Welcome!
This is an end-to-end encrypted, peer-to-peer messaging and file transfer static web app. The peer-to-peer communication occurs privately in 2 parcipant rooms. Nobody can enter the room without knowing the private/random 2 words and the 6 digit pin code which are generated in the browser. Guessing probability of these random 2 words and 6 digit pin code combination is 1/4194304000000. Also, the guesser has to do the guess for these 2 words and the pin code until 2 peers start the communication. The whole conversation in the room and the file transfers occur directly peer to peer without any server or service. When the browser is closed, the conversation content is auto deleted by the browser. It is a similar experience to visit a static web page. You can start using the service by using the commands below. Source code is available at https://github.com/mustafaturan/secretpeer
NOTE: For page-view analytics, it is using privacy-friendly cookie-less analytics solution onsignal.cc as private trial. The analytics tracker might be removed or replaced with another privacy-friendly solution in the future.
- (/h) /help Help screen (this page)
- (/p) /privacy Privacy details
- (/c) /create Create a new room
- (/j) /join word#1 word#2 pin Join to an existing room
- (/f) /file Select a file and transfer to the other peer in the room
- (/q) /quit Leave the room and clean the content body
- (/n) /clean Clean the content body
- (/v) /version Version
Privacy
This is an end-to-end encrypted, peer-to-peer messaging and file transfer static web app. The peer-to-peer communication occurs privately in 2 parcipant rooms. Nobody can enter the room without knowing the private random 2 words and the 6 digit pin code which are generated in the browser. Guessing probability of these random 2 words and 6 digit pin code combination is 1/4194304000000. Also, the guesser has to do the guess for these 2 words and the pin code until 2 peers start the communication. The whole conversation in the room and the file transfers occur directly peer to peer without any server or service. When the browser is closed, the conversation content is auto deleted by the browser.
End-to-end encrypted, peer-to-peer communication and file transfer relies on WEBRTC technology. For this reason, to initiate the initial conversation `STUN` and `Signal` services are used.
- As `STUN` service, it uses generally available `stun:stun.l.google.com:19302` address to discover the browser's current SDP values.
- As `Signal` service, it uses a custom http service that allows only specific input with a limited size. Signal service is used to help exchanging the SDP pairs of the peers which is required to initiate peer to peer conversation. Once the peer to peer connection is established, then the Signal connections are closed. This initialization process, approximately takes seconds where the peers enters the correct private words and pin. The SDP pairs are encrypted in the browser with the AES GCM by using the 2 words and the pin code after PBKDF2 key derivation with 100000 iterations. The nonce/iv of the AES GCM randomly generated in the browser and passed to the peer as plain text via Signal service. So, the Signaling service is only responsible to help exchanging the end-to-end encrypted SDP information.
For page-view analytics, it is using privacy-friendly cookie-less analytics solution onsignal.cc as private trial. The analytics tracker might be removed or replaced with another privacy-friendly solution in the future.
other peer should run the command below to join the room
/join
To start the conversation, share the 2 words and the pin with the other participant.