Bit of an odd intro: I'm a carpenter, 42 years at the bench. I'm the type who can't stand making the same thing everyone else makes, so I've always chased the technical side too - CNC, laser cutting, and lately building software to run my machines.
At some point I wanted to send my own designs to people without them leaking anywhere, and I went down the rabbit hole of how messaging actually works. What got me was realising how much of the "free" stuff is paid for with our privacy. That annoyed me enough that I decided to build my own messenger, mostly to learn. It grew from something simple into a real thing. I called it Sherlock.
Two things I cared about: proper encryption, and NOT tying it to a phone number - I built a different system for that.
I'm not going to pretend I reinvented cryptography. I'm a woodworker who got obsessed. So I'd rather hear it straight from people who actually know this stuff:
- How much does the "no phone number" approach really buy you if I get the rest wrong?
- For a small independent project, what's the bar before any of you would even consider trusting it - open source, audit, something else?
Genuinely here for the criticism, not the pats on the back.
You asked for criticism and advice, and that's exactly what I offered. It's based on my own experience here. I was offering it to be helpful. Just what exactly are you trying to achieve with this response? Because yeah, I'm not getting attacked, I'm getting lectured. For offering advice when it was solicited.
I'm certain you don't see the problem here, so I'm out. But for the love of Christ, just use AI to set up, harden, and manage a Matrix server instead of wasting tokens building your own application. You'll end up with something much more secure than an app with a possibly-bad crypto implementation that you don't have the experience to see, find, or fix.
You're right, and I owe you an apology. My frustration in that earlier reply wasn't aimed at you - it was about a pile of "you're a bot / fraud" comments, and you got caught in the blast. That wasn't fair. Your advice was genuine and useful, and you didn't deserve to be lumped in with that.
The Matrix-server point is well taken, honestly. You're right that I don't have the experience to find and fix a bad crypto implementation alone - that's exactly why an external review matters before I'd ever tell anyone to rely on it. I hear you.
Thanks for taking the time, twice. I mean that. Sorry it landed as a lecture - that's on me.
(English isn't my first language - AI helps me translate.) Sorry
Ah, you're alright mate. Like I said, I got the same guff when I posted my first project here, and it sucked. I wanted to offer my advice because I think it's brilliant that AI is opening up development to a whole new raft of people, and I'm excited to see more people building neat little software projects that fill their needs - we get to watch peoples' journeys unfold through repo commits. It's like watching someone's first Dark Souls playthrough.
I have another bit of feedback which I hope might be helpful: Everyone is building an encrypted messaging app these days. Do something new, and use your carpentry experience to inform what that something is. You have a wealth of knowledge and this thing is an incredible tool for augmenting that, see if you can solve an old hard problem with it!
See, now I want to help again 😂 What tools are you using and do you have any harnesses set up and what's your system prompt like? The beautiful thing about agents is that you can just point them at repos and have them cherrypick the useful bits. Here's a few that you may find useful:
on_outputhook, but it includes my custom self-checking harness that I built for myself as well)