• 3 Posts
  • 8 Comments
Joined 5 months ago
cake
Cake day: June 22nd, 2024

help-circle



  • Browsers, operating system and peers can become compromised.

    Ultimately users have to be responsible with how and who they connect to. The app otherwise is only as secure and as restricted as any other website. As a web app there are nice features like being able to inspect network activity and code.

    A typical mainstream browser can be considered to have been sufficiently reviewed. But you aren’t limited like you would be if the offering was from an app store.


  • I’m genuinely curious why neither have a webapp offering. You can avoid the official app stores by providing things like APK, but as a webapp you can avoid the installation step, which seems it might be useful for people who would use briar or simplex.

    The way this app works, makes it so “anonymous” chat isn’t possible. With IP’s being shared it isn’t a good idea.

    I also have quite an ugly UI compared to those other solutions. This will improve over time. But im sure it’s a barrier to attracting users compared to other chat apps.





  • xoron@lemmy.worldOPtoSelfhosted@lemmy.worldEncrypted P2P Chat
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    5 months ago

    thanks for the feedback!

    the app is a work in progress and full of bugs and issues. as a side project i can only set aside so much time to do things. the app as you see it is something im approaching with a “release often” approach. this will highlight thing like you are doing for me to prioritize. the profile loading from file is something i havent taken a look at in a while so thanks for that! i will take a look when i can make time for it :)

    the cryptography in the app can be a whole separate discussion. but to be brief, the crypto signature input is something the app uses to generate a cryptographically random value… basically whatever you draw (e.g. “a smiley face”) gets converted to a base64 string… then this is passed through a sha-256 hashing function. the idea is that even if you try, you could never draw the “exact” same smiley that would be pixel perfect and result in the same hash. the app also appends this to the cryptographically random value generated from the browsers built-in functions. so that crypto-signature is actually entirely redundent but could address concerns about the device/browser cryptography functions being compromized.

    for the QR, i tried to make it a resolution that would be reasonable to view from another phone… to see the data that is being squashed into the QR codes for offline, you can take a look at the details around here. https://github.com/positive-intentions/chat/issues/6 … there is an offline demo described there where instead of QR code it shows the data as plain text (this will include things like IP so you shouldnt be pasting this publicly anywhere… these details generated only exist on your device in memory)


  • xoron@lemmy.worldOPtoSelfhosted@lemmy.worldEncrypted P2P Chat
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    3
    ·
    edit-2
    5 months ago

    Matrix is a good implementation and I like how it works. Mine is a work in progress and far from finished. It isn’t ready to replace any app or service. The key detail about my app is that it’s browser based. This has its own limitations with what a webapp can do. I think it makes for a different approach to decentralized chat.