#decrypted — Public Fediverse posts

id like to share some details about how my app works so you can discover/give me feedback on my app. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify.

https://github.com/positive-intentions/chat

https://positive-intentions.com/blog/introducing-decentralized-chat

im not an expert on #cyberSecurity. im sure there are many gaps in my knowlege in this domain.

using #javascript, i initially created a fairly basic #chatApp using using #peerjs to create #encrypted #webrtc #connections. this was then easily enhanced by exchanging additional #encryption #keys from #cryptography functions built into browsers (#webcrypto api) to add a redundent layer of encryption. a #diffieHelman key #exchange is done over #webrtc (which can be considered #secure when exchanged over public channels) to create #serverless #p2p #authentication.

- i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have #openedSource my #cryptography module. its basically a thin wrapper around vanilla cryptography functions of a #browser (webcrypto api).

- another concern for my kind of app (#PWA) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for #selfhosting. selhosting this app has some unique features. unlike many other #selfhosted #projects, this app can be hosted on #githubPages (instructions are provided in the readme). im also working towards having better support for running the index.html directly without a static server.

- to prevent things like browser extensions, the app uses strict #CSP headers to prevent #unauthorised code from running. #selfhosting users should take note of this when setting up their own instance.

- i received feedback the #Signal/#Simplex protocol is great. completely undertsandable and agree, but wonder if im reducing the #complexity by working with #webrtc. while it has its many flaws, i think risks can be reasonable mitigated if the #cryptography functions are implemented correctly. (all data out is #encrypted and all data in is #decrypted on-the-fly)

- the key detail that makes this approach unique, is because as a #webapp, unlike other solutions, users have a choice of using any #device/#os/#browser. while a webapp can have nuanced #vulnerabilities, i think by #openSourcing and providing instructions for #selfhosting and instructions to #build for various #platforms, it can provide a reasonable level of #security.

i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the #frontend and the peerjs-server to be #hosted #independently, im on track for creating a #chatSystem with the "fewest moving parts". i hope you will agree this is true #p2p and i hope i can use this as a step towards true #privacy and #security. #security might be further improved by using a trusted #VPN.

while there are several similar apps out there like mine. i think mine is distinctly a different approach. so its hard to find #bestPractices for the functionalities i want to achieve. in particular #security practices to use when using #p2p technology.

(note: this app is an #unstable, #experiment, #proofOfConcept and not ready to replace any other app or service. It's far from finished and provided for #testing and #demo purposes only. This post is to get #feedback on the progress to determine if i'm going in the right direction for a secure chat app)

id like to share some details about how my app works so you can discover/give me feedback on my app. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify.

https://github.com/positive-intentions/chat

https://positive-intentions.com/blog/introducing-decentralized-chat

im not an expert on #cyberSecurity. im sure there are many gaps in my knowlege in this domain.

using #javascript, i initially created a fairly basic #chatApp using using #peerjs to create #encrypted #webrtc #connections. this was then easily enhanced by exchanging additional #encryption #keys from #cryptography functions built into browsers (#webcrypto api) to add a redundent layer of encryption. a #diffieHelman key #exchange is done over #webrtc (which can be considered #secure when exchanged over public channels) to create #serverless #p2p #authentication.

- i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have #openedSource my #cryptography module. its basically a thin wrapper around vanilla cryptography functions of a #browser (webcrypto api).

- another concern for my kind of app (#PWA) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for #selfhosting. selhosting this app has some unique features. unlike many other #selfhosted #projects, this app can be hosted on #githubPages (instructions are provided in the readme). im also working towards having better support for running the index.html directly without a static server.

- to prevent things like browser extensions, the app uses strict #CSP headers to prevent #unauthorised code from running. #selfhosting users should take note of this when setting up their own instance.

- i received feedback the #Signal/#Simplex protocol is great. completely undertsandable and agree, but wonder if im reducing the #complexity by working with #webrtc. while it has its many flaws, i think risks can be reasonable mitigated if the #cryptography functions are implemented correctly. (all data out is #encrypted and all data in is #decrypted on-the-fly)

- the key detail that makes this approach unique, is because as a #webapp, unlike other solutions, users have a choice of using any #device/#os/#browser. while a webapp can have nuanced #vulnerabilities, i think by #openSourcing and providing instructions for #selfhosting and instructions to #build for various #platforms, it can provide a reasonable level of #security.

i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the #frontend and the peerjs-server to be #hosted #independently, im on track for creating a #chatSystem with the "fewest moving parts". i hope you will agree this is true #p2p and i hope i can use this as a step towards true #privacy and #security. #security might be further improved by using a trusted #VPN.

while there are several similar apps out there like mine. i think mine is distinctly a different approach. so its hard to find #bestPractices for the functionalities i want to achieve. in particular #security practices to use when using #p2p technology.

(note: this app is an #unstable, #experiment, #proofOfConcept and not ready to replace any other app or service. It's far from finished and provided for #testing and #demo purposes only. This post is to get #feedback on the progress to determine if i'm going in the right direction for a secure chat app)

id like to share some details about how my app works so you can discover/give me feedback on my app. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify.

https://github.com/positive-intentions/chat

https://positive-intentions.com/blog/introducing-decentralized-chat

im not an expert on #cyberSecurity. im sure there are many gaps in my knowlege in this domain.

using #javascript, i initially created a fairly basic #chatApp using using #peerjs to create #encrypted #webrtc #connections. this was then easily enhanced by exchanging additional #encryption #keys from #cryptography functions built into browsers (#webcrypto api) to add a redundent layer of encryption. a #diffieHelman key #exchange is done over #webrtc (which can be considered #secure when exchanged over public channels) to create #serverless #p2p #authentication.

- i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have #openedSource my #cryptography module. its basically a thin wrapper around vanilla cryptography functions of a #browser (webcrypto api).

- another concern for my kind of app (#PWA) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for #selfhosting. selhosting this app has some unique features. unlike many other #selfhosted #projects, this app can be hosted on #githubPages (instructions are provided in the readme). im also working towards having better support for running the index.html directly without a static server.

- to prevent things like browser extensions, the app uses strict #CSP headers to prevent #unauthorised code from running. #selfhosting users should take note of this when setting up their own instance.

- i received feedback the #Signal/#Simplex protocol is great. completely undertsandable and agree, but wonder if im reducing the #complexity by working with #webrtc. while it has its many flaws, i think risks can be reasonable mitigated if the #cryptography functions are implemented correctly. (all data out is #encrypted and all data in is #decrypted on-the-fly)

- the key detail that makes this approach unique, is because as a #webapp, unlike other solutions, users have a choice of using any #device/#os/#browser. while a webapp can have nuanced #vulnerabilities, i think by #openSourcing and providing instructions for #selfhosting and instructions to #build for various #platforms, it can provide a reasonable level of #security.

i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the #frontend and the peerjs-server to be #hosted #independently, im on track for creating a #chatSystem with the "fewest moving parts". i hope you will agree this is true #p2p and i hope i can use this as a step towards true #privacy and #security. #security might be further improved by using a trusted #VPN.

while there are several similar apps out there like mine. i think mine is distinctly a different approach. so its hard to find #bestPractices for the functionalities i want to achieve. in particular #security practices to use when using #p2p technology.

(note: this app is an #unstable, #experiment, #proofOfConcept and not ready to replace any other app or service. It's far from finished and provided for #testing and #demo purposes only. This post is to get #feedback on the progress to determine if i'm going in the right direction for a secure chat app)

id like to share some details about how my app works so you can discover/give me feedback on my app. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify.

https://github.com/positive-intentions/chat

https://positive-intentions.com/blog/introducing-decentralized-chat

im not an expert on #cyberSecurity. im sure there are many gaps in my knowlege in this domain.

using #javascript, i initially created a fairly basic #chatApp using using #peerjs to create #encrypted #webrtc #connections. this was then easily enhanced by exchanging additional #encryption #keys from #cryptography functions built into browsers (#webcrypto api) to add a redundent layer of encryption. a #diffieHelman key #exchange is done over #webrtc (which can be considered #secure when exchanged over public channels) to create #serverless #p2p #authentication.

- i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have #openedSource my #cryptography module. its basically a thin wrapper around vanilla cryptography functions of a #browser (webcrypto api).

- another concern for my kind of app (#PWA) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for #selfhosting. selhosting this app has some unique features. unlike many other #selfhosted #projects, this app can be hosted on #githubPages (instructions are provided in the readme). im also working towards having better support for running the index.html directly without a static server.

- to prevent things like browser extensions, the app uses strict #CSP headers to prevent #unauthorised code from running. #selfhosting users should take note of this when setting up their own instance.

- i received feedback the #Signal/#Simplex protocol is great. completely undertsandable and agree, but wonder if im reducing the #complexity by working with #webrtc. while it has its many flaws, i think risks can be reasonable mitigated if the #cryptography functions are implemented correctly. (all data out is #encrypted and all data in is #decrypted on-the-fly)

- the key detail that makes this approach unique, is because as a #webapp, unlike other solutions, users have a choice of using any #device/#os/#browser. while a webapp can have nuanced #vulnerabilities, i think by #openSourcing and providing instructions for #selfhosting and instructions to #build for various #platforms, it can provide a reasonable level of #security.

i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the #frontend and the peerjs-server to be #hosted #independently, im on track for creating a #chatSystem with the "fewest moving parts". i hope you will agree this is true #p2p and i hope i can use this as a step towards true #privacy and #security. #security might be further improved by using a trusted #VPN.

while there are several similar apps out there like mine. i think mine is distinctly a different approach. so its hard to find #bestPractices for the functionalities i want to achieve. in particular #security practices to use when using #p2p technology.

(note: this app is an #unstable, #experiment, #proofOfConcept and not ready to replace any other app or service. It's far from finished and provided for #testing and #demo purposes only. This post is to get #feedback on the progress to determine if i'm going in the right direction for a secure chat app)

id like to share some details about how my app works so you can discover/give me feedback on my app. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify.

https://github.com/positive-intentions/chat

https://positive-intentions.com/blog/introducing-decentralized-chat

im not an expert on #cyberSecurity. im sure there are many gaps in my knowlege in this domain.

using #javascript, i initially created a fairly basic #chatApp using using #peerjs to create #encrypted #webrtc #connections. this was then easily enhanced by exchanging additional #encryption #keys from #cryptography functions built into browsers (#webcrypto api) to add a redundent layer of encryption. a #diffieHelman key #exchange is done over #webrtc (which can be considered #secure when exchanged over public channels) to create #serverless #p2p #authentication.

- i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have #openedSource my #cryptography module. its basically a thin wrapper around vanilla cryptography functions of a #browser (webcrypto api).

- another concern for my kind of app (#PWA) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for #selfhosting. selhosting this app has some unique features. unlike many other #selfhosted #projects, this app can be hosted on #githubPages (instructions are provided in the readme). im also working towards having better support for running the index.html directly without a static server.

- to prevent things like browser extensions, the app uses strict #CSP headers to prevent #unauthorised code from running. #selfhosting users should take note of this when setting up their own instance.

- i received feedback the #Signal/#Simplex protocol is great. completely undertsandable and agree, but wonder if im reducing the #complexity by working with #webrtc. while it has its many flaws, i think risks can be reasonable mitigated if the #cryptography functions are implemented correctly. (all data out is #encrypted and all data in is #decrypted on-the-fly)

- the key detail that makes this approach unique, is because as a #webapp, unlike other solutions, users have a choice of using any #device/#os/#browser. while a webapp can have nuanced #vulnerabilities, i think by #openSourcing and providing instructions for #selfhosting and instructions to #build for various #platforms, it can provide a reasonable level of #security.

i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the #frontend and the peerjs-server to be #hosted #independently, im on track for creating a #chatSystem with the "fewest moving parts". i hope you will agree this is true #p2p and i hope i can use this as a step towards true #privacy and #security. #security might be further improved by using a trusted #VPN.

while there are several similar apps out there like mine. i think mine is distinctly a different approach. so its hard to find #bestPractices for the functionalities i want to achieve. in particular #security practices to use when using #p2p technology.

(note: this app is an #unstable, #experiment, #proofOfConcept and not ready to replace any other app or service. It's far from finished and provided for #testing and #demo purposes only. This post is to get #feedback on the progress to determine if i'm going in the right direction for a secure chat app)

@[email protected]

This is why you should not use @mas.to as it is using the #mitm network of #cloudflare to #censoring the internet and deny free access to the #walledgarden

That you are using a MITM affected network also means that every single byte that is send to the #MITM network is #decrypted to a #insecure #piidata harvester.

@[email protected] @[email protected]

In posts @AyPapi is dissatisfied with:
On Servers with CloudFare

Or Bot Accounts

@tiago And how much do they waste in house and at users ends by simulate a secure connection with a SSL cert connection while the fact is the conenction is #decrypted and the fore #insecure

Relates to https://infosec.exchange/@JerryMouse/110683982830974661

Woke up to some interesting news today. It would appear that the #HiveRansomware Gang has been taken down. https://www.scmagazine.com/analysis/ransomware/notice-on-hive-ransomware-site-claims-seizure-by-fbi-europol?external_id=HBwZ-n4B490LDY0Z-dKj&external_id_source=mrkto&mkt_tok=MTg4LVVOWi02NjAAAAGJjgDjxI7Quxnvn1dDKVtkFHU7zdk93j0TL7ocD2SwuAAcr1k2YbWxSGv7tfEHn6GOvCcebcAwc3X5co3AlFFNixo9Hty9BWX4VsvTCEiG_Q

I checked around some #DarkWeb forums, and it would appear this actually happened in a joint, international effort. The #USDOJ claims to have "hacked the hackers", took down their #TOR site, and have apparently #decrypted 1500 companies. If it sticks, this is a big win for the #GoodGuys. Bye bye #Hive!

Hackers Hit Romanian Hospital, Demand Bitcoin Ransom - A hospital in Romania has been targeted in a ransomware attack with the perpetrato... - https://news.bitcoin.com/hackers-hit-romanian-hospital-demand-bitcoin-ransom/ #cryptocurrencies #cryptocurrency #medicalrecords #ransomware #decrypted #encrypted #hospitals #database #hospital #romanian #bitcoin #hackers #hacking #records #romania #attack #crypto #ransom #files #news #data #hack

Decrypted: How bad was the US Capitol breach for cybersecurity? - It’s the image that’s been seen around the world. One of hundreds of pro-Trump supporters in the pri... - http://feedproxy.google.com/~r/Techcrunch/~3/FbSe1Yp562A/ #nationalsecurity #datasecurity #government #solarwinds #decrypted #security #fireeye #policy

#Decrypted: #MafiaWare666 #Ransomware

#Avast releases a MafiaWare666 ransomware decryption tool.

MafiaWare666 is also known as JCrypt, RIP Lmao, BrutusptCrypt or Hades.

Source
https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/

Decrypted: How Twitter was hacked, GitHub DMCA backfires - One week to the U.S. presidential election and things are getting spicy.
It’s not just the rhetoric ... - http://feedproxy.google.com/~r/Techcrunch/~3/rUOW64D6GfY/ #trumpadministration #socialengineering #computersecurity #lawenforcement #unitedstates #encryption #decrypted #president #security #startups #mandiant #android #social #github #iphone #team8 #iran

Decrypted: Tesla’s ransomware near miss, Palantir’s S-1 risk factors - Another busy week in cybersecurity.
In case you missed it: A widely used messaging app used by over ... - http://feedproxy.google.com/~r/Techcrunch/~3/grgW3iyeu4w/ #departmentofjustice #tenelevenventures #computersecurity #securitybreaches #u.s.government #cryptography #unitedstates #cybercrime #encryption #ransomware #computing #decrypted #security #startups #facebook #mayfield #software #florida #malware #driver

Decrypted: Uber’s former security chief charged, FBI’s ‘vishing’ warning - A lot happened in cybersecurity over the past week.
The University of Utah paid almost half a millio... - http://feedproxy.google.com/~r/Techcrunch/~3/PHYtxAUhn2o/ #federaltradecommission #socialengineering #computersecurity #lawenforcement #sanfrancisco #unitedstates #databreach #peertopeer #decrypted #telephony #security #privacy #crime

Decrypted: Hackers show off their exploits as Black Hat goes virtual - Every year hackers descend on Las Vegas in the sweltering August heat to break ground on security re... - http://feedproxy.google.com/~r/Techcrunch/~3/MsAVDqxhLOM/ #computersecurity #electionsecurity #electronicvoting #microsoftwindows #cryptography #cyberwarfare #searchengine #unitedstates #cybercrime #computing #decrypted #elections #greynoise #mattblaze #security #annarbor #lasvegas #michigan #privacy #seriesb #iran

Decrypted: How a teenager hacked Twitter, Garmin’s ransomware aftermath - A 17-year-old Florida teenager is accused of perpetrating one of the year’s biggest and most high-pr... - http://feedproxy.google.com/~r/Techcrunch/~3/582epskFf6Q/ #amazonwebservices #computersecurity #securitybreaches #growthmarketing #marketanalysis #venturecapital #cloudcomputing #lawenforcement #u.s.treasury #extracrunch #googlecloud #cybercrime #databreach #ransomware #decrypted #security #startups #accel

Decrypted: Police leaks, iOS 14 kills ad-tracking, anti-encryption bill - What would the world look like if encryption were outlawed? If three Republican senators get their w... more: http://feedproxy.google.com/~r/Techcrunch/~3/YQk6HHlNaf8/ #nationalsecurity #adtracking #encryption #decrypted #security #privacy #ios14

Decrypted: The tech police use against the public - There is a darker side to cybersecurity that’s frequently overlooked.
Just as you have an entire ind... more: http://feedproxy.google.com/~r/Techcrunch/~3/J3pOXKEsM34/ #electronicfrontierfoundation #facialrecognition #nationalsecurity #marketanalysis #surveillance #extracrunch #hackingteam #cellphones #decrypted #espionage #security #startups #newdelhi #nsogroup #spyware #google #ibm

Decrypted: No warrants for web data, UK grid cyberattack, CyberArk buys Idaptive - One vote.
That’s all it needed for a bipartisan Senate amendment to pass that would have stopped fed... more: http://feedproxy.google.com/~r/Techcrunch/~3/ySqPiGS6PIk/ #marketanalysis #u.s.government #recentfunding #cryptography #cyberattacks #northamerica #extracrunch #electricity #california #cybercrime #ransomware #decrypted #security #startups #mobile #iphone #senate #exit

#Decrypted: #MafiaWare666 #Ransomware

#Avast releases a MafiaWare666 ransomware decryption tool.

MafiaWare666 is also known as JCrypt, RIP Lmao, BrutusptCrypt or Hades.

Source
https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/