with the browser based version something similar to signing can be achieved with https://developer.mozilla.org/en-US/docs/Web/Security/Defenses/Subresource_Integrity … the update can be done with the unique hash being updated

i think along with the native build of the app, it should cover the bases for all users depending on their needs.

the javascript-over-the-internet is indeed a concern that has always been mentioned about this project. to address this, im investigating the to use service workers to cache the file. this is working to some degree, but needs improvement before i fully roll it out… i would like to aim for something like a button on the UI called “Update” that would invalidate the service-worker cache to trigger an update.

as for selhosting, i hope to have something more elegant than selfhosting on localhost or using a dedicated app. the capabilities are demonstrated on the open source version and are transferrable. its possible to provide a static bundle that can work from running index.html in a browser without the need to run a static server.

the static bundle of the open source version can be seen and tested to work from this directory: https://github.com/positive-intentions/chat/tree/staging/Frontend

when i reach a reasonable level of stability on the app, i would like to investigate things like a dedicated app as is possible on the open source version. https://positive-intentions.com/blog/docker-ios-android-desktop

Yes. Im investigating introducing clerk. I hope to use that to create a subscription model. I would like to charge $1 per-month as per the minimum allowed by clerk.

i started off thinking i could avoid charging users entirely given it seems a norm for secure messaging apps to be free. but given the grant rejects and the lack of donations on github sponsors (completely understandable), but its clear that it wont be able to sustain the project.

i also tried google adsense on the website/blog but it was making practically nothing. so i disabled it because it wasnt a good look when it goes against the whole “degoogling” angle.

thats right. the key distinction between this project and other like it like simpleX is that its presented as a PWA. A key cybersecurity feature of this form-factor is that it can avoid installation and registration.

The project is far from finished and it woudnt make sense to create something as clear as a comparison table. Especially because core features like group-messaging isnt working.

If you have features youd like me to compare, feel free to ask and i can tell you how it it compares.

Some technical details can be seen here if your want to draw your own comparison.

• https://positive-intentions.com/docs/projects/chat
• https://positive-intentions.com/docs/category/sparcle

Its important for things like the cryptography module to remain open source for transparency and clarity (kerkhofs principles). Open sourcing things like the p2p framework would only put me at a competative disadvantage.

The open-spource version of the project is fully functional and has always been open source. I keep it open because the project demonstrate a unique concept, which is useful to demonstrate with transparency. After seeking support for that version of the project, it is clear that there is no support for a one-man-band and so i deprecated it (and now call it an MVP). i am proceeding in a close source direction as i improve various details like UX and features.

There are several modules involved in the project. Some key parts are listed below

Open source:

• Cryptography module
• Signal protocol
• MVP version
• Various experiements / blog / website

Close source:

• P2P framework
• PWA boilerplate
• UI Components
• Storage manager

There are ways around using a central server to establish a p2p connection. It isn’t well explained or demonstrated, but the concept seems to work here: https://github.com/positive-intentions/chat/issues/6 … I’d like to explore this more with exchanging the required data over QR codes or NFC.

Simplex is a great approach for p2p communication. I can easily recommend it over what I have done so far. At the very least, it’s gone through things like a professional security audits and seem to keep a high standard in their practices.

It’s a webapp hosted on AWS S3. That can be shut down along with the domain. I’d like to improve the functionality I have for the cacheing, so that it doesn’t need to fetch the statics from online if it already previously fetched them.

The open source version has a mirror hosted on GitHub pages. You can fork it and run it yourself there for free: https://positive-intentions.com/blog/docker-ios-android-desktop#github-pages

No. When I type with “correct capitals”, it’s because I’m doing it from my phone. I otherwise generally might sound like chatgpt.

For me, it’s an achievement for it to be comparable to those tools. I aim to get to a similar feature set and make the user experience intuitive.

Just to be clear, my own open source code. Yes.

Strong title needed for strong claims.

Its based on open source code. https://github.com/positive-intentions/chat . I’d be happy for feedback on that too.

Webrtc would be able to outperform all other methods for transfer speed (useful for when sending larger files)

I’m sure there is a market for eople who want to transfer files. With a zero-installation, zero-registration, it should make it easy for people to get started.

Thanks for the empassioned speech/statement!

Perhaps you’d be interested in one of my open source projects. It’s a beefier version of the app presented in the parent post.

https://github.com/positive-intentions/chat

On the point about open source, it isn’t easy to pull off. I can confirm it isn’t the case that open-source be flooded with some kind of collective community review/support. It’s been an option for the chat app for a while and I’ve tried actively promoting it, it’s clear that the project is simply too complicated.

I’m a bit disappointed in how hard I tried on the open source project for it to not get the traction I wanted. To create somthing close-source and competitive in the file-transfer space is only logical at this point.

I’m sure with an enthusiastic speech like that, you’re doing your part for supporting the open source community. Unfortunately I couldn’t figure out how to get it to filter down to me.

I haven’t heard of Dibbles. Can you point me to their site?

Thanks.

I have a similar open source project. https://github.com/positive-intentions/chat

My general thoughts are that it isn’t sustainable. While it clearly isn’t a contender in the messaging-apps market, I think it demonstrates a unique concept in how it works as a webapp.

Nice! Can you tell me more about zero-knowledge encryption?

In my app I’m using asymmetric encryption to exchange a symmetric encryption key (Diffie-helman). I’m curious about other approaches for P2P authentication.

Thanks!

Here is the foss equivalent of this project: https://github.com/positive-intentions/chat

Unfortunately, open source isn’t sustainable. I’m investigating close-source as a way to create something competitive. My plan is to try to sell it on the Play store.

As for pairdrop, their approach to peer discovery relies on knowing the network you’re connected to. This makes it easy to find peers in cases where you use the same WiFi network. In mine I’m using WebRTC to allow connections over the internet. Peer discovery is achieved by using crypto-random IDs exchanged as a link or QR code.

Ultimately it’s worth noting my app is a work in progress. I hope I can update the UX to make the functionality as seamless as pairdrop.

This is using the WebRTC protocol. As a webapp it’s immediately good to go, there isn’t a need to run something like a FTP server.

Of course limitations apply like sending larger files nukes my ram… But I after it’s sent, it seems to settle down.

I’m trying to keep it vanilla. I’m using module federation (love it or hate it), to get it from this repo.

https://github.com/positive-intentions/cryptography