Create accountLogin

Recent searches

No recent searches

Search options

Not available on handmade.social.
handmade.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
handmade.social is for all handmade artisans to create accounts for their Etsy and other handmade business shops.

Administered by:

Server stats:

35
active users

handmade.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#hosted

0 posts0 participants0 posts today
xoron :verified:<p>id like to share some details about how my app works so you can discover/give me feedback on my app. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify.</p><p><a href="https://github.com/positive-intentions/chat" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/positive-intentions</span><span class="invisible">/chat</span></a></p><p><a href="https://positive-intentions.com/blog/introducing-decentralized-chat" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">positive-intentions.com/blog/i</span><span class="invisible">ntroducing-decentralized-chat</span></a></p><p>im not an expert on <a href="https://infosec.exchange/tags/cyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberSecurity</span></a>. im sure there are many gaps in my knowlege in this domain.</p><p>using <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>javascript</span></a>, i initially created a fairly basic <a href="https://infosec.exchange/tags/chatApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chatApp</span></a> using using <a href="https://infosec.exchange/tags/peerjs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>peerjs</span></a> to create <a href="https://infosec.exchange/tags/encrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encrypted</span></a> <a href="https://infosec.exchange/tags/webrtc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webrtc</span></a> <a href="https://infosec.exchange/tags/connections" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>connections</span></a>. this was then easily enhanced by exchanging additional <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://infosec.exchange/tags/keys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keys</span></a> from <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> functions built into browsers (<a href="https://infosec.exchange/tags/webcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webcrypto</span></a> api) to add a redundent layer of encryption. a <a href="https://infosec.exchange/tags/diffieHelman" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>diffieHelman</span></a> key <a href="https://infosec.exchange/tags/exchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exchange</span></a> is done over <a href="https://infosec.exchange/tags/webrtc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webrtc</span></a> (which can be considered <a href="https://infosec.exchange/tags/secure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secure</span></a> when exchanged over public channels) to create <a href="https://infosec.exchange/tags/serverless" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>serverless</span></a> <a href="https://infosec.exchange/tags/p2p" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>p2p</span></a> <a href="https://infosec.exchange/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a>.</p><p>- i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have <a href="https://infosec.exchange/tags/openedSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openedSource</span></a> my <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> module. its basically a thin wrapper around vanilla cryptography functions of a <a href="https://infosec.exchange/tags/browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>browser</span></a> (webcrypto api).</p><p>- another concern for my kind of app (<a href="https://infosec.exchange/tags/PWA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PWA</span></a>) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for <a href="https://infosec.exchange/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a>. selhosting this app has some unique features. unlike many other <a href="https://infosec.exchange/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://infosec.exchange/tags/projects" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>projects</span></a>, this app can be hosted on <a href="https://infosec.exchange/tags/githubPages" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>githubPages</span></a> (instructions are provided in the readme). im also working towards having better support for running the index.html directly without a static server.</p><p>- to prevent things like browser extensions, the app uses strict <a href="https://infosec.exchange/tags/CSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSP</span></a> headers to prevent <a href="https://infosec.exchange/tags/unauthorised" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unauthorised</span></a> code from running. <a href="https://infosec.exchange/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> users should take note of this when setting up their own instance.</p><p>- i received feedback the <a href="https://infosec.exchange/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a>/#Simplex protocol is great. completely undertsandable and agree, but wonder if im reducing the <a href="https://infosec.exchange/tags/complexity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>complexity</span></a> by working with <a href="https://infosec.exchange/tags/webrtc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webrtc</span></a>. while it has its many flaws, i think risks can be reasonable mitigated if the <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> functions are implemented correctly. (all data out is <a href="https://infosec.exchange/tags/encrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encrypted</span></a> and all data in is <a href="https://infosec.exchange/tags/decrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>decrypted</span></a> on-the-fly)</p><p>- the key detail that makes this approach unique, is because as a <a href="https://infosec.exchange/tags/webapp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webapp</span></a>, unlike other solutions, users have a choice of using any <a href="https://infosec.exchange/tags/device" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>device</span></a>/#os/#browser. while a webapp can have nuanced <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilities</span></a>, i think by <a href="https://infosec.exchange/tags/openSourcing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSourcing</span></a> and providing instructions for <a href="https://infosec.exchange/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> and instructions to <a href="https://infosec.exchange/tags/build" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>build</span></a> for various <a href="https://infosec.exchange/tags/platforms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>platforms</span></a>, it can provide a reasonable level of <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a>.</p><p>i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the <a href="https://infosec.exchange/tags/frontend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>frontend</span></a> and the peerjs-server to be <a href="https://infosec.exchange/tags/hosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hosted</span></a> <a href="https://infosec.exchange/tags/independently" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>independently</span></a>, im on track for creating a <a href="https://infosec.exchange/tags/chatSystem" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chatSystem</span></a> with the "fewest moving parts". i hope you will agree this is true <a href="https://infosec.exchange/tags/p2p" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>p2p</span></a> and i hope i can use this as a step towards true <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a>. <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> might be further improved by using a trusted <a href="https://infosec.exchange/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a>.</p><p>while there are several similar apps out there like mine. i think mine is distinctly a different approach. so its hard to find <a href="https://infosec.exchange/tags/bestPractices" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bestPractices</span></a> for the functionalities i want to achieve. in particular <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> practices to use when using <a href="https://infosec.exchange/tags/p2p" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>p2p</span></a> technology.</p><p>(note: this app is an <a href="https://infosec.exchange/tags/unstable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unstable</span></a>, <a href="https://infosec.exchange/tags/experiment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>experiment</span></a>, <a href="https://infosec.exchange/tags/proofOfConcept" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proofOfConcept</span></a> and not ready to replace any other app or service. It's far from finished and provided for <a href="https://infosec.exchange/tags/testing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>testing</span></a> and <a href="https://infosec.exchange/tags/demo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>demo</span></a> purposes only. This post is to get <a href="https://infosec.exchange/tags/feedback" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>feedback</span></a> on the progress to determine if i'm going in the right direction for a secure chat app)</p>
SearchLive feeds
About