44
kiki
6y

I think I will ship a free open-source messenger with end-to-end encryption soon.

With zero maintenance cost, it’ll be awesome to watch it grow and become popular or remain unknown and become an everlasting portfolio project.

So I created Heroku account with free NodeJS dyno ($0/mo), set up UptimeRobot for it to not fall asleep ($0/mo), plugged in MongoDB (around 700mb for free) and Redis for api rate limiting (30 mb of ram for free, enough if I’m going to purge the whole database each three seconds, and there’ll be only api hit counters), set up GitHub auto deployment.

So, backend will be in nodejs, cryptico will manage private/public keys stuff, express will be responsible for api, I also decided to plug in Helmet and Sqreen, just to be sure.

Actual data will be stored in mongo, rate limit counters – in redis.

Frontend will probably be implemented in React, hosted for free at GitHub pages. I also can attach a custom domain there, let’s see if I can attach it to Freenom garbage.

So, here we go, starting up modern nosql-nodejs-react application completely for free.

If it blasts off, I’m moving to Clojure + Cassandra for backend.

And the last thing. It’ll be end-to-end encrypted. That means if it blasts off, it will probably attract evil russian government. They’ll want me to give him keys. It’ll be impossible, you know. But they doesn’t accept that answer. So if I accidentally stop posting there, please tell my girl that I love her and I’m probably dead or captured

Comments
  • 5
    Cool stuff hope you could finish it

    P.S. does it collect our data? (Joke)
  • 5
    How will you provide the handshake between parties without the server knowing?

    Saying a library will handle your crypto doesn't leave me with a lot of confidence.
  • 0
    What's it called?
  • 1
    @BigBoo that’s public/private key thingy. Just google Cryptico
  • 1
    @chabad360 Chaaat for now, but it’s appreciated that you suggest a better name
  • 1
    @BigBoo messages will be stored in database, but they’ll be encrypted and impossible to decrypt without sender’s password which isn’t stored anywhere except user’s device
  • 0
    @uyouthe will you delete the messages from the DB after a certain point?
  • 0
    @chabad360 I rather not, but if it succeeds, I’ll pay for larger storage on my own
  • 5
    @BigBoo wouldn't it be far more worrying if people implemented their own crypto instead of using a well established crypto library?
  • 0
    Sounds great
  • 1
    Damn, do it!
  • 0
    @Joni4Games wow! Thanks for support!
  • 1
    How about only storing messages locally and throwing them out the DB once they were received?
  • 0
    @PrivateGER how about WebRTC then? I thinked about db limitations too
  • 0
    @uyouthe Local storage?
  • 1
    @PrivateGER no, store user messages in IndexedDB and communicate via WebRTC, server will be just account storage / connection broker. Support is pretty decent right now, latest browser supports both WebRTC and IndexedDB
  • 0
  • 1
  • 1
    @not-a-muggle wow, now that is support. But it’s in pre-pre-beta stage now ;)
  • 1
    @not-a-muggle This.

    @uyouthe I’ll do some pen testing soon ;)
  • 1
    @not-a-muggle This.

    @uyouthe I’ll do some pen testing soon ;)
  • 2
    By the way, don’t you think that mentioning a very badly secured messenger in the tags isn’t the best idea? 😬
  • 0
    @not-a-muggle I’ll plan a lot of related work at this weekend
  • 0
    @not-a-muggle here you go
    https://join.slack.com/t/...
  • 1
    Wait... So you're telling me that this Heroku thing offers free hosting?
  • 2
    @makmm that’s a great thing to have but it’s impossible because of government investigation. There should be absolutely no way of gathering others’ messages
  • 1
    @makmm Russian government will capture you and torture you for doing that unless you give them keys
  • 1
    @makmm they’ll capture the developer, I know that
Add Comment