hey. im working on a p2p file sharing app. its far from finished, but ive got enough to put it up for testing and demo purposes. it would be great if you would like to take a look and share feedback.
the aim is for this is to make it easier to transfer files between your own devices.
(my app-description combined with security-claims typically raises eyebrows, so id like to include a link to a related reddit post: https://www.reddit.com/r/cryptography/comments/1evdby4/is_this_a_secure_messaging_app)
some pending things to add:
- improved connection stability when over the internet.
- increased file size capacity (currently limited to around 50MB)
- add file-transfer progress indicator (useful for larger payloads).
feel free to reach out for clarity.
You must log in or register to comment.
Not very peer-to-peer when I need to open your website everytime or run a web server on my phone.We already have Syncthing.Normal people don’t want to pay for a service or run a server.~~To spread privacy, we need more apps to replace them with Syncthing. Like an app for this: https://lemmy.world/post/28313324~~
This fails to include a libre software license text file, like AGPL. We do not control it, anti-libre software. Very dangerous.
They target an app we already control, Syncthing, to replace it with an app/service only they control.
With buzzwords, technology, and ‘open source’, we are distracted and derailed away from this.
Attacks like this will quickly get your friends leaving private apps, which you worked so hard to recommend, when you fail to show them how to check for software freedom.
An entirely valid and understandable view to have. I’m sure you’re not suggesting different approaches shouldn’t be explored. My approach is fairly unique and im personally interested in what can be done with this.
This project is a PWA running on a S3 bucket. The app is free to use entirely. (Disclaimer: I’m in the process of putting something on the play store where I would like to charge for it.)
While syncthing seems appealing. There should always be options for approaching privacy. Mine stands out as a unique approach and so nessesary at least to demonstrate the concept.
I created an open source version first which demonstrates different concepts like instant messaging and video calls.
‘Open source’ misses the point of libre software. Throwing away control over our own computing never helps.
I don’t think I’m fully understanding. It’s purely a webapp. No database. Client-side computation only.
Can you help me understand how I could reshape my project so it aligns to what you mean.
Im putting a hard-block on open-sourcing it after my previous project. But I’m generally communicative about how it works and happy to answer questions about it.
In the subject of licences, I don’t really know much there.
Given that I’m trying to sell it on the play store I guess you don’t control it?
What would be the concerns around this? Loads of things are close source. I expect it helps to create something competitive.
Paying for libre software is good. The Google Play Store is not libre software.
‘Closed source’ and ‘open source’ misses the point of libre software. Most things are trash. Making scams and malware competitive does not help us.
Thanks for the clarity.
To prevent things like the risk of infection, is why the app is primarily a webapp. Sanboxed by the browser of you choice.
This does not prevent anti-libre JavaScript software spreading to the browser.
https://www.reddit.com/r/cryptography/comments/1evdby4/is_this_a_secure_messaging_app/
This app is based on a similar technology. Maybe you can help me understand the concerns if it does all the things described in that post.
I am not talking about the control, not technology.
Thanks for the links. I’ll need to learn more about this. My high-level thoughts are that I’d like control over my work so it may not be libre software.
I think you should explain how it differs from existing solution out there, like torrent and Syncthing.
if i do a good job, it would have comparable features.
the key distinction between mine and other apps like syncthing, is that its provided as a zero-installation, zero-registration webapp.
so its basically ready-to-use at any point on any device that has a browser.
TL;DR: Do not sell the app, sell the service
After reading all the comments, I am a bit confused.
Based on my understanding, this a self-hostable, privacy friendly app, that does not contain a libre license, as you plan on monetizing it.
First of all, the primary reasons of opting for libre software are privacy and freedom. So, the lack of such license can be considered a red flag.
Second, a lot of privacy conscious Android users download their apps from services like F-Droid, that have strict rules against closed-source. So, trying to sell a privacy solution on Play Store does not sound like a good business model.
Tips for monetizing a libre service:
- The client should have a libre license. You code running on the user’s device should be verifiable.
- Charge for your STUN/TURN server.
- Sell the server blob. Sandboxing apps on a Linux system is far easier (to prevent them from accessing the internet and potentially leak data).
There are apps that are even available on F-Droid, and are similarly monetized. Some examples, that I use, are: Bitwarden, Mullvad, Telegram and Tailscale.
Can’t see anyone replacing my on-device p2p libre apps with an app/service only they control. Try taking payment before making something no one asked for.
Not only OP, lots keep trying it. Don’t fall for this scam.
thanks for the advice. perhaps you have some tips of where i might have done something incorrectly in a previous attempt at open source and libre software. this could be a whole discussion, but i will try to be brief.
https://github.com/positive-intentions/chat
i optimistically started with the aim to get grant funding for a novel approach to secure and private communication using p2p tech. after countless rejections im dont think i should presue that direction.
so then i thought to create something competative in the space of file-transfer. the app would be is a simplified version of the chat app and with less complexity in exchange increased stability. thats that app mentioned in the parent post. mi might not work as privacy solution, but it could still be competative in the tools for file-transfer if i can get it to nice stable polish that can work with massive file-sizes.
i briefly looked at how to get it on the f-droid store and there were details like moving things to gitlab. i then decided to push back indefinately in favor of focusing on the the file-transfer project.
if anyone want to help me with getting the chat app to the f-droid store, some initial changes can be found here: https://www.reddit.com/r/tauri/comments/1j6g71h/is_there_any_examples_out_there_of_a_tauri_app_in
im not entirely sure i have a service to sell. my efforts are on the PWA. the service i can sell is to provide the native build because people wont want to compile thier own. its a shot in the dark with the Play store, but im curious to see what happens.
Can you compare mine to Destiny?
I tried to make mine straightforward. Id like to know what kind of user flow I could aim for.
In terms of code? No, I haven’t had a look at yours. But for Destiny its totally clear what it does - p2p encrypted device to device file transfer. I had a look at your website and - I should say I’m not trying to be rude - i’m not 100% sure what yours does…its called glitr cloud but also that its p2p? Further down the page there’s a series of screenshots that show…what?
I’ve also read the comments on here and it seems its not open source? And it won’t be available on f-droid? But you do have a git repo link, although there’s nothing called glitr on it.
Overall, I’m totally confused about what this is, who you are (as an org) and why it matters. With Destiny, I can download the app on all my devices and transfer instantly. I can ask friends to and give them a code to access what I share. Or I could use send.vis.ee if I didnt want to leave Destiny running for my friend.
Its great to have options but I don’t really know what yours does or why I should think its better.
thanks for your honest feedback.
ive had feedback that people dont know what my app does before. its actually why im in the process of rebranding to Glitr. it used to be called (and kinda is “positive-intentions”). its very early days in the rebranding process and your feedback helps to guage how im doing. its clear that more needs to be done.
those pictures at the bottom will be removed. i was already on the fence about it. i put it there to add a splash of color to the landing page experience.
as for open source and f-droid. the project is developing in a way that open source isnt sustainable and so i branched out to this project. open source and f-droid are still on the table for a separate and more advanced project (https://github.com/positive-intentions/chat). i think im confusing people by mentioning it at all.
i hope to work towards functionality to make my app as easy and intuitive to use as destiny. i try to be clear in things like my post that its a work in progress to help manage expectations.
How do you solve cgnat? Even if both devices behind different cgnat?
there isnt any UI for this yet, but id like to make it so users can input their own TURN/STUN servers as described in the peerjs docs: https://peerjs.com/docs/#peer-options-config
id like to work towards making it so that the frontend and backend are independently selfhostable to suit thier networking config.
It doesn’t sound as zero-installation as you wrote in other comments.
At this point I could just install wireguard on the server and use whatever filesharing protocol I want. As I do now, but I think I’m not your target audience anyway.
If I would use your server, than it wouldn’t be really p2p.
im pretty sure its zero-installation. its a webapp. you go to a url, then thats it.
with WebRTC, the p2p connections is established between browsers. so i think it has a strong case for being p2p. You would be using your own device to run the javascript in the browser and storage provided by the browser is also from your device.
it will do all the encryption, data storage, etc on your browser using only the resources the browser will provide. I believe the functionality as a result is substancially independent selfhosted and p2p.
You coneniently doesn’t include the part where you install the STUN server
It’s on the todo list. Like I mentioned in the parent post, it’s far from finished.
