This looks like a good faith project, and OP surely put in time (2y+) and effort. Yet I would have discouraged them to make such a project at this time. OP seems like a well meaning but young, at the start of their career. A proper modern messaging app takes a great technical effort (even while the core concept itself is extremely primitive and could be coded in 10m) and even with that in mind, for end-users it's not really about technology, but trust - on long, long term. And you can't gain that as a blank page dev with no open source karma (or posing as such to stay anonymous).
Putting in so much effort to chase the holy grail of a new concept of a messaging app is like a film student who wants to cram in all their ideas in life to make something epic in movie no. 1. There are some who can stroke genius on first try, but the current project doesn't strike me as such. Props for making a product that is coherent and looking useful on the surface level, but I wish you'd put efforts in something smaller in scope first (or contributing to something already existing) and gaining more of a foothold first before tackling a messaging project.
Respectfully, you don't know what you're talking about. you have no idea who I am and are projecting your opinions of me and my efforts on my project (mostly incorrect). A lot of it seems like an attempt to discredit the project.
Scrutiny is something I come across a lot in the cybersecurity space (as it should be). its encouraged to make sure ideas hold-up. Your pushback here lacks substance.
Links to the technical docs are provided in the post. Feel free to reach out for clarity on the details.
> blank page dev with no open source karma (or posing as such to stay anonymous)
The problem as I wrote is not technical. I'd use a video converter or a string parser - that are offline and "download once" - gladly from any OS project. For a chat app that I'd use long term to share private communications would require trust, more contributors, and some background info - not names or an address, but some About section and a sense that the whole thing doesn't rely on the motivations of a single person and that there is some mutual/community oversight.
Understandable concerns, but then we start to talk about my limitation as a solo developer on an unfunded side project.
> blank page dev with no open source karma
I dont want anyone to just "trust me bro". im mainly active on reddit. I ask for feedback on relevant subs. What you see on my app is the result of several iterations from feedback and my learnings. This is a recent post about how encryption is being used.
I discuss various details on reddit to seek feedback. Feedback on experimental code has always been hard to ask for even before AI slop and i get my fair share of criticism about my code.
I previously worked on a open source version of the project. I created docs and communicated a reasonable amount about the details. It would have been worth collaborating with if i could get some kind of open-source funding. Ive tried grants and donations platforms. for similar resons to you, no grant wants to support this project and nobody donates (completely understandable). In the age of AI, it looks like a weekend project. That version of the project looks like this: https://github.com/positive-intentions/chat
I leave that open source because it demonstrates some core concepts around my project that i cant see anywhere else (webapp, no registration/installation, browser-based signal protocol, etc)... but after how long i worked on it, it seems open source isnt sustainable. That leads me to the latest version linked in this post. its and improvement over the open-source version in every way.... but i try to be clear that its still far from finished, because there are a lot of things to address before promoting this as ready.
While its understandable youd like a project like this run by a team of experts, there are limitation in what i can do beyond open-sourcing and talking about it. Some of the grant applications rejected with reasons along the lines of me being a one-man-band. completely understandable, but experts are not going to hire themselves on this project.
My motivations on this project are simple. I want to create a secure messaging app with the aim for it to be able to support me. it is reasonably open source, but not 100% in order for me to remain competative. (im sure you can imagine what AI is capable of if i fully open source it). I think its works in a fairly unique way, and i think i sufficiently demonstrate it.
IMPORTANT: Lets get a few things out of the way first. My app is not better than Whatsapp in any way. It hasnt been reviewed or audited. This app works by exchanging IP addresses... This app is NOT for anonymous comms.
The project is experimental and far from finished. It's presented for testing, feedback and demo purposes only. Use responsibly.
---
By leveraging WebRTC for direct browser-to-browser communication, it eliminates the middleman entirely. Users simply share a unique URL to establish an encrypted, private channel. This approach effectively bypasses corporate data harvesting and provides a lightweight, disposable communication method for those prioritizing digital sovereignty.
Features:
- P2P
- End to end encryption
- Signal protocol
- Post-quantum cryptography
- Multimedia
- file transfer
- Video calls
- No registration
- No installation
- No database
- TURN server
This project isnt finished enough to compare to existing tools like Simplex, Signal and WhatsApp... This is intended to introduce a new paradigm in client-side managed secure cryptography. Allowing users to send securely encrypted messages; no cloud, no trace.
The key difference in this approach is that it's presented as a webapp. This allows for the easiest way to get started by avoiding installation and registration.
Couldn't make it work with a friend sitting next to me. The QR codes led to the website but didn't add a contact. Manually adding the ID resulted in the number abruptly disappearing with no feedback and no effect.
> "The Signal Protocol in rust that compiles to WASM for browser-based usage."
Is this safe to do? Are all secure operations browser-safe and separate? Does this avoid side channels? The browser is famously challenging for safe encryption.
This looks like a good faith project, and OP surely put in time (2y+) and effort. Yet I would have discouraged them to make such a project at this time. OP seems like a well meaning but young, at the start of their career. A proper modern messaging app takes a great technical effort (even while the core concept itself is extremely primitive and could be coded in 10m) and even with that in mind, for end-users it's not really about technology, but trust - on long, long term. And you can't gain that as a blank page dev with no open source karma (or posing as such to stay anonymous).
Putting in so much effort to chase the holy grail of a new concept of a messaging app is like a film student who wants to cram in all their ideas in life to make something epic in movie no. 1. There are some who can stroke genius on first try, but the current project doesn't strike me as such. Props for making a product that is coherent and looking useful on the surface level, but I wish you'd put efforts in something smaller in scope first (or contributing to something already existing) and gaining more of a foothold first before tackling a messaging project.
Respectfully, you don't know what you're talking about. you have no idea who I am and are projecting your opinions of me and my efforts on my project (mostly incorrect). A lot of it seems like an attempt to discredit the project.
Scrutiny is something I come across a lot in the cybersecurity space (as it should be). its encouraged to make sure ideas hold-up. Your pushback here lacks substance.
Links to the technical docs are provided in the post. Feel free to reach out for clarity on the details.
Valid and yes, but it's why I wrote it like
> blank page dev with no open source karma (or posing as such to stay anonymous)
The problem as I wrote is not technical. I'd use a video converter or a string parser - that are offline and "download once" - gladly from any OS project. For a chat app that I'd use long term to share private communications would require trust, more contributors, and some background info - not names or an address, but some About section and a sense that the whole thing doesn't rely on the motivations of a single person and that there is some mutual/community oversight.
Understandable concerns, but then we start to talk about my limitation as a solo developer on an unfunded side project.
> blank page dev with no open source karma
I dont want anyone to just "trust me bro". im mainly active on reddit. I ask for feedback on relevant subs. What you see on my app is the result of several iterations from feedback and my learnings. This is a recent post about how encryption is being used.
https://www.reddit.com/r/cryptography/comments/1rix3nb/imple...
I discuss various details on reddit to seek feedback. Feedback on experimental code has always been hard to ask for even before AI slop and i get my fair share of criticism about my code.
I previously worked on a open source version of the project. I created docs and communicated a reasonable amount about the details. It would have been worth collaborating with if i could get some kind of open-source funding. Ive tried grants and donations platforms. for similar resons to you, no grant wants to support this project and nobody donates (completely understandable). In the age of AI, it looks like a weekend project. That version of the project looks like this: https://github.com/positive-intentions/chat
I leave that open source because it demonstrates some core concepts around my project that i cant see anywhere else (webapp, no registration/installation, browser-based signal protocol, etc)... but after how long i worked on it, it seems open source isnt sustainable. That leads me to the latest version linked in this post. its and improvement over the open-source version in every way.... but i try to be clear that its still far from finished, because there are a lot of things to address before promoting this as ready.
While its understandable youd like a project like this run by a team of experts, there are limitation in what i can do beyond open-sourcing and talking about it. Some of the grant applications rejected with reasons along the lines of me being a one-man-band. completely understandable, but experts are not going to hire themselves on this project.
My motivations on this project are simple. I want to create a secure messaging app with the aim for it to be able to support me. it is reasonably open source, but not 100% in order for me to remain competative. (im sure you can imagine what AI is capable of if i fully open source it). I think its works in a fairly unique way, and i think i sufficiently demonstrate it.
Some more details about roadmap and faq's here: https://positive-intentions.com/docs/technical/p2p-messaging...
IMPORTANT: Lets get a few things out of the way first. My app is not better than Whatsapp in any way. It hasnt been reviewed or audited. This app works by exchanging IP addresses... This app is NOT for anonymous comms.
The project is experimental and far from finished. It's presented for testing, feedback and demo purposes only. Use responsibly.
---
By leveraging WebRTC for direct browser-to-browser communication, it eliminates the middleman entirely. Users simply share a unique URL to establish an encrypted, private channel. This approach effectively bypasses corporate data harvesting and provides a lightweight, disposable communication method for those prioritizing digital sovereignty.
Features:
- P2P
- End to end encryption
- Signal protocol
- Post-quantum cryptography
- Multimedia
- file transfer
- Video calls
- No registration
- No installation
- No database
- TURN server
This project isnt finished enough to compare to existing tools like Simplex, Signal and WhatsApp... This is intended to introduce a new paradigm in client-side managed secure cryptography. Allowing users to send securely encrypted messages; no cloud, no trace.
Technical breakdown: https://positive-intentions.com/docs/technical/p2p-messaging...
Demo: https://p2p.positive-intentions.com/iframe.html?globals=&id=...
Docs: https://positive-intentions.com/docs/technical
NOTE: The app is currently working without setup, but as I look towards going into a saas-direction, I don't think I can avoid user registration.
What are the advantages of this over Session for example?
The key difference in this approach is that it's presented as a webapp. This allows for the easiest way to get started by avoiding installation and registration.
Couldn't make it work with a friend sitting next to me. The QR codes led to the website but didn't add a contact. Manually adding the ID resulted in the number abruptly disappearing with no feedback and no effect.
Thanks. I'll take a look.
The best link to use is: https://p2p.positive-intentions.com/iframe.html?globals=&id=...
It might also be a good idea to try between 2 new incognito browser sessions (so the site-data is clear).
> "The Signal Protocol in rust that compiles to WASM for browser-based usage."
Is this safe to do? Are all secure operations browser-safe and separate? Does this avoid side channels? The browser is famously challenging for safe encryption.
https://www.reddit.com/r/cryptography/comments/1rix3nb/imple...
It is indeed challenging and you can take a look at that link for some further details of what is available.
It's also why it's important to mention it's a work in progress.