink hide all child comments

Want to send E2E encrypted messages and video calls with no downloads, no sign-ups and no tracking?

This prototype uses PeerJS to establish a secure browser-to-browser connection. Using browser-only storage—true zerodata privacy!

Check out the pre-release demo here.

NOTE: This is still a work-in-progress and partially a close-source project. To view the open source version see here. It has NOT been audited or reviewed. For testing purposes only, not a replacement for your current messaging app.

Docs: https://positive-intentions.com/docs/category/sparcle
Reddit: https://www.reddit.com/r/positive/_intentions
Mastodon: https://infosec.exchange/@xoron
More: https://positive-intentions.com/

How it works:

PeerJS allows users to connect with a unique string. A crypto-random ID is generated automatically on the frontend and used for the connection.

To connect, you can share your unique ID. Strangers are not able to guess your ID. Upon the initial connection, new encryption keys are exchanged and persisted to browser storage. These are used to encrypt message payloads to be sent over the WebRTC connection as created with PeerJS.

After a page reload (or future session), the app automatically pings the "known peers". If connecting to to a peer ID that is already registered, the previsously establish encryption keys are used to authenticate the user. This helps prevent MITM.

you are viewing a single comment's thread
view the rest of the comments

[–] tux0r@feddit.org 1 points 4 weeks ago (4 children)

Won't work in Edge.

[–] xoron@programming.dev 2 points 4 weeks ago* (last edited 4 weeks ago) (3 children)

thanks for letting me know, i'll take a look.

edit: perhaps this could be your issue... consider that your user-ID is the same one used when you reload the page or open it on another tab. if you open a new browser tab, it will try to connect to the peerjs server with an ID thats already in use... instead try with one incognito browser window (or a separate device).

[–] tux0r@feddit.org 1 points 4 weeks ago (2 children)

The error is actually in the HTTP headers:

[–] xoron@programming.dev 1 points 4 weeks ago (1 children)

do you perhaps have something running on localhost at those ports? i was trying something out, but i will disable it so it doesnt have this issue when users try to selfhost themselves.

it isnt well explained or demonstrated, but i was trying to do something as described in the link below, where i could connect a selfhosted federated module and have it work as a drop-in replacement.

https://positive-intentions.com/blog/statics-as-a-chat-app-infrastructure

the purpose was to see if there is any benefit to allowing users to host their own federated modules. i think there isnt a distinct advantage so it looks like i will remove that feature entirely.

[–] MrPoopyButthole@lemmy.dbzer0.com 1 points 3 weeks ago

The error is stating that the code is trying to run in an iframe and the content security policy of the frame source (your code?) doesn't allow the parent site to embed the iframe