with the browser based version something similar to signing can be achieved with https://developer.mozilla.org/en-US/docs/Web/Security/Defenses/Subresource_Integrity … the update can be done with the unique hash being updated
i think along with the native build of the app, it should cover the bases for all users depending on their needs.
id like it browser-first, but its isnt limited. the features from the open source version can also be applied to the new version. but only worth doing when it reaches a reasonable level of stability.
https://positive-intentions.com/blog/docker-ios-android-desktop
versions control is especially important for cybersecurity and so details will be investigated for the best way to approach this. it would be particularly important to have locked versions that have a third-party security audit, but the project seems far from that.
in an ideal world where i manage to get the main project to be open source sustainably. it would make things more decentralized we can remove having the statics served from the internet like its possible on the opensource version. its possible to provide a static bundle that can work from running index.html in a browser without the need to run a static server.
the static bundle of the open source version can be seen and tested to work from this directory: https://github.com/positive-intentions/chat/tree/staging/Frontend
not true
care to elaborate for my benefit? i could stand to learn something if you have some insight. ive tried several grants applications and places that provide funding for open source project. im aware they exist… all rejected me. im sure many are inundated with project submissions that have a more professional quality and able to articulate details better than myself.
don’t trust anything else you say
this is the way. i have open source code so i dont have to ask you to trust me. its why its important for the MVP to remain open source.
the key distinction between this project and other is that its presented as a PWA. A key cybersecurity feature of this form-factor is that it can avoid installation and registration.
why are there closed source parts?
because open source wont pay the bills.
the javascript-over-the-internet is indeed a concern that has always been mentioned about this project. to address this, im investigating the to use service workers to cache the file. this is working to some degree, but needs improvement before i fully roll it out… i would like to aim for something like a button on the UI called “Update” that would invalidate the service-worker cache to trigger an update.
as for selhosting, i hope to have something more elegant than selfhosting on localhost or using a dedicated app. the capabilities are demonstrated on the open source version and are transferrable. its possible to provide a static bundle that can work from running index.html in a browser without the need to run a static server.
the static bundle of the open source version can be seen and tested to work from this directory: https://github.com/positive-intentions/chat/tree/staging/Frontend
when i reach a reasonable level of stability on the app, i would like to investigate things like a dedicated app as is possible on the open source version. https://positive-intentions.com/blog/docker-ios-android-desktop
Yes. Im investigating introducing clerk. I hope to use that to create a subscription model. I would like to charge $1 per-month as per the minimum allowed by clerk.
i started off thinking i could avoid charging users entirely given it seems a norm for secure messaging apps to be free. but given the grant rejects and the lack of donations on github sponsors (completely understandable), but its clear that it wont be able to sustain the project.
i also tried google adsense on the website/blog but it was making practically nothing. so i disabled it because it wasnt a good look when it goes against the whole “degoogling” angle.
thats right. the key distinction between this project and other like it like simpleX is that its presented as a PWA. A key cybersecurity feature of this form-factor is that it can avoid installation and registration.
The project is far from finished and it woudnt make sense to create something as clear as a comparison table. Especially because core features like group-messaging isnt working.
If you have features youd like me to compare, feel free to ask and i can tell you how it it compares.
Some technical details can be seen here if your want to draw your own comparison.
Its important for things like the cryptography module to remain open source for transparency and clarity (kerkhofs principles). Open sourcing things like the p2p framework would only put me at a competative disadvantage.
The open-spource version of the project is fully functional and has always been open source. I keep it open because the project demonstrate a unique concept, which is useful to demonstrate with transparency. After seeking support for that version of the project, it is clear that there is no support for a one-man-band and so i deprecated it (and now call it an MVP). i am proceeding in a close source direction as i improve various details like UX and features.
There are several modules involved in the project. Some key parts are listed below
Open source:
Close source:
Just to be clear, my app is not better than jami (or any other app)… because its unreviewed close-source code.
The key distinction in my approach is that it’s a webapp-first approach. You can avoid registration and installation, which is a feature other apps don’t provide.
There are ways around using a central server to establish a p2p connection. It isn’t well explained or demonstrated, but the concept seems to work here: https://github.com/positive-intentions/chat/issues/6 … I’d like to explore this more with exchanging the required data over QR codes or NFC.
Simplex is a great approach for p2p communication. I can easily recommend it over what I have done so far. At the very least, it’s gone through things like a professional security audits and seem to keep a high standard in their practices.
It’s a webapp hosted on AWS S3. That can be shut down along with the domain. I’d like to improve the functionality I have for the cacheing, so that it doesn’t need to fetch the statics from online if it already previously fetched them.
The open source version has a mirror hosted on GitHub pages. You can fork it and run it yourself there for free: https://positive-intentions.com/blog/docker-ios-android-desktop#github-pages
its a work in progress and hope to get to a point its comparable to Signal and OnionShare.
for now, the purpose is to present open-source code to demonstrate a concept. like mentioned in the post it isnt ready to replace any existing tools.
I’m no expert on the matter of licences either. I made the open source code some bsd licence because some of the dependencies called for it.
I created some code and made some open source. I don’t have to apply that to all my projects.
I tried foss. I couldn’t get it to work so i’m trying something different.
Thanks!
Here is the foss equivalent of this project: https://github.com/positive-intentions/chat
Unfortunately, open source isn’t sustainable. I’m investigating close-source as a way to create something competitive. My plan is to try to sell it on the Play store.
As for pairdrop, their approach to peer discovery relies on knowing the network you’re connected to. This makes it easy to find peers in cases where you use the same WiFi network. In mine I’m using WebRTC to allow connections over the internet. Peer discovery is achieved by using crypto-random IDs exchanged as a link or QR code.
Ultimately it’s worth noting my app is a work in progress. I hope I can update the UX to make the functionality as seamless as pairdrop.
I have a weird setup with open and closed source.
I have open source examples of this code in action. If interested: https://github.com/positive-intentions/chat
Not only can you avoid installation, you aren’t locked to a platform like android and iOS.