Respectfully, you don't know what you're talking about. you have no idea who I am and are projecting your opinions of me and my efforts on my project (mostly incorrect). A lot of it seems like an attempt to discredit the project.
Scrutiny is something I come across a lot in the cybersecurity space (as it should be). its encouraged to make sure ideas hold-up. Your pushback here lacks substance.
Links to the technical docs are provided in the post. Feel free to reach out for clarity on the details.
> blank page dev with no open source karma (or posing as such to stay anonymous)
The problem as I wrote is not technical. I'd use a video converter or a string parser - that are offline and "download once" - gladly from any OS project. For a chat app that I'd use long term to share private communications would require trust, more contributors, and some background info - not names or an address, but some About section and a sense that the whole thing doesn't rely on the motivations of a single person and that there is some mutual/community oversight.
Understandable concerns, but then we start to talk about my limitation as a solo developer on an unfunded side project.
> blank page dev with no open source karma
I dont want anyone to just "trust me bro". im mainly active on reddit. I ask for feedback on relevant subs. What you see on my app is the result of several iterations from feedback and my learnings. This is a recent post about how encryption is being used.
I discuss various details on reddit to seek feedback. Feedback on experimental code has always been hard to ask for even before AI slop and i get my fair share of criticism about my code.
I previously worked on a open source version of the project. I created docs and communicated a reasonable amount about the details. It would have been worth collaborating with if i could get some kind of open-source funding. Ive tried grants and donations platforms. for similar resons to you, no grant wants to support this project and nobody donates (completely understandable). In the age of AI, it looks like a weekend project. That version of the project looks like this: https://github.com/positive-intentions/chat
I leave that open source because it demonstrates some core concepts around my project that i cant see anywhere else (webapp, no registration/installation, browser-based signal protocol, etc)... but after how long i worked on it, it seems open source isnt sustainable. That leads me to the latest version linked in this post. its and improvement over the open-source version in every way.... but i try to be clear that its still far from finished, because there are a lot of things to address before promoting this as ready.
While its understandable youd like a project like this run by a team of experts, there are limitation in what i can do beyond open-sourcing and talking about it. Some of the grant applications rejected with reasons along the lines of me being a one-man-band. completely understandable, but experts are not going to hire themselves on this project.
My motivations on this project are simple. I want to create a secure messaging app with the aim for it to be able to support me. it is reasonably open source, but not 100% in order for me to remain competative. (im sure you can imagine what AI is capable of if i fully open source it). I think its works in a fairly unique way, and i think i sufficiently demonstrate it.
IMPORTANT: Lets get a few things out of the way first. My app is not better than Whatsapp in any way. It hasnt been reviewed or audited. This app works by exchanging IP addresses... This app is NOT for anonymous comms.
The project is experimental and far from finished. It's presented for testing, feedback and demo purposes only. Use responsibly.
---
By leveraging WebRTC for direct browser-to-browser communication, it eliminates the middleman entirely. Users simply share a unique URL to establish an encrypted, private channel. This approach effectively bypasses corporate data harvesting and provides a lightweight, disposable communication method for those prioritizing digital sovereignty.
Features:
- P2P
- End to end encryption
- Signal protocol
- Post-quantum cryptography
- Multimedia
- file transfer
- Video calls
- No registration
- No installation
- No database
- TURN server
This project isnt finished enough to compare to existing tools like Simplex, Signal and WhatsApp... This is intended to introduce a new paradigm in client-side managed secure cryptography. Allowing users to send securely encrypted messages; no cloud, no trace.
The key difference in this approach is that it's presented as a webapp. This allows for the easiest way to get started by avoiding installation and registration.
i was trying to avoid too many links in the post (i thought it might be offputting)... it seems like too much already to me, but here are some more for clarity. feel free to reach out for for details if you cant find them on the website (i hope the search bar is enough).
the app is provided over S3 because as a webapp, it is a simple way to make it available to users. ultimately, making it easier to get started. like with most solutions of this nature, its most secure when selfhosted. selfhosting options: https://positive-intentions.com/blog/docker-ios-android-desk...
I'm excited to share with you a messaging application I've been working on that might interest you. This is a chat app designed to work within your browser over WebRTC, there a focus on browser-based security and decentralization.
What makes this app unique is that it doesn't rely on messaging servers to function. Instead, it works based on your browser's javascript capabilities, so even low-end devices should work.
Here are some features of the app:
Secure messaging: Your messages are encrypted, making them more secure.
File sharing: Easily share files using WebRTC technology and QR codes.
Voice and video calls: Connect with others through voice and video calls.
Shared virtual space: Explore a shared mixed-reality space, similar to a metaverse.
Image board: Browse and share images in a scrollable format, similar to Instagram.
Your security is a top priority. Here's how the app keeps you safe:
Decentralized authentication: No central server is required for login, making it harder for anyone to gain unauthorized access.
Unique IDs: Your ID is cryptographically random, adding an extra layer of security.
End-to-end encryption: Your messages are encrypted from your device to the recipient's device, ensuring only you and the recipient can read them.
Local data storage: Your data is stored only on your device, not on any external servers.
Self-hostable: You have the option to host the app on your own server if you prefer.
The app is still in the early stages and I'm exploring what's possible with this technology. I'd love to hear your feedback on the idea and the current state of the app. If you have any feature requests or ideas, I'm all ears on reddit!
Looking forward to hearing your thoughts!
The app: chat.positive-intentions.com
More information about the app: positive-intentions.com
Follow the subreddit to keep updated about the app: r/positive_intentions
Note 1: As a solo-developer, i dont have the capacity or knowlege to do anything like an "official launch". i expect the app will progressively get better with feedback from users (as it has so far).
Note 2: I think the app has (approximately?) reached a feature-complete state, but i'm not sure. I'm looking for feedback on what features are missing, and what features are not needed. The next step would be to grow the number of users by making the app more user-friendly and easier to use. (I need your help on this)
Note 3: The app is not open source yet (sorry), but im open to answering questions about how the code is working (more details can be found in the docs). Open sourcing the app is something i would like to do in the future, but not a priority right now. Some parts of the app are open source.
Note 4: The UI is a clunky implementation of Material-UI. It's something i will fix as i move towards open sourcing the UI components. i will take the opportunity to also give more attention to a "desktop friendly UI" (right now the app is best experienced on a mobile device).
Note 5: Id like to keep the wording i have for "pods" although i have recieved feedback about it not being clear what it means. A pod is what you might think of as like a "chat room" and will be further developed to support group-chat. you can create a pod with a connected peer in the contact-details-page. The wording "pod" comes from how a group of whales is called a pod.
Scrutiny is something I come across a lot in the cybersecurity space (as it should be). its encouraged to make sure ideas hold-up. Your pushback here lacks substance.
Links to the technical docs are provided in the post. Feel free to reach out for clarity on the details.