-
Mastodon: https://infosec.exchange/@xoron
How it works: https://positive-intentions.com/docs/projects/chat
TLDR: im working on a p2p messaging webapp. webapps are generally not considered secure because of the nature of serving satics over the internet. this is correct, but not a limitation of this project. (selfhosting options: https://positive-intentions.com/blog/docker-ios-android-desktop).
as a webapp, i can provide the app with zero-installation and no-registration. the storage is local-only from your browser/device. so “the cloud”, but the cloud storage capacity is made up of your devices. this allows for things like p2p authentication: https://positive-intentions.com/blog/security-privacy-authentication.
Future: im aiming to create the most secure messaging app out there… (more than signal, simplex, etc). i know i have a have a long way to go to get there. the UI is fairly ugly for the average user, but i think the mechanics are working as expected. i think javascript is underrated in what you can do with it. i actively investigting improving the encryption approach further to align to how the signal protocol works (currently using the classic diffie-helman key-exchange).
Support: i would like to keep this project open source, but open-source funding is not working for me. i dont want your donations because it isnt sustainable for a long-term project. i have so far only experienced grant-funding rejections. i have no idea what im doing in trying to get funding for this project, so any support/advice is appriciated. in recognition of the project in its current state not able to get funding… (sorry) i will have to go close-source (which id like to avoid because it undemines several cybersecurity claims id like to make.)
I was thinking about similar concept - E2E encrypted chat, but build on top of other existing services, through a Browser extension and PGP. The extension would just handle message encryption and decryption with PGP, and the rest can be sent through Messenger infrastructure, or anything like that.
The only issue is key exchange.
How do you handle secure key exchange in this case?
Im also working on something similar. I was thinking with a browser extension I could “scan” a page for some kind of blob that the extension would have produced. Something like a webcomponent tag (but not that because a good website would have sanitized for that) then inject a webcomponents from the extension to show it decrypted. The idea is pretty difficult to describe without a working example, but I think it would allow for reasonably secure messaging on public channels (because the payload would be encrypted).
As for exchanging keys securely, the app is using crypto-random ID’s to connect peers. On the initial connection, it’ll establish the nessesary keys.
https://positive-intentions.com/docs/research/authentication/
True, I forgot that in asymetric crypto, you can simply send a meta/service message “give public key or install extension”, and that should work in most cases.
Although, the main threat profile is Chatcontrol, and that could be MITMd by the chat provider, if the extension would get popular enough.
I wonder if there is a way how to establish keys over public chat provider, if the provider has active interrest in breaking your encryption.
I don’t think it’s possible over a channel that has active interest in breaking your encryption. It’s the recipe for a mitm attack.
It would be possible to use password encrypted keys on the public channel and rotate the keys immediately after establishing a connection.
I try to provide ways to transfer data offline. I don’t have a working example, but it would be possible to exchange keys over a series of QR codes or NFC… But this would require peers to be at the same physical location.
I’m sure there are many approaches for exchanging keys here that balance between convenience and security.
Ultimately it’s worth noting we are talking about encryption on a browser where the operating system could just as easily be taking screenshots.
First, I don’t want to denigrate your project. I think it’s great, so good luck to you.
But… As an end user of this kind of software, what I would like to see personally is for developers to work together more, in the spirit of FOSS. To pool their limited resources, instead of working in isolation on personal passion projects which (let’s face it) will probably go nowhere. Encrypted messaging in particular is a massively hard nut to crack: it’s technically difficult, and you’re up against the almost prohibitive barrier of network effects (nobody will use new software until everyone uses it). To make all this extremely plain, what I personally would prefer you do with your talent and energy is to devote it to an existing project with an existing codebase and genuine prospects of succeeding at this almost impossible challenge. For example, Matrix.
That said, I’m sure you couldn’t care less what I personally think, and if you insist on going it alone, then good luck to you all the same.
Thanks for your thoughts. I’m sure many others share your opinions.
I’m no expert on that matter, but I assume many people work on open source for various reason. For me, This is something I hope will lead to supporting me.
I find myself recently unemployed (it happens). And so I have to figure out my next steps in life. I’d like to work on this project full-time, yet without funding, I can only continue part-time. I’m motivated to work on the project because I see its still fairly unique, but without any way for it to support me, it’s future on shaky grounds… Especially when faced with issues I can’t ignore like unemployment.
It’s also why I’m reluctant to invite collaborators at this unstable stage because then going close-source becomes immoral.
the storage is local-only from your browser/device. so “the cloud”, but the cloud storage capacity is made up of your devices.
What does this mean?
The app is only using (local-only) browser storage (specifically indexedDB).
So in a P2P interaction, the traditional concept of “the cloud” is just the physical devices connected over a direct webrtc
Tox Protocol and some messenger build for this. I don’t want to say anything against your project. I just wanted to mention it.
Thanks for the tip. The future of the encryption is still under consideration. I’m not against the tox protocol… The signal protocol seems better regarded.
I remember when it was at the very beginning of development… Tor still seemed more confidential and not already infiltrated on a large scale, which made Tox sound even more attractive back then. Still, it’s always something I mention.
Thanks. Can you tell me more about how a P2P system can get infiltrated. I’m fairly confident in my approach. I hope I’m not being too naive.
Users can always make mistakes/bad-choices and so I’ve tried to create some guidelines to follow.
https://github.com/positive-intentions/chat#security-and-privacy-recommendations
By infiltrating, I was referring to Tor and not to P2P solutions. Or I also wanted to imply that you would have to pay attention to this with tox, for example. So that’s a plus point for your approach.
