Open Source

41729 readers

296 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

P2P WhatsApp Clone (lemmy.ml)

submitted 2 weeks ago by positive_intentions@lemmy.ml to c/opensource@lemmy.ml

6 comments fedilink hide all child comments

IMPORTANT NOTE - READ FIRST:

NONE of my projects have been audited or reviewed. I provide them for testing and demo purposes only. NOT to replace any other app you use.

BE RESPONSIBLE WHEN USING UNAUDITED SOFTWARE... DO NOT USE FOR SENSITIVE PURPOSES.

Now that I've hit you over the head with caution...

Want to send encrypted WebRTC messages and video calls with no downloads, no sign-ups and no tracking?

This prototype uses WebRTC to establish an encrypted browser-to-browser connection. Everything is stored locally in browser storage and cleared when you clear the site data from your browser - true zerodata privacy!

Demo: https://chat.positive-intentions.com/
Github: https://github.com/positive-intentions/chat
Website: https://positive-intentions.com/
Mastodon: https://infosec.exchange/@xoron

you are viewing a single comment's thread
view the rest of the comments

[–] copygirl@lemmy.blahaj.zone 2 points 2 weeks ago (1 children)

Selhosting and a vpn are optional depending on your use case; the app works with niether to help users try it out and get started. Like all secure messaging apps, its better to selfhost given the option.

I'd say self-hosting is done for control over your data, not security. A typical end user will not know how to self-host, how to pick a privacy-respecting VPN, let alone secure their system. If your aim is to get to that same level of security, then I feel like the current direction is flawed, at least from what I took away from the readme.

Or, in other words, "self-hosting is more secure given the option" sounds kind of like "writing your own software is more secure".

[–] positive_intentions@lemmy.ml 1 points 2 weeks ago* (last edited 2 weeks ago)

it certainly gives more control over your own data, but (if you know what youre doing) from a cybersec perspective, it can help to reduce the "attack surface". the current direction is to allow users the flexibility from a version provided from me hosted on aws s3 or host it yourself from open source code. additionally, you can host your own peerjs-server as used for brokering connections... by default it connects to the public instance of peerjs-server (so its easier for users to get startedt).

im aiming for flexibility in "getting started" from ready-to-go to selfhosting. it all depends on if a user knows what theyre doing.