This is intended to introduce a new paradigm in client-side managed secure cryptography. We can avoid registration of any sort. A fairly unique offering in the cybersecurity space.
No need for things like phone numbers or registering to any app stores. There are no databases to be hacked. Allowing users to send E2EE messages and files; no cloud, no trace.
Features:
- PWA
- P2P
- End to end encryption
- Signal protocol
- Post-Quantum cryptography
- Multimedia
- File transfer
- Video calls
- Local-first
- No registration
- No installation
- No database
- TURN server
I started off with some open source versions of the core concepts.
- Chat
- File
- Crypto
Open source isnt sustainable. So im taking the Enkrypted.Chat project in a different direction.
To get started, you can take a look here: https://positive-intentions.com/docs/projects/enkrypted-chat/getting-started
To learn more or you want to do a deep-dive: https://positive-intentions.com/blog/introducing-enkrypted-chat
If you really want something to chew on, these are the bleeding-edge docs: https://positive-intentions.com/docs/technical
The docs may answer some questions, but feel free to reach out for clarity instead of reading all that slop.
IMPORTANT: Caution should be used for any unfamiliar project, especially this. I'd like to be clear that I am Al-slop-maxxing at scale. If youre looking for good code, clear docs or best-practices; you should look away now. While this is aiming to provide secure experience, it isnt audited or reviewed. I'm sharing for testing, feedback and demo purposes only. This is a technical demo of a unique concept. Please use responsibly.
(Note: Im actively in the process of rebranding from "positive-intentions" to "Enkrypted Chat". The wording may be inconsistent throughout the docs.)
I'm a little confused by "open source isnt sustainable". If you mean open source isn't usually paid development so it is hard for you to live off any income from it I'd be inclined to agree. But there are still ways to turn a profit from open source development. I think red hat and even docker would serve as good examples. For red hat they provide open source code and sell a service while docker provides core open source components while has some features are closed source and paid.
As others have pointed out privacy without transparency (in the way of making the underlying code open source) isnt a guarantee of privacy its a weak promise at best. While I do think it is difficult to make open source as profitable as closed source, removing openness in its entirety isn't a solution privacy focused people will accept.
As an example of a way to make money from this open source project: If you made the code open source and marketed towards companies where you could supply a secure communications network using a familiar interface and offered a license and support to them you'd still be able to make money without compromising the apps ability to create a meaningful network of privacy evangelists to vouch for you.
thanks for your feedback there. id like to share my thoughts and observations on your points.
its a great personal shame for me to go in the close-source direction. those links to the open source repos, will remain open source because its demonstrates the unique concept around how it work. if people are interested in how it works and dont want to trust me (and you shouldnt!)... the open source repositories demo the functionality and also have a reasonable ampount of documentation around it. i had deluded myself that if i opensource something unique like this, i would be able to get open-source funding. i have no experience in the matter, i was just working on a sideproject to begin with (and its arguably still a sideproject). i put focus on transparency, communication and documentation. the project still gets called a scam/slop whether is open/close source.
the app itself is pure client-side javascript so i dont see how i can offer a managed service.
while i have a "decent" amount of documentation on the project, i dont expect most people to take a look. that was all intended for transparency when seeking open source funding. open source cybersecurity seems prohibitively expensive wheather you're big-tech or not. my personal experience in seeking an audit: https://www.reddit.com/r/CyberSecurityAdvice/comments/1su8lir/security_audit_feedback_from_radically_open
id like to put things into perspective here:
https://github.com/positive-intentions/chat the core concept is demonstrated here. its a full functional p2p messaging with focus on client-side cryptography. i'll be keeping it open source. the key different is that the open source version doesnt have as nice a user experience... if a nice user experience make all the difference, then i dont think people are looking at it objectively.
i agree; and just to be clear im not removing openness in its entirety. its open-source to demonstrate how it works. if you want a secure open-source p2p encrypted messaging... you have that... it simply isnt going to be the best experience i can offer. if you want to fork the repo and try iron-out the creases yourself? be my guest (its pretty complicated, so feel free to reachout for clarity). perhaps im being naive, but i dont think any amount of vibecoding is going to make the open-source version competative to the close-source version.
this is very difficult for me. no idea what im doing in marketing and my candid communication doesnt seem well recieved. especially in the cryptography and cybersecurity communities. no idea how to do marketing beyond posting on reddit and lemmy. i have been spending most of my time in improving the project and i can do that forever... but i shouldnt. its something i need to work on.
i think i have offered a great deal of transparency, honesty and communication about how the app works. i expect it will be tough to sell "secure, but paid for messaging app", but it seems the only logical option. this isnt my first rodeo; open-source is not a gamble that will pay off.