“Secure and private” is the general aim.

This is a technical/concept demo of a fairly unique approach using a browser-based, local-first and webrtc.

This is intended to demonstrate client-side managed cryptography. We can avoid registration of any sort.

App: https://chat.positive-intentions.com/

Code: https://github.com/positive-intentions/chat

Features:

  • P2P
  • End to end encryption
  • File transfer
  • Local-first
  • No registration
  • No installation
  • No database

Feel free to reach out for clarity instead of diving into the docs/code.

IMPORTANT: While this is aiming to provide a secure experience, it isnt audited or reviewed. Shared for testing, feedback and demo purposes only. Please use responsibly.

  • xoron@programming.devOP
    1·
    3 days ago

    all understandable questions.

    group messaging

    this is very complex as im sure you can imagine. im using a p2p and the approach im using is that a “group” is basically a “room with ID”. when sending a message to a group, you send the message to the peers individually and they know to store the payload within the context of the “room with ID”. scaling something like that is limited by how many webrtc connections are possible by the hardware.

    i have some research relating to using MLS, but without some central store to keep the mls keys per-epoch, its very unstable as peers can go offline unexpectedly. another approach im investigating is to be able to ping connected peers to create a kind of mesh-graph that i could use to relay messages. this approach could also be better resiliant to peers going offline in the sense, that the graph could heal from peers going offline.

    im sure there are many details i havent considered, but i have buggy group messaging on the WIP version here: https://enkrypted.chat/ (go to chat-thread page > 3-dot menu on top-right > invite peer)

    offline delivery

    ive mulled over it enough to at least try using an approach to use git as a CRDT. it seems overkill for application data, but it would also allow use git as an offline message cache. https://programming.dev/post/51866250 . i havent implemented anything for this yet. im still mulling it over to make sure i dont overlook important details.

    alternative networks

    webrtc isnt the bit that make this app secure, its the local-first. no need to register anywhere when you have local-first crypto-random IDs. im open to considering other networks. tor has limitations around webrtc. this is perhaps where the git-based offline cache can come in useful in a tor network. i2p is also good as are many others like nostr. i’ll see what setup works best. i think it would be great to be able to support multiple.

    if you want to know more about “how it works”, you can take a look at the roadmap here: https://positive-intentions.com/docs/technical/p2p-messaging-technical-breakdown

    feel free to reach out for clarity instead of reading all that.