It’s on the todo list. Like I mentioned in the parent post, it’s far from finished.

im pretty sure its zero-installation. its a webapp. you go to a url, then thats it.

with WebRTC, the p2p connections is established between browsers. so i think it has a strong case for being p2p. You would be using your own device to run the javascript in the browser and storage provided by the browser is also from your device.

it will do all the encryption, data storage, etc on your browser using only the resources the browser will provide. I believe the functionality as a result is substancially independent selfhosted and p2p.

thanks for your honest feedback.

ive had feedback that people dont know what my app does before. its actually why im in the process of rebranding to Glitr. it used to be called (and kinda is “positive-intentions”). its very early days in the rebranding process and your feedback helps to guage how im doing. its clear that more needs to be done.

those pictures at the bottom will be removed. i was already on the fence about it. i put it there to add a splash of color to the landing page experience.

as for open source and f-droid. the project is developing in a way that open source isnt sustainable and so i branched out to this project. open source and f-droid are still on the table for a separate and more advanced project (https://github.com/positive-intentions/chat). i think im confusing people by mentioning it at all.

i hope to work towards functionality to make my app as easy and intuitive to use as destiny. i try to be clear in things like my post that its a work in progress to help manage expectations.

Can you compare mine to Destiny?

I tried to make mine straightforward. Id like to know what kind of user flow I could aim for.

thanks for the advice. perhaps you have some tips of where i might have done something incorrectly in a previous attempt at open source and libre software. this could be a whole discussion, but i will try to be brief.

https://github.com/positive-intentions/chat

i optimistically started with the aim to get grant funding for a novel approach to secure and private communication using p2p tech. after countless rejections im dont think i should presue that direction.

so then i thought to create something competative in the space of file-transfer. the app would be is a simplified version of the chat app and with less complexity in exchange increased stability. thats that app mentioned in the parent post. mi might not work as privacy solution, but it could still be competative in the tools for file-transfer if i can get it to nice stable polish that can work with massive file-sizes.

i briefly looked at how to get it on the f-droid store and there were details like moving things to gitlab. i then decided to push back indefinately in favor of focusing on the the file-transfer project.

if anyone want to help me with getting the chat app to the f-droid store, some initial changes can be found here: https://www.reddit.com/r/tauri/comments/1j6g71h/is_there_any_examples_out_there_of_a_tauri_app_in

im not entirely sure i have a service to sell. my efforts are on the PWA. the service i can sell is to provide the native build because people wont want to compile thier own. its a shot in the dark with the Play store, but im curious to see what happens.

Thanks for the links. I’ll need to learn more about this. My high-level thoughts are that I’d like control over my work so it may not be libre software.

https://www.reddit.com/r/cryptography/comments/1evdby4/is_this_a_secure_messaging_app/

This app is based on a similar technology. Maybe you can help me understand the concerns if it does all the things described in that post.

Thanks for the clarity.

To prevent things like the risk of infection, is why the app is primarily a webapp. Sanboxed by the browser of you choice.

I don’t think I’m fully understanding. It’s purely a webapp. No database. Client-side computation only.

Can you help me understand how I could reshape my project so it aligns to what you mean.

Im putting a hard-block on open-sourcing it after my previous project. But I’m generally communicative about how it works and happy to answer questions about it.

In the subject of licences, I don’t really know much there.

Given that I’m trying to sell it on the play store I guess you don’t control it?

What would be the concerns around this? Loads of things are close source. I expect it helps to create something competitive.

An entirely valid and understandable view to have. I’m sure you’re not suggesting different approaches shouldn’t be explored. My approach is fairly unique and im personally interested in what can be done with this.

This project is a PWA running on a S3 bucket. The app is free to use entirely. (Disclaimer: I’m in the process of putting something on the play store where I would like to charge for it.)

While syncthing seems appealing. There should always be options for approaching privacy. Mine stands out as a unique approach and so nessesary at least to demonstrate the concept.

I created an open source version first which demonstrates different concepts like instant messaging and video calls.

https://github.com/positive-intentions/chat

if i do a good job, it would have comparable features.

the key distinction between mine and other apps like syncthing, is that its provided as a zero-installation, zero-registration webapp.

so its basically ready-to-use at any point on any device that has a browser.

there isnt any UI for this yet, but id like to make it so users can input their own TURN/STUN servers as described in the peerjs docs: https://peerjs.com/docs/#peer-options-config

id like to work towards making it so that the frontend and backend are independently selfhostable to suit thier networking config.

hey. im working on something similar with more features and more robust cryptography.

its still a work-in-progress, but its available for testing if youd like to try it out.

https://github.com/positive-intentions/chat

Thanks! That’s great to hear.

There’s sometimes a bug where you have to have to exchange that ID both ways.

There a lot of docs to read through so just in case you overlooked it, I hope the video on this page helps: https://positive-intentions.com/docs/basics/peers

If that doesn’t help, then it’s something I need to fix. I am aware of a few issues with connecting to people when not on the same network. Webrtc should still work, so I chalk it up to some bug I should prioritize.

Id be interested to hear about the experience of trying to connect with the file app. I added some changes to make things work better, if that works I may have an idea of how to fix it for the chat app.

the google stuff is only for the website. the apps have their own subdomains and CSP headers that block foreign scripts.

• https://file.positive-intentions.com/
• https://chat.positive-intentions.com/

(the direct links are found on the website footer under “links”)

the chat app is flexible in the ways it can be run as further described here: https://positive-intentions.com/blog/docker-ios-android-desktop. im trying things out with tauri and maybe some version hits the f-droid store at some point?

thanks! im playing around with the website to make the landing page experience more appealing. the apps themselves, are running inside an iframe.

the google stuff is only for the website. the apps have their own subdomains and CSP headers that block foreign scripts.

• https://file.positive-intentions.com/
• https://chat.positive-intentions.com/

(the direct links are found on the website footer under “links”)

thanks! i’ll make a note of that to add. it looks reletively simple to implement in JS, i’ll need to check more about browser compatability. tls 1.3 is already in use. i otherwise have wording throughout that users must trust who they connect to.

as for browser extensions, there are CSP headers set to prevent them from accessing personal details.

impossible to update the software

considering the app amounts to a bunch of statics. they wint update themselves if you dont want it to. the app works in many different forms because all form factors can have nuanced security details. its better for security that if people have the ability to selfhost, then they also have the option to choose the form-factor they use based on their preferences.

All nice ideas! I’ll take a note. I’d like to make time to make it so on each initial connection it generates new keys too. This should be what I think is forward-secrecy. (Let me know if I’m wrong.)

I don’t know the specifics of VPN and it’s implication with webrtc, I tried testing and sharing my observations here. I’m open to advice here.

You asked about native builds… Tbh I don’t know much about it. I did a short search-engine search and these seem to be well regarded. (Currently?) As a pwa I have a lot of flexibility in the apps form-factor. I was thinking about how easy it would be to make it into a browser extension. (It’s not about it being useful, but just providing that extra option.)