this post was submitted on 26 Apr 2025
147 points (84.8% liked)

Privacy

37279 readers
1470 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
147
Send files privately. No cloud. No trace. (glitr.io)
submitted 2 days ago* (last edited 1 day ago) by xoron@programming.dev to c/privacy@lemmy.ml
54 comments fedilink hide all child comments
 

glitr.io

im working on a p2p file transfer app. at the moment its a close-source webapp, but i hope to work towards some selfhosted options as seen on my other projects.

the storage is local-only from your browser/device. so like "the cloud", but the cloud storage capacity is made up of your devices.

ive recently updated the landing page and i hope ive got it as simple as possible to transfer a file from one device to another.

im looking for feedback on the experience.

(Note 1: its still a work in progress. if there is an issue, you can usually refresh the browser and try again)

(Note 2: it seems important to mention: this app is not libre software. This needs more consideration to see if I can align to this. For information and open-source examples of the code in action, take a look at the docs and github for decentralized chat)

top 50 comments
sorted by: hot top controversial new old
[–] Melody@lemmy.one 3 points 4 hours ago (1 children)

I'm of the opinion that you should probably provide Source Code on a "Source Available" basis to people who ask and have a need to see it to audit or self-compile. The lack of "Open-ness" in your code is disturbing.

I won't comment or judge on your decision to refuse to offer this software on a Libre basis. You absolutely have the right to monetize as necessary; especially if this code is speaking to a backend infrastructure that you maintain for it. Even if all you do is aim to break even and pay for those servers.

The experience is extremely unintuitive. I couldn't get your app to work at all on my privacy enforcing browser within the confines of my privacy enforcing LAN. (Yes; I do/did enable WebRTC and the other required technologies, however they're enabled in a privacy respecting manner.) Neither of my devices would show or remain connected once added. There were no popups or information given to me by the app to troubleshoot the issue; and I'm not going to crank open a Dev Console for something that I can't contribute to anyways. If your software is going to remain closed in source; "It should just work™".

[–] xoron@programming.dev 2 points 4 hours ago

thanks!

im a developer im not much of an expert on licences of any kind. i created code and decided to open source it here: https://github.com/positive-intentions/chat . when i say the close source app is "based on" the open source code, i hope it doesnt undermine that it itself is a fully functional p2p messaging system (im of the opinion that all projects will always need refinement). anyone with issues about close-source code should take a look at the open-srouce version. its basically more functional but it seems too complex to maintain as open source andd thus this new project.

id like to offer the statics as a zipped folder. this is in the roadmap, but the code will be minified and obfuscated. about as opaque as possible for "source available". i dont know much on the matter, but id like to learn more about if this can be made into libre software. its hardly modifyable or studyable.

while i dont want you to "trust me bro", i am actively developing it and improving the functionality. so that static bundle will have to be build by the CI/CD and it will update along with the app. it goes without saying, the project is not mature enough to have things like security audits.

thanks! for your feedback there! ahh the connection bugs. unfortunately this is is one of the trickier bugs. im working towards fixing that asap. i have an idea of a fix, but im trying to avoid rewriting a core piece. have you tried closing the app on both devices and trying again (sorry, i know its a bit cliche).

if its not a secret, can you maybe tell me more about your LAN setup for me to set something up and try? i certainly aim for it to "just work".

[–] fmstrat@lemmy.nowsci.com 7 points 6 hours ago (2 children)

Closed source and a crowded market.

Sorry to say, but I don't think you understand the audience for this.

[–] xoron@programming.dev 2 points 6 hours ago (1 children)

If interested in how it works and to see code examples, this project is based on my beefier open-source code seen here: https://github.com/positive-intentions/chat

[–] phantomwise@lemmy.ml 1 points 6 hours ago (1 children)

He probably means that people who want extreme privacy and would use such a tool would also not trust anything close source, even if it's based on an open source project

[–] xoron@programming.dev 1 points 5 hours ago

I mean to draw attention to the open source code in such a case.

[–] cy_narrator@discuss.tchncs.de 0 points 5 hours ago

People in here are either wannabe snowden or sell some grass

[–] als@lemmy.blahaj.zone 6 points 8 hours ago (2 children)

I use magic wormhole for these sorts of things. There are many FOSS clients and the protocol is open. Here's my android client of choice and my Linux client of choice. There are also many options of other GUI and command line implementations.

[–] Psyhackological@lemmy.ml 2 points 6 hours ago

By the way this is a maintaned fork of your Android Client: https://github.com/iyox-studios/iyox-Wormhole

[–] xoron@programming.dev 1 points 8 hours ago

Thanks. I hope to get to a point where I can make the experience as seamless as workhole.

To compare solutions, a key details around providing my app as a webapp, is to avoid the requirement of a client. this opens up the set of compatible platforms.

(Note: it's a common request for me, so by popular demand, i will aim to provide binaries for the major platforms.)

[–] cy_narrator@discuss.tchncs.de 1 points 5 hours ago

Just use OnionShare

[–] chaoticnumber@lemmy.dbzer0.com 27 points 15 hours ago (1 children)

Foss or gtfo. Im not letting a black box see my files. I dont care what you claim, I have been burned before.

[–] butsbutts@lemmy.ml 20 points 1 day ago (1 children)

strong title

  • not open source
  • similar to other free software but might have some difference (webrtc?)
  • what is the market for that target user (doesnt seem include lemmy audience) who needs that difference
[–] xoron@programming.dev -1 points 23 hours ago (2 children)

Strong title needed for strong claims.

Its based on open source code. https://github.com/positive-intentions/chat . I'd be happy for feedback on that too.

Webrtc would be able to outperform all other methods for transfer speed (useful for when sending larger files)

I'm sure there is a market for eople who want to transfer files. With a zero-installation, zero-registration, it should make it easy for people to get started.

[–] militaryintelligence@lemmy.world 5 points 22 hours ago* (last edited 22 hours ago) (1 children)

Hold the phone. You basically modified open source code and plan to sell it on the app store as closed source. Correct?

[–] xoron@programming.dev 6 points 22 hours ago (3 children)

Just to be clear, my own open source code. Yes.

[–] mukt@lemmy.ml 1 points 4 hours ago

Does it include even one line of anyone else's contribution to your open source code?

[–] pineapplelover@lemm.ee 6 points 16 hours ago (1 children)

You can't just steal open source code from yourself like that. Any derivatives would need to be open source also.

Disclaimer: Trying to make a silly retort but this might have a nugget of truth in it

[–] dogs0n@sh.itjust.works 2 points 6 hours ago

I believe their license (GPLv3) doesn't permit modifying the source code without releasing it to anyone who asks for it, but realistically, if it's only code they have written, they won't sue themself over it.

I'm no licensing expert, but that's how I see it.

[–] butsbutts@lemmy.ml 1 points 19 hours ago

well more competition = better so good luck!

[–] phoenixz@lemmy.ca 11 points 1 day ago* (last edited 1 day ago) (1 children)

If it's not open source then forget about it, it won't go anywhere. I've had that stance of all software for decades now, but in the last few years boat loads of others have caught on.

Its simple really. If the software is open source (ALL of it, servers, clients) we can all check it and all be sure it does what is advertised. If not, we have no way of knowing what you're doing, especially on the server side of things, and if we've finally collectively learned on thing, it's that we can't trust companies on the server side of things. Data WILL be used in other ways than advertised.

Since this software is supposed to be a security product, trust is paramount, and it's bot there at all. Unless this product would be open source I won't even look at it.

[–] xoron@programming.dev -1 points 1 day ago

Thanks for the empassioned speech/statement!

Perhaps you'd be interested in one of my open source projects. It's a beefier version of the app presented in the parent post.

https://github.com/positive-intentions/chat

On the point about open source, it isn't easy to pull off. I can confirm it isn't the case that open-source be flooded with some kind of collective community review/support. It's been an option for the chat app for a while and I've tried actively promoting it, it's clear that the project is simply too complicated.

I'm a bit disappointed in how hard I tried on the open source project for it to not get the traction I wanted. To create somthing close-source and competitive in the file-transfer space is only logical at this point.

I'm sure with an enthusiastic speech like that, you're doing your part for supporting the open source community. Unfortunately I couldn't figure out how to get it to filter down to me.

[–] opi@lemmy.ca 25 points 1 day ago (2 children)

There ain't no trust in this game. If it isn't open source then it's pretty much dead in the water. You can't compete with OSS with closed code in this space, really. There's a few alternatives (and ones that are more mature and proven) that will always be first choices.

[–] starlight_caffeine@feddit.org 3 points 1 day ago (1 children)

Absolutely. Also, it probably is in your best interest to advertise details of your cryptography. What data is shared with whom, what algorithms are used, etc.; if you're doing something more exotic / low-level, Alice-Bob diagrams can be helpful. I'm not sure what other people do but when looking at security-sensitive software, the first thing I do is look for the cryptographic setup and research it.

[–] xoron@programming.dev 2 points 1 day ago* (last edited 1 day ago)

I'm in the process of rebranding and moving domains, so the documentation links are broken. You can try the search. it seems to work reasonably well. A good place to start could be from here:

https://positive-intentions.com/docs/research/authentication#authentication-sequence

Feel free to reach out for clarity on anything.

[–] xoron@programming.dev 1 points 1 day ago

Thanks.

I have a similar open source project. https://github.com/positive-intentions/chat

My general thoughts are that it isn't sustainable. While it clearly isn't a contender in the messaging-apps market, I think it demonstrates a unique concept in how it works as a webapp.

[–] Ohh@lemmy.ml 3 points 21 hours ago (1 children)

I need this. But ffsend + encrypted zip file works most of the time. Or onionshare.

Not sure I see how this helps.

[–] xoron@programming.dev 1 points 10 hours ago

For me, it's an achievement for it to be comparable to those tools. I aim to get to a similar feature set and make the user experience intuitive.

[–] nyankas@lemmy.ml 12 points 1 day ago (1 children)

Cool project, but it seems to be very similar to PairDrop with the major downside of not being open-source. What would be the advantages of using this project over existing FOSS-solutions?

[–] xoron@programming.dev -5 points 1 day ago* (last edited 1 day ago)

Thanks!

Here is the foss equivalent of this project: https://github.com/positive-intentions/chat

Unfortunately, open source isn't sustainable. I'm investigating close-source as a way to create something competitive. My plan is to try to sell it on the Play store.

As for pairdrop, their approach to peer discovery relies on knowing the network you're connected to. This makes it easy to find peers in cases where you use the same WiFi network. In mine I'm using WebRTC to allow connections over the internet. Peer discovery is achieved by using crypto-random IDs exchanged as a link or QR code.

Ultimately it's worth noting my app is a work in progress. I hope I can update the UX to make the functionality as seamless as pairdrop.

[–] Zerush@lemmy.ml 8 points 1 day ago* (last edited 1 day ago) (1 children)

From Switzerland, Sharrr, OpenSource, encrypted EE2E, no knowledge, 10GB/file, one time download. From the same author, https://scrt.link/, for share autodestructive encrypted notes.

[–] xoron@programming.dev 1 points 1 day ago (1 children)

Nice! Can you tell me more about zero-knowledge encryption?

In my app I'm using asymmetric encryption to exchange a symmetric encryption key (Diffie-helman). I'm curious about other approaches for P2P authentication.

[–] Zerush@lemmy.ml 2 points 1 day ago* (last edited 1 day ago)

it means exactly this, the server hasn't any knowledge about your uploaded files or encrytion key. It's very save, but not really P2P, because of an server in the middle where the files are stored until download. Real P2P is eg, Croc, which transfer files direct from one PC to the other, without any server in the middle, you send an link which pointed direct to the files in your PC. The advantage is that you have anytime full control over the files and with this no limits on filesizes, but maybe a drawback is, that downloads are only possible, when your PC is online, on the other hand, this permits also to interrupt downloads, simply going offline, (it's FOSS)

[–] drkt@scribe.disroot.org 36 points 1 day ago

this app is not libre software.

useless

[–] Churbleyimyam@lemm.ee 45 points 2 days ago (1 children)

That sounds cool 👍 If you do decide to make it FOSS I'd be happy to try it out and give feedback.

[–] xoron@programming.dev 12 points 2 days ago (1 children)

Thanks!

Perhaps you'd like to give feedback on a separate but similar foss project: https://github.com/positive-intentions/chat

[–] Churbleyimyam@lemm.ee 4 points 2 days ago

That looks cool - thanks for the link :)

[–] warm@kbin.earth 21 points 2 days ago (2 children)

So it's like croc, but closed source?

load more comments (2 replies)
[–] Melvin_Ferd@lemmy.world 1 points 1 day ago (1 children)

Very cool this is similar to dibbles. How is it different?

[–] xoron@programming.dev 1 points 1 day ago (1 children)

I haven't heard of Dibbles. Can you point me to their site?

[–] Melvin_Ferd@lemmy.world 4 points 1 day ago (1 children)

I'm sorry I lied. I made it up. I just wanted to fit in with everyone else shitting on the person creating stuff.

[–] Thedogdrinkscoffee@lemmy.ca 9 points 2 days ago (1 children)

How is this different than FTP?

[–] xoron@programming.dev 3 points 2 days ago

This is using the WebRTC protocol. As a webapp it's immediately good to go, there isn't a need to run something like a FTP server.

Of course limitations apply like sending larger files nukes my ram... But I after it's sent, it seems to settle down.

load more comments
view more: next ›