- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
I’m working towards something for secure/private/simple P2P file transfer. It isnt as “simple” as it could be, im still working on it, but ive got it down to:
- Zero-installation as a PWA
- Zero-registration by using local-only storage
- P2P-authentication using WebCrypto API
- Fast data-transfer using WebRTC
It’s far from finished, but i think ive got it “usable” enough to ask for feedback on it.
I’m aware there are things like SFTP and several other established protocols and tools. I started doing this because I was learning about WebRTC and it seems suprisingly capable. This isnt ready to replace any existing apps or services.
(Note: I know you guys on lemmy are interested in open-source code. this project is a spin-off from a bigger project: https://github.com/positive-intentions/chat)
Let me know what you think about the app, features and experience you would expect from a tool like this.
You must log in or register to comment.
What are the advantages over OnionShare?
no-installation. easy to get started without registration. can share with any device with a browser.
as a PWA, there is no need for you or your peer to already be part of the ecosystem.
I use LocalSend pretty much everywhere within local networks I trust
the difference with my approach is that there is no registration or installation. as a webapp its easier for users to get started.
localsend is a good approach and my project isnt anywhere near the quality seen there (or several other examples). i hope to be able to create something competative in the space.
(i am investigating providing the app natively for various platforms for better reach, but the core requirement for my app is to have a modern browser)
I would rather use Magic Wormhole if I have to have an intermediate server operated by somebody else.
Your protocol isn’t documented enough to allow interoperability. It is important for folks to be able to develop their own clients and frontends; the ecosystem becomes richer and more resilient to attacks when there are many different implementations.
I’m not sensing an awareness of capabilities. Access to a file is one of the classic examples of a capability and a file-sharing system should be oriented around ensuring that references to files are unforgeable and copyable.
The terms of service are unacceptable and I won’t be trying out the product. I can point at exactly what’s wrong; talk to your attorney for details.
Users are expected to respect the intellectual property rights of others when using the app.
You don’t understand what file-sharing technology is used for.
We reserve the right to introduce tools and technologies for monitoring the performance of the app and improving its functionality. By using the app, you acknowledge and agree to this potential monitoring.
Ah yes, because telemetry has never been met with user backlash.
The company does not collect user data, apart from what is needed for monitoring tools to ensure the app’s stability and to make improvements.
You don’t need user data for that. Y’know what’s a lot easier? Just don’t collect user data!
We may also use Sentry.io for error monitoring and NLevel Software for analytics.
I block those.
The app may include functionality to report users, and we reserve the right for this functionality to send necessary details for any investigation.
Ah yes, completely fair that somebody accused of misbehavior gets their local data exfiltrated too.
Meanwhile Magic Wormhole merely tells us that it is MIT licensed and we can do whatever we like with it.
thanks for your thoughts and reply!
i’ll try my best to answer, feel free to ask for clarity on anything i miss.
I would rather use Magic Wormhole if I have to have an intermediate server operated by somebody else.
completely understandable. its worth noting, what you see is a GUI for peerjs-server. under the hood its using peerjs. im working towards making it so that the backend is configurable to point to your own instance. it currently points to the public peerjs-server as a way for users to easily get started. this functionality is already available in the positive-intentions/chat app. (i will also be adding the ability to specify stun/turn servers).
ensuring that references to files are unforgeable and copyable
it seems i need to better understand the concept of capabilities as you mentioned for me to be able to reply on that. im not sure if this answers the particular concern, but i’ll try explain what is happening in a sequence.
- user uses html input to select file from device. this requires the user to grant permissions.
- file loaded into into os/browser/js memory-space.
- this file is base64 encoded and sent to peer (base64 encoded to make the data serializable for network transfer)
- peer recieves file in base64 which can then be converted back into a file.
i notice things like the file is sent incompressed without modifications. for file-types like images, i am able to do things like remove exif data, but this isnt implemented.
The terms of service are unacceptable and I won’t be trying out the product
this is fair. i dont know much about creating terms but i previsouly asked about if i can remove them entirely. i recieved strong feedback to keep it: https://www.reddit.com/r/startup/comments/1jerkyb/do_i_need_to_have_terms_and_conditions_in_an_app/
i think i should speak more broadly about the terms and condition. i was aiming to have something generic so i dont have to talk to a lawyer. i certainly dont have a lawyer on-call. i had the terms checked by a professional lawyer who i think advised correctly. the aim for the terms was to be something of a cover-all so that i dont have to worry about being personally liable. (its the same as used in the chat app.)
telemetry
im happy to consider flexibility on this. i was thinking that if i can check the domain isnt the one im using, then to disable telemetry. but the whole selfhosting-angle to this project needs a lot of consideration.
Just don’t collect user data
im not collecting user data. it seems a unique approach and i dont fully understand how to articulate it. its why i mention about it being zero-registration. its local-only storage for everything. there are no databases. its a GUI for peerjs-server. i selected to use nlevelanalytics because they provided something that i consider reasonably secure because i can interact with an api (in contrast, all other tools wanted me to add some remote script in the <head>, which is where i draw the line.). on nlevelanalytics the UI is faily basic. i see dots on a map. i dont think its enough to pinpoint individuals, but it give me county+city combo. im sure fingerprinting on network requests can still be done as much as any other tool. hopefully introducing ways to disable telemetry can be more relieving. but i dont particularly want to have a lawyer on-retainer frequently updating those terms.
somebody accused of misbehavior gets their local data exfiltrated too
there much to consider about a sensitive implementation for this. its an old post and i havent made much progress on it, but the question still stands: https://www.reddit.com/r/darknetplan/comments/16qw24o/on_my_decentralized_chat_app_i_want_some_kind_of/ … what is worded in the terms, is to allow flexibility on the implementation when it comes to implementing something for the purpose of “reporting users”. i actively discuss about the details and implementation of my project on reddit and details around exfiltrating data from users is clearly important to discuss.
ultimately, i often mention that the project is far from finished. your points are important to consider but also the tip-of-iceberg in all the things to consider. im no expert in anything and this is a learning experience to create something. i hope that by discussing it in posts like this, i can get to something more agreeable.
Appreciate you adding the ability to manage STUN and especially TURN servers because this is sorely lacking in so many tools.
The unfortunate reality in my experience seems to be that a very large percentage of users are behind symmetric NAT on both ends, making TURN necessary for WebRTC to work at all.
- user uses html input to select file from device. this requires the user to grant permissions.
- file loaded into into os/browser/js memory-space.
- this file is base64 encoded and sent to peer (base64 encoded to make the data serializable for network transfer)
- peer recieves file in base64 which can then be converted back into a file.
There is no encryption?
the implementation is based on WebRTC which mandates encryption as part of the spec browsers have to confirm to.
in the app i have a concept of “contacts” in the app. when establishing a new contact, i use that webrtc channel to do a diffie-helman key-exchange (with RSA asymmetric keys used to exchange to AES symmetric keys). (im using vanilla os/browser cryptography tools as seen here: https://github.com/positive-intentions/cryptography/blob/staging/src/stories/components/Cryptography.tsx)
https://positive-intentions.com/docs/research/authentication
in my setup, all data that is being sent over webrtc, is already encrypted specific to a recipient. that encryption is a redundency over the WebRTC offering.
there is a performance hit with this redundency, but then allows me to have things like a way to verify public keys with a peer to prevent MITM vulnerbilities.
https://positive-intentions.com/blog/security-privacy-authentication
Magic wormhole is great, and croc as well, but there is no need to be rude and combative about it.
Why not? What tone would you take if you wanted folks to regret posting unpaid advertisements?
there is no need to be rude and combative about it.
Actually, I think that when anyone makes claims that their software is “private,” being combative is strictly necessary.
The bar needs to be set very high for any software that is handling our personal data and claiming to be private, because when these systems fail it can lead literally to the death of the user in some places in the world.
How do users in dangerous situations know what software they can rely on for private communications? It is through peer-review and reputation that we as a community filter down the available software to those things that we actually recommend. And peer-review is inherently combative, because it requires pointing out every potential weakness in any part of a system, and any hint of suboptimal behaviour.
Where is the source? Is it some subdirectory of the
positive-intentions/chatrepo?“file-transfer” as a capability is demonstrated in the chat app. the chat and file app are a GUI for peerjs-server.
