Using Termux to create a tiny selfhosted hidden chat server with E2EE.
from hereforawhile@lemmy.ml to selfhosted@lemmy.world on 03 Oct 15:45
https://lemmy.ml/post/37030874

This can be installed with a 15kb install script that compiles all resources and hosts the server right in your pocket.

#selfhosted

threaded - newest

hereforawhile@lemmy.ml on 03 Oct 15:49 next collapse

<img alt="here is another screenshot of how it looks after install" src="https://lemmy.ml/pictrs/image/65350e81-5e9f-4b3b-adf5-fe500c553ac8.jpeg">

CIA_chatbot@lemmy.world on 03 Oct 16:04 next collapse

Is there a link?

hereforawhile@lemmy.ml on 03 Oct 17:11 next collapse

Working on a slightly more polished version. I can release soon.

CIA_chatbot@lemmy.world on 03 Oct 17:23 next collapse

Thanks, looks cool

solrize@lemmy.ml on 03 Oct 19:05 collapse

Wow, it is cute. I’m still having trouble imagining using it, but I like the idea of a curses chat client under tmux.

Yaky@slrpnk.net on 04 Oct 02:34 collapse

Profanity for XMPP and gomuks for Matrix are both neat ncurses clients that work pretty well.

hereforawhile@lemmy.ml on 03 Oct 18:11 next collapse

Ok this is still super early but it’s working on the few devices I tried with a fresh install of termux.

pastebin.com/cRL6MnKe

hereforawhile@lemmy.ml on 06 Oct 19:49 collapse

Ok,

Here is a more polished version with MIT license.

Improvements

-User counts

-Connection Status Indicator

-Ability to turn on persistent rooms. By default, the server only relays in real time. /persist turns on chat logs. The server then stores encrypted messages and users can chat asynchronously.

-Rotating onion address and keeping existing onion now work correctly. If you rotate a onion address, since encryption keys are partially derived from the onion address, the client will be unable to decrypt messages even if the same password is used.

-filter command can be used to bootstrap private rooms in a scenario where multiple people want to use the same server, yet chat privately. All it does is filter out messages that it can’t decrypt because it has the wrong password.

-Got rid of ncurses set up menus to slim down the script a bit.

-Removed redundant server manager commands and now only list two. Quit and Quit and Flush (this deletes everything in the server directory except persistent chat logs if they were turned on)

New UI <img alt="" src="https://lemmy.ml/pictrs/image/a9b2f897-eca3-4f97-bb61-0325d3999ab4.jpeg">

Example of Encrypted Chat Logs on Server Side <img alt="" src="https://lemmy.ml/pictrs/image/7db7c54f-8fd8-438d-a6c5-7143282529d6.jpeg">

I noticed some of my devices during testing wouldn’t connect without hosting a server in a seperate instance. I’m not sure why this is happening but if you can’t connect, try to host a server and then connect to another host. This seemed to fix the issue.

Flatfire@lemmy.ca on 03 Oct 16:45 next collapse

Echoing the sentiment of the other commenter. A link would be great!

Geometrinen_Gepardi@sopuli.xyz on 03 Oct 16:53 next collapse

Was this coded on a phone touchscreen?

hereforawhile@lemmy.ml on 03 Oct 17:12 collapse

Yes

solrize@lemmy.ml on 03 Oct 19:06 collapse

OMG

Jayjader@jlai.lu on 03 Oct 18:35 next collapse

Kudos for developing this on your phone! I’ve played around with termux, even have a Bluetooth keyboard, but I’ve never had the courage to actually code through it.

solrize@lemmy.ml on 03 Oct 19:01 next collapse

I don’t get it, how to other clients connect and do they use the same program? It does look cool though the tmux keyboard is bare bones.

hereforawhile@lemmy.ml on 03 Oct 19:24 next collapse

The install script contains all the pieces needed to be the host server or just a client. Because termux allows you to run multiple sessions, if you are the host, you have to run the server in one session and then connect in a different session.

What’s not shown in the screen shot is that if you choose to host, a onion address is generated. This is how other clients connect.

solrize@lemmy.ml on 03 Oct 19:59 collapse

I did see some onion code in the script, but didn’t figure out that it was listening on an onion port. Cool. I’m not sure of the attraction of running it on a phone, but I’ll take your word for it ;). Do you actually use it? Yeah I can see wanting to reorganize it in some ways, and maybe try to use some more standard protocols (irc?) or a subset. Does tor not already provide its own crypto?

hereforawhile@lemmy.ml on 03 Oct 20:45 collapse

Yeah, tor is already encrypting between each node and since both clients are connecting to the rendezvous point inside of the Tor network it should already theoretically be encrypted E2E… The other crypto is just in case that’s not true… why not add other layers of encryption if you can.

No I don’t use it it’s kinda just a lil hobby. Nice to know I can depoly worldwide anonymous coms from my pocket though.

I have better more usable methods

Johnmannesca@lemmy.world on 06 Oct 15:07 collapse

Use unexpected keyboard, nobody expects the unexpected keyboard!

possiblylinux127@lemmy.zip on 04 Oct 04:03 next collapse

I honestly would prefer something like Briar

hereforawhile@lemmy.ml on 04 Oct 12:19 collapse

I thought briar was known to leak Wifi and BT identifiers is that fixed?

phase@lemmy.8th.world on 04 Oct 12:34 collapse

Is Termux still up to date? I thought it wasn’t available on android anymore. Is it on something else?

hereforawhile@lemmy.ml on 04 Oct 16:16 collapse

I think you can but the developers recommend getting it from GitHub or F-Droid because of google play policy issues.