search

SomajitDey / ipfs-chat

Real-time P2P messenger using go-ipfs pubsub. TUI. End-to-end encrypted texting & file-sharing. NAT traversal.
GNU General Public License v3.0
137 stars 14 forks source link

What is NAT traversal? And how to remove the encryption feature? #17

Closed danimesq closed 2 years ago

danimesq commented 3 years ago

@SomajitDey

SomajitDey commented 2 years ago

Hi @DaniellMesquita.

Practically, NAT traversal means solving the problem of NOT having a public IP address. Without such a public IP, your computer can't be accessed directly from the internet - i.e. no incoming connections simply because your computer can't be uniquely identified on the internet. IPFS solves this by connecting your computer to a publicly accessible computer and asking it to forward certain incoming connections to your computer. Read more about it here.

Vanilla IPFS and its Pubsub have no encryption. But a chat must be secure. Hence IPFS-Chat's encryption can't be disabled. Why would you require removing encryption, what is your use case? [If you need to share unencrypted files, just add them to IPFS with ipfs add and send the CID hash over IPFS-Chat].

danimesq commented 2 years ago

@SomajitDey

Thanks for your detailed answer.

Practically, NAT traversal means solving the problem of NOT having a public IP address. Without such a public IP, your computer can't be accessed directly from the internet - i.e. no incoming connections simply because your computer can't be uniquely identified on the internet. IPFS solves this by connecting your computer to a publicly accessible computer and asking it to forward certain incoming connections to your computer. Read more about it here.

Interesting. So this is a feature inherent of IPFS; makes sense. For example, when opening a gaming server (eg. Pokemon Showdown), instead of connecting to a centralized VPS IP it would just distribute over IPFS using this NAT traversal.

Vanilla IPFS and its Pubsub have no encryption. But a chat must be secure. Hence IPFS-Chat's encryption can't be disabled. Why would you require removing encryption, what is your use case? [If you need to share unencrypted files, just add them to IPFS with ipfs add and send the CID hash over IPFS-Chat].

I fear it couldn't be decrypted by powerful bodies when users engage on unlawful activities, such as extremist groups. BTW I find very interesting how pubsub works, and how your chat is purely in Bash. Most of my "app"s are in Bash/SH and I find it a very democratic language with a low entry barrier for newbies like me.

I'm developing CommonChain, which like blockchain, is a merkle tree system; but different than blockchain, it serves other purpose: collectively verifying a centralized URL, matching with its IPFS version. It will enable, for example, to still access a NFT's content even when the centralized servers (such as Imgur) aren't anymore available. And pubsub will be essential for it.

And your chat would be useful to integrate in my GUI chat app (Communicator), but I fear how its encryption feature could turn problematic.

SomajitDey commented 2 years ago

@DaniellMesquita

I fear it couldn't be decrypted by powerful bodies when users engage on unlawful activities, such as extremist groups.

That's a legitimate fear. On the flip side however, the uncompromising privacy makes it possible to exchange sensitive information with peace of mind - be it government intel, political views or confidential files.

BTW I find very interesting how pubsub works, and how your chat is purely in Bash. Most of my "app"s are in Bash/SH and I find it a very democratic language with a low entry barrier for newbies like me.

I share your views about Bash. The low barrier to entry is indeed one of the reasons IPFS-Chat is in Bash. Makes it possible even for non-coders and newcomers to inspect the code, at least get a feel of what they are using. Helps them become more confident about the app.

I'm developing CommonChain, which like blockchain, is a merkle tree system; but different than blockchain, it serves other purpose: collectively verifying a centralized URL, matching with its IPFS version. It will enable, for example, to still access a NFT's content even when the centralized servers (such as Imgur) aren't anymore available. And pubsub will be essential for it.

My best wishes to you 👍

danimesq commented 2 years ago

@SomajitDey

I share your views about Bash. The low barrier to entry is indeed one of the reasons IPFS-Chat is in Bash. Makes it possible even for non-coders and newcomers to inspect the code, at least get a feel of what they are using. Helps them become more confident about the app.

Yes! That's why I don't like React and other similar frameworks. Javascript is a language you don't need to compile. The source-code is also the compilation, ready for use. Same about Bash, but Bash/SH is easier than Javascript! I wish smart-contracts could be written in Bash (Cartesi could be a solution for that).

danimesq commented 2 years ago

That's a legitimate fear. On the flip side however, the uncompromising privacy makes it possible to exchange sensitive information with peace of mind - be it government intel, political views or confidential files.

Are files unencrypted on-disk?

SomajitDey commented 2 years ago

@DaniellMesquita

Are files unencrypted on-disk?

Yes. Files are only encrypted during transit across the network - so no one can peek. Encryption-decryption is fully managed by IPFS-Chat - behind the screens. The chat-buddies see the unencrypted files only.