from Hacker News

Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat

by holtwick on 6/15/20, 4:34 AM with 51 comments

  • by cryo on 6/15/20, 7:50 AM

    I don't understand the anonymous claim.

    Since in WebRTC peers connect directly to each other they'll see the IP of the other peer and can determine their locations.

    Further there is the signalling server which may also see these connection details if it isn't end to end encrypted (I haven't checked the code).

    IMHO private might be a better word than anonymous here.

  • by Andrew_nenakhov on 6/15/20, 6:26 PM

    > Anonymous end-to-end encrypted

    End to end encryption implies that you have established an encrypted connection with a known participant and secured it by verifying your keys either off-band or via some CA provider to prevent MitM attack.

    If your chat partner is anonymous, and your only connection is via offered service, there is no way to determine if you are being spoofed.

    So anonymous end-to-end encryption is an oxymoron. I wish people would drop this e2ee fetish, insisting it everywhere, and would learn how it works, so they would be using the real thing where it makes sense, instead of opting for readily supplied snake oil.

  • by schoen on 6/15/20, 5:31 AM

    How does the encryption work here? The home page says "end-to-end encrypted"; is there a key management concept and a key verification feature of some kind?

  • by seesawtron on 6/15/20, 2:02 PM

    Looks really cool. One key element is that anyone can spy on your call if they guess the random name that you generate to create the link. I am curious what randomizations you have used to generate those? (perhaps you don't want to share to avoid exactly the spying, I can understand if you feel that way). Thanks for your insights. Cheers

  • by Angostura on 6/15/20, 1:22 PM

    I just wanted to say that this looks very nice indeed.

  • by tpetry on 6/15/20, 7:44 AM

    How do you do the background? Are you using the bodypix tensorflow library? Because in my tests it had been horrible slow and very inaccurate depending on lighting,

  • by totetsu on 6/15/20, 5:12 AM

    Looks useful thank you for sharing.

    The website that provides the web app and mediates the communication stores as (few -> little) data as possible

  • by sci_prog on 6/15/20, 6:40 PM

    Do you maybe have instructions on how to set this up on my own server/domain? I've looked at the code but I'm not familiar with Vue. I have an online webgl multiplayer game where I create random room names to connect players. It would be amazing if I could use my domain and the same random room to enable video chat among the players.

  • by waynenilsen on 6/15/20, 12:48 PM

    How can we further decentralize this such that the entire app runs "without any servers"? Sadly it is so close but the realities of ipv4 and local subnets definitely makes this more difficult. I always thought that this is part of what webrtc was trying to solve

  • by nannal on 6/15/20, 12:17 PM

    "No camera or microphone has been found!"

    Using firefox 79, the usual prompts to allow permissions were not issued.