I don't think this kind of app could be an alternative to instagram because of it only being P2P with only people you know.
The app is using webRTC which exposes IP addresses, so you wouldn't want something like a global feed on this.
Immich sounds interesting. I'd like to make time to check it out.
P2P allows for a fairly unexplored infrastructure for content moderation. In this app, the feed of images would only be from people you connect to. For people to connect to you, you have to share a crypto random id.
As a webapp you can clear the site data by logging out. Basically, people cannot randomly connect to you and share things you don't like.
I won't be adding anything like a global feed. Only content that you shared or received.
This doesn't remove the risk of people sending you things you don't like so I'm all ears for an approach to that. I didn't make much progress on the following. If there are any hard features you think would help, let me know. I'd like to make some time to create a "block contact" but it'll take time and consideration to do it properly (so I don't expect it soon). Things like logging out and being able to backup your profile might be enough, but not as user-friendly as it could be.
thanks! will delete.
Thanks. I've com across it before. You can find the corresponding security audit online.
Ive tried to address those concerns and I try to give details about it here: https://lemmy.ml/post/18497337
Thanks for the tip. WebRTC is using aes-128, I see in my code I'm using RSA. It sounds like a good idea like to create a cascading cypher with aes-256 which seems to be regarded as "military grade" (but it seems there is no official spec definition for this).
i added a section in the contact details page for validating public keys hash.
the experience could be improved in several ways with things like qrcodes, but for now, i think its a nice addition.
i will try set aside some time for proverif. im also investigating what is needed for CISA certification. even without the certification it'll be interesting to see what i can do to security audit my own code (even though it looks like without and objective observer, the assessment isnt valid... but i could share it and someone else could say it looks good. and the overhead for them to assess my app could be less)
here are my thoughts on a possible approach.
it seems the concerns center around validating the keys.
solution 1 (generate new keys):
solution 2 (validate keys):
Spend some time trying to break your own system
i sure try, but im sure i've developed a bias about it being secure and so i might not be seeing all the possible scenarios. this is why feedback is important for me at this stage of development.
thanks for the link to that spec. it looks like it would be pretty unique between applications that have this type of spec. can you tell me what that kind of document is called?
i was recently pointed to something called ProVerif it seems to have a way of describing an implementation and it has some functionality to validate/detect security risks. ive only just come across it and and while it sounds too good to be true, it looks appropriately complicated. do you have any thought on it (or other tools like that)?
thanks!
i understand. can you help me understand what i can do for this. id appriciate if you could critique my approach:
im putting all the weight of the initial exchange being secure on the cryptographically random ID. if you can exchange that on a channel that is secure (whatsapp?/qr-code?/sms?), then the initial connection will establish the keys. the mitm there could be the peerjs-server (or even your ISP), but because the ID is crypto random, it would not be possible to predict who is who. (of course it could be logging connections and IP's and figuring out from other metadata, but if that's a concern, then you should selfhost a peerjs-server).
i previsously created something for sharing files by QR codes as described here. to enhance security more for when peers are together to exchange keys, ive taken that qr-code investigation further to create something that is able to transfer encryption keys fully offline.
a way for users to validate each others public keys
sorry for diving into the code here i dont expect you to start debugging my spaghetti code but to try and explain, let me point you to how i validate public keys. in the file found here around line 96 is what happens on an initial connection. it might not be clear, but i do something like:
i would also like to make an update to check the that the keys are signed (not sure about the terminology, but it was suggested that is a better way to do this validation... will all the redundency i have going on, im not against doing both if its seamless to the user). (note: all peers get a new set of keys generated).
the app is basically a static bundle GUI for peerjs-server. by default it is using the officialy peerjs-server. this is to make it easier for users to get started. it is possible to host your own instance and configure to use it within the app. the frontend is decentralised in the sense it can be selfhosted. and data is only stored locally on your device on your browser. no registration database.
im also investigating options for establishing a webrtc connection with no backend using QR codes to exchange the connection data. this is working but not refined enough to roll out into the app. its something i want to address in the p2p microfrontend i mentioned earlier with the todo-list.
there is no federation with peerjs-server and so peers you connect to will have to be on the same server. for those cases you will have to connect to the same server which is why it makes sense to have a the official peerjs-server as the default. it is only used for brokering a webrtc connection after which connections are P2P.
Less code/complexity is less chance for bugs
completely agree. im breaking the app into smaller chunks (in the form of microfronends). i created a bare-minimum example of p2p communication and state management and framed it as a "todo list" app as can be seen here: https://p2p.positive-intentions.com/?path=/docs/demo-todo-list--docs . it doesnt have the bell and whistles of redundent browser cryptography. it isnt open source or anywhere near finished.
i am going in the direction of developing this further into basic chat functionality. the aim is that this new module will replace what is seen in the chat app. which i expect at that point will be a lot less complex than the one used in the app and with all the features like unit tests and documentation expected in quality work.
in the URL shared, that value is a cryptographically random value used as an ID for the peerjs-server. its best you dont share that publicly (like in your comment) because it undermines it being cryptographically random (the aim is to make it unguessable). i guess its like a phone number (i would suggest you clear all site data from your browser before continuing... you dont want strangers to connect.).
the way it works is that the unguessable ID is first used to connect peers. then on that initial connection, additional keys are created for the extra encryption. if in the future your ID is compromised people wont be able to impersonate you because messages to/from known-peers would be encrypted using that extra layer of encryption.
My app is different because the auth is handled between peers. So it could only every be people you shared your ID with. Security is important for me on this project. Its more important than the app being popular. https://www.reddit.com/r/CyberSecurityAdvice/comments/1ev5kqn/is_this_a_secure_messaging_app/
People should not connect to strangers on this app because of the potential risks of IP exposure... But between people you trust or between your own devices, it should work as expected for testing.
As for allowing links with expiration, you basically have that already with what looks like the login/logout functionality. There is no actual registration, it's just a UI for creating and deleting crypto random ID profiles.
Lemmy and the fediverse is a good idea. The federation makes it so I can see Lemmy posts on mastodon. Etc... id like to draw a parallel in my app with the chat-view and the inteagram-view