MeroChat - Open Source Random Chat (mero.chat)

submitted 1 day ago by Tiuku@sopuli.xyz to c/opensource@lemmy.ml

10 comments fedilink hide all child comments

Bored on holidays or miss Omegle? Come chat with us on MeroChat!

It's a web based random chat where you're presented with a flow of user profiles, whom you can choose to chat with. And of course someone else might find you the same way and send you a message out of the blue (provided your privacy settings allow it).

And here's the code. (Written in PureScript!) A lot remains to be done but it's a joyful thing already.

you are viewing a single comment's thread
view the rest of the comments

[-] Tiuku@sopuli.xyz 11 points 23 hours ago

That's true. It's due to lack of implementation.

Getting e2ee right is tricky business. Any help or insight would be appreciated.

[-] semperverus@lemmy.world 7 points 16 hours ago* (last edited 16 hours ago)

Look into libaxolotl (AKA "OMEMO"), it is the same system Signal uses and is highly standardized.

[-] waffle@sh.itjust.works 4 points 19 hours ago

I know Matrix has E2EE with some public documentation on its implementation. Maybe it could help you? Idk how familiar you're with E2EE or what kind of implementation you'd want, anything will have drawbacks :/

[-] Tiuku@sopuli.xyz 3 points 18 hours ago* (last edited 18 hours ago)

Thanks for the tip!

I have somewhat of a grasp on how Signal does it, but that's very client oriented. How to go about it a web app is a mystery to me.

[-] waffle@sh.itjust.works 4 points 15 hours ago

Yeah, I'm not used to E2EE in the browser either and StackExchange seems to agree that there's no nice solution :/

The sanest option in terms of user practicality to me appears to be storing the private key on the server, maybe encrypted with the user's password, and sending it to the user on successful login where it would be decrypted client side. It seems like it's more or less what Mega is doing since they have a similar issue

If the server having temporary access to the user's password is an issue maybe the password could be partially pre-hashed before being sent?

It's be interesting to talk about it with someone with more experience, especially since implementing all of that will be a pain so it can't be redone every Thursday

this post was submitted on 25 Dec 2024

76 points (96.3% liked)

Open Source

31733 readers

193 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml