P2P allows for a fairly unexplored infrastructure for content moderation. In this app, the feed of images would only be from people you connect to. For people to connect to you, you have to share a crypto random id.

As a webapp you can clear the site data by logging out. Basically, people cannot randomly connect to you and share things you don't like.

I won't be adding anything like a global feed. Only content that you shared or received.

This doesn't remove the risk of people sending you things you don't like so I'm all ears for an approach to that. I didn't make much progress on the following. If there are any hard features you think would help, let me know. I'd like to make some time to create a "block contact" but it'll take time and consideration to do it properly (so I don't expect it soon). Things like logging out and being able to backup your profile might be enough, but not as user-friendly as it could be.

https://www.reddit.com/r/darknetplan/comments/16qw24o/on_my_decentralized_chat_app_i_want_some_kind_of/

It's similar to matrix in many ways. The key difference is with mine it's is purely browser based. Unlike traditional solutions like matrix where you have a (self)hosted server, mine does not require things like registration or installation.

I don't think this kind of app could be an alternative to instagram because of it only being P2P with only people you know.

The app is using webRTC which exposes IP addresses, so you wouldn't want something like a global feed on this.

Immich sounds interesting. I'd like to make time to check it out.

The app is a active work in progress. I try to make this clear in my post. Any "protocol" being used, is subject to change as I make improvements.

You raise some good points about rotating keys and forward secrecy. These are things I will be including, but the app is far from finished.

Maybe this helps a bit (I know it's not what you want, but it's the best I got at the moment without diving into the code): https://positive-intentions.com/docs/research/authentication/

An understandable view. Not sure what you mean by lengthy, but I can confirm my app is not well documented. If the MDN docs count, its a fairly thin wrapper around the functionality provided by the browser of your choice.

https://github.com/positive-intentions/cryptography/blob/staging/src/stories/components/Cryptography.tsx

I'm using webpack 5 module federation to import that file at runtime. Perhaps over-engineered, but it's so I can keep the crypto functionality maintained separately. That repo is in need of more attention for things like unit tests, but the crypto implementation there is pretty basic.

I'm using peerjs-server. I'm also investigating other ways to achieve peer discovery which itself could be quite a discussion.

There is a lot to be fixed throughout but file transfer and video calls should be working if you try out the live app.

The project it's in its early stages. There isn't anything as formal as a protocol yet. That is also why there isn't good documentation about it... The best I have for your question is:

https://positive-intentions.com/docs/research/authentication

Thanks. It's been mentioned before and I'd like to take a look at it when I can make the time.

https://github.com/positive-intentions/chat

It uses webrtc for P2P connections.

I'm sure various factors affect any projects maturity.

I work on the project because I have a curiosity and the ability to try. Compared to other project, a webapp is pretty easy to get started on as a developer.

Sorry. It's quite buggy.

• Its best to start off by clearing all site data from the browser settings.
• Do not have multiple tabs of the app on the same device.
• It doesnt hurt to refresh to page.

What you're describing might be related to there being 2 tabs of the app running. This results in both reacting to the new-connection-event, but ultimately resulting in a data conflict.

Plugins shouldn't be an issue. For stronger security, i have CSP headers to try to prevent browser plugins reading data.

If nothing works then the egg is squarely on my face and my buggy app is too buggy.

perhaps.

it started of very vanillajs, but i found that users didnt like the appearance. so i added a faily basic implementation of material ui.

existing frameworks were not compatible with the look, feel and funtionality i was after. i still havent achieved it, but im happy with the progress.

Thanks. I've come across tox before. It's a good implementation. The aim of my project is not to compete, but more to demonstrate a different approach to P2P technology.

A key detail in mine is that it's made to work in a typical web browser. While things like chat functionality can be demonstrated in our app. The app is capable to do things like shared xr spaces and shared filesystems... Unfortunately those features are still in need of refinement before they become appealing to users, but it works for a proof-of-concept.

My app is different because the auth is handled between peers. So it could only every be people you shared your ID with. Security is important for me on this project. Its more important than the app being popular. https://www.reddit.com/r/CyberSecurityAdvice/comments/1ev5kqn/is_this_a_secure_messaging_app/

People should not connect to strangers on this app because of the potential risks of IP exposure... But between people you trust or between your own devices, it should work as expected for testing.

As for allowing links with expiration, you basically have that already with what looks like the login/logout functionality. There is no actual registration, it's just a UI for creating and deleting crypto random ID profiles.

Lemmy and the fediverse is a good idea. The federation makes it so I can see Lemmy posts on mastodon. Etc... id like to draw a parallel in my app with the chat-view and the inteagram-view

Users can selfhost the frontend and backend independently. When creating a profile, you can set it to use your own peerjs-server (set preferences)

The frontend is only run as client-side JavaScript. There isn't a step to "set up clients".

Thanks. I want to also investigate if YJS could also fit into the app.

https://positive-intentions.com/blog/p2p-social-media

https://www.reddit.com/r/cryptography/comments/1bs7slv/help_me_understand_postquantum_cryptography/

Sorry to redirect to Reddit. I'm new to Lemmy.

Tldr; there are several approaches to this issue. In the case of webapps, relying on the offering from the browser should be enough.

I'm also investigating if wasm could also be a way to introduce real-world-entropy to key generation (because I noticed it isn't possible to seed the browser key generation)