this post was submitted on 27 Jul 2024
-5 points (43.2% liked)

Selfhosted

40132 readers
541 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

https://github.com/positive-intentions/chat

probably not... Because I'm comparing it to everything... but id like to share some details about how my app works so you can tell me what im missing. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify... but i want to understand why?

im not a cyber security expert. im sure there are many gaps in my knowlege of this domain.

using javascript, i created a chat app. it is using peerjs-server to create an encrypted webrtc connection. this is then used to exchange additional encryption keys from cryptography functions built into browsers to add a redundent layer of encryption. the key exchange is done like diffie-helman over webrtc (which can be considered secure when exchanged over public channels)

  • i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have opened sourced my cryptography module. its basically a thin wrapper around vanilla crypto functions of a browser. a prev post on the matter.

  • another concern for my kind of app (PWA) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for selfhosting. selhosting this app has some unique features. unlike many other selfhosted projects, this app can be hosted on github-pages for free and instructions are provided. im also working on introducing a way that users can selfhost federated modules. a prev post on the matter.

  • to prevent things like browser extensions, the app uses strict CSP headers to prevent unauthorised code from running. selfhosting users should take note of this when setting up their own instance.

  • i often get touted things like the Signal/Simplex protocol is amazing and great, etc. id like to compare that opinion to the observation in how my todo app demo works. (the work is all experimental work-in-progress and far from finished). the demo shows a simple functionality for a basic decentralized todo list. this should already be reasonably secure. i could add a few extra endpoints for exchanging keys diffie-helman style. which at this point is relatively trivial to implement. I think it's simplicity could be a security feature.

i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the frontend and the peerjs-server to be hosted independently, im on track for creating a chat system with the "fewest moving parts". im hope you will agree this is true p2p and i hope i can use this as a step towards true privacy and security. security might be further improved by using a trusted VPN.

i created a threat-model for the app in hopes that i could get a pro-bono security assessment, but understandable the project is too complicated for pro-bono work.

i created a decentralized todo list demo using the p2p framework used in the chat app. this is to demonstrate the bare-minimum functionality of decentralised messaging and state management.

while there are several similar apps out there like mine. i think mine is distinctly a different approach so its hard to find best practices for the functionalities i want to achieve. in particular security practices to use when using p2p technology.

top 13 comments
sorted by: hot top controversial new old
[–] just_another_person@lemmy.world 10 points 3 months ago (1 children)

One of the bigger things that makes something "secure" is going to be a chain of trust, whereas you are using a third-party library. That's one difference, but as you've already mentioned, a larger security model and protocol with solid functional tests and regular auditing is probably going to be safer than something like this.

[–] xoron@lemmy.world 1 points 3 months ago (1 children)

How can I describe the chain of trust in a self hosted system? I'm sure auditing will help inspire confidence but this isn't something I can do for the app. Open sourcing is the next best thing to open it up to public review.

[–] just_another_person@lemmy.world 3 points 3 months ago (1 children)

A third-party library breaks chain of trust was my point. If you don't have control over the code being used, you can't certify it to be absolutely safe. This is something fairly essential when trying to prove your software to be secure. See the 'xz' fiasco from earlier this year.

[–] xoron@lemmy.world 2 points 3 months ago (1 children)

The frontend and the peerjs-server are open source and selfhostable independently. This should address any third party concerns. Perhaps the app can only be considered secure if it's self hosted?

[–] just_another_person@lemmy.world 3 points 3 months ago

Well, I guess it depends on your audience. I'm not saying don't put it out there. I was just giving you the answers you were asking for in your original post by comparison. Put it out on GitHub, listen to issues filed, address concerns, and just work with it. If you think it really sets itself apart and is useful in some way, there's absolutely no reason to not put it out.

[–] Asudox@lemmy.world 5 points 3 months ago (1 children)

I still think Briar and SimpleX are the best ones for both privacy and anonymity.

[–] xoron@lemmy.world 2 points 3 months ago (1 children)

I'm genuinely curious why neither have a webapp offering. You can avoid the official app stores by providing things like APK, but as a webapp you can avoid the installation step, which seems it might be useful for people who would use briar or simplex.

The way this app works, makes it so "anonymous" chat isn't possible. With IP's being shared it isn't a good idea.

I also have quite an ugly UI compared to those other solutions. This will improve over time. But im sure it's a barrier to attracting users compared to other chat apps.

[–] RmDebArc_5@sh.itjust.works 3 points 3 months ago (2 children)

The problem with web apps is that even if the messenger is perfectly secure your web browser/webview provider might not be. Like with windows recall, even if you have the most secure messenger it doesn’t matter if an underlying function scans your info. This doesn’t mean there shouldn’t be the option for a webapp, but it shouldn’t be the default.

[–] xoron@lemmy.world 2 points 3 months ago

Browsers, operating system and peers can become compromised.

Ultimately users have to be responsible with how and who they connect to. The app otherwise is only as secure and as restricted as any other website. As a web app there are nice features like being able to inspect network activity and code.

A typical mainstream browser can be considered to have been sufficiently reviewed. But you aren't limited like you would be if the offering was from an app store.

[–] kurcatovium@lemm.ee 2 points 3 months ago

I can't think of how p2p messengers even could have webapp.

[–] d4f0@lemmy.world 2 points 3 months ago (1 children)
[–] xoron@lemmy.world 2 points 3 months ago (1 children)

Cool! I haven't come across this one before. Thanks for pointing me to it.

[–] d4f0@lemmy.world 0 points 3 months ago

You're welcome.

I use it with a friend that's really concerned about security and privacy. The only downside I've faced is that adding contacts its kinda bodersome if you're not fisically together.

It's supossedly used by the French government, so I guess it says something about its security and privacy.