Selhosted P2P File Transfer & Messaging

IMPORTANT NOTES (PLEASE READ!):

These are NOT products. They are for testing and demonstration purposes only.
They have NOT been reviewed or audited. Do NOT use for sensitive data.
All functionality demonstrated is experimental.
These are NOT meant to replace robust solutions like VeraCrypt, Simplexchat, Signal, Whatsapp, wetransfer. It's a proof-of-concept to show what's possible with browser APIs.
Cyber security is full of caveats, so reach out for clarity on any details if they can't be found in the docs.

Aiming to create the worlds most secure messaging app.

https://positive-intentions.com/docs/projects/chat

Open Source
Cross Platform
- PWA
- iOS, Android, Desktop (self compile)
- App store, Play store (coming soon)
- Desktop
  - Windows, MacOS, Linux (self compile)
  - Run index.html on any modern #browser
Decentralized
Secure
- No Cookies
- P2P E2EE encrypted
- Forward secrecy
- No registration
- No installing
Messaging
- Group Messaging (coming soon)
- Text Messaging
- Multimedia Messaging
- Screensharing (on desktop browsers)
- Offline Messaging (in research phase)
- File Transfer
- Video Calls
Data Ownership
- SelfHosted
- GitHub pages Hosting
- Local-only storage

For more information on "how it works", check out: https://positive-intentions.com/blog/decentralised-architecture

(Degoogled links to the apps)

P2P Chat: https://chat.positive-intentions.com/
P2P File: https://file.positive-intentions.com/
Encrypted drive storage: https://dim.positive-intentions.com/?path=%2Fstory%2Fusefs--encrypted-demo

GitHub: https://github.com/positive-intentions
Mastodon: https://infosec.exchange/@xoron
Reddit: https://www.reddit.com/r/positive_intentions

8 comments

self hosted
without servers
🤔🙋‍♂️
Also can you explain why we need yet another private and secure chat app?
- https://positive-intentions.com/blog/docker-ios-android-desktop
  this a yet another approach to a "private and secure chat app" because its a unique approach to the same problem which id like to investigate.
  
  What is the problem?
Aiming to create the worlds most secure messaging app
For anyone else that was looking for it, this is the link to the threat model: https://positive-intentions.com/docs/research/threat-model/
That said, it seems quite thin on hard details, such as how identities (ie usernames) are managed -- eg are they unique? How can users cross-check an online identity to a real person? Fingerprints? QR codes? SHA256 hashes? -- and whether they are considered publicly-exchangeable. Plus how users are bootstrapped so they can find each other.
While a threat model is the minimum to even beginning an assessment of anything that utters the word "security", I do have to ask:
Was that document crafted for this project specifically?
Was it prepared by a cryptographer?
And was it generated using an AI/LLM?
- thanks for taking a look.
  firstly i would like to apologise for throwing the following blocks of AI text at you. i often used AI to create documentation for the project. im not much of a writer, im sure its more clear from AI than if i did it myself.
  how the authentication works: https://positive-intentions.com/docs/research/authentication
  how security works: https://positive-intentions.com/blog/security-privacy-authentication
  the ID's are cryptographically random to make it reasonably certain that strangers cannot connect (because its an ungussable ephemental string). this is used with peerjs-server (open source and documented) to connect with a predictable ID. when this ID is shared "through some other trusted channel" (e.g. whatsapp, qrcode), the peers connect and establish encryptions keys (see links above). afer the first connection (expected to be secure!), the previously establish encryption keys can be used to authenticate the user (to prevent MITM).
  Was that document crafted for this project specifically?
  long story short... this is my sideproject and im trying to get it off the ground. as i post more about the project, i decieded to create a website to "document" the project. there are understandable questions like yours, so made sense to answer them in the website. this includes things like the threat-model... while one-shotting is a thing you can do with AI, the threat model took several days of learning, thinking and consideration. i also posted about it on reddit for feedback and updated it accordingly.
  Was it prepared by a cryptographer?
  am i a cryptographer yet? having worked on this project i must have picked some stuff up. i still find that i need to learn much more.
  And was it generated using an AI/LLM?
  i hope admitting i used AI doesnt undermine the effort i put in. i try to communicate details in places like lemmy and the code is open source. AI enables me to demonstrate granular functionality that is easier for me to test as well present to professionals; in contrast to presenting overwhelmingly complicated code on github. for example for my cryptography functionality i created a separate repo to try things out for my learning: https://cryptography.positive-intentions.com/?path=%2Fstory%2Fcryptography-introduction--welcome
  there are good and bad ways to using AI and i believe im doing it responsibly. i have been a coder for 15+ years. i can do it myself, i simply cant type as fast as AI making it indespensible when working on a project of this scale. i completely understand your concerns and im all ears for advice on a reddit post i asked: https://www.reddit.com/r/CyberSecurityAdvice/comments/1lekrsx/what_advicebestpractices_are_there_for_creating/
  (its why like in all my app, website and posts (like this), i try to strike caution.)
  
  im not much of a writer, im sure its more clear from AI than if i did it myself
  Please understand this in the kindest possible way: if you were not willing to write documentation yourself, why should I want to want review it? I too could use an AI/LLM to distill documentation rather than posting this comment but I choose not to, because I believe that open discussion is a central tenant of open-source software. Even if you are not great at writing in technical English, any attempt at all will be more germane to your intentions and objectives than what an LLM generate. You would have had to first describe your intentions and objectives to the LLM anyway. Might as well get real-life practice at writing.
  It's not that AI and LLMs can't find their way into the software development process, but the question is to what end: using an AI system to give the appearance of a fully-flushed out project when it isn't, that is deceitful. Using an AI system to learn, develop, and revise the codebase, to the point that you yourself can adequately teach someone else how it works, that is divine.
  With that out of the way, we can talk about the high-level merits of your approach.
  how the authentication works: https://positive-intentions.com/docs/research/authentication
  What is the lifetime of each user's public/private keypair? What is the lifetime of the symmetric key shared between two communicating users? The former is important because people can and do lose their private key, or have a need to intentionally destroy the key. In such instance, does the browser app explicitly invalidate a key and inform the counterparty? Or do keys silently disappear and also take the message history with it?
  The latter is important because the longer a symmetric key is used, the more ciphertext that a malicious actor can store-and-decrypt later in time, possibly in the future when quantum computers can break today's encryption. More pressing, though, is that a leak of the symmetric key means all prior and future messages are revealed, until the symmetric key is rotated.
  how security works: https://positive-intentions.com/blog/security-privacy-authentication
  I take substantial notice whenever a promise of "true privacy" is made, because it either delivers a very strange definition of privacy, or relies upon the reader to supply their own definition of what privacy means to them. When privacy is on offer, I'm always inclined to ask: privacy from whom? From network taps? From other apps running in the same browser?
  This document pays only lip service to some sort of privacy notion, but not in any concrete terms. Instead, it spends a whole section on attempting to solve secure key exchange, but simply boils down to "user validates the hash they received through a secure medium". If a secure medium existed, then secure key exchange would already be solved. If there isn't one, using an "a priori" hash of the expected key is still vulnerable to hash attacks.
  this is my sideproject and im trying to get it off the ground
  I applaud you for undertaking an interesting project, but you also have to be aware that many others have also tried their hand at secure messaging, with more fails than successes. The blog posts of Soatok show us the fails within just the basic cryptography, and that doesn't even get to some of the privacy issues that exist separately. For example, until Signal added support for username, it was mandatory to reveal one's phone number to bootstrap the user's identity. That has since been fixed, but they go into detail about why it wasn't easy to arrive at the present solution.
  am i a cryptographer yet?
  I recall a recent post I saw on Mastodon, where someone who was implementing a cryptographic library made sure to clarify that they were a "cryptography engineer" and not a cryptographer, because they themselves have to consult with a cryptography regarding how the implementation would work. That is to say, they recognized that although they are writing the code which implements a cryptographic algorithm, the guarantees comes from the algorithm itself, which are understood by and discussed amongst cryptographers. Sometimes nicely, and other times necessarily very bluntly. Those examples come from this blog post.
  I myself am definitely not a cryptographer. But I can reference the distilled works of crypgraphers, such as from this 1999 post which still finds relevancy today:
  The point here is that, like medicine, cryptography is a science. It has a body of knowledge, and researchers are constantly improving that body of knowledge: designing new security methods, breaking existing security methods, building theoretical foundations, etc. Someone who obviously does not speak the language of cryptography is not conversant with the literature, and is much less likely to have invented something good. It’s as if your doctor started talking about “energy waves and healing vibrations.” You’d worry.
  I wish you the very best with this endeavor, but also caution as the space is vast and the pitfalls are manifold.

8 comments