The commenters pointing out that STUN/TURN servers are involved are technically right, but the privacy argument doesn't hinge on "no servers" -- it hinges on where the message content flows. A STUN server tells you your public IP. A TURN server relays encrypted packets it can't read. Neither sees your plaintext messages. The actual security property is that message content only exists on the two endpoints and disappears when the session ends.
The more precise framing would be "no servers that see your data" rather than "without servers." Every P2P system has a bootstrapping problem -- BitTorrent needs trackers or DHT, blockchains need seed nodes. The question is never "servers or no servers" but "what trust are you placing in the server." In WebRTC's case, the signaling server knows that two parties connected but not what they said. That's a meaningful privacy property even if it's not literally serverless.
THis is not without servers, you still use a signaling server for TURN.
If you want true serverless you need a side channel to copy the offer/response, e.g. tell the user's to copy paste them as base64 thorugh whatsapp manually or something (https://github.com/pirate/webrtcchat).
You should mention that it uses PeerJS. That's not without servers. PeerJS runs their own signaling server which you are relying on to connect your peers.
Matrix was once working on something similar, I wonder what the latest status is.
In general, things like this are a great way around current pushes for age verification and mandatory surveillance. Give your friends a link to this, or even a web archive via USB stick, and chat directly without intermediaries. No need to run a server.
(Others pointed out you still need a TURN server. True but hopefully there’s a P2P solution for this.)
I wanted to be able to talk to anyone in the world without relying on any company's servers. No censorship, no rules, no limits except the ones I set in my own room. So I built this.
No signup, no registration. Just create a room with a password, share the code, and anyone can join directly. Everything is peer-to-peer, ephemeral, and disappears when you close the tab.
Many users in the world are behind CGNAT or symmetrical NAT, and if both sides are, they will not be able to use WebRTC unless there is a TURN relay server involved. Does your software have a way to account for this?
Great question! Currently it uses Google's public STUN servers, which works for ~85% of connections. For the remaining cases, I'm planning to add a community-maintained list of TURN servers or a P2P fallback mechanism.
You could look into DHT as a way to distribute info about connected nodes, and maybe nodes with the right firewall setup could opt in to being TURN servers.
This is great, thanks! Would you accept a Github pull request to translate it to English and several other languages?
Absolutely! I'd love to make this accessible to everyone. English translation would be a great start. Let's coordinate on GitHub issues.
- does the room vanish after the last user exits? Seems like it?
The commenters pointing out that STUN/TURN servers are involved are technically right, but the privacy argument doesn't hinge on "no servers" -- it hinges on where the message content flows. A STUN server tells you your public IP. A TURN server relays encrypted packets it can't read. Neither sees your plaintext messages. The actual security property is that message content only exists on the two endpoints and disappears when the session ends.
The more precise framing would be "no servers that see your data" rather than "without servers." Every P2P system has a bootstrapping problem -- BitTorrent needs trackers or DHT, blockchains need seed nodes. The question is never "servers or no servers" but "what trust are you placing in the server." In WebRTC's case, the signaling server knows that two parties connected but not what they said. That's a meaningful privacy property even if it's not literally serverless.
THis is not without servers, you still use a signaling server for TURN.
If you want true serverless you need a side channel to copy the offer/response, e.g. tell the user's to copy paste them as base64 thorugh whatsapp manually or something (https://github.com/pirate/webrtcchat).
You should mention that it uses PeerJS. That's not without servers. PeerJS runs their own signaling server which you are relying on to connect your peers.
Matrix was once working on something similar, I wonder what the latest status is.
In general, things like this are a great way around current pushes for age verification and mandatory surveillance. Give your friends a link to this, or even a web archive via USB stick, and chat directly without intermediaries. No need to run a server.
(Others pointed out you still need a TURN server. True but hopefully there’s a P2P solution for this.)
I wanted to be able to talk to anyone in the world without relying on any company's servers. No censorship, no rules, no limits except the ones I set in my own room. So I built this.
No signup, no registration. Just create a room with a password, share the code, and anyone can join directly. Everything is peer-to-peer, ephemeral, and disappears when you close the tab.
Would love to hear what you think. Code is open source. Link: https://ephemchat.vercel.app/ Source code: https://github.com/zzrinexd/EphemChat
Many users in the world are behind CGNAT or symmetrical NAT, and if both sides are, they will not be able to use WebRTC unless there is a TURN relay server involved. Does your software have a way to account for this?
Great question! Currently it uses Google's public STUN servers, which works for ~85% of connections. For the remaining cases, I'm planning to add a community-maintained list of TURN servers or a P2P fallback mechanism.
You could look into DHT as a way to distribute info about connected nodes, and maybe nodes with the right firewall setup could opt in to being TURN servers.
This is great, thanks! Would you accept a Github pull request to translate it to English and several other languages?
Absolutely! I'd love to make this accessible to everyone. English translation would be a great start. Let's coordinate on GitHub issues.
- does the room vanish after the last user exits? Seems like it?
- can the room code be tacked on to the url/slug?
What about use of TURN, entirely avoided?
Lol do your DD properly before posting