IMPORTANT NOTE - READ FIRST:

NONE of my projects have been audited or reviewed. I provide them for testing and demo purposes only. NOT to replace any other app you use.

BE RESPONSIBLE WHEN USING UNAUDITED SOFTWARE… DO NOT USE FOR SENSITIVE PURPOSES.

Now that I’ve hit you over the head with caution…

Want to send encrypted WebRTC messages and video calls with no downloads, no sign-ups and no tracking?

This prototype uses WebRTC to establish an encrypted browser-to-browser connection. Everything is stored locally in browser storage and cleared when you clear the site data from your browser - true zerodata privacy!

  • copygirl@lemmy.blahaj.zoneEnglish
    2·
    1 day ago

    This project is aiming to create the most secure and private chat app. It will heavily depend on how you use it. Here are some reccomended security optimizations/advice to keep your data secure and private:

    • Use a self-hosted instance of the app.
    • Use a VPN to protect your data from being intercepted.
    • Only connect to trusted peers.
    • Validate public key hashes.
    • You and your peer should use a secure device/os/browser with the latest updates.
    • use general security practices like not sharing sensitive information, not clicking on suspicious links, etc.

    These recommendations are bizarre.

    • Is it really P2P if you need to a host your own instance?
    • Use a VPN? So a company can now track you instead of the ISP?
    • If it’s aiming to be safe, then why not share sensitive information?

    If you want secure and private, then I would first look at Session.

    • positive_intentions@lemmy.mlOPEnglish
      2·
      1 day ago

      For testing and demo purposes only. NOT to replace any other app you use.

      Session, Signal, Simplex and countless more apps are better for privacy and security. I can only hope to get to that level on my project.

      Selhosting and a vpn are optional depending on your use case; the app works with niether to help users try it out and get started. Like all secure messaging apps, its better to selfhost given the option.

      I’ve put effort into how the app is working, but ultimately i dont think its appropiate for me to suggest this code is ready for your sensitive data when it hasnt been reviewed or audited.

      • copygirl@lemmy.blahaj.zoneEnglish
        2·
        1 day ago

        Selhosting and a vpn are optional depending on your use case; the app works with niether to help users try it out and get started. Like all secure messaging apps, its better to selfhost given the option.

        I’d say self-hosting is done for control over your data, not security. A typical end user will not know how to self-host, how to pick a privacy-respecting VPN, let alone secure their system. If your aim is to get to that same level of security, then I feel like the current direction is flawed, at least from what I took away from the readme.

        Or, in other words, “self-hosting is more secure given the option” sounds kind of like “writing your own software is more secure”.

        • positive_intentions@lemmy.mlOPEnglish
          1·
          1 day ago

          it certainly gives more control over your own data, but (if you know what youre doing) from a cybersec perspective, it can help to reduce the “attack surface”. the current direction is to allow users the flexibility from a version provided from me hosted on aws s3 or host it yourself from open source code. additionally, you can host your own peerjs-server as used for brokering connections… by default it connects to the public instance of peerjs-server (so its easier for users to get startedt).

          im aiming for flexibility in “getting started” from ready-to-go to selfhosting. it all depends on if a user knows what theyre doing.