Just to be clear, my app is not better than jami (or any other app)… because its unreviewed close-source code.

The key distinction in my approach is that it’s a webapp-first approach. You can avoid registration and installation, which is a feature other apps don’t provide.

There are ways around using a central server to establish a p2p connection. It isn’t well explained or demonstrated, but the concept seems to work here: https://github.com/positive-intentions/chat/issues/6 … I’d like to explore this more with exchanging the required data over QR codes or NFC.

Simplex is a great approach for p2p communication. I can easily recommend it over what I have done so far. At the very least, it’s gone through things like a professional security audits and seem to keep a high standard in their practices.

It’s a webapp hosted on AWS S3. That can be shut down along with the domain. I’d like to improve the functionality I have for the cacheing, so that it doesn’t need to fetch the statics from online if it already previously fetched them.

The open source version has a mirror hosted on GitHub pages. You can fork it and run it yourself there for free: https://positive-intentions.com/blog/docker-ios-android-desktop#github-pages

youre right that embarrassment is no reason to not open source it. i simply am investigating a close source direction to create a competative product.

if you interested in how this mechanics work, a very complicated version of it can be seen in: https://github.com/positive-intentions/chat (maybe you can get some AI on it.) … the p2p call demo is a module im creating to be refinement of the old p2p functionality.

im aware that security and privacy doesnt easily fit with close-source, so id like to eventually open source it when i can figure out funding. open source from the onset didnt work out how i naively thought it would in the old version.

thanks.

thats unfortunate it doesnt work. maybe a direct link to the storybook can help: https://p2p.positive-intentions.com/?path=%2Fstory%2Fdemo-p2p-call--video-call

i didnt clarify… the glitr app is a ui with hard-coded dara. the functionality in this p2p calls demo is what would be integrated into that ui. its far from finished and doesnt really “work”

my code and documentation website needs much more work before i can point to it for clarity. but i open sourced the poc version here: https://github.com/positive-intentions/chat … you may see that the UI isnt very unintuitive to use and why im going in a different direction with the UI.

pardon for copying from another reply…

i agree. they are all better and more secure when selfhosted.

my project so far is an early preview into the p2p framework in my project. with feedback i can improve the functionality as i integrate it into my messaging app.

https://glitr.positive-intentions.com/

these are good points. with peerjs this is easily configurable.

can i pick your brain about a config like the following:

const newPeer = new Peer(`blah`, {
        config: {
          iceServers: [
            { url: "stun:stun.l.google.com:19302" },
            { url: "stun:stun1.l.google.com:19302" },
            { url: "stun:stun2.l.google.com:19302" },
            { url: "stun:stun3.l.google.com:19302" },
            { url: "stun:stun4.l.google.com:19302" },
          ],
        },
      });

perhaps you would prefer to manually set your own config there with input fields?

id appriciate any insights into what you think users with that particular issue would like or find useful.

i agree. better and more secure.

my project so far is an early preview into the p2p framework in my project. with feedback i can improve the functionality as i integrate it into my messaging app.

its a work in progress and far from ready to be open sourced.

id like to work towards making it open source eventually.

its largely peerjs and peerjs-sever which themselves are reasonably well documented.

“private and secure chat app”

I don’t think it’s a solved problem. There are countless nuances to it. So it’s good to have various approaches.

https://positive-intentions.com/blog/docker-ios-android-desktop

this a yet another approach to a “private and secure chat app” because its a unique approach to the same problem which id like to investigate.

thanks for taking a look.

firstly i would like to apologise for throwing the following blocks of AI text at you. i often used AI to create documentation for the project. im not much of a writer, im sure its more clear from AI than if i did it myself.

• how the authentication works: https://positive-intentions.com/docs/research/authentication
• how security works: https://positive-intentions.com/blog/security-privacy-authentication

the ID’s are cryptographically random to make it reasonably certain that strangers cannot connect (because its an ungussable ephemental string). this is used with peerjs-server (open source and documented) to connect with a predictable ID. when this ID is shared “through some other trusted channel” (e.g. whatsapp, qrcode), the peers connect and establish encryptions keys (see links above). afer the first connection (expected to be secure!), the previously establish encryption keys can be used to authenticate the user (to prevent MITM).

Was that document crafted for this project specifically?

long story short… this is my sideproject and im trying to get it off the ground. as i post more about the project, i decieded to create a website to “document” the project. there are understandable questions like yours, so made sense to answer them in the website. this includes things like the threat-model… while one-shotting is a thing you can do with AI, the threat model took several days of learning, thinking and consideration. i also posted about it on reddit for feedback and updated it accordingly.

Was it prepared by a cryptographer?

am i a cryptographer yet? having worked on this project i must have picked some stuff up. i still find that i need to learn much more.

And was it generated using an AI/LLM?

i hope admitting i used AI doesnt undermine the effort i put in. i try to communicate details in places like lemmy and the code is open source. AI enables me to demonstrate granular functionality that is easier for me to test as well present to professionals; in contrast to presenting overwhelmingly complicated code on github. for example for my cryptography functionality i created a separate repo to try things out for my learning: https://cryptography.positive-intentions.com/?path=%2Fstory%2Fcryptography-introduction--welcome

there are good and bad ways to using AI and i believe im doing it responsibly. i have been a coder for 15+ years. i can do it myself, i simply cant type as fast as AI making it indespensible when working on a project of this scale. i completely understand your concerns and im all ears for advice on a reddit post i asked: https://www.reddit.com/r/CyberSecurityAdvice/comments/1lekrsx/what_advicebestpractices_are_there_for_creating/

(its why like in all my app, website and posts (like this), i try to strike caution.)

I tried foss. I couldn’t get it to work so i’m trying something different.

I have a weird setup with open and closed source.

I have open source examples of this code in action. If interested: https://github.com/positive-intentions/chat