Want to send E2E encrypted messages and video calls with no downloads, no sign-ups and no tracking?
This prototype uses PeerJS to establish a secure browser-to-browser connection. Using browser-only storage—true zerodata privacy!
Check out the pre-release demo here.
NOTE: This is still a work-in-progress and partially a close-source project. To view the open source version see here. It has NOT been audited or reviewed. For testing purposes only, not a replacement for your current messaging app.
- Docs: https://positive-intentions.com/docs/category/sparcle
- Reddit: https://www.reddit.com/r/positive/_intentions
- Mastodon: https://infosec.exchange/@xoron
- More: https://positive-intentions.com/
How it works:
PeerJS allows users to connect with a unique string. A crypto-random ID is generated automatically on the frontend and used for the connection.
To connect, you can share your unique ID. Strangers are not able to guess your ID. Upon the initial connection, new encryption keys are exchanged and persisted to browser storage. These are used to encrypt message payloads to be sent over the WebRTC connection as created with PeerJS.
After a page reload (or future session), the app automatically pings the “known peers”. If connecting to to a peer ID that is already registered, the previsously establish encryption keys are used to authenticate the user. This helps prevent MITM.
im still think of a better name for the project before i promote it properly as stable and secure. “positive-intentions” is understandably not well recieved.
i call it a “whatsapp clone” to better describe what it can be used for. this is in contrast to calling it a “p2p instant messaging app”… that just sounds too verbose.