It’s on the todo list. Like I mentioned in the parent post, it’s far from finished.

im pretty sure its zero-installation. its a webapp. you go to a url, then thats it.

with WebRTC, the p2p connections is established between browsers. so i think it has a strong case for being p2p. You would be using your own device to run the javascript in the browser and storage provided by the browser is also from your device.

it will do all the encryption, data storage, etc on your browser using only the resources the browser will provide. I believe the functionality as a result is substancially independent selfhosted and p2p.

thanks for your honest feedback.

ive had feedback that people dont know what my app does before. its actually why im in the process of rebranding to Glitr. it used to be called (and kinda is “positive-intentions”). its very early days in the rebranding process and your feedback helps to guage how im doing. its clear that more needs to be done.

those pictures at the bottom will be removed. i was already on the fence about it. i put it there to add a splash of color to the landing page experience.

as for open source and f-droid. the project is developing in a way that open source isnt sustainable and so i branched out to this project. open source and f-droid are still on the table for a separate and more advanced project (https://github.com/positive-intentions/chat). i think im confusing people by mentioning it at all.

i hope to work towards functionality to make my app as easy and intuitive to use as destiny. i try to be clear in things like my post that its a work in progress to help manage expectations.

Can you compare mine to Destiny?

I tried to make mine straightforward. Id like to know what kind of user flow I could aim for.

thanks for the advice. perhaps you have some tips of where i might have done something incorrectly in a previous attempt at open source and libre software. this could be a whole discussion, but i will try to be brief.

https://github.com/positive-intentions/chat

i optimistically started with the aim to get grant funding for a novel approach to secure and private communication using p2p tech. after countless rejections im dont think i should presue that direction.

so then i thought to create something competative in the space of file-transfer. the app would be is a simplified version of the chat app and with less complexity in exchange increased stability. thats that app mentioned in the parent post. mi might not work as privacy solution, but it could still be competative in the tools for file-transfer if i can get it to nice stable polish that can work with massive file-sizes.

i briefly looked at how to get it on the f-droid store and there were details like moving things to gitlab. i then decided to push back indefinately in favor of focusing on the the file-transfer project.

if anyone want to help me with getting the chat app to the f-droid store, some initial changes can be found here: https://www.reddit.com/r/tauri/comments/1j6g71h/is_there_any_examples_out_there_of_a_tauri_app_in

im not entirely sure i have a service to sell. my efforts are on the PWA. the service i can sell is to provide the native build because people wont want to compile thier own. its a shot in the dark with the Play store, but im curious to see what happens.

Thanks for the links. I’ll need to learn more about this. My high-level thoughts are that I’d like control over my work so it may not be libre software.

https://www.reddit.com/r/cryptography/comments/1evdby4/is_this_a_secure_messaging_app/

This app is based on a similar technology. Maybe you can help me understand the concerns if it does all the things described in that post.

Thanks for the clarity.

To prevent things like the risk of infection, is why the app is primarily a webapp. Sanboxed by the browser of you choice.

I don’t think I’m fully understanding. It’s purely a webapp. No database. Client-side computation only.

Can you help me understand how I could reshape my project so it aligns to what you mean.

Im putting a hard-block on open-sourcing it after my previous project. But I’m generally communicative about how it works and happy to answer questions about it.

In the subject of licences, I don’t really know much there.

Given that I’m trying to sell it on the play store I guess you don’t control it?

What would be the concerns around this? Loads of things are close source. I expect it helps to create something competitive.

An entirely valid and understandable view to have. I’m sure you’re not suggesting different approaches shouldn’t be explored. My approach is fairly unique and im personally interested in what can be done with this.

This project is a PWA running on a S3 bucket. The app is free to use entirely. (Disclaimer: I’m in the process of putting something on the play store where I would like to charge for it.)

While syncthing seems appealing. There should always be options for approaching privacy. Mine stands out as a unique approach and so nessesary at least to demonstrate the concept.

I created an open source version first which demonstrates different concepts like instant messaging and video calls.

https://github.com/positive-intentions/chat

if i do a good job, it would have comparable features.

the key distinction between mine and other apps like syncthing, is that its provided as a zero-installation, zero-registration webapp.

so its basically ready-to-use at any point on any device that has a browser.

there isnt any UI for this yet, but id like to make it so users can input their own TURN/STUN servers as described in the peerjs docs: https://peerjs.com/docs/#peer-options-config

id like to work towards making it so that the frontend and backend are independently selfhostable to suit thier networking config.

hey. im working on something similar with more features and more robust cryptography.

its still a work-in-progress, but its available for testing if youd like to try it out.

https://github.com/positive-intentions/chat

group chat is still a work-in-progress, but it’ll work in a way where asymmetric and symmetric encryption keys are generated in javascript using cryptography tools provided by the browser of your choice.

when a connection is established over webrtc (which mandates encryption anyway), the asymmetric keys are exchanged using the diffie-helman technique.

the keys are persisted into browser storage (indexedDB) so in a future reconnection, new keys dont need to be rgenerated. if you connect to a “known-peer”, the keys can be used for a kind-of p2p authentication.

all the security here depends on the security of the connected devices involved. this approach is in contast to connecting to an api to authenticate and proxy encrypted messages.

for more info there may be related information/links here: https://positive-intentions.com/blog/security-privacy-authentication

That’s right. It’s using peerjs-server as the connection broker.

Thanks! That’s great to hear.

There’s sometimes a bug where you have to have to exchange that ID both ways.

There a lot of docs to read through so just in case you overlooked it, I hope the video on this page helps: https://positive-intentions.com/docs/basics/peers

If that doesn’t help, then it’s something I need to fix. I am aware of a few issues with connecting to people when not on the same network. Webrtc should still work, so I chalk it up to some bug I should prioritize.

Id be interested to hear about the experience of trying to connect with the file app. I added some changes to make things work better, if that works I may have an idea of how to fix it for the chat app.

the google stuff is only for the website. the apps have their own subdomains and CSP headers that block foreign scripts.

• https://file.positive-intentions.com/
• https://chat.positive-intentions.com/

(the direct links are found on the website footer under “links”)

the chat app is flexible in the ways it can be run as further described here: https://positive-intentions.com/blog/docker-ios-android-desktop. im trying things out with tauri and maybe some version hits the f-droid store at some point?

thanks! im playing around with the website to make the landing page experience more appealing. the apps themselves, are running inside an iframe.

the google stuff is only for the website. the apps have their own subdomains and CSP headers that block foreign scripts.

• https://file.positive-intentions.com/
• https://chat.positive-intentions.com/

(the direct links are found on the website footer under “links”)